"FAILSAFE is a much abused word. It is very dramatic because it combines the apparently contradictory concepts of failure and safety in a single word. The reality is not so dramatic. It means that the failure of a component is unlikely to cause any harm. The formal definition I prefer is:
A FAILSAFE design is one in which the most probable failure mode results in the most probably safe condition."
Walter Driedger, "Limit Switches Key to Valve Reliability", Intech , January 1993.
"We don't believe things because they are true, things are true because we believe them."
To take that a step further, never specify "Fail Safe" for a valve (or anything else). You need to select a failure direction that is safe. For example, a fail-closed valve on the discharge of a positive displacement pump would be anything but safe since a couple of strokes after the valve fails, a PSV is going to go off or something is going to break.
Sometimes it is a bit grey whether a valve should fail open, closed, or as-is. That is where Engineering Judgement comes into play. You (as the system designer) have to look at every actuated valve and decide: (1) what does failure mean; and (2) in a failure what direction should this fail. For example, many pneumatic valves have solenoid valves sending pressure to them. You need to think about what should happen on both a loss of air pressure (both global and between the actuator and the solenoid) and a loss of electrical pressure. This can be tough but is necessary. For this example, if you have a thread leak between the pneumatic actuator and the solenoid valve, what do you want to happen? Most of the time I would say that I want the valve to be in its depressurized state between activations (i.e., a dump valve should be pressure to open, vent to shut) so a leak like this is no big deal. Sometimes that is not possible and you need to think about it.
Hope this helps. Important thing is to realize that "Fail Safe" is a mass media term that will get a system designer into all sorts of trouble.
I, from a European/Scandinavian view,highly agree with the above comments.
1. Failsafe is without meaning and content if not discribed exactly together with what to fail and what to happen.
2. Other failures present or happening together with main failure and not described are normally not taken into account.
3. Most commonly for valves is the requirement 'failsafe closed' (or open), requiring that the valve is actuated by an actuator and the actuator has a stored force to close the valve if the valve is open and power fails.
Normally this will be interpreted to mean a pneumatic actuator with spring return, but could of course be other devices and variations.
A pneumatic actuator with spring return will close with:
a) Failure of electrical current, but only if the solenoid valve is of type 'normally closed without current' and NOTE! the solenoid valve is connected to the actuators working air inlet/exhaust port to give this effect!
b) Will close also if air pressure fails together with electrical current or air pressure fails alone. In the last case to further ensure closere solenoid valve should be operated to closed position to evcuate air from working chamber in the actuator (if nescessary).
5. You are with this and the above comments left with the questions you usually have to place to clarify unclear product specifications:
- Total process and fluid description
- What standards to apply
- If outside any standard please describe exact requirements and how to qualify.
- How will products be tested and by whoom after installment?
6. If the inquirer can not answer, you can although bid with your own interpretation and answering the questions within what you can supply. Be sure to put limitations to your bid, for instance: as described in our data sheets only, no certifications or verifying tests available. Process tests after agreement in writing before order acceptance only - or similar as suitable.
I too regard fail-safe in the context of automated isolation valves or control valves. Automated slab gate valves are not common. Manually operated valves are not fail-safe.
Spring return piston or diaphragm actuators oppose the pneumatic force. Close the air supply and vent the diaphragm or piston permits the spring to move the valve to the selected failure or trip position. The combintation of the spring return actuator and electronic accessories should provide the same results (to open or close the valve) upon loss of air or electrical signal or supply.
If you loose all energy supply and the valve stays in the last position then the valve is not fail-safe. Thus, many other style actuators such as "gas-over-oil" vane or hydraulic actuators with a backup supply are not fail-safe regardless of the actuator suppliers' rhetorical descriptions.
"If you loose all energy supply and the valve stays in the last position then the valve is not fail-safe."
Does that make sense? Closed, open, or last position could be a "safe" position, depending on the process. For example, I might want a particular valve to "failsafe" in the same position that just happened to also be its "last position".
**********************
"Pumping accounts for 20% of the world’s energy used by electric motors and 25-50% of the total electrical energy usage in certain industrial facilities."-DOE statistic (Note: Make that 99% for pipeline companies)
You are right BigInch. It is up to the designer to determine what "safe" means. I've designed a bunch of applications where I want the valve to fail "As Is" because a loss of impulse power (e.g., electrical power fails on a compressor suction controller) is not necessarily related to the "safe" process condition.
I was looking at a well just yesterday with an electric driven suction controller on a compressor. The P&ID said "Fail Open". Without the compressor, wellhead pressure builds to over 200 psig within a few minutes and the compressor has a 100 psig PSV on the suction scrubber. Failing that valve "open" would take the compressor down on high suction pressure within seconds, the PSV would go off not many seconds after that. Not a particularly safe condition. If the thing had been designed to fail shut, you are relying of the low suction kill to keep from pulling the pressure so low that you'd risk damaging the valve seals. Having the valve fail As-Is happens to be the safest possible result.
I started out in Nuclear Power and at least half of the actuated valves in the plant were fail As-Is because major transients unrelated to reactor operation were really frowned upon. We had one rising stem gate valve that was "Fail As-Is on loss of pneumatic pressure, Fail Shut on [a number of reactor transients], manually Open". I can't imagine a valve in the world that had more critical, high quality analysis of its operating modes than that one, and it was fail As-Is on loss of pneumatics.
