Log In

Come Join Us!

Are you an
Engineering professional?
Join Eng-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Eng-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Siemens safety or fail safe technology

Siemens safety or fail safe technology

Siemens safety or fail safe technology

Hi guys, about fail-safe technology/signals, for what i read it is force plant into safe state after shut-down. I work in paper industry, and for the press section of the paper machine there are some fail safe signals. Practically i know (correct me if i am wrong), that unlike standard signals, for fail-safe we double (physically) signals(the master or first signal and the same compared signal) and if one of them fail we have a fault. How this help to increase safety for the machine and the people , compare to standard (non fail-safe) signals. Thank you in advance

RE: Siemens safety or fail safe technology

True fail safe is difficult and complex for some, and the term is as abused as "conservative" perhaps.

I am absolutely certain that the G.E. nuclear generating stations and systems that blew-up in Japan, were "fail-safe" according to someone. I hope that standards have risen.

Using primary and alternate signals or checksum schemes are common for various systems, but niether are failsafe, nor are systems with "hot backup", RAID, or UPS, simply because they have some limited "fault tolerant" aspects.

To be truly a fail-safe system, a start-up protocol and sequence must be followed, and many elements or sub-systems will need to be over-ridden and also brought through individual starting or readying sequences. Interlocking must be correctly used to disable incorrect startup and shutdown sequencing.

Fail-safe control systems or signalling networks must be used to allow the plant to enter a "run" or "ready" state, and the plant must shut-off in an orderly fashion without any intervention when that "ready" condition is interrupted or lost for whatever the safe "carry over" time is determined to be. A fail-safe control system typically can, and does, produce output which is of unacceptable quality at the beginning and/or end of "run" cycles, but that output is not unsafe to the plants operators, surrounding environment, or mechanism.


(Me,,,wrong? ...aw, just fine-tuning my sarcasm!)

RE: Siemens safety or fail safe technology

Fail safe. The path to Hell is paved with good intentions.

There are no fail-safe systems.

They can fail safe under certain circumstances. And for a limited time. And as long as assumed operating conditions, which may include widely varying supply voltage, pressure, temperatures, vibration, pollution, corrosion, human shortcomings, rodent, fungus, objects falling out of the sky, earth-quakes (Keith had one the other day), floods and other common phenomena. But, the list is not complete. And even if the a system is able to fail safely under one of the circumstances mentioned in the list - what if two of them hit at the same time? Or if something unexpected, not in the list, happens?

Personally, I have seen so many unexpected things happen during my 50+ activity in industrial automation that I refuse to accept Fail Safe any more than I accept the idea of life after death.

Not even Fail Gracefully seems to be a practical reality. The best one can hope for is Fail With Reduced Damage. But Nature finds ways to circumvent even that.

Much more could be said about Fail Safe. But be aware that it is mostly a snake oil peddling term. Experience, knowledge and enough time to implement and test a system is essential. The redundancy, check-sum or even simple choice of active polarity techniques work when it comes to HW or certain SW fails. But, there should be supervision included in the system. A redundant system that carries on without indicating that there is a problem will be no better than a non-redundant system.

One quite elaborate system that I have worked with had three parallel computers doing exactly the same thing and there was a bus cycle supervision so that, if one system deviated from the others, the deviating system was switched off and the two "agreeing" systems carried on controlling the system. It looked very good, in theory, but having a problem in the system also meant that the speed (commuter and subway trains) had to be reduced to around 20 mph. And that happened so often that the system became useless. Good intentions and the way to Hell...

Gunnar Englund
Half full - Half empty? I don't mind. It's what in it that counts.

RE: Siemens safety or fail safe technology

TheoPapad - A fail safe design is typically comprised of one or more elements that work in unison to bring a machine or process to a safe state in the event of a device or system failure. The technique you describe, redundancy, can be used to help achieve a fail safe design.
Redundancy helps to achieve a fail safe design by decreasing the probability of failure on demand, in a 1oo2 voting scheme. i.e. when you push a stop button the machine stops. Continuing with this example, and to complement our fail safe design we can use a de-energize to stop input signal. For example the stop switch would be normally energized when the equipment is running, if the stop push button is pressed, the input signal is de-energized and the machine shuts down. This positive feedback (switch input) during normal operation helps us detect a faulty switch, circuit and/or loss of power.
It is important to remember that more (redundancy) is not always better. By adding the extra input and voting as described, we introduce another concept known as spurious trip. In other words, we are quite certain the machine will stop when we press the button, however since there are 2 buttons we have increased the likelihood that the machine will shutdown due to faulty switch, circuit, etc...Equipment shutdown also has consequences such as loss of production, increased personnel risk during machine stop/start, etc...
So there is no one size fits all and more is not always better. The need and requirements for a fail safe design are determined by folks who have experience in reliability engineering, functional safety and process engineering.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Eng-Tips Forums free from inappropriate posts.
The Eng-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Eng-Tips forums is a member-only feature.

Click Here to join Eng-Tips and talk with other members!


Close Box

Join Eng-Tips® Today!

Join your peers on the Internet's largest technical engineering professional community.
It's easy to join and it's free.

Here's Why Members Love Eng-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close