Siemens Burner Management Systems
Understand the mysterious Proof Test for Safety PLCs
I"ve posted about this topic before, but I still see much confusion on the topic. So please.....let me explain....
In order to "predict" the level of "safety" your PLC would provide, one would need to know 3 key variables:
- Dangerous failure rate
this value will vary per manufacturere, is usually refered to as "lamda dangerous" (or simply ....lamda D)
- Manual Proof Test
can be adjusted per the enduser, and typically starts at 1 year.
The redundancy scheme that your PLC is designed will impact its ability to tolerate a potentially dangerous failure and still be able and capable to perform (we often here about 1oo1, 1oo2, 2oo2, 2oo3, etc....)
When it comes to determining the manual proof test of your PLC. What are you supposed to do? Most PLC manufactures claim that their system has high levels of diagnostics (some upto 99%). Meaining that the PLC will automatically run internal diagnostics with extremely high success.
I"m all for using the PLC to conduct tests on your field devices (sensors and final elements), but what I"m questioning is blindly taking credit for testing your PLC that its automatic diagnostics aren"t already testing for...
I presented my paper at the AICHE Global Congress on Process safety, and if your interested the presentation was recorded and can be viewed at (note they do charge a fee to view the presentation: