NO. The CCPS book argues that routing two BPCS protection layers (with different sensors and actuators) through the same PLC / DCS is permissible because the random hardware failure rate of the logic solver is insignificant when compared to the failure rates of the sensors and final elements (valves). However, IEC 61511 does not recognise these as independent protection layers – at best one x10 risk reduction credit could be taken. IEC 61511 even highlights that “hot standby” controllers cannot be used to justify independence. While CCPS only considers random hardware failure rates, the independence requirements established by IEC 61511 also consider the impact that human errors (systematic failures) could have on the logic solver, which experience shows have been significant contributors to faults.