Key takeaways
Short answer: PLC redundancy means duplicate hardware. Failover means automatic switchover when the primary fails. Cold standby requires manual intervention; hot standby is automatic and seamless. Critical safety and continuous-process lines need full redundancy; most production lines can tolerate a 30-minute swap. The right protection depends on tolerance for downtime, not just budget. See also oee for manufacturing.
Redundancy duplicates hardware so a single failure does not stop the process. It guards against PLC, power-supply and communication-module failures — and, with N+1 sensors, against individual sensor failures too. It is about removing single points of failure, not about how fast you recover.
Failover describes how the backup takes over. The modes trade cost against recovery speed: cold standby is cheapest and slowest, hot standby is most expensive and fastest.
A continuous chemical process cannot tolerate any stop, so its PLC runs hot standby — a synchronised backup takes over in milliseconds if the primary fails, and the process never notices. A discrete machining line down the hall runs cold standby: if its PLC fails, a technician swaps in the spare in about 25 minutes, which the line's schedule can absorb. Same technology choice, opposite answers — decided entirely by how much downtime each process can tolerate, not by which is "better."
Hot standby for continuous processes, safety-critical applications and very high downtime cost; cold standby where 30 minutes of downtime is acceptable and budget is a real constraint. The decision is a downtime-tolerance decision first, a budget decision second.
Cold standby costs roughly a spare PLC; hot standby costs two to three times more plus engineering complexity. Whichever you choose, test the failover regularly — an untested standby that does not actually take over when needed is worse than no plan, because it creates false confidence.
1. Full redundancy where it is not needed. Capital wasted on assets that tolerate a swap.
2. No redundancy where it is needed. Days of downtime when a critical PLC fails.
3. Redundancy never tested. Failover does not work when it finally matters.
4. Hot standby without state sync. The switchover loses process state.
Plants with frequent PLC failures see Availability damaged at the worst times. The right protection — matched to downtime tolerance — prevents an OEE catastrophe on critical assets while avoiding overspend on ones that can simply be swapped.
Fabrico buffers data during a PLC failure and syncs on recovery, so a controller event does not create a hole in your OEE history. Book a demo to see resilient data capture.
No — match it to downtime tolerance; many assets tolerate a manual swap.
Quarterly at minimum — an untested standby may not work when needed.
Controls engineering.
An independent decision per critical sensor, based on its consequence of failure.
Only where the process cannot tolerate any stop — otherwise cold standby is far cheaper.
Programați o întâlnire individuală cu experții noștri sau înscrieți-vă direct în planul nostru gratuit.
Nu este nevoie de card de credit!
Login
Blog
