Fail-safe; any predictable failure must result in a safe situation
How to make a control loop fail-safe
Example: A simple control loop for pressure control of a steam boiler with one
oil fired burner.
- Control Valve An electro-pneumatic Control
Valve for the fuel oil to the burner should close upon control air failure as
well as missing current signal.
- Pressure Transmitter The Pressure transmitter has
normally a direct output signal, that is, the signal increases on raising
pressure. Normally the current signal will never be lower than
4 mA, but if it does, the Controller should immediately close the burners fuel
oil control valve.
- Controller Any internal fault in the Controller
must initiate closing of the fuel oil control valve.
 How to make a relay fail-safe
A relay is almost fail-safe since it is very likely to brake the circuit when
it is malfunctioning. However, using two relays will increase the reliability
considerably. This can be done in different ways. One method is to wire the
relays, A and B, as shown on the picture.
The system cannot be reset unless the pressure switch (PS) makes and both
relays work correctly, but the circuit between terminal 1 and 2 will break when
PS breaks even if only one relay works rightly.
How to make a computerized control system fail-safe
An output from a computer will become either high or low when it fails. There
are some methods using the computer to check its own outputs. Feeding back an
output’s signal to an input will enable the computer to check if the
output is what it is supposed to be, but the system as a whole will not be
fail-safe. The CPU or any other vital part might break down and then the check
of the outputs is out of order.
The only way to make a computer system fail-safe is to use another computer to
check all the functions. It is, of course, possible to check all the functions
by means of hard wiring and relays, but who wants to do that?
|
