Emergency shut down system for process plant
As per my knowledge for ESD system is always implemented through PLC is there any particular safety reasons for that?

can any one brief me about emergency shut down system of process plant and can ESD be integrated with DCS? and what are causes if we do so?

This is a big topic.

You might start with the Wikipedia article: for a decent overview.

Searching for books on emergency shut down systems and safety instrumented systems on Amazon will yield you quite a few textbooks on the subject.

ISA has courses and workshops:

That ought to keep you busy for a while (grin)


Walt Boyes, FInstMC, Chartered Measurement and Control Technologist
Life Fellow, International Society of Automation
Editor in Chief, Control and

I understand that it is big topic.

However I want to know that can I integrate ESD system with existing plant DCS or I need another PLC for it.

Nirav Makadia
Instrumentation and control engineer at Reliance Industrues Limited
The only answer I can give you is "maybe." That's why I sent you to do some homework. It depends on the DCS. It depends on the ESD or SIS system, and it depends on the standards you operate your plant under.


Without being an expert on the subject, I think the general belief is a device independent from your control device should be used for shutdown (SIS, relays, PLC).

The systems I have seen utilize a DCS, with either a relay based ESD system, or dedicated SIS which provides independent hardwired shutdown to end devices.

Some of the older implementations Ive worked with do use DCS discrete outputs to drive some trip functionality as well, but the end device ESD functionality was always supported by a relay system.

The modern builds I have worked with go fully in the direction of a dedicated SIS, which accepts independent measurement and supplies trips outputs outside of the DCS hardware.

Like the man said, big topic, but those are some of the broad strokes based on my experience.

hope it helps

By integrating ESD system into existing DCS, I think, you want to mean whether you can incorporate the shutdown functionality in the DCS or not?

The best way to get the answer is to do a SIL (Safety Integrity Level)as per IEC 61511. I am not sure if you understand the concept of SIL or not, but you can get the job done by a professional 3rd party. If the SIL comes to SIL 1 and above, to comply to the international best practices and to be safe, you need to use a separate shutdown system. A shutdown system is basically a PLC which is designed to carry out shutdown function reliably. They are tested and certified for the reliability required - that is the main point. You can use a DCS for the shutdown function, but you won't be able to get the guarantee that during emergency condition it will work as you have wanted. Therefore, it won't have the international acceptance. Pl. note that it is just not another PLC, it has to be safety certified PLC. But if your SIL evaluation comes less than SIL 1, then you can use a DCS for the trip functionality.

You can integrate a DCS and PLC at the HMI level i.e. they may have a common HMI which caters for for both shutdown and DCS HMI. Siemens PCS 7, Yokogawa , Emerson Delta V and ABB provides integrated DCS and shutdown system. However, though they are integrated in HMI level, they are still separated at the processor level and works independently.

Where are the ABB marketing people? Don't they monitor this list? I guess not.

The ABB x800 DCS is a BPC system that also happens to be TÜV certified for operation up to the SIL 3 level. They have rules for sensor redundancy to achieve this rating, but you should really investigate using this system to avoid a parallel and DIFFERENT safety shutdown system. This architecture was developed for use by Dow Chemical Company.

Dick Caro
Richard H. Caro, CEO, CMC Associates
Certified Automation Professional (ISA)
Hello Dick,

You are correct. Yes, according to the manufacturer's claim in ABB 800, the same processor can be used for control and shutdown. I was not aware of this latest development. Other 3-systems which I have worked have separate controllers and common HMI. That was the latest I thought. Few years back I knew ABB had the similar structure. I have missed this new development. Thanks for correcting me.


PCS7 has also safety integrated, here is the brochure:

Thank you all for giving such good response.
Now i understood all the aspects of ESD system.

ESD system should be separate and integrated with your DCS system. ESD system can be hardwired sil 4 System or SIL 3 depending on your specifications. You can get an audit done before you put a SIS in place. System audit can be done by manufacturers like HIMA and based on the same you can go ahead in a structured manner.