Fail-safe operations

The eddy current brake controls for the power recovery string are designed for fail-safe operation of the eddy current brake. These controls provide all of the logic required to make the eddy current brake recovery string a viable contender for recovering power from previously wasted energy. 

More difficult to provide for positive fail-safe operation. 

It is virtually impossible to design a fail-safe operation of a chemical process. However, many companies have attempted to minimize liazardous conditions by developing a systematic approach to process design. Implemention of these acdons hoped to aeliieve maximmn protection to personnel, equipment, and die public. 

In a lot of literature, the fail-safe operation of a pilot valve is questionable due to the potential accumulation of dirt, hydrates, and so on, in the pilot supply lines. 

Man/machine interface. The man/machine interface was designed to allow for an easy and fail-safe operation with a minimiun training effort for the personal. The dialog with the microcomputer is performed by menu. Each menu shows clearly all functions and corrunands that can be activated in the actual system state. Just three keys are necessary to control the command dialog. A CURSOR is used to jiunp from command to command. An EXECUTE key is used to activate a command, a STOP key to terminate the command execution. All corrunands and messages are written in clear text. No error or function codes are used. 

A fail-operational design allows system functions to continue safely until corrective action is possible. This type of design is preferred since there is no loss of function. An example is the fail-safe operational orientation of the control rods on nuclear reactors, which automatically drop into place to reduce the reaction rate if it exceeds a preset limit. 

Shutdown of the reactor for conditions beyond set limits is generally accomplished with the vertical safety rods The insertion of these rodSj, dependent only on gravity once their latches are released, was chosen for fail-safe operation. 

The latches are also of fail-safe design, because loss of eiectri cal power or burnout of the latch solenoids will permit the rods to drop. The IXX safety circuit utilizes two sets of closed contacts in series from the primary sensing elements such as power relays, Beckmans, Paneilit, etc. The opening of any one contact will de-energize the associated IXX or IXXA relay and scram the VSR s, This is a form of parallel redundancy. In this case, fail safe operation, i,e rod insertion, will occur for almost any circuit contact or relay malfunction. 

Clarke R E, Giddey S and Badwal S P S (2010), Stand-alone PEM water electrolysis system for fail safe operation with a renewable energy source , Int J Hydrogen Energy, 35,928-935. 

A qualified reactor operator would make small adjustments to the control absorber mechanical stop positions on a routine, periodic basis, but without physical access to tire control rods, similar to the procedures presently used with submarine reactors. Care in the uKchanical and electrical design of control rods and their drive mechanisms is essential to ensure fail-safe operation and to prevent inadvertent rod withdrawal events and the development of possible rod ejection forces from pressure gradients under any circumstances. 

Figure 26.13 Limit switch with cover removed showing the principle of fail-safe operation. (Courtesy Dewhurst Partner p.I.c.)...

Fail-safe operation A type of control architecture for a system that prevents improper functioning in the... 

Definition of hazard, risk discussions on likelihood, consequence risk — register, matrix, ranking. Consequence ranking, preliminary hazard analysis tolerance point—ALARP refreshing on mathematics, fault tolerance, plant ageing, and basic functional safety fail safe operations in plants. 

In instrumentation and control, triple modular redundancy is very important for fail safe operation. Fig. 1/6.1.2-1 shows the same. Here, each of the three elements are voted thrice in each stage to get the output. In network communications, especially for remote communication, there are a few other problems known as Two Army problem, Byzantine general problem, etc. The issues discussed so far basically belong to fault masking to get away with hardware fault. There is another term called dynamic recovery, in which case there shall be a special mechanism to detect hardware fault and isolate the faulty hardware and replace the same with a good one. This wiU be clear from an example. Say in a process control, there are two processors one working and the other standby. If there is another processor whose main function is to act a diagnostic processor to check health of other processors, when it finds fault with... 

Safety Safety S(t) of a system at time t is the probability that the system either performs its function correctly or not in a fail safe manner in the interval [0, t], given that the system was operating correctly at time 0. The issue here is fail safe operation or not. 

The capability shall be maintained for shutting down the reactor, removing residual heat, confining radioactive material and monitoring the status of the facility. These capabilities shall be maintained by means of the appropriate incorporation of redundant parts, diverse systems, physical separation and design for fail-safe operation such that the following objectives are achieved ... 

A fail-safe design must be thoroughly tested before the system is put into production and operation to verify that the actual implementation covers all possible potential failure conditions. It should be noted that fail-safe operation does not nominally apply to normal system operation, but rather only to abnormal system operation. The goal of a fail-safe design is to make the system as tolerant as possible to likely failures such that the system defaults to the safest state upon the occurrence of a failure. 

Failure of interface shall not affect fail-safe operation of SIS. 

---