Fail-safe definition

For ESD isolation valves (i.e., EIVs) a fail safe mode is normally defined as fail closed in order to prevent the continued flow of fuel to the incident. Blowdown or depressurization valves would be specified as fail open to allow inventories to be disposed of during an incident. Special circumstances may require the use of a foil steady valve for operational or performance reasons. These applications are usually at isolation valves at components, i.e., individual vessels, pumps, etc., where a backup EIV is provided at the battery limits that is specified as fail closed. The fail safe mode can be defined by the action that is taken when the ESD system is activated. Since the function of the ESD system is to place the facility in its safest mode, by definition the ESD activation mode is the foil safe mode. 

Most practitioners define "Fail-Safe" for an instrument as a failure that causes a "false or spurious" trip of a safety instrumented function unless that trip is prevented by the architecture of the safety instrumented function. Many formal definitions have been attempted that include "a failure which causes the system to go to a safe state or increases the probability of going to a safe state." This definition is useful at the system level and includes many cases where redundant architectures are used. 

An annunciation failure is therefore defined as a failure that prevents automatic diagnostics from detecting or annunciating that a failure has occurred inside the equipment. Note that the failure may be within the equipment that fails or inside an external piece of equipment designed for the purpose of automatic diagnostics. These failures would be classified as "Fail-Safe" in the definition provided in lEC 61508. 

Such coincidence circuits increase operating continuity and reliability for only a very small decrease in reactor safety. Even then, the definition of safety must be precise as this term may have different meanings as were covered by fail-safe for the VSR s and Ball 3X System. 

Definition of hazard, risk discussions on likelihood, consequence risk — register, matrix, ranking. Consequence ranking, preliminary hazard analysis tolerance point—ALARP refreshing on mathematics, fault tolerance, plant ageing, and basic functional safety fail safe operations in plants. 

By the strictest definition, a fail-safe system is one that cannot cause harm when it fails. The term fail-safe is used to describe a device which, when it fails, fails in a way that will cause no harm or at least a minimum of harm to other devices or danger to personnel. Fail-safe is a system safety concept that, in theory, is intended to ensure a system remains safe, or in a safe state, in the event of a failure, thereby preventing a mishap while alternative action is being... 

The high levels of functional safety needed from essential systems are usually achieved by some form of fail-safe design. The fail-safe design concept considers the effects of failures and combinations of failure in defining a safe design. The application of the fail-safe concept is probably the most important discipline involved in the design of systems and operations. It has evolved over many years. The definition first appeared in the dictionary in the mid-1950s after the final reports on the Comet disasters were published. 

Although the traditional point of reference for safety interlock systems is a hard-wired implementation, a programmed implementation is an alternative. The potential for latent defects in software implementation is a definite concern. Another concern is that solid-state components are not guaranteed to fail to the safe state. The former is addressed by extensive testing the latter is addressed by manufacturer-supplied and/or user-supplied diagnostics that are routinely executed by the processor within the safety interlock system. Although issues must be addressed in programmable implementations, the hard-wired implementations are not perfect either. 

As chemicals are inspected, there needs to be a definition by the facility as to what constitutes an unacceptable risk (or unsafe). If unsafe is not defined, then one cannot determine when a container fails inspection. If needed, review commercial industry practices for reported safe storage times before chemical disposition occurs. DOE sites could also determine what other DOE sites are doing. 

The rationale behind the definitions of iow demand mode and high demand or continuous mode in lEC 61508 is based on the failure behaviour of a safety-related system due to random hardware faults. Underlying much of the reasoning is the distinction between safety-functions that only operate on demand and those that operate continuously . A safety function that operates on demand has no influence until a demand arises, at which time the safety function acts to transfer the associated equipment into a safe state. A simple example of such a safety function is a high level trip on a liquid storage tank. The level of liquid in the tank is controlled in normal operation by a separate control system, but is monitored by the safety-related system. If a fault develops in the level control system that causes the level to exceed a pre-determined value, then the safety-related system closes the feed valve. With such a safety function, a hazardous event (in this case, overspill) will only occur if the safety function is in a failed state at the time a demand (resulting from a failure of the associated equipment or equipment control system) occurs. A failure of the safety function will not, of itself, lead to a hazardous event. This model is illustrated in Figure 4. 

For example, by failing to offer a technical definition of security, the SEC has left unresolved the potential need for provision of detailed offering materials for the sale of Tenant-in-Common interests under the Tax-Deferred Exchange section (I1031) of the US Federal Tax Code. Cf the continuing absence of a safe harbor definition for insider trading. ... 

---