The dual redundant emergency shutdown PLC system

The most important feature of an ESD system is that it should only work when there is a fault in the plant. There are two main problems if ESD equipment fails. The first problem is the high cost of lost production. The second problem is that if ESD equipment continues to fail, operations personnel bypass the system to keep the plant running. The redundant dual PLC system reduces the possibility of an ESD system shutting down the plant due to ESD equipment failure. However, it ensures that the plant shuts down when there is a fault in the plant.


1) The field inputs apply to two identical PLC systems in parallel.

2) The PLC software program applies to both microprocessors.

3) If the field entries are correct, then the plant works.

4) If a field input fails, both PLC systems will detect it. In this case, both output control elements will shut down the plant.

5) As there are two identical PLC systems, the chances of failure of both at the same time are very small. Therefore, a failure in a PLC system will not cause a shutdown because the good system will still hold the output control elements in the correct position.

6) A faulty unit in the PLC system will indicate that it has a fault. Therefore, maintenance can be done while the system is still working under the control of the good PLC system.

7) This type of system uses automatic line check to ensure input / output wiring and devices are connected correctly. These systems will be learned during advanced on-the-job training.

8) Dual redundant systems are used to control a complete ESD system. They provide a good level of security at a reasonable cost (e.g. for rig control, oil / gas production units, etc.)

Triple redundant PLC systems

This system is the last type of security system. It ensures that the plant is only shut down due to a plant failure, but not due to an equipment failure. These systems are expensive. They are only used when maximum safety and reliability is required; for example, large facilities such as refineries, LNG plants, etc.

An example of a triple redundant PLC is the AUGUST C 300 system. AUGUST control systems claim that their system has a 99.999% guarantee to shut down the plant ONLY if there is a fault in the plant.

The voting unit will keep the plant running if 3 or 2 of the parallel systems are working properly. The plant will shut down if only 1 or none of the systems give the correct outputs. The software programmer is fed to all three microprocessors. It uses a self-test system so that the microprocessors can detect faults in their own system. All units have fault indicators so they can be changed while the system continues to operate using the good units.

All wiring and input / output devices are automatically checked to ensure they are connected properly.

These systems are very complicated and will be learned on the job, as it depends on the system the plant uses.

