Section 12 — Instruments and Controls

Programmable Control Equipment

IPE Engineering Practice IPE-EP-12-5-1

Document number: IPE-EP-12-5-1 · Section: 12 — Instruments and Controls

1.0

1.1

1.2

2.0

3.0

3.1

3.2

3.3

4.0

4.1

4.2

4.3

4.4

4.5

SCOPE

This Practice has been developed to establish IPE minimum requirements for solid state programmable logic controller (PLC) equipment in plant applications.

Any deviation from this Practice must be approved by the procedure described in EP 1–1–3.

REFERENCES

The latest edition of the following standards and publications are referred to herein; and shall be used with this Practice.

STANDARDS AND PUBLICATIONS

IPE Engineering Practices
EP 1–1–3 Deviations to IPE Engineering Practices
NFPA
70 National Electrical Code

DEFINITIONS

Inspector - A Inflection Point Engineering, LLC appointed engineer or inspector. Owner - Inflection Point Engineering, LLC.

Owner’s Engineer - A Inflection Point Engineering, LLC appointed engineer.

GENERAL

The internal wiring of the controller is to be fixed, with the logic functions it must perform in a given application to be programmed into its memory. The controller shall be supplied with the U, scanner, interface, input, output, memory, power supply, cables, and other hardware necessary to function as a complete and operable PLC system.

The objective at PLC applications is to improve reliability, maintainability, and efficiency by reducing operating costs and downtime.

All areas in question or noncompliance with this specification shall be submitted to IPE for review and approval.

Equipment furnished to this specification and intended methods of installation and operation shall comply with applicable federal, state, and local laws and regulations, including the Occupational Safety and Health Act, Construction Safety Act, as well as the Rules, Regulations, and Standards of the Secretary of Labor.

Design and specifications of all system components shall conform to applicable portions of the National Electric Code, latest edition, for installation in a general purpose location.

VENDOR RESPONSIBILITIES

The vendor shall provide a complete PLC system that functions in accordance with the requirements set forth in this specification.
The vendor shall provide all information necessary for the proper installation of the system. This shall include but not be limited to:
Power requirements, including amount of noise tolerated
System grounding
System fusing
Isolation of radio frequency signals
Cabling and wiring considerations
Minimum environmental conditions for individual components
Maximum allowable distance between system components.
The vendor shall provide the following documentation as a minimum:
System specifications
Assembly and installation procedures
Troubleshooting procedures
Power–up and shutdown procedures
Programming and operation manuals
Explanation of internal fault diagnostics
Considerations for change in hardware configuration
Description of vendor services available
Recommended spare parts list.
In cases where programming is done by the vendor, the vendor shall provide an annotated copy of all programs on magnetic storage media which is compatible with the supplier’s programming software, as well as a hard copy printed program listing.

DESIGN REQUIREMENTS

General
A major consideration of the PLC system shall be its modular, field expandable design allowing the system to be tailored to the application. The capability shall exist to allow for expansion of the system by the addition of hardware and user software. No factory hardware or software updates should be required.
The PLC shall have downward compatibility whereby all new module designs can be interchanged with all similar modules in an effort to reduce obsolescence.
All PLC hardware shall have an ambient temperature rating of 32 to 140F with an ambient temperature rating for storage of - 40 to +185F. It shall have a relative humidity range of 5 to 95%, noncondensing.
Module connectors shall be keyed such that they can be installed in only one direction. The design shall be such as to prevent upside down insertion of the modules as well as to prevent insertion of a module into the wrong slot.
All cables and associated plugs, connectors, and receptacles requiring field installation shall be designed for commercial use in an industrial environment.

