Guardlogix safety plc

Matdav

Member
Join Date
Nov 2017
Location
Australia
Posts
3
Hey guys I've got a bit of a question.
We've recently had an engineer review our plant and they have decided we need a SIS plc. As I'm not familiar with safety plcs the engineering company is designing one for us.

The thing I am a little curious about is they have specified they are going to use a 1756 guardlogix controller and safety partner but they plan to use normal controllogix 1756 i/o for the SIS. Is there any reason for this? It just seems to be a bit strange not to use safety rated I/O. As far as I know they haven't got provisions for 1oo2, but I'm not sure what SIL they are trying to achieve.

I could be wrong but it seems like overkill to use a safety controller on a system like this. When the rest won't be properly SIL rated.
Any thoughts would be appreciated as I try and wrap my head around this concept 🍻
 
Without actually using Safety IO, there is no point in using a Safety rated PLC.

You would probably be best served leaving the current controls as they are, and just adding an outboard safety system like a Pilz or similar.

Gotta love consultants.
 
I looked for ages and thought there was something I was missing, it didn't seem very logical to do.

Thanks for the reply and suggestion, much appreciated.
🍻
 
Not sure if Australia work to the same regulations as we in the UK do.

I can tell you that if you are, the SIS circuit and control must be separate and independent to BPCS control. E.g the safety CPU needs to be only dealing with SIS tasks. Not normal plant control.
 
I looked for ages and thought there was something I was missing, it didn't seem very logical to do.

Thanks for the reply and suggestion, much appreciated.
🍻

The only reason to do as they suggest, is to drive up the price of the processor. It will provide absolutely no actual safety function.
 
Normally, when you buy a safety card from the manufacturer, they have a ton of extra functionality built in and they certify that if you use the card in X way you get X rating, in Y way you get Y rating, etc.

However, I think it is still technically possible to roll your own solution, and self certify. Obviously much more difficult, probably way more standards you need to keep in mind. Certainly you're taking all the liability on shoulders. Likely only really useful for low safety levels.

At that point, though, the engineering hours/liability are likely to be way higher than the cost of the safety IO cards, and the odds that they're doing it right are pretty slim. Unless they are only going for SIL 1/PLa, I'd be worried.
 
the biggest thing you need to do is to find out your electrical procedures you go by.

if it is outdated as you say, they might be setting you up for a big overhaul.
in some countries, if you update anything as they propose, you have to revamp all the controls and the costs go way up.

james
 
Not sure if Australia work to the same regulations as we in the UK do.

I can tell you that if you are, the SIS circuit and control must be separate and independent to BPCS control. E.g the safety CPU needs to be only dealing with SIS tasks. Not normal plant control.

That isn't the case, If you have a safety PLC, you can quite happily use it to perform safety functions and normal control functions.

Unless I mis-understood your statement.
 
It's basically going to be for an emergency plant shutdown that is separate from our current DCS system. It will probably be a big project as the shutdown features will be completely separate in an already badly designed plant. I was more or less just curious to see if anybody had come across a design like this before.

I'm not as familiar with the rules as I should be for a project like this and definately not skilled enough, hence why it's being designed by an engineer. They will be the ones to commission it and certify it, but I would rather not see something that's not designed and safe as it should be. Might be time for a second opinion from another engineer.

If anything It's been a really good learning curve, learning about something I didn't really have much of an idea about beforehand. It's great to have some experts in the field to help clarify something I don't fully understand.

Thanks for the replies, and great advice it's really appreciated.

Matt.
 
First, you need to understand what you're asking the system to do.

A "Safety Instrumented System" (SIS) for safe shutdown of a process is a different sort of control system than a discrete Safety controller, even though both of them often refer to a "Safety Integrity Level" (SIL) rating for their functions.

GuardLogix is meant to be a safety controller for discrete machine and motion control systems. You buy specific red-cased I/O modules that provide the same sort of dual-channel and pulse-test and short-detection features that dedicated safety relays do, but that can be easily distributed around a machine and used with specific safety-related instructions in a safety task in the controller to perform machine guarding, speed control, and fail-to-safe-state functions.

GuardLogix isn't necessarily the right or wrong controller for a process plant. It doesn't usually use the kind of analog and "1oo2" voting logic modules that other safety systems like the ICS Triplex gear that Rockwell acquired about ten years ago and is sold as Bulletin 1715 and AADvance control system.

Before RA bought ICS Triplex, some "ProcessLogix" and ControlLogix Redundancy systems were used in SIS applications by using ordinary 1756 I/O modules that were wired up in diagnostic pairs, with specific wiring and specific logic to provide diagnostic and fault tolerance features.

If you're responsible for the safety of this process plant, you need to ask your consultants about their design, what standards they are using, and especially about their experience using their chosen architecture in this sort of system.
 
What SIL rating are they trying to claim?

Controllogix can claim SIL2 with standard processors (L70's etc.) and (approved) io modules provided you follow the correct implementation

To claim SIL3 you need a safety processor, co-processor and are required to use safety IO (point etc.) as far as I know - as others have pointed out.

The only reason I could think of to use a safety processor when one isn't required would be to maintain integrity of the safety program? Or use the built in fail safe instructions? I'm clutching at straws though. They would have to map all the standard IO into the safety program and then back out as well - i.e. the actual OTE would have to be in a normal task - sort of misses the point
 
That isn't the case, If you have a safety PLC, you can quite happily use it to perform safety functions and normal control functions.

Unless I mis-understood your statement.

There is a lot of misinterpretation with this subject, mainly because machine safety and process safety fall under different standards (BS EN 62061 & ISO 13849 respectively)
 

Similar Topics

Hey everyone, I have a problem that is the CROUT keeps faulting out with a "16#5003 20483 Feedback 1 and Feedback 2 turned ON (1) unexpectedly."...
Replies
3
Views
1,236
I have been searching for more information regarding qualifying standard tags in a safety task and all I have found is a quick excerpt in one of...
Replies
5
Views
1,210
Hi all, we have a 1768 compactlogix 5345s safety controller firmware 20.14. it is randomly giving a major fault and a minor fault. the minor...
Replies
4
Views
1,216
Hi All, I've been using this processor that communicates with safety I/O (attached to 1734-AENT) over 1756-EN2T Ethernet card. The client now...
Replies
4
Views
1,915
Hi all, We tried to setup the hardware onto a 10 slot rack as follows, PS Slot 0: 5580 controller Slot 1: Safety Partner Slot 2: Safe Inp Slot...
Replies
8
Views
2,660
Back
Top Bottom