Understanding and Preventing Fault Masking
It’s critical that industrial machinery stops safely when a system fault occurs. However, older safety systems and complex systems with multiple safety switches may be prone to fault masking.
Fault masking is a dangerous condition in safety circuits. It results from daisy chaining multiple safety devices in a safety circuit, which raises the possibility of hiding safety device faults during troubleshooting.
What causes fault masking and how to prevent it
This dangerous situation commonly occurs in older safety systems with electromechanical switches. For example, the image below shows a typical Category 3 circuit for three doors on a machine.
Each door is monitored by its own dual-input safety limit switch, which is daisy chained and fed into a monitoring safety relay. If a door is opened, both sets of contacts on that door’s safety limit switch are opened. This breaks the circuit and triggers the safety relay to safely shut down the hazardous area of the machine.
Some possible failures that could occur is a contact weld on the second set of contacts of the door limit switch, or from damage to the wiring to those contacts. Both situations could cause a short circuit in the bottom circuit, shown in red below.
Assume that an operator has to open the second door to clear a jam. The safety limit switch on that door is now open, triggering the monitoring safety relay to safely shut down that part of the machine. However, the safety relay will also fault because it would see a disparity between the top circuit (open) and the bottom circuit (closed).
When the second door is closed, the safety relay would not reset because of the fault. Typically to clear the fault from a safety relay requires all power to be removed from the safety circuit and then restarted. To troubleshoot the problem and reset the fault either the operator or maintenance personnel would start testing the door safety limit switches by opening each door to see if it clears the fault.
Opening and closing the second door would not clear the fault due to the short circuit. However opening either the first door or the third door would open that door’s safety limit switch, removing power from the monitoring safety relay. Closing that door would then clear the fault on the safety relay, making it seem like that door’s limit switch was the problem—and hide the fault on the second limit switch.
In this scenario, the troubleshooting process would attribute the malfunction to the wrong limit switch and it would probably be replaced. Every time door number 2 is opened and the real safety problem is not discovered, the plant may experience additional costs, and the original problem would still exist in the safety system.
If the other contact in the second limit switch were to weld or otherwise short circuit, it would be unable to detect if a person opened the machine door—resulting in a dangerous situation during machine operation.
How Matrix can help
Understanding the issues created by fault masking is a critical step in designing safety systems. During the engineering design process, safety inputs should not only be used to monitor hazardous parts of a machine, but also be designed to reduce the probability of fault masking as much as possible.
The proper number of safety limit switches that can be daisy chained without fault masking depends on the faults that can be anticipated and the number of safety input devices involved.
Using safety limit switches with powered OSSD outputs (Output Signal Switching Device) can be an effective way to eliminate certain faults such as contact welds and shorts to power. Another method to reduce the risk of fault masking is to use a monitoring safety relay with individual safety inputs, especially if there are only a few safety inputs to be monitored. Also, maintenance staff should be trained in ways to troubleshoot that can uncover fault masking.
Matrix Technologies is one of the largest independent process design, industrial automation, engineering, and manufacturing operations management companies in North America. To learn more about our risk assessment and industrial safety services, contact Carl Bohman, FS Engineer (TUV Rheinland), at (419) 897-7206 x436.