View Single Post
Old May 6th, 2011, 10:29 PM   #5
Ken Roach
Lifetime Supporting Member + Moderator
United States

Ken Roach is offline
Ken Roach's Avatar
Join Date: Apr 2002
Location: Seattle, WA
Posts: 14,184
What I would consider an "approved" redundant PLC system is one that is "advertised, marketed, and intended by the vendor to function as a Redundant controller and network system", but maybe I'm putting words in the OP's mouth.

Just having a redundant controller doesn't make your control system "approved" for a specific application by any controlling or regulating authority.

If you need a specific Safety Integrity Level (SIL) to satisfy an insurance requirement, you have to follow ISA S84.1 or the IEC 61508 standard or other standard for your industry and application.

In my experience, most projects that lack the budget for purpose-built redundant controllers also lack the budget or manpower for careful design and testing. I've certainly seen some good "homemade" backup systems but all of them cost more in engineering time than a purpose-built redundant controller would. I've only seen one of them used more than once, by a switchgear manufacturer who put a lot of time into planning and testing. Even they didn't advertise the control system as "redundant", but rather "fault resistant".

I've been working with a ControlLogix redundancy system for the past month and the presence of the redundant controllers and redundant ControlNet network is mostly invisible to us. The parts we spend time on are the double I/O and the voting inputs.
  Reply With Quote