Processor
The shall be a self–contained unit having the function of supporting all logic, memory, and support modules.
The front panel shall include a means for operator communication with the system. Via this means it shall be possible to access or change the status of the program, timers, counters, I/O points, etc.
The shall have the capability of addressing remotely multiplexed I/O modules up to 10,000 cable feet from the processor. The communication link between and remote I/O shall be via coaxial or optical cable.
Program memory shall be solid state RAM (volatile) or magnetic core (non–volatile) type. Both types of memory shall meet the same speed performance, power supply voltages, and environmental specifications.
When RAM memory is supplied, each memory segment shall contain on–board battery backup capable of retaining all stored program data through a continuous power outage of 72 hours under worst case conditions. The capability shall exist to remove all batteries from the system without removing system power.
Input/Output Systems
All communications between I/O modules and the shall be digital in nature.
All external power circuits shall be electrically isolated from all internal logic circuits.
It shall be possible to replace any input or output module without disturbing field wiring.
Each output module shall be provided with a self–contained fuse for overload and short circuit protection.
All user wiring to I/O modules shall be through heavy–duty terminal strips.
A malfunction in any I/O module shall affect the operation of only that I/O channel and not the operation of the or any other I/O channel.
Each I/O Module shall have a light to indicate current status.
Operator Interface
The programming means shall be a lightweight, industrial quality programming terminal. It shall incorporate a CRT and a keyboard for program entry, loading, editing, searching, and monitoring functions, a personnel computer, IBM PC–DOS compatible. No special boards shall be required.
The programming software shall have the capability to interface to an RS–232 compatible printer to generate hard copy ladder diagrams and/or message generation.
The programming software shall interface to magnetic storage media equipment for the purpose of program transfer between the processor and the personnel computer. It shall be possible to load or record the entire contents or selected portions of memory.
The programming software shall have the capability of interfacing with all programmable controller products manufactured by the supplier.

The means to indicate contact or output status shall be by intensification of the contact or output on the CRT. Each element status shall be shown in real time, regardless of circuit configuration.
The programming software shall have the capability to add comments above each ladder logic rung. Capability to add descriptors to all elements shall be provided. Cross references shall be provided for each rung.
Programming
The programming format shall be traditional relay ladder diagram. Other programming languages (C, Fortran, Basic) are acceptable, subject to approval by Owner’s Engineer.
The capability shall exist for adding, removing, or modifying ladder logic rungs during program execution.
The capability shall exist to change a contact from normally open to normally closed, add extra contacts, change timer and counter values, etc. It shall not be necessary to delete and reprogram the entire rung.
A single command or instruction shall suffice to delete an individual ladder diagram rung from memory. It shall not be necessary to delete the entire rung, contact by contact.
It shall be possible to insert ladder diagram rungs anywhere in the program, even between existing rungs, provided there is sufficient memory to accommodate the additions.
Latch functions shall be internal and programmable.
Power Supply
The PLC shall operate with an electrical service of 120 VAC, 60 Hz, nominal. The manufacturer shall provide as standard equipment a system power supply capable of converting the AC line power to the DC power required to operate the controller PLC system.
A single main power supply shall have the capability of supplying power to the processor, main memory, local input/output system, and local peripherals (e.g. timer/counter access module). Auxiliary power supplies shall provide power to remote input/output systems.
The power supply shall monitor incoming AC power and DC power outputs for proper voltage and current levels. Automatically shut down the system shall be provided as long as the levels are not within specifications. Surge protection and isolation shall also be provided.
The power supply shall include diagnostic indicators providing the operator with the status of the AC and DC power applied. External alarm contacts shall be provided.
The power supply shall provide for disabling of power to the via a circuit breaker or power disconnect switch mounted in an easily accessible location.
Interfacing and System Communication
The communication system shall allow information to be transferred speedily and reliably between , remote I/O systems, operator interfaces, additional programmable controllers, computers, etc.
The vendor shall quote as an option standard packages for communication with DEC VAX computers operating in the VMS environment.

Communication interface shall allow a host computer to read sufficient information to determine the PLC and I/O status, contact status, timer conditions, coil states, calculations, and PID parameters from the PLC.
The interface shall support writing sufficient data to start, shutdown, and operate the PLC. The ability to read and write system date and time shall be provided.
The Vendor shall provide information on a bidirectional communication interface for the PLC with Distributed Control Systems. This communication interface shall include:
A RS232C, serial 9600 Baud channel shall be provided. Alternate interfaces may be proposed and are subject to the approval of the Owner’s Engineer.
Communication interface shall allow a host computer or intelligent device to read sufficient information to determine the status, intermediate and final results, and operability of the PLC. The ability to read system date and time shall be provided.
Interface shall support writing sufficient data to start, shutdown, and operate the PLC. The ability to write and set system date and time shall be provided.
The interface should be configured rather than programmed. The vendor shall state the nature of the interface software.
If configurable, all tools and/or facilities needed for IPE to completely reconfigure the interface shall be provided.
If custom programmed, the vendor shall state the language used (FORTRAN, C, PASCAL, assembler, etc.).
Assembly language shall only be used when no other option exists, and shall be limited to the extent possible.
If the interface can be programmed in more than one language, the vendor shall provide quotations for each language variant.
Source code for custom programming shall be provided on magnetic media (IBM PCDOS ASCII Text), as well as any nature of tool or facilities necessary for the Owner to regenerate executable code from the source code and install the new executable code in the vendors equipment.
The interface shall be arranged such that it can be modified by the Owner to add or delete data, or other similar changes. If this requires configuration tools and/or facilities of any type, the vendor shall state explicitly what is required for the reconfiguration, shall provide a description of the reconfiguration procedure, and shall provide these configuration tools as part of the bid.
The interface device shall be self–initializing requiring no manual intervention to recover from events such as power failures, communication line failures, or manual reset of the processing device at either end of the communication link.

