I want to know that for a plc which used as an emergency shutdown system what specifications should be considered?
specifically which hardware parts should be duplicated (I/O,CPU,PSU,...)?
Our system will be used in oil&gas plants.

thanks

 

Do you mean emergency shutdown system or redundancy? The two terms mean completely different things. Redundancy can mean just power supplies and processors or the whole kit and caboodle. Emergency shutdown system is normally through a safety relay in Australia. Omron CS1 PLCs have a safety relay that can be mounted on the rack and monitored by the PLC but is an independant class 4 safety relay. This PLC does not yet have redundancy but I am lead to believe that it is on the way. I have used 2 PLCs running in parallel before for redundancy. Bit messy but works if done properly.

 

Check Siemens web site for information on Moore Products (now Siemens) Quadlog product. The product literature addresses CPU, I/O, Power supply, and communications redundancy for fail safe operation. Most high end PLC's offer hot backup of CPU and power supplies. I/O fails more frequently but is seldom addressed in system design.

 

I've used mostly AB PLCs (PLC-5, PLC-3 and SLC-500).

Some have had redundant Processors or I/O. Some have not. The important thing is to have the system fail to a safe state. The redundant processors reduce the down time if one processor should fail. It doesn't add any additional safety.

A PLC has several features that promote safety. The processor performs a checksum on memory periodically and will fault if there is a problem. It also has a watch dog timer that will fault the processor if the program goes south (loops to long, ...). Additional programming test can be performed to ensure that the system is operating properly.

In addition to the processor, there should be a method to kill the power to all the output devices. This could be activated if all else fails. A hardwired pushbutton is best for this.

Rather than having redundant outputs that vote and such, it is better to monitor the results of the output to guarantee that it has properly activated.

The biggest problem is a covert fault. This is a failure that is not detectable till the output is activated (or rather turned off to trigger a shutdown action). You can't detect this until it's too late. This condition should be detected with feedback and the human monitoring the system should be alerted so he can take action like killing the power to the outputs. The automation system could have a method to automatically kill the power to the outputs that would shutdown the entire system.

I hope this helps. If you would like to discuss this more, let me know.

[email protected]

 

first you have to asses the criticity of your application using SIL definition (IEC 61508). Oil & gas plant ESD will probably be classified as SIL 2 or 3. This reduce the choice to system like HIMA H51qHR, MOORE QUADLOG, SIEMENS PCS7(?), Triconex, honeywell SMS, Fisher FSC and some other one. Pay attention the SIL requirement also affect the field instrumentation.

The redundancy have to do with the availability, so you specify a value that please your client ( say 99,99% ) and the redundancy will be required to match that value. Usually CPU, power supply and internaal bus redundancy provide very good availability to the system. Very critical I/O can be redounded.

bye.

Andrea db

 

It depends on your criticality. Does this require SIL3 level, TUV6?. Ticonex is the leading vendor of ESD systems on the market. They provide TMR systems. Their web site is "www.triconex.com":HTTP://www.triconex.com . You can contact Chris Towry at 281-709-1200. He is the sales manager and can direct you to the account manager for your area.

 

AB makes a safety PLC, GuardPLC, that has safety contact outputs and dual processors integrated into the PLC. The processors are two different brand/models so that an unknown inherent flaw in one still wont compromise safety. All IO is redundant and self monitored. More info is on "www.ab.com":http://www.ab.com . Its on the front page.

 

Check out GE Fanuc for critical control applications... there are many in the oil gas industry in Houston as well as all over the world...

Kerry L. Schrank
713-667-7200 ext. 212

 

Visit this page
http://www.yokogawa-europe.com/products_S.htm

Industrial Safety System ProSafe-PLC is used in Oil plant, Gas plant and Liquid Natural Gas plant.