Why Failsafe PLC


Thread Starter

M. Vafaei

I'm looking for some basics on where do we need to use failsafe PLCs and we're not allowed to use conventional PLCs. What are the differences between these two kind? Where can I get some more information about Emergency Shutdown System and Failsafe PLCs?
Look at the Siemens Automation website for the S5 series failsafe PLC. Usually used for safety applications e.g. industrial burner management.

Simon Walker

I have recently being doing a feasibility study into converting my burner management systems to failsafe plc's using the AB GuardPLC systems (http://www.ab.com/safety/guardplc/index.html) At the moment, the system seems too complex to be a viable alternative having approval requirements and special needs. The results were basically that I ccould not justify the high cost against saving panel space or improving process performance. I left a similar message and recieved some interesting replies. You may want to check them out under the PLC section "Safety PLC's"
Thank you very much. I will visit that site, but I'm more interested in some global standards or definitions on failsafe PLC that even SIEMENS migth follows.
The primary difference between general purpose and safety PLCs is the level
of internal diagnostics and how redundancy is handled. Is your application
safety related or not? If so, what is the level of risk? The standards are
performance orinted, not prescriptive, so the answer is, "it depends".
Useful references are:

1. Application of Safety Instrumented Systems for the Process Industries,
International Society for Measurement and Control, ANSI/ISA S84.01, 1996

2. Identification of Emergency Shutdown Systems and Control That Are
Critical to Maintaining Safety in Process Industries, International Society
for Measurement and Control, ANSI/ISA S91.01, 1995 (I believe there is a new
2001 issue as well.)

3. Guidelines for Safe Automation of Chemical Processes, American Institute
of Chemical Engineers, Center for Chemical Process Safety, ISBN
0-8169-0554-1, 1993

4. Safety Shutdown Systems: Design, Analysis and Justification, Gruhn &
Cheddie, ISA, 1998, ISBN 1-55617-665-1

Paul Gruhn, P.E., C.F.S.E.
Siemens, Houston, TX
Usually a first risk evaluation is done based on EN 954-1. You'll design your equipment according to the corresponding category (B; 1; 2; 3 or 4), cat. 4 being the most stringent of the 5. For some application other rules apply (e.g nuclear reactor protection systems). Manufacturers of safety control devices have some documentation available (Pilz; Schmersal/Elan; Siemens;...). For example, Pilz manufactures 3-channel diversitary safety PLCs (http://www.pilz.com or http://www.pilzusa.com) approved for cat. 4.
Siemens S5...F PLC series are still available and their new S7 series should also include safety controllers (but when?).
Of course the PLC is only one part of the system and the whole control equipment has to fulfill the requirements of the corresponding category.
Basically it's possible to use emergency pushbuttons (with appropriate contact blocks) connected to safety-fieldbus I/O modules (up to category 4).
With regards to the Failsafe PLC, the application depends on the Safety Integrity Level or SIL as per the IEC standards. Upon the establishment of
the SIL, the usage of failsafe PLC will be known. Failsafe means, the PLC is design in such a way that in the event of failure or malfunctio, it will go to the safe state without jeopardising the process/environment etc.

Failsafe PLC have several categories. The common design are 1oo2D, 2oo3D and 2oo4D. Failsafe PLC are equipped with voting and redundant hardware. Normal PLC typically is 1oo1, no voting and redundancy. Typical manufacturer of failsafe PLC are Hima, Honeywell FSC, Moore Quadlog, Triconex, Triplex, ABB August, Yokogawa. You can get more details from these manufacturer.