What is meaning of FAILSAFE Systems?

It is not possible to design fail proof
product. It can be designed to be failsafe. Design of atomic power plant is one
example. There were many accidents in the plans. However these were contained
safely. The design of fail safe systems can be subdivided in 
                                   1) component selection/use and 
                                   2)system design. 
The examples of component failure resulting in
system failure are 
                                   1) push button opening after a long time 
                                   2) a potentiometer opening it’s wiper. 
The component selection examples are as follows.
A potentiometer in a feedback circuit should be
connected as shown. 
While using it, it is natural for a used wiper to
loose the contact with track. Right connection limits the fault. In other case,
it may lead to total failure. For this reason it is better to adjust the
reference to adjust the output than setting the feedback. This arrangement is
used in DC drives. Battery chargers etc. 
One more example from instrumentation side is to
break thermocouple protection. It is
normal for a thermocouple to open after a long use. Since it is in the feedback
path, output temperature shoots up to highest value. A small circuit used to
detect break helps in avoiding this.
A set reset flip-fop, as shown in the figure can be
set and reset by the push buttons. Note that a normally closed push button is
used and it does not short on pressing, then the circuit will not reset. Also
note that an inverter is used on Q-bar, to drive the relay. It was possible to
use output Q directly. However if both inputs are present (signals from some
other logic circuits) then both outputs will be high. For avoiding this and
making sure that Q-bar (OFF) prevails, use of inverter is necessary.
In microprocessor based circuits, microprocessor is
used for checking other circuit components failure in the system. The
microprocessor’s own failure is detected by using watchdog timer. After the
hardware detection circuit shuts off the system as per the requirements.

The system design examples are as follows:

A protection relay designed to switch ON, in case of fault, mat not
come on if it’s power supply is bad or connections are loose. A single-phase
preventer working on zero sequence is one such example. Hence protection relays
are kept on in healthy condition and go off on fault. A fault-indicating lamp
should go off on fault, for reasons explained above.
A three-phase motor is used in forward/reverse mode
with two contractors. The control circuit below shows clearly that both
contactors cannot be switched on simultaneously (thus avoiding short-circuiting
the lines). If motor is switched on in forward direction (or reverse
direction), it is necessary to switch it off before reversing.
In case of DC motor drives, dynamic breaking is used in case of power failure. The
regenerative breaking requires power for line communication of thyristors and
hence to operate in case of power failures.
PLC Redundancy is another method of making design fail-safe. The
redundancy can be achieved in many cases by Oring the circuits, or paralleling
them. Filament type indicating lamps have limited life. When these are used in
fault annunciators, two lamps are connected in parallel. There are lesser
chances of both lamps failing simultaneously, resulting in the redundancy.
Similarly two battery cells can also be connected in parallel, with a series
fuse for each cell for isolating the faulty cell. The cells can be Ored by
using diodes (again this serves isolation of faulty cell).

When using fault tripping circuits, and avoiding
nuisance tripping, these are Ored and majority voting is used.
In circuits where input signals change continuously,
a standard signal is used for checking the operation and if found faulty, the
other circuit is brought into picture. In C-Dot exchanges all control and power
supply cards are used in redundancy mode.

Leave a Reply