Safety Programmable Logic Controllers are normally an integral part of a safety system. A safety PLC was specifically designed to accomplish two important objectives:
(1) do not fail (redundancy that works well) but if that cannot be avoided,
(2) fail only in a predictable, safe way.
There are certainly many similarities between a safety PLC and a conventional PLC. Both have the ability to perform logic and math calculations. Both typically have input and output (I/O) modules that provide them with the ability to interpret signals from process sensors and actuate control final elements.
Both will scan inputs, perform calculations and write outputs. Both typically have digital communications ports. But the PLC was not initially designed to be fault tolerantand fail-safe. That is the fundamental difference.
Fault tolerant has the following requirements:
- A single fault in the system must not create erroneous inputs or outputs, nor shall it prevent the system from functioning as designed
- Any fault must be alarmed and indicated the location of occurrence
- Any single fault must be repairable on-line without interruption in operation
To meet the fault tolerant and fail safe requirements, a safety PLC has many special design considerations taken into account, for example:
- Emphasis on internal diagnostics - a combination of hardware and software that allows the machine to detect improper operation within itself (e.g. memory, CPU, communications, etc)
- Relies on software that uses a number of special techniques to insure software reliability
- Redundancy to maintain operation even when parts fail, e.g. extra security on any reading and writing via a digital communications port
- Certified by third parties to meet rigid safety and reliability requirements of international standards