SIL Certification HIPPS

HIPPS SIL Verification & Certification

The Risknowlogy HIPPS (High Integrity Pressure Protection System) SIL verification and certification program supports end-users of HIPPS systems as well as product suppliers for HIPPS systems. Risknowlogy certifies system level HIPPS functions and systems as well as individual products like sensors, logic solvers and valves used in HIPPS systems. The HIPPS certification is driven by end-user needs and is based on the IEC 61508 / IEC 61511 functional safety standards.

Risknowlogy’s HIPPS certification can consist of an independent SIL review and assessment of the designed, engineered, installed, operated, maintained and repaired HIPPS functions/system. Our HIPPS Certification reports are used by suppliers to demonstrate to end-users that they are compliant with the defined standards. End-users use our reports to demonstrate compliance with standards to insurance companies, third parties and governmental bodies.

HIPPS Certification Steps

Although the end-user can decide what is included in the HIPPS certification and what not, we at Risknowlogy recommend the following to be addressed in order to be fully compliant with the international functional safety standards:

  • Functional safety management
  • Hardware requirements
  • Reliability requirements
  • Software / Logic requirements
  • Documentation
  • Validation
  • Audits

Functional safety management

The functional safety standards require management of functional safety. During this task Risknowlogy will verify whether the suppliers have properly addressed these requirements for the HIPPS project. The review will address the following documents:

  • Functional safety plan
  • Verification & validation plan

Risknowlogy will review the above documents for correctness, completeness and implementation during the project.

Hardware requirements

During this task Risknowlogy will review the safety requirements specification (SRS) of each HIPPS safety function including the hardware used for each configuration. The SRS will be reviewed for completeness and correctness for each safety function implemented in the HIPPS. Each hardware device used for each safety function of the HIPPS will be reviewed for compliance with the rules of IEC 61508. Typical parameters that will be reviewed for correctness and compliance with the standards for each hardware device are:

  • Safe failure fraction
  • Type A / B
  • Hardware fault tolerance
  • Architectural constraints
  • Proven in use statements
  • Etc

Reliability requirements

For each safety function implemented by the HIPPS a reliability study needs to be performed. As a minimum the probability of failure on demand will be reviewed (PFDavg). Optionally Risknowlogy can verify the probability of a spurious trip caused by the HIPPS design (PFS).

Software / Logic requirements

Risknowlogy will review, in case the HIPPS is implemented in a programmable logic solver or a hardwired system, the software / logic for correctness according to the requirements of the SRS.


Risknowlogy will review the documentation on HIPPS level as submitted to the end-user. The review will include safety manual information including operation, maintenance and repair.


Risknowlogy can participate in FATs and SATs and verify whether the actual implemented HIPPS is compliant with the SRS as specified by the customer. This task requires to review the test program before the FAT and/or SAT takes place and to be present as independent witness during the actual FAT and/or SAT.


Risknowlogy can perform audits for end-users using HIPPS systems to assure that the operators of the HIPPS systems apply the requirements for operation, maintenance and repair. This typically includings recording of periodic proof testing, maintenance and repair activities, modifications, etc. These audit reports can be used with insurance companies, third parties and government bodies.

Certificate and certification report

The Risknowlogy certification report will outline to the customer the kind of certification that has taken place and its result. The certificate, in the form of a Functional Safety Data Sheet will summarize the performance of the HIPPS in terms of functional safety data (For example, PFD, PFS, SIL, STL, Standards, etc).

Spurious Trip Level and Analysis

Risknowlogy certifies process availability. For those customers that have problems with their HIPPS systems in terms of causing too many spurious trips we offer to analyse the HIPPS design and classify it with a Spurious Trip Level (STL). This STL can then be used to compare the current design to the target STL. If the target STL is higher than the current STL the design of the HIPPS needs to be improved to cause less spurious trips.