What Are Safety PLCs?

Post By: Tom Rowse On: 28-11-2019 - Safety

Programmable logic controllers (PLCs) are designed for the automation and control of industrial plant and equipment. Safety PLCs do all this and more: they support all the usual applications controlled by a standard PLC, with the addition of integrated safety functions designed specifically for the control of safety-related systems. A safety PLC has only two important objectives to accomplish. Firstly, it should not fail. Secondly, if failure can't be avoided, it should only happen in a safe and predictable way.

These objectives are achieved through the Safety PLC's redundant microprocessors. Nearly all telecommunications and wireless equipment now contains these standby processors as a back-up, which eliminate the requirement for safety relays. The design of Safety PLCs also incorporates built-in diagnostics that allow for continuous monitoring of the various inputs and outputs. The PLC will be safely shut down in the event of its detecting any internal fault or failure.

ABB - 2TLA020070R4600_PLUTOB22 - Safety PLC

IEC Compliance

Safety PLCs are distinguished from ordinary PLCs by their compliance with IEC 61508, the international standards governing the awkwardly titled “Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems (E/E/PE, or E/E/PES)”. This rigorous set of standards covers the design of safety-related equipment, together with its design methods and the modes and mechanics of testing its relevant hardware and software. The IEC standards are generally enforced during a certification process by third-party experts, including UL (Underwriters Laboratories) and TÜV Rheinland.

It is acknowledged by the IEC that zero-risk status for any such equipment can never be guaranteed, but that design engineers must reduce non-tolerable risks to as low a level as is reasonably practicable. Since Safety PLCs by their inherent nature must have a high degree of diagnostic coverage, standards enforcement and certification form a large part of determining the actual safety of a Safety PLC. The standards set by the IEC are therefore specifically designed to cover hazards that are likely to occur in the event of safety function failures, and to minimise the risk of such failures to within a tolerable level.

Safety Integrity Levels

These degrees of non-tolerable risk are known as SILs (Safety Integrity Levels) and denote the degrees of risk reduction that a safety function can provide. The ratings progress from the least vulnerable SIL1 to SIL4, which represents the greatest risk of failure. They also correlate to the severity and frequency of potential hazards. SILs determine the probabilities of failure (and they are only probabilities), as well as the level of performance necessary to maintain and achieve the greatest possible performance safety. SIL ratings are based on three contributory factors:

  • certification or 'prior use'
  • hardware redundancy requirement
  • probability of failure

Determining the SIL rate involves a series of stringent tests on processes including program flow control and data verification. These tests verify that the internal functions executed by the PLC take place in the right order, and ensure that critical data is correctly stored. Safety PLCs must also undergo rigorous software-fault injection testing. This involves downloading corrupted programs into the PLC in order to verify that it is responding in a safe manner. Safety PLCs are typically certified up to SIL3, which means that the diagnostic features must be able to detect over 99% of the system's potential failures.

Advantages Over Standard PLCs

A safety PLC allows for safety control on top of the standard control offered by a non-safety PLC. It requires no safety relays, thereby saving time and money on field wiring, and offering much greater flexibility. Nor are additional relays or wiring changes required to modify the PLC – just reprogramming. After testing and validation of the safety systems, the PLC's safety program can be locked and protected by password against unauthorised variations. Integrated motion is now commonly supported over Ethernet, and is used, for example, on variable frequency drives to initiate a safe torque-off function.


Costs are higher upfront, so a Safety PLC is not really necessary for simple or small applications, such as a light curtain or a single E-stop button, where hard wiring and a simple safety relay would be easier and cheaper. Safety PLCs are a more recent design than standard controllers, so more in-depth training for engineers and maintenance staff may conceivably be necessary for them to be utilised correctly.

Although they have been in use for at least 20 years, some people still lack trust in the Safety PLC's reliability and doubt the integrity of its systems. However, a great number of industries across the world are now using Safety PLCs for many safety-related applications. The strict certification procedures put in place by the standards authorities minimise the risks, and confirm reliability.

Get More From Rowse Straight To Your Inbox