What is a fail safe design?
What is a fail safe design?
(OP)
Guys,
I have been wondering, what do people mean by designing a fail-safe design e.g. shutdown system? I've give it a scenario. Is it :
a) When there is a power/supply failure in a system, all the shutdown system will go into a safe state, whereas shutdown valves shall be closed and blowdown valves shall be open? (fail close & fail open valves).
or
b) When there is a power/supply failure in a system, all the shutdown system would be unaffected and remain running flawlessly at it's healthy / initial state?
Hope you guys help to explain this for me, because I'm getting pretty much confused with all the variations of answers from my colleagues.
Thank you in advance.
I have been wondering, what do people mean by designing a fail-safe design e.g. shutdown system? I've give it a scenario. Is it :
a) When there is a power/supply failure in a system, all the shutdown system will go into a safe state, whereas shutdown valves shall be closed and blowdown valves shall be open? (fail close & fail open valves).
or
b) When there is a power/supply failure in a system, all the shutdown system would be unaffected and remain running flawlessly at it's healthy / initial state?
Hope you guys help to explain this for me, because I'm getting pretty much confused with all the variations of answers from my colleagues.
Thank you in advance.





RE: What is a fail safe design?
That said, a system that remains running safely, regardless of failure is technically "fault tolerant," although one could consider that to be "fail safe" as well. However, since such a system is still running with failed components, you cannot tell that it's overtly failed, and may wind up ignoring, or not fixing, the failure, potentially leading to a worse problem later.
TTFN
FAQ731-376: Eng-Tips.com Forum Policies
RE: What is a fail safe design?
Often blowdown valves are not exactly fail safe. I worked projects where the blowdown valve would not open upon loss of the electrical signal but would open upon loss of pneumatic supply.
Some type actuators without a spring use other stored energy that can move the valve for one or two cycles. An example is a vane actuator or double acting piston with gas or air accummulator, perhaps pressuring hydraulic oil. However if a fire ruptures the tubing from the stored energy source the valve would not move. This could be designed to "fail safe" electrically but would not actually be fail safe. Some systems are suitable for this level of failure. However if the requirement is really fail safe then it requires mechanical energy from a spring, stored pneumatic energy is not adequate.
RE: What is a fail safe design?
Notice how both of the posts above are careful NOT to specify a generic fail position. That is exactly correct. Each valve needs to be evaluated for each failure mode. For example, on loss of air I want a dump valve to fail shut, but I want a throttle valve to fail as is. It is very rare for you to want a vent to fail open (but it can happen, the Engineer needs to do that analysis and decide).
"Fail Safe" is absolutely not synonymous with "Fail Shut", "Fail Open", or "Fail As Is". I have seen situations where an actuated block valve was adjacent to an actuated throttle valve--in that particular situation the block valve was Fail-Closed on all failure scenarios and the throttle valve was Fail-As-In on all scenarios.
By "failure", control valve scenarios are all "loss of control" not process failure. You can set program logic to close a block valve on high fluid level, that is "control" not "failure". It is important not to confuse the two. If you have a pneumatic valve that has the air supply controlled by a solenoid valve then you need to decide what you want the valve to do if you lose electricity in the shut mode, what to do if you lose electricity in the open mode, what to do if you lose pneumatic pressure.
"Fail Safe" is a Hollywood term that does not convey adequate precision to be a useful Engineering term.
David Simpson, PE
MuleShoe Engineering
www.muleshoe-eng.com
Please see FAQ731-376: Eng-Tips.com Forum Policies for tips on how to make the best use of Eng-Tips Fora.
"It is always a poor idea to ask your Bridge Club for medical advice or a collection of geek engineers for legal advice"
RE: What is a fail safe design?
My response is dancing around the valve actuators furnished by another contractor at the request of an operating company for riser valves on offshore platforms in a country south of the USA. Most of these valves ranging from NPS 24 to NPS 36 including sour gas and acid gas used vane type actuators. In the event of a fire the stored energy could not close the valves. The actuators have hand hydraulic pumps at the valves in the cellar level below the unit operating decks. In the event of a fire with damage to the tubing, no operator short of "Superman" would pump the hydraulic jacks the hundred or more strokes to close a valve even if the hand jacks could work.
Instead of the vane actuators, one contractor used a single acting Scotch yoke style piston actuator on instrument air - with a backup air supply accummulator and double check valves on the air system. I suppose that the accummulator assures adequate air flow when opening the valve. This was a safer installation for the application.
I think that the fail-last positioners that come to mind apply to dampers on balanced draft heaters.
RE: What is a fail safe design?
So the conclusion is that, a fail safe shutdown valve would in particular shall have a mechanical drive (spring return) to move it to a predetermined safe position.
And, vane or double piston valves are not actually fail safe, reason being that the accumulator / source can be interrupted.
In other words, when there is power source (i.e. pneumatic, hydraulic or electric) loss, any shutdown valves shall react as per the Cause and Effect matrix (predetermined) state.
Please correct me if I'm still in the wrong regime & thanks again.
RE: What is a fail safe design?
David
RE: What is a fail safe design?
Only then can you determine what mitigations you must apply, if any, and re-analyze your mitigation design for its failure modes and effects.
TTFN
FAQ731-376: Eng-Tips.com Forum Policies
RE: What is a fail safe design?
David
RE: What is a fail safe design?
We get paid by the hour for our "job" so everything needs to be named
TTFN
FAQ731-376: Eng-Tips.com Forum Policies