×
INTELLIGENT WORK FORUMS
FOR ENGINEERING PROFESSIONALS

Log In

Come Join Us!

Are you an
Engineering professional?
Join Eng-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Eng-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

What is a fail safe design?

What is a fail safe design?

What is a fail safe design?

(OP)
Guys,

I have been wondering, what do people mean by designing a fail-safe design e.g. shutdown system? I've give it a scenario. Is it :

a) When there is a power/supply failure in a system, all the shutdown system will go into a safe state, whereas shutdown valves shall be closed and blowdown valves shall be open? (fail close & fail open valves).

or

b) When there is a power/supply failure in a system, all the shutdown system would be unaffected and remain running flawlessly at it's healthy / initial state?

Hope you guys help to explain this for me, because I'm getting pretty much confused with all the variations of answers from my colleagues.

Thank you in advance.  

RE: What is a fail safe design?

By definition, it's a system that remains safe, regardless of the failure mode.  That usually means that the system ceases operation in safe manner.  How you implement that is up to you.  

That said, a system that remains running safely, regardless of failure is technically "fault tolerant," although one could consider that to be "fail safe" as well.  However, since such a system is still running with failed components, you cannot tell that it's overtly failed, and may wind up ignoring, or not fixing, the failure, potentially leading to a worse problem later.

TTFN

FAQ731-376: Eng-Tips.com Forum Policies

RE: What is a fail safe design?

For field devices such as shutdown valves, fail safe requires a spring that moves the valve to the predetermined safe position upon loss of energy sources.  If you loose either the power to a solenoid valve or the pneumatic supply a shutdown valve would close.

Often blowdown valves are not exactly fail safe.  I worked projects where the blowdown valve would not open upon loss of the electrical signal but would open upon loss of pneumatic supply.

Some type actuators without a spring use other stored energy that can move the valve for one or two cycles.  An example is a vane actuator or double acting piston with gas or air accummulator, perhaps pressuring hydraulic oil.  However if a fire ruptures the tubing from the stored energy source the valve would not move.  This could be designed to "fail safe" electrically but would not actually be fail safe.  Some systems are suitable for this level of failure.  However if the requirement is really fail safe then it requires mechanical energy from a spring, stored pneumatic energy is not adequate.

RE: What is a fail safe design?

zrzr,
Notice how both of the posts above are careful NOT to specify a generic fail position.  That is exactly correct.  Each valve needs to be evaluated for each failure mode.  For example, on loss of air I want a dump valve to fail shut, but I want a throttle valve to fail as is.  It is very rare for you to want a vent to fail open (but it can happen, the Engineer needs to do that analysis and decide).

"Fail Safe" is absolutely not synonymous with "Fail Shut", "Fail Open", or "Fail As Is".  I have seen situations where an actuated block valve was adjacent to an actuated throttle valve--in that particular situation the block valve was Fail-Closed on all failure scenarios and the throttle valve was Fail-As-In on all scenarios.  

By "failure", control valve scenarios are all "loss of control" not process failure.  You can set program logic to close a block valve on high fluid level, that is "control" not "failure".  It is important not to confuse the two.  If you have a pneumatic valve that has the air supply controlled by a solenoid valve then you need to decide what you want the valve to do if you lose electricity in the shut mode, what to do if you lose electricity in the open mode, what to do if you lose pneumatic pressure.

"Fail Safe" is a Hollywood term that does not convey adequate precision to be a useful Engineering term.
 

David Simpson, PE
MuleShoe Engineering
www.muleshoe-eng.com
Please see FAQ731-376: Eng-Tips.com Forum Policies for tips on how to make the best use of Eng-Tips Fora.

"It is always a poor idea to ask your Bridge Club for medical advice or a collection of geek engineers for legal advice"

RE: What is a fail safe design?

My post was early, 6:03 a.m. in my time zone.  I avoided safety shutdown system details and measurement instrument failure details.

My response is dancing around the valve actuators furnished by another contractor at the request of an operating company for riser valves on offshore platforms in a country south of the USA.  Most of these valves ranging from NPS 24 to NPS 36 including sour gas and acid gas used vane type actuators.  In the event of a fire the stored energy could not close the valves.  The actuators have hand hydraulic pumps at the valves in the cellar level below the unit operating decks.  In the event of a fire with damage to the tubing, no operator short of "Superman" would pump the hydraulic jacks the hundred or more strokes to close a valve even if the hand jacks could work.

Instead of the vane actuators, one contractor used a single acting Scotch yoke style piston actuator on instrument air - with a backup air supply accummulator and double check valves on the air system.  I suppose that the accummulator assures adequate air flow when opening the valve.  This was a safer installation for the application.

I think that the fail-last positioners that come to mind apply to dampers on balanced draft heaters.

RE: What is a fail safe design?

(OP)
Thank you so much guys for the answers.

So the conclusion is that, a fail safe shutdown valve would in particular shall have a mechanical drive (spring return) to move it to a predetermined safe position.

And, vane or double piston valves are not actually fail safe, reason being that the accumulator / source can be interrupted.

In other words, when there is power source (i.e. pneumatic, hydraulic or electric) loss, any shutdown valves shall react as per the Cause and Effect matrix (predetermined) state.

Please correct me if I'm still in the wrong regime & thanks again.

RE: What is a fail safe design?

The important thing you left out of your synopsis is that you need to write down everything that can fail and determine what position you want each control valve in if that failure happens.  There can be any number of failures and every one of them needs a decision.  Sometimes you need springs.  Sometimes you need accumulators.  Sometimes you don't need anything (e.g., a valve that is driven in both directions could very easily be safest if it is Fail-As-Is).

David

RE: What is a fail safe design?

Not sure what everyone else calls it, but in aerospace, one does a Failure Modes, Effects, and Criticality Analysis (FMECA) prior to doing the mitigation design.  You have to identify all the failure modes, what the impact and effect of the failures are going to be, the criticality of the failure, i.e., will it cause catastrophic consequences, kill people, maim people, or slag the hardware.

Only then can you determine what mitigations you must apply, if any, and re-analyze your mitigation design for its failure modes and effects.

TTFN

FAQ731-376: Eng-Tips.com Forum Policies

RE: What is a fail safe design?

IRstuff, it is a WAY bigger deal in aerospace than most anywhere else (and rightly so).  I think in most industries they call it "Engineering" or "doing your damned job".

David

RE: What is a fail safe design?

It's actually a "big" deal in anything electronic.  You could have, literally, millions of potential failures withing a single circuit board.

We get paid by the hour for our "job" so everything needs to be named winky smile

TTFN

FAQ731-376: Eng-Tips.com Forum Policies

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Eng-Tips Forums free from inappropriate posts.
The Eng-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Eng-Tips forums is a member-only feature.

Click Here to join Eng-Tips and talk with other members!


Resources