Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

Fail-operational design

A fail-operational design allows system functions to continue safely until corrective action is possible. This type of design is preferred since there is no loss of function. An example is the fail-safe operational orientation of the control rods on nuclear reactors, which automatically drop into place to reduce the reaction rate if it exceeds a preset limit. [Pg.135]

Fail Operational, Fail Safe A fail operational design which also remains acceptably safe. [Pg.207]

Fail-safe Design features that provide for the maintenanee of safe operating eonditions in the event of a malfunetioning eontrol deviee or an interruption of an energy souree (e.g., direetion of failure of a motor-operated valve on loss of motor power). [Pg.1013]

A fail-active design maintains an energized condition that keeps the system in a safe operating mode until (a) corrective and overriding action occurs or (b) activates an alternative system to eliminate the possibility of an accident... [Pg.135]

A fail-active design might be a monitor system that activates a visual or audible indicator if a failure or adverse condition is detected in a critical operation. [Pg.135]

A battery-operated smoke detector is an example of a fail-active design. [Pg.135]

Safety interlocks, common to machinery, provide a means either of preventing operator access to a hazardous area until the hazard is removed or of automatically removing the hazardous condition (i.e., electric shock, moving parts) when access is gained. Safety interlocks have special requirements, such as fail-safe design, positive opening, and nonoverridable type. [Pg.87]

No discussion of crew responses to system failure is complete without considering the Fail Safe design concept. A system is fail safe if, in the event of a failure, the system or component automatically reverts to one of a small set of states known to be safe and thereafter operates in a highly restricted mode. This may involve complete loss of functionality, or reverting to back-up/redundant features. See AMC25.1309 (Amend 17, para 6b) and Kritzinger (2006, Chapter 7) for more information on this topic. [Pg.338]

The latches are also of fail-safe design, because loss of eiectri cal power or burnout of the latch solenoids will permit the rods to drop. The IXX safety circuit utilizes two sets of closed contacts in series from the primary sensing elements such as power relays, Beckmans, Paneilit, etc. The opening of any one contact will de-energize the associated IXX or IXXA relay and scram the VSR s, This is a form of parallel redundancy. In this case, fail safe operation, i,e rod insertion, will occur for almost any circuit contact or relay malfunction. [Pg.55]

The nuclear system protection system initiates the rapid insertion of the control rods to shut down the reactor. The system is of the fail-safe design where it will trip on loss of electrical power but will not trip and cause a scram on the loss of a single power source. The four trip channels are physically separated from each other and from other equipment precluding the possibility of interactions that could cause possible false scrams or failure to scram. The logic requires a manual reset by the operator, which is automatically inhibited for 10 s. One reset switch is used for each trip channel. Failure of a single trip channel, division logic, or a system component will not prevent the normal protective action of the nuclear system protection system. [Pg.136]

The ability to shutdown the process, independent of the BPCS controller and SIS logic, solver may be required for some applications. The current editions of NFPA 85 and NFPA 86 require independent means for equipment covered by these practices. The SIS logic solver has a very low failure rate, but what will you do when it fails Even with the very low failure rate, programmable electronic systems can fail. Equipment safety manuals may specifically require independence, especially for SIL 3 applications. When non-fail-safe design is used, e.g., energize to shutdown, independent shutdown facilities should be provided that do not require the SIF support system to be operational. [Pg.226]

Fail Operational A design characteristic which allows continued operation of a system or subsystem despite a discrete failure. [Pg.207]

Fail sale design the typical dynamic operation of the microprocessor technology allow to detect most of the malfunctions through internal self-diagnostic and to take fail safe actions in case of failure. [Pg.107]

Sinha, P. Architectural design and reliability analysis of a fail-operational brake-by-wire system from ISO 26262 perspectives. Reliability Engineering System Safety, 1349-1359 (2011)... [Pg.80]

ISO 26262 allows different ASIL for software in one microcontroller, and also having legacy software, software which have not been developed according a safety-standard or software from foreign sources in a sufficient separated environment. But except, to perform an adequate Analysis of dependent failure the standards provide no guidance. How to design fault-tolerant or even fail-operational architectures and designs and how to deal with such horizontal barriers are not considered in ISO 26262. [Pg.132]

A fail-safe design must be thoroughly tested before the system is put into production and operation to verify that the actual implementation covers all possible potential failure conditions. It should be noted that fail-safe operation does not nominally apply to normal system operation, but rather only to abnormal system operation. The goal of a fail-safe design is to make the system as tolerant as possible to likely failures such that the system defaults to the safest state upon the occurrence of a failure. [Pg.143]

Fail-safe is a system characteristic whereby any malfunction affecting safety will cause the system to revert to a state that is known to be within acceptable risk parameters. Fail-safe provides the ability to sustain a failure and retain safe control of the system or operation, or revert to a state which will not cause a mishap. A fail-safe design should be provided in those areas where failure can cause catastrophic damage to equipment, injury to personnel, or inadvertent operation of critical equipment (source MIL-STD-1472E Human Engineering, Design Criteria Standard, 1998). [Pg.144]

In order to achieve fail operational behavioiu of the safety critical steering function, the Guidance System is developed by defining and managing adequate risk reduction strategies in terms of mitigating measures in system design and application conditions for each safety-related hazard such as ... [Pg.122]

When certifying a new (or modified) system, designers concentrate on the technical integrity of the system which has been designed around an operational requirement. For a number of years, aeroplane systems were evaluated to specific requirements, to the single fault criterion, or to the fail-safe design concept (see Chapter 7). [Pg.57]

The high levels of functional safety needed from essential systems are usually achieved by some form of fail-safe design. The fail-safe design concept considers the effects of failures and combinations of failure in defining a safe design. The application of the fail-safe concept is probably the most important discipline involved in the design of systems and operations. It has evolved over many years. The definition first appeared in the dictionary in the mid-1950s after the final reports on the Comet disasters were published. [Pg.95]

Fail-operational A characteristic in design which permits continued operation in spite of the occurrence of a discrete malfunction. [Pg.327]

Safety-related equipment, safeguards, and possible alternative approaches (e.g., monitoring, interlocks, system redundancy, hardware or software fail-operational/fail-safe design considerations, subsystem protection, fire detection/suppression systems, personal protective equipment, ventilation, and noise or radiation attenuation)... [Pg.44]

The service provided by maintenance engineering was traditionally that of repairing equipment items when they failed. This is no longer the case, and a maintenance department is now pro-active rather than reactive in its approach. Maintenance of equipment items will be an important consideration in the FDP, because the mode and cost of maintaining equipment plays an important part in the facilities design and in the mode of operation. [Pg.286]

See other pages where Fail-operational design is mentioned: [Pg.201]    [Pg.201]    [Pg.234]    [Pg.561]    [Pg.219]    [Pg.55]    [Pg.35]    [Pg.811]    [Pg.1422]    [Pg.148]    [Pg.9]    [Pg.90]    [Pg.6]    [Pg.515]    [Pg.143]    [Pg.143]    [Pg.118]    [Pg.61]    [Pg.12]    [Pg.115]    [Pg.14]    [Pg.77]    [Pg.103]    [Pg.37]    [Pg.111]    [Pg.425]    [Pg.54]   
See also in sourсe #XX -- [ Pg.135 ]



SEARCH



Fail-operational

© 2024 chempedia.info