Safety myths and SILs


I was thinking about how the dubious concept of ‘safety integrity levels’ continues to persist in spite of protracted criticism. in essence if the flaws in the concept of SILs are so obvious why they still persist?

To answer this question we need to turn to the work of John Downer who points to what he calls the myth of mechanical objectivity that underpins the risk assessment of technological systems in modern society. That is, the belief that you can measure the risk of any complex system, within it’s socio-technical context and a stochastic environment, in the same way that you can measure the strength of a metal bar (Downer 2011).

As Downer points out, even though such a myth can be attacked from various perspectives, it persists because it serves various institutional interests, for example enhancing the authority of engineers and regulators or deflecting the risk of criticism for making overt political judgement.

Taking up John Downers concept and applying it to the theory of SILs one can see them as another version of the myth of mechanical objectivity. That is SILS are part of a ‘myth’ that one can boil down engineering a system for safety into a ‘cookbook’ of objective techniques that can be rationally applied to deliver a required degree of safety (or residual risk).

The purpose of such a SIL myth is to cloak what is in fact a complex ‘messy’ engineering and management problem, involving a multitude of qualitative and subjective decisions, within a putatively rational and objective framework. Look say the engineers, our system is safe because we followed the standard and met the SIL.

In essence SILs seek to portray the engineering of functional safety in a complex system as equivalent to the problem of engineering a hardware component to meet a safety code or standard, that is if the design meets the code then component is deemed safe.

Of course this is dangerous thinking because fundamentally SILs do nothing of the sort, requiring as they do a whole series of subjective risk assessments and decisions. In my view much closer to pseudo science.

As long as we continue to cleave to the myth of the objectivity of SILs we tread a dangerous path.


Downer, J., Why Do We Trust Nuclear Safety Assessments? Failures of Foresight and the Ideal of Mechanical Objectivity, Presentation at 11th Bieleschweig Workshop,August 2011.