Fail safe design in automotives

Er. Sandeep Tripathi

-A circle can’t fit where a square should be.

To design a fail-safe design means to develop a system which uses physical device or behavior shaping constraint to prevent any possible accident caused by any of a system’s components. It is also known as poka yoke (mistake proofing) device as introduced by Shigeo Shingo, a quality expert for the inability of Statistical Process control. It was used to make the error or defect zero by preventing, correcting and drawing attention of human and adopted by the Toyota Production System as tool for lean manufacturing process. The fail safe design can be prevention based where defects or error is prevented or detection based where it is concerned with defects that already occurred. This article will focus on application of failsafe design on automotives and will not go into details of various forms of failsafe design and practices.

In any design, no component or device should fail to create a hazard. Fail-safe mechanism means that a device will not endanger lives or property when it fails. These fail safe device first when proposed by Shingo were supposed to be effective and inexpensive but with modern technology, it has evolved in its application and price.

Fail-safe design is integral part of automotive safety. Fail-safe system has found an important position in modern day automotive design, where safety of the driver/passengers is of prime concern. Fail safe system are constructed in such a way to prevent making mistakes while using such systems.  As there is advancement in the technology and design of automotives, more fail safe strategy seems to be implemented in the automobiles.

It can be an expensive component like a redundant engine or just a simple sounding alarm circuit playing music when you back a car. Fail-safe is in the design of the key hole of the car, you can’t just stick anything you like and start a car; it is in the ergonomic door handle of the car; it’s everywhere.

One of the simplest uses of failsafe in the automotives is in the car with manual gear, where the driver cannot start the car without depressing the clutch pedal, which is done to prevent unintended motion of the car. This is more of behavior constraint, where, the driver has to press on the clutch pedal in order to start the car while in gear. With time, drivers will get habituated to pressing of the clutch and the constraint is confirmed. Lawnmowers have a hand-closed lever to be held all times, if released, it stops rotation of blade. So it is also called dead man’s switch.

Heavy equipment which uses hydraulic fluid use solenoid valves or fuses as fail safe device, so when there is problem in say cylinder, the cylinder will not give up its holding ability and hit the personnel working around. In heavy duty vehicles electronic braking system (EBS) also known as brake- by- wire is used. In case the EBS system fails due to electronic signal not activating, the normal air brake control pressure comes into action so no accident occurs due to failure of brakes.

Similar to brake- by- wire, there is throttle-by-wire also known as electronic throttle control (ETC) system. If there is sign of problem or failure, the engine comes to idle in automotives where this system is used. In case, extreme, electromagnetic radiation interferes with the control module, or there are voltage signals other than from engine control module the engine shuts down instead of surging. This development on surge necessitates mentioning the unintended acceleration faced by Toyota cars in year 2009-2011, which still is mystery and was pain in the pelvis for Toyota. Among all problems accounted, firmware problem is of concern for us as not only the hardware but even the software is part of failsafe design. The software used in the automotive, should also be fail safe so as to make the automotive system failsafe in holistic way. So the German automakers have created automobile where driver’s mechanical input to step in and override the throttle system. Thus, in case of ETC system malfunctions where the throttle opens itself; stepping on the brakes will close it.

ETC uses redundant components, like multiple sensors for one signal position to detect driver input or other factors. Redundancy is design engineer’s nightmare, but it is a price to pay for a safe system. In a failsafe design, redundancy of components and parts has a positive connotation unlike other philosophies of design. The motive is to have a failsafe system, and it does not matter if you have two emergency stop switch positioned in your automotive especially in heavy equipments, as long as one works. If there is any possible malfunction or failure, it should not lead to extra risks is the philosophy of failsafe design.

In conclusion, automotive has embraced and widely used failsafe design to make modern automotive risk free and safe for its consumers.

Sandeep Tripathi is an Industrial Engineer, and works as Heavy Equipment and Safety Engineer at Swiss Agency for Development and Cooperation (SDC). He can be reached at