Any predictable failure must result in a safe situation.
How to make a control loop fail-safe
Example: A simple control loop for pressure control of a steam boiler with one
oil fired burner.
- Control Valve An electro-pneumatic Control Valve for the fuel
oil to the burner should close upon control air failure as well as missing
current signal.
- Pressure Transmitter The Pressure transmitter has normally a
direct output signal, that is, the signal increases on raising pressure.
Normally the current signal will never be lower than
4 mA, but if it does, the Controller should immediately close the burners fuel
oil control valve.
- Controller Any internal fault in the Controller must initiate
closing of the fuel oil control valve.
How to make a relay fail-safe
 |
A relay is almost fail-safe since it
is very likely to brake the circuit when it is malfunctioning. However, using
two relays will increase the reliability considerably. This can be done in
different ways. One method is to wire the relays, A and B, as shown on the
picture.
The system cannot be reset unless the pressure switch (PS) makes and both
relays work correctly, but the circuit between terminal 1 and 2 will break when
PS breaks even if only one relay works rightly. |
How to make a computerized control system fail-safe
An output from a computer will become either high or low when it fails. There
are some methods using the computer to check its own outputs. Feeding back an
output’s signal to an input will enable the computer to check if the
output is what it is supposed to be, but the system as a whole will not be
fail-safe. The CPU or any other vital part might break down and then the check
of the outputs is out of order.
The only way to make a computer system fail-safe is to use another computer to
check all the functions. It is, of course, possible to ckeck all the functions
by means of hard wiring and relays, but who wants to do that?
|
