Physical isolation is the foundation of lockout/tagout, but it is not the only barrier available. Logical lockout adds a software-enforced layer: by integrating the LOTO platform with the plant control system through OPC DA/UA, equipment can be blocked and interlocked in the control logic itself the instant a lockout is applied — and automatically prevented from re-energizing while the procedure is active.
A padlock on a disconnect is a robust, visible barrier — and it remains the legal foundation of LOTO. But the control system that drives the equipment has no awareness of it: a remote start command, an automation sequence, or a human at the HMI can still attempt to energize the asset, relying entirely on the physical isolation to stop it. Logical lockout closes that awareness gap inside the control layer.
Logical lockout makes the control system itself refuse to run a locked-out asset. When a lockout is applied in the safety platform, the control logic places the equipment in a blocked, interlocked state: start commands are inhibited, automation sequences skip the asset, and any attempt to energize is rejected by the controller. The result is defense in depth — a software barrier layered on top of the physical lock, not instead of it.
OPC (OLE for Process Control) — in its classic DA form and the modern, secure UA form — is the standardized interface through which platforms exchange real-time data and commands with PLCs, DCS and SCADA across vendors. Through OPC DA/UA, the LOTO platform can read the live state of an asset and write the interlock that blocks it, without bespoke drivers for every controller make and model.
When an authorized worker applies a LOTO in the platform, it issues an OPC command that sets the equipment interlock in the control system. The controller now refuses to start the asset regardless of where the start request originates. When the procedure is released — after verification and authorization — the platform clears the interlock through the same channel. Every transition is logged, tying the control-system state to the identified worker and the procedure.
Logical lockout is a complement, not a substitute. It does not relax the requirement for physical isolation and zero-energy verification; a software interlock alone is not a substitute for a lock on an isolating device. Its value is in catching the failure modes physical isolation cannot see — remote and automated start attempts — and in giving the control system the same awareness of the lockout that the padlock gives the field.
Reaching into the control system demands rigor. OPC UA provides authentication, encryption and signed messages, and an on-premise architecture keeps the integration inside the plant network rather than exposing control assets to the cloud. The interlock path is one-directional in intent — the platform blocks and releases under authorization — and every command is authenticated, logged and auditable, consistent with IEC 62443 expectations for industrial control security.
Schedule a Strategic Risk Assessment with our experts. Horus integrates with your existing CMMS and ERP to deliver Operational Excellence from day one.