Fail Safe vs. Fail Secure Tutorial

By Brian Rhodes, Published Oct 02, 2019, 10:27am EDT

Few terms carry greater importance in access control than 'fail safe' and 'fail secure'.

****** ******* ************* **** know *** ***** ******** apply, *** *** ** select ***** **** *** appropriate.

** **** ********, ** teach:

  • *** ********** ******* '**** safe' *** '**** ******' locks
  • *** **** ****** ** important
  • *********** ***** ** *** goal
  • ********** ********* *** **** secure
  • **** ** *** **** secure ********
  • ******* ****** ***** *** fail **** *** **** secure
  • ****** *********** ** ******** and ******* *** '**** safe' *** '**** ******'

*******, ***** *******,**** *** * ******** quiz.

Terms *******

***** ***** **** * specific ******* *** **** hardware. ******** ***** ********* are ***** ** ************** or **** ********, **** mean:

  • **** ****: **** ***** is *********** (*****), *** electronic ******* ****** ** released (********).
  • **** ******: **** ***** is *********** (*****), *** electronic ******* ****** ** secured (******).

***** ********* *** ****** hardware ****** *** ****** control *************, ** ****** the ********** ***** **** is **** ** **** important.

Free ****** ******

*** ************* ** ***** terms ******** ***** **** of *** **** **** apply.

'**** ******' *** '**** safe' *********** ********* ******* to ***** ******* ****, meaning ****** ****** ** most******** ********* ******* ******* ** *** times. ** ** ********* situation, ******* ****** ****** egress (** ****) **** a ********.

**** **** ******* ** chaining **** ***** **** resulted ** ******** *********, a *********** ******** ** life-safety *********** ****** **** not ***** ***** ** complicate *******.

**** ***** **** **** doors **** ****** ** equipped **** ********** ***** to ******** *********** ***** (i.e.:***** **** ** **** devices) *** ** *********** hardware ****** ** **** to '**** ****', ** cannot ** ****.

'Fail ****' ********* ********, **** '**** ******' **********

** **** *****, **** locks *** ******** ** 'fail ****'.

******* ** ******** ************, 'fail ******' ** ******** by ****. *** **** common ***** ***** **** is *** ****:

  • **** *****:***** ***** ******* ********** barriers ** *** ****** of ***** ****** * building ****, *** *** common ******** ** **** control ******, ***** * closed-door ** **** ** seal *** * ******* of ** ******** *********. It ** ********** ********* for * **** **** to ****** ****** ** a ****, *** ******** latching '**** ******' ******** is ***** ********* ** ensure * ******** **** is ****** *** **** regardless ** *****.
  • ********* *****: ** **** ******** occupancies, *** ********** *** locked ** ******* **** the *******, ** **** evacuation ****** ***** ******* and *** *********** **** harm ******. **** ******* one ** *** **** modified *** *********** ****** of ****, **** **** code ********* **** *** years ********* ** ********* among ****.

**** ****** ***********, **** jails, *******, ****** ****** care **********, ** ******* homes *** *** **** Secure ****** *********** *** are ********* ******* ********* and ***** ******* ** safe ********* ****** *** often ********.

Controlling ***** ** *** *****

*******, '**** ****' **. 'fail ******' ** * critical ****** ** ******** entry **** * ******** during ** *********.

************ ** ******* ********** could ** ****** *** of ** **** ** it ** *** ******** configured ** '**** ****'. On *** ***** ****, occupants ***** ************* **** a **** ****, ******** otherwise ********* ***** ** a ******** ** '**** secure' ** *** ******** implemented.

*** ******** ** ******** when ***** ***** ** a *** **** ** building ******, *** **** functions **** * *** role ** ****** ******** a *********** ********* ********.

Mechanical *********

***** '**** ******' ******** is ****, ************** ******* * ********** override. ** *** **** of *******, *** ******** lever **** ** **** device ******** **** ********, but ***** ***** ** electrified ******** *** ******* additional '********** *** ********' components.

*** *******, ** *** image ***** *** **** device ****** ****** **** egress **** *** ******, but * ***** ***** allows ******* ****** **** if *** ****** ** electronic ***** '***** ******':

*******, *** ********** ******** is **** * ****** of ******* ** **** access ********** *****. ** someone ***** ***** ***** a ***, ****** ** granted ******* *** '******' able ** *** *** entered. ********* ********* ******* ***********, ********** overrides ****** ** '**** forced' ****** ** ****** control ****, *** ****** system ********* ********** ******.

