The control hardware for safety instrument functions should be separated from the control hardware used for regulating processes, for the simple reason that SIF exists to bring the process to a safe state in the event of any unsafe situation (including dangerous faults in basic regulation control). If a separate control hardware serves the dual purpose of regulation and shutdown, hardware failures that result in the loss of regulation (normal control) will not be protected, as safety functions will be disabled due to the same failure.
Security controls are usually discrete relative to their exit signals. When the process needs to be closed due to safety reasons, the steps to implement closure usually take the form of fully opening and closing certain valves, rather than partially opening and closing them. This all or nothing control action is more easily achieved in the form of discrete signals that activate solenoid valves or electric motor actuators.
Considering this discrete output characteristic, digital controllers specifically designed to perform instrument safety functions are often referred to as logic solvers, sometimes also known as safety PLCs.
An example of a security specific programming instruction is the GuardLogix file (short for documents) Distributed Control System RT instruction, which compares the consistency of two redundant input channels before activating the “start” bit. This “start” bit can be used to start certain device functions, such as motors:
In this case, the Distributed Control System (RT) command for documents searches for two discrete inputs (channel A=1 and channel B=0) that are in the correct complementary state before allowing the motor to start. These states cannot conflict for more than 50 milliseconds, otherwise the Distributed Control System RT instruction will set the ‘Fault Exists’ (FP) bit. As you can see, the contacts of the C-shaped button are connected to two discrete inputs in GuardLogix PLC, providing dual (complementary) indication of the switch status for the PLC.
Security controls are usually discrete relative to their exit signals. When the process needs to be closed due to safety reasons, the steps to implement closure usually take the form of fully opening and closing certain valves, rather than partially opening and closing them. This all or nothing control action is more easily achieved in the form of discrete signals that activate solenoid valves or electric motor actuators. Considering this discrete output characteristic, digital controllers specifically designed to perform instrument safety functions are often referred to as logic solvers, sometimes also known as safety PLCs.
Rockwell’s Allen Bradley series programmable logic controllers dominate the PLC market, and GuardLogix, a version of the ControlLogix 5000 series, is specifically manufactured for safety system applications. There are not only hardware differences between standard controllers and safety controllers (such as redundant processors), but some programming instructions are also unique to these safety oriented controllers.
