Process control systems, like those used in chemical, petroleum or other processes, typically include one or more centralized process controllers communicatively coupled to at least one host or operator workstation and to one or more field devices or relays via analog, digital or combined analog/digital buses. The field devices, which may be, for example, valves, valve positioners, switches, and transmitters (e.g., temperature, pressure, and flow rate sensors), perform functions within the process such as opening or closing valves and measuring process parameters. The relays, which may be solid-state relays, mechanical relays, protection relays, overcurrent relays, safety relays, etc., perform functions within the process to replicate a signal, open and/or close mechanical actuators, valves, and/or switches to selectively convey power and/or other signals to field devices, etc. The process controllers receive signals indicative of process measurements made by the field devices, relays, and/or other information pertaining to the field devices and relays, use this information to implement one or more control routines, and then generate control signals that are sent over the busses or other communication lines to the field devices and/or relays to control the operation of the process. Information from the field devices, relays, and the controllers may be made available to one or more applications executed by the operator workstation to enable an operator to perform desired functions with respect to the process, such as viewing the current state of the process, modifying the operation of the process, testing the operation of the process, etc.
Some process control systems or portions thereof may present significant safety risks. For example, chemical processing plants, power plants, etc. may implement critical processes that, if not properly controlled and/or shut down rapidly using a predetermined shut down sequence, could result in significant damage to people, the environment, and/or equipment. To address the safety risks associated with process control systems having such critical processes, many process control system providers offer products compliant with safety-related standards such as, for example, the International Electrotechnical Commission (IEC) 61508 standard and the IEC 61511 standard.
In general, process control systems that are compliant with one or more known safety-related standards are implemented using a safety instrumented system architecture in which the controllers, relays, and field devices associated with the basic process control system, which is responsible for the continuous control of the overall process, are physically and logically separate from special purpose field devices and other special purpose control elements associated with the safety instrumented system, which is responsible for the performance of safety instrumented functions to ensure the safe shutdown of the process in response to control conditions that present a significant safety risk. In particular, compliance with many known safety-related standards requires a basic process control system to be supplemented with special purpose control elements such as logic solvers, safety certified field devices (e.g., sensors, safety relays, final control elements such as, for example, pneumatically actuated valves), and safety certified software or code (e.g., certified applications, function modules, function blocks, etc.)
As previously discussed, safety instrumented systems may include safety relays, which may require a relatively high degree of diagnostic coverage and fault tolerance. For example, a hardware device fault tolerance of two implies that two components of the device could fail and the function would still be performed by the device. From these requirements, safety relays have been developed that provide multiple switching elements to break an electrical path between, for example, a power source or other signal source and a field device. Generally, these safety relays use multiple force-guided relays that have mechanically linked relay contacts. As a result, the relay contacts move together when one or more relay coils are energized or de-energized. However, such force-guided relays are expensive to maintain and operate because such relays must be physically removed from the process to test the operation of the relays. Similarly, if a fault exists on the relay, such as one or more inoperable contacts (e.g., one or more welded contacts), the process must shut-down to replace the faulted relay.