** * ******, *** use ** ********** ******** Keys ** ***** **** only ** ** ********* basis **** ********** *** keyholders - ** ******, these *********** ************ *** often *** ******* *** many ***-***** ** *****.

Field ************ *****

**** ********** ****** ***** can ** **** ** behave ****** '**** ****' or '**** ******'.

*** **** ****** ******* are*******, ***** ******** *** position ** ****** ** dipswitches ****** *** *** lock ********* **** ***** fails:

Designing ******* **** **** ********** *****

*** **** ********, *** default ******** ** ** 'fail ****', ****** ********* noted ** ****** *********, hardware ********* (*** ***** below), ** ***** *********** plans ** '**** ****** required'.

*** ***** ******** ** this *********** **** **** according ** *** ******, but ***** ******** ** 'fail ******' ***** ** limited, **** *** ****** always ****** *** ** an ********* ** ******* manner:

Maglocks *** '**** ****'

** ******,*************** *********** ** *******, so **** ***** ** removed **** '**** ****' by *******. *** **** in ***** ** ***** a ********* ** *** fire ***** ****** ** that ** *** **** pull ** *********, *** maglocks **** ***** ** the **** ****. **** can ***** ****** **** building ********, ** **** [link ** ****** *********]******* exterior ***** *** ******** and **** ** ** accessed **** *** *******, so ********** ***** *** an ********* ******* ** many ** ***** *****.

********* ****** ***** ** maglocks ** *** ****** adopted *** **** ********. When ****** ***** ** used **** ********, ** must ****** **** *** concurrent ******** ** *** AHJ *** ***** ** installed ** ***** ***** during ** ********* *****. See ***:*** ** *** ******** With ******* ***** *********** *** **********.

But ******* ***** '**** ******'

***** ******* *** ******** be ***** ********** *** either '**** ****' ** 'fail ******' ********.

************ *** ***** ******** Strike***** ****** ***-***** *********, but ***** **** '******' elements ** ******* *** driven ** *********, ******** the ******* ******** ** the ******** *** ***** the ****** ** ** rigid ** **** ** power, ** ********** ********.

***** *** ************* ** either ******** ** ********* a ****** *******, ******* are ***** *** ******* devices ** ******* '**** secure' *************. ***** *** mechanical ******** ** *** door ******* ******* ********** egress, ******* *** ****** additions ** *** ********** opening ** ******* **** feature.

***** ********: ***** *** * number ** ***** '**** secure' ******** ******* *********, including ********** *********, ****** locks, *** *********** *****. However, *** ******** *** use ** **** ******** may *** ****** **** codes ******** ** ********* egress ***** *** *** not ******** **** ** fail ****** *************. [**** no ****** *********]

****

*******, ***** *******,**** *** * ******** quiz.

Comments (20)

One note for the fail safe in the stairwells and fire doors. Maybe just some different wording. The electronic locking hardware is fail safe. The lock loses power and no longer locked electronically but the latch remains in a positive latched position so the door doesn't open with air pressure but still allowing for someone on the unsecured side access through the door by turning the lock handle.

Agree: 3
Disagree
Informative
Unhelpful
Funny

These devices can commonly be field configured for either 'fail safe' or 'fail secure' function.

even if A/C powered?

Agree
Disagree
Informative
Unhelpful
Funny

yes, it is not related to the power.

Agree
Disagree
Informative
Unhelpful
Funny

yes, it is not related to the power.

so if it’s A/C powered and set for fail safe, does it just just buzz all day?

Agree
Disagree
Informative
Unhelpful
Funny

Hi Brian,

Thanks for writing this up. Good overview.

With that said, to start, I think that defining the difference between locking and latching is critical to this conversation.

In simple terms, latching is the function that keeps a door closed. Locking is the function that keeps someone from being able to unlatch the door.

To help explain, a typical storeroom door is latched when closed (you can’t just push it open), is locked from the outside (ingress side) and unlocked from the inside (egress side), allowing free egress. I might call this a mechanically access controlled ingress door with free egress. If you were to electrify this opening, this would likely be a fail-secure electrified lockset. The I might call that an electronically access controlled ingress door with free egress.

“This means that exit doors must always be equipped with mechanical means to override electrified locks (i.e.: panic bars or exit devices) and if electrified hardware cannot