Are PLC SIL rated?

I am in a fix during one of the HAZOP LOPA study I was facilitating. Instrument Engineer proposed a PLC which he said is SIL rated. As per my understanding, PLC can't be SIL rated due to its high pfd. Please correct me if I am wrong and share your thoughts on this topic.

Yes there is a PLC which is termed as Safety PLCs which serves that purpose and are also SIL 2 & 3 rated. Check out Rockwell automation GUARD PLC Controller.

David Ferguson

Google Rockwell SIL 2 rated safety PLC's information.

Dave Ferguson
Control Systems Engineer
There are a wide range of PLCs that are SIL rated, some have a 2nd safety rated CPU, a safety library of functions and safety I/O.
Others are designed to be 100% SIL rated from SIL 2-4.

Rockwell has safety PLCs and a line of true TMR 2oo3 SIL 3 PLC from their acquisition of ACS Triplex.

Triconix has a range of compact and full sized TMR 2oo3 systems that vary from SIL 2 and 3 to Nuclear rated.

There are more vendors like
with HiMax and HiQuad and more
Safety Manager and Safety Maner SC 300
S7400F or HF

DeltaV SIS

and there are more companies....
In the past 18 months, we have installed SIL2 rated PLC control systems on all Burner Management Systems (BMS) for several customers (all ControlLogix 1756 series). It requires dual input modules (from the same input point) and monitored and tested outputs (think diagnostic modules). Look for manual 1756-rm001 and 1756-AT010 as a starting point. Confirm that the modules you are using are listed as SIL2 certified (note that for several months only 1756-L6x and 1756-L7x processers were listed, L8x might be now but you need to check).

While most SIL2 designs would typically use 24 VDC I/O, we have installed using 120 VAC. The output for BMS needs a 2nd relay that will cut off the supply to the diagnostic modules if an error is detected (fuse blown, triac shorted or open, etc.) We use a relay controlled by a 1756-OA8 module controlling a relay with a single contact in series with the 1756-OA8D. The inputs need to be a 1756-IA16I or similar.

Since we have multiple zones, a separate relay is used for each logical zone. One relay could be used on an entire module but they we'd cut off an entire system for what could be a single zone. You would need to evaluate what makes sense for your design.