The international standard was published to define the requirements for programmable electronic systems used in the safety related parts of controls systems in 1998. This standard is known as IEC 61508, "Functional safety of electrical/electronic/programmable electronic safety-related systems". This seven part standard is driving the direction for future safety PLC developments.
There are three basic differences between a standard PLC and a safety PLC in terms of architecture, inputs, and outputs.
Architecture
A PLC has one microprocessor to executes the program, RAM for making calculations, a Flash area which stores the program, ports for communications and I/O to detect and control the machine. In contrast, a safety PLC has redundant microprocessors, Flash and RAM that are continuously monitored by a watchdog circuit and a synchronous detection circuit.
Inputs
Compares to a PLC input to a safety PLC input. Standard PLC inputs provide no internal equipments for testing the functionality of the input circuitry. By contrast, Safety PLCs have an internal ‘output’ circuit associated with each input for the purpose of ‘exercising’ the input circuitry. Inputs are driven both high and low for very short cycles during runtime to verify their functionality.
Outputs
Compares a digital output circuitry PLC to a safety PLC. The PLC has one switching device output, whereas a safety PLC digital output logic circuit contains a test point after each of two safety switches located behind the output driver and a third test point downstream of the output driver. An unique microprocessor is controlling each of the two safety switches. If a failure is detected at either of the two safety switches due to switch or microprocessor failure, or at the test point downstream from the output driver, the operating system of a safety PLC will acknowledge system failure automatically. At that time, a safety PLC will default to a known state on its own, facilitating an orderly equipment shutdown.