Power Control Relay for PLC Outputs

  • Thread starter McConnell, David P
  • Start date

Thread Starter

McConnell, David P

I would like to hear opinions regarding placing an "master power" control relay in the supply path to a PLC output module.

The PLC in question is an Allen Bradley PLC 5 utilizing a number of discrete (not relay) output modules. The racks (1771) are set up to fail off. An associate claims that the plc can "stop processing", as opposed to fault, etc, and leave outputs set. Thus the need for an emergency power disconnect relay in the supply to the module.

I have created every type of recoverable plc failure I can think of and all outputs always go off, both in the local rack and in associated ControlNet connected remote racks. I recognize that a failed output channel (shorted) could leave an output active. I also recognize that there is potential for failure of the added "protective" relay.

Opinions? (flame minimization mode = ON)

Dave McConnell
This is very common. Typically, one configures the relay so that the DC power to all DO modules in the PLC is removed in the event of EStop or
perhaps at machine off, depending on what you're trying to achieve. And, yeah, AB PLCs can be configured to leave outputs set last when going from RUN to STOP mode. That's a choice you make in the PLC configuration, tho; it doesn't just happen. I don't know what that implies for failure modes, however.

Paul T

Bouchard, James [CPCCA]


The tests you made are the recoverable ones. What about the non-recoverable ones? A module going bad? Inadvertent program changes etc?

Output cards can and have failed to on and people can force outputs to on and so on so if it is a safety question the PLC is not sufficient. All our
PLC applications are designed with a hardwired master stop or emergency stop and I would not do otherwise for any considerations. With safety circuits you cannot be too careful.

James Bouchard

Anthony Kerstens

Yipes!! I noticed SSC.NASA (NASA Stennis Space Center) in your email address. Given the power of some of the stuff I presume you are dealing with, I strongly suggest you go with a hardwired e-stop relay.

That said, how about some convincing?
I once had an AB SLC triac output card. A resistor goes up in smoke, meaning that the output will not change state regardless of the PLC command. The PLC doesn't know any better, and the only indication that something is wrong is that a motor won't stop running when the stop button is pressed, or even when the motor fault logic trips.

Worse yet, when the e-stop circuit is tripped it does stop, but when reset, the motor continues immediately. That means that in this scenario, the estop was the last resort means for stopping the motor.

If you're thinking disconnect switch, yeah sure,
but that should be restricted to lockout requirements. And anyway, you might only have one disconnect. You should have _many_ estop devices.

Another scenario with a Modicon:
On a new start-up, a processor traffic cop (I/O config) was somehow corrupted. It was the absolute weirdest thing because a few of the output card points did the exact opposite of what they were being told. That is, go on when they should be going off, and vice versa. I ended-up
rebuilding the program by copying the logic into a newly configured program. I never saw such a problem prior to that, and never since.

The bottom line: a problem which I could not have predicted could have damage equipment if not for a hardwired estop. (And injured people if anyone was around.)


The purpose of having the estop circuit is to
compensate for all the bad things that can happen
that you can't predict. Just because you've tested
everything you can think of, doesn't mean you tested everything possible. You have to be _confident_ in the system when you're not around.

You also mention controlnet. I strongly suggest that you run a hardwired estop circuit to all your controlnet outputs. Controlnet, as great as it is, is not a replacement for a hardwired emergency stop circuit.

As for relay selection, I suggest you look into safety relays available from any number of manufacturers. Pilz, Telemechanique, and others are good. Don't just use some rinky-dink cube relay.

Spend some money on it. Your peace of mind (if not peace of your lawyers mind) is worth it.

Finally, I suggest you read through some health and safety regulations for your area. I somehow suspect you will find **requirements** for hardwired estop circuits. Bring in a consultant if you have to.

Anthony Kerstens P.Eng.

This is something I do routinely. All outputs that control starters or safety related devices are usually supplied thru one common output module with 2 relays, for redundancy, in front that drop out with the E-Stop or Light
Curtain contacts. This is referred to as MSCE type contacts for the PLC module and is the preferred method for CE compliant machines used in Europe. If you have any more questions, E-Mail me and we can continue with this.

Dale Witman
[email protected]

Santhiraj -Futura Electronics Pvt. Ltd.

Based on the criticality of application discussed,I strongly feel that you should go for Redundancy/Fault tolerant PLC configurations from the pount of view of process and personnel safety.
Some options are:
Hot Back up redundancy
Triple Modular Redundancy
Best Regards

In the US, this is mandatory. PLC's (and other software controlled equipment) must not be used for safety. A seperate, hardwired interrupt is required to de-energize any moving objects except where de-energizing would cause more harm / threat than leaving it energized, or for indicators.

Plus, it is just common sense that there should be something that can be used to de-energize the entire circuit in an emergency that is not dependent on software.

- --Joe Jansen