When I put together a machine that ran off a plc, the Cat 0 Estop had to be totally independent of the plc. It would immediately cut power to the drill motor, tapping motor, air solenoids, and so on, so that the plc couldn't control anything on the machine.
Within the program itself were all the various things the machine did in the event of all the operator errors I could think of, like inadaquate air pressure for the heads or part shuttle, inadaquate hydraulic pressure for the clamp in the part fixture and so on.
Usually in that case, the machine wouldn't either turn or do anything if it was already running, and would leave me sitting there scratching my head until I remembered what I forgot to do. If it lost pressure or had impossible sensor readings, or none, while operatinig, it would do whatever I had programmed for that event - then it would just stay there, still leaving me scratching my head.
Cheers,
Jim