The designer has to evaluate all of the credible failure (of valve operating power and of process) scenarios and determine what minimizes the risk of personal injury or property damage. That is why I really hate the term "Fail Safe", especially when a lot of idiots interpret it to mean "Fail Closed".
I won't even comment on JLSeagull's assertion that Oil over hydraulic actuators can't be "fail safe". Take it as read that I disagree.
**********************
"Pumping accounts for 20% of the world’s energy used by electric motors and 25-50% of the total electrical energy usage in certain industrial facilities."-DOE statistic (Note: Make that 99% for pipeline companies)
I trust you both to not count me among 'the idiots' as I fully agree with you both, and repeat again:
1. Failsafe is without meaning and content if not discribed exactly together with what to fail and what to happen.
and
2. Most common for valves is the requirement 'failsafe closed' (or open), requiring ...
I should also have thought about including the 'remaining as is' as one of the possible 'failsafe conditions'.
I have supplied to this last requirement several times, but semantically not described with 'failsafe' but rather the longer and more detailed 'remaining in last position if power fails'.
Even this description is not fully detailed in itself. You have to qualify further by asking questions as: Failure in electrical power only? How to ensure 'failsafe' condition? By actuator type only? Is the actuator and mecanical remaining forces in itself acceptable within safety margins? Do we need special solenoid valves or backup reserves electrical, and/or mecanical,air or hydraulic? Is the selected solution acceptable? Tests? Time limits?Redundandcy? Risk and consequence analysis.....etc. etc..
I think the problem is not the very often misused description 'failsafe' but rather the lack of requirement for exact details from engineers (both describing side and supplying side) when this very, in itself, lacking description 'failsafe' pops up.
**********************
"Pumping accounts for 20% of the world’s energy used by electric motors and 25-50% of the total electrical energy usage in certain industrial facilities."-DOE statistic (Note: Make that 99% for pipeline companies)
I just wanted to pick on JL. Its a cloudy weekend here.
Don't forget to turn the clock forward tonight.
**********************
"Pumping accounts for 20% of the world’s energy used by electric motors and 25-50% of the total electrical energy usage in certain industrial facilities."-DOE statistic (Note: Make that 99% for pipeline companies)
Whoops, don't touch the clock. That's next Sunday.
**********************
"Pumping accounts for 20% of the world’s energy used by electric motors and 25-50% of the total electrical energy usage in certain industrial facilities."-DOE statistic (Note: Make that 99% for pipeline companies)
No, DST started two weeks ago in the US and ends 53 weeks in the future.
By "idiot" I meant the people who insist on saying that a valve must "fail safe" without the analysis both of what can fail and what position you want the valve in after that failure. I see it in the design documentation for completed projects all the time, it is kind of like wallpaper or the boilerplate safety requirements--everyone assumes that repeating the same vague phrases will somehow improve safety.
**********************
"Pumping accounts for 20% of the world’s energy used by electric motors and 25-50% of the total electrical energy usage in certain industrial facilities."-DOE statistic (Note: Make that 99% for pipeline companies)
...sorry, I might have come out too bastant in English, which is not my native language. It was not my meaning to complain!
I think we are very much alike in our wishes on how things really should be regarding technical safety descriptions.
(... lets all take the proper precautions and go out and bask in the coming summer sun, wherever on earth we might be, and whatever the local summer daylight saving time tells us the time is. ;-) ! )
Biginch,
The entire last paragraph makes less sense to me now than it did when I posted. If the last position was the failure position then the valve could be fail safe. Still, some valve actuators such as vanes require hydraulic pressure that permits stroking the valve once or twice. Once the stored energy is depleted then no force is available to move the valve. An actuator with a spring that can force the valve to a specified position may be fail safe. A valve without a spring probably is not fail safe.
OK. And yes. I've used a bank of bottled N2/hydraulics and (in the old days, natural) gas/spring as the power supply for ESD actuators, both to open and close in a "fail safe" context.
**********************
"Pumping accounts for 20% of the world’s energy used by electric motors and 25-50% of the total electrical energy usage in certain industrial facilities."-DOE statistic (Note: Make that 99% for pipeline companies)
It is really late, but may be worth pointing out the difference between loss of power, loss of air and loss of signal - all of which could be handled differently.
Positioned valves could be designed to "fail" in a number of different positions depending on the failure mechanism.
The valve could move to the open position on a loss of control signal, and move to the closed position in a loss of air power. All can be handled from the logic of the positioner.
Vane actuators etc. may be suitable for cross-country pipeline stations. However, I worked on a platform with vane actuators operating several NPS 36 riser shutdown valves. I seriously disagree with the use of gas powered hydraulic vane valves for platform riser valves. Many situations such as a fire or explosion that damages the tubing between the hydraulic reservoirs and the valve would prevent closing the riser. During such an event an operator would not likely use the manual hand pumps that could take several minutes to close the valve. These are valves that justify those enormous single acting scotch yoke style piston operators that use a spring to close upon loss of electrical or pneumatic signal. In some unmanned platforms the pneumatic supply may be natural gas. On manned platforms I would require instrument air.
Some companies prefer "blowdown" valves with solenoids that were energized to blowdown electrically, with a spring to open upon air failure. Thus, a short term power issue with their SIS output would not dump the process to the flare. However, a total loss of instrument air or the failure of the air supply at an idividual blowdown valve would dump to flare.
I understand that the term "Failsafe" is just semantics to some people but the concept is important. I recognize that an object jambed in the actuator mechanism can prevent the spring from moving the valve.
Some applications require the nearest thing available to failsafe. In such cases, consider using a spring.
