The Dual Redundant Emergency Shut Down PLC System
The most important feature of an ESD system is that it must only operate when there is a failure in the plant. There are two main problems if the ESD equipment fails. The first problem is the high cost of lost production. The second problem is that if the ESD equipment keeps failing the operations staff by-pass the system in order to keep the plant running. The dual redundant PLC system reduces the chance of an ESD system shutting down the plant because of ESD equipment failure. However, it ensures the plant is shut-down when there is a failure in the plant.
1) The field inputs are applied to two identical PLC systems in parallel.
2) The software program for the PLC is applied to both microprocessors.
3) If the field inputs are correct then the plant operates.
4) If a field input fails then both PLC systems will detect this. In this case both the output control elements will shut-down the plant.
5) Because there are two identical PLC systems the chances of a fault on both at the same time is very small. Therefore, a fault on one PLC system will not cause a shut-down because the good system will still hold the output control elements in the correct position.
6) A faulty unit in the PLC system will indicate it has a fault. Therefore, maintenance can be carried out while the system is still running under the control of the good PLC system.
7) This type of system uses automatic line checking to ensure the input / output wiring and devices are connected correctly. These systems will be learnt during advanced training at work.
8) Dual redundant systems are used to control a complete ESD system. They provide a good level of safety at a reasonable cost (eg for platform control, oil / gas production units, etc.)
Triple Redundant PLC Systems
This system is the latest type of safety system. It ensures the plant only shuts down because of a plant failure but not because of an equipment failure. These systems are expensive. They are only used when the highest safety and reliability is required; eg large installations such as refineries, LNG plants etc.
An example of the triple redundant PLC is the AUGUST C 300 system. AUGUST control systems claim that their system is 99.999% guaranteed to shut down the plant ONLY if there is a plant failure.
The voting unit will keep the plant running if 3 or 2 of the parallel systems are working correctly. It will shut the plant down if only 1 or none of the systems give the correct outputs. The software programmer is fed into the three microprocessors. It uses a self checking system so microprocessors can detect faults in its own system. All the units have fault indicators so that they can be changed while the system continues to work using the good units.
All input / output wiring and devices are automatically checked to ensure that they are connected correctly.
These systems are very complicated and will be learn on the job, as it depends on what system the plant uses.