Separation of interlocking and regulatory control in programmable electronic systems

Abstract In recent years, the separation of safety interlocks from regulatory control systems has emerged as an important safety issue within the process industries. Most modern control systems are large and complex and may be composed of many different types of programmable electronic system (PES) elements. The degree to which elements of the interlock system are shared with the regulatory control system and the resultant security and reliability risks and consequences are often over-looked in safety analyses of the design. The criteria for utilizing a programmable electronic PES in safety interlock applications, based on the degree of hazard and the potential severity of injury and damage, have been described in a previous paper. That paper presented an Interlock Guideline Matrix, which classified the levels of interlock protection required (based on these criteria) and defined the PES interlock system design to satisfy the safety requirements for each classification. This paper addresses the degree of separation required between interlock functions and regulatory control functions in the PES. These requirements are based primarily on the classification of the risk involved, the potential for injury, and environmental and/or property damage. The Interlock Guideline Matrix has been updated to include the requirements for this separation in the interlock system design criteria.