The first part of seven part international standards was published in 1998 to define the requirements for programmable of electronic systems used in the safety related parts of systems controls. This standard is known as IEC 61508, “Functional safety of electrical/electronic/programmable electronic safety related systems”. This seven part standard is driving the direction for future the developments of safety PLC.
There are three fundamental differences between a standard PLC and a safety PLC in terms of inputs, outputs and architectures.
Inputs
Compares a PLC input to a safety PLC inputs, the standard PLC inputs provide no internal means for testing the functionality of the circuitry of inputs. While Safety PLCs have an internal “output” circuit associated with each input for the purpose of exercising the input circuitry. Inputs are driven both low and high for very short cycles during runtime to verify their functionality.
Outputs
Compares the circuitry of output digital of a PLC to a safety PLC, the PLC has one output switching device whereas a safety PLC digital output logic circuit consists a test point after each of two safety switches located behind the driver of output and a third test point downstream of the driver of output. Each of the two safety switches is controlled by a unique microprocessor. If a failure is detected at either of the two safety switches due to microprocessor or switch failure, or at the test point downstream from the driver of output, the operating system of a safety PLC will acknowledge system failure automatically. At that time, a safety PLC will default to a known state on its own, facilitating an orderly equipment shutdown.
Architecture
Comparison of the two architectures of the two architectures of PLC and Safety PLC, a PLC has one microprocessor which executes the program, a Flash area which stores the program, ports for communications, RAM for making calculations and I/O to detect and control the machine. In contrast, RAM and Flash those are monitored continuously by a watchdog circuit and a synchronous detection circuit.
The Functional Process and Safety Application of PLC
In these standards the philosophy of IEC 61508 is integrated with specific safety functions and measures, specific recommendations and specific failure estimation methods. PLC Open has developed a wide work to include the IEC 62061 and IEC 61508 strategies within the IEC 61131-3 programming languages. The work is organized into four topics:
• A set of recommended reductions in the framework of development.
• A software model.
• General rules for Safety-Related Function Blocks.
• A certified library of Safety Function Blocks.
The software model describes the application of functional process and the safety application in a generic way in order to allow that upcoming and existing safety systems can be covered. No safety control hardware architecture should be excluded on one device or there could be several devices which are less or more coupled.
The PLC Open main objective is to merge the developer environment for the functional part and with an integrated safety part, including reductions in functional and language programming for safety section. Safety is integrated with process control functions at the beginning of the stages development. Safety signals processing and safety I/Os are separate clearly from the process I/Os and the functional application. The functional application can read safety inputs, but it can not be connected to the outputs of safety directly, it can only control the data flow to them.
The new data type with the designation SAFEBOOL was defined to achieve this separation. SAFEBOOL is not simple new Boolean variable. It can include additional information in order to calculate the SIL with the tools of programming. SAFEBOOL represents a single output and input channel, regardless of the internal hardware structure lool (“1 oout of 1”), 1002D, 2oo2, or 2oo3. The hardware which executes the FBs with the SAFEBOOL I/Os has to be separately certified.