SYSTEM SECURITY

Scope

The following sections define IPE’s requirements for design features in PLC equipment which ensure reliable operation and safe failback modes in the event of partial or total system failure.

Minimum Requirements

Applications designated as being in services requiring minimum system security shall meet all requirements defined thus far in this specification. No additional design features are required with respect to system security. In general, these applications are small (less than 20 I/O points) and “very noncritical” in nature.

Normal Requirements
Applications designated as being in services requiring normal system security shall meet all requirements defined thus far in this specification, with additional requirements as defined in this section.
The PLC system shall have continuous on–line diagnostics which will detect malfunction or failure in the operating system, program memory, or communication system. I/O diagnostics are preferred but not required.
Each I/O module shall have its own field power connections to permit wiring of I/O points in series or parallel for redundancy.
The system shall generate an alarm output when any malfunction is detected.
When a fault is detected in the the system shall shut itself down, i.e. turn all outputs off (deenergized) or to a preprogrammed status.
The system shall make repeated attempts at successful communication with remote equipment before a communication fault diagnostic is issued. Upon communication failure the system shall shut down all equipment which operates via that communication link, except where the link has only supervisory control functions. In the latter case the equipment on the link shall revert to a stand alone mode.
High Reliability Requirements
Applications designated as requiring high system reliability shall meet all requirements defined in Section 7.3 of this Practice, with additional requirements as defined in this section.
The system shall be able to incorporate sufficient redundancy and design features such that no single point failure will alter the behavior of the control system as “seen” by the process. This implies that the system must detect any malfunction or failure in the ’s, I/O system(s), or communication link(s), and that switch–over to backup equipment shall be automatic and transparent to the process.
It shall be possible to remove or install any or all of the system’s backup hardware during normal operation.
The backup shall run in a “hot standby” mode with its program memory updated once per scan of the primary program to ensure identical logic configuration, I/O status, timer and counter status, etc.
Failure detection in any backup hardware component shall preclude switch–over to that component.

The system shall generate an alarm output when any failure is detected in the system or when any switch–over occurs.
The fault detection system shall add a minimal amount to the scan time.
Redundant configuration of the system shall have little or no impact on programming, i.e. the system shall be programmed as if it were a standalone controller.
The system shall incorporate a means for manual override such that the redundant components can be locked out of the system.

INSPECTION AND TEST

Before shipment the vendor shall provide written notification to the Owner of an acceptance test and include all details of the procedure. The acceptance test shall demonstrate to the satisfaction of the Owner, that the system performs all functions as described in this Practice. All testing designated by the vendor as acceptance testing shall take place in the presence of the Owner’s Engineer or inspector and witnessed by the vendor.
All system hardware, peripherals, etc., used for acceptance testing shall be complete as specified and shall be the actual equipment to be shipped to the jobsite.

© 2026 Inflection Point Engineering, LLC. All rights reserved. The content of this page — including calculation methods, reference data, written analysis, interactive tools, and source code — is the intellectual property of Inflection Point Engineering, LLC and is protected under applicable copyright, trademark, and trade secret laws. Unauthorized reproduction, redistribution, modification, or derivative use in whole or in part is prohibited without prior written consent.

Disclaimer. This material is provided for informational and educational purposes only and does not constitute professional engineering advice. Calculations, reference data, and methodologies are based on published standards and accepted engineering practice but are not a substitute for engineering judgment, site-specific analysis, or review by a licensed Professional Engineer. Inflection Point Engineering, LLC makes no warranties, express or implied, regarding the accuracy, completeness, or fitness for a particular purpose of any content presented here, and shall not be liable for any direct, indirect, incidental, or consequential damages arising from its use. Users assume all risk associated with applying this content to real-world design, operations, or decisions.