I/O cards redundancy


Thread Starter


Dear Gurus! May I ask your opinion if the redundant I/O crds are still needed for critical processes? As I understand the modern DCS have enough powerful applications to prevent,diagnose and predict the possible failures. And the redundncy is still needed for power supply, CPUs, system bus etc. But is is REALLY needed for I/O's cards?


Dean Kindrai

That depends. You have to consider the types of failures and the consequences.

Assume you are concerned about a hardware failure of a single output point. Most devices will fail to the "ON" state (triacs will be energized, relay contacts weld). Even if you stop "scanning" the card or "servicing" the card or whomever's nomenclature you use, unless you can cut power to the failed card or point, having redundant I/O is meaningess because the failed point will likely be "On" and uncontrollable. If you plan to cut power to the card in the event of a failure, do you plan to do so with standard relays? With force-guided relays? With safety relays? Where do you draw the line?

A whole different set of circumstances occur if you are concerned about a catastrophic environmental failure; for example a fire in a control cabinet. In that event, the problems may be greater than losing a few I/O points. Do you need to design to that?

Input points don't present the same problems.

Of course, it always seems that cost is the key factor, rather than safety.

-Dean Kindrai
Neff Engineering of WI
I agree that the requirements are based on the hazards of the process. The need for redundancy should be considered in the hazard analysis (PHA).
A reasonable measure would be that if you are adding redundent instrumentation for a critical measurement, then put the second instrument input (or output) to a different I/O card. I would think that the failure rate on the instrumentation will be much higher than the I/O cards.
Perhaps you are putting your secondary instruments into a different controller (e.g the primary goes to the DCS while the secondaries go to a PLC).
These would provide a type of I/O redundancy and still address the more probable failure -- the instrument.
Look at the application to determine what the effect of a sudden and unexpected loss of an input to a controller or an output to a valve
would be to the overall process. Look also at the I/O device to determine the number of I/O which are associated with the failed card. Without redundancy and a hot swap capability, that is the number of I/O which will be unavailable while replacing the card.

If your process is a batch type operation, then an unexpected shutdown may not be a big thing.

If, however, the process is a continuous one, with long start-up times and costs, I would not like to be the one to tell the upper mangement
that they will suffer several hundred thousand dollars in lost production because I saved them the fifty thousand in hardware costs. And these costs will keep reoccurring with each failure.

I have several other posts on the subject which are available in this list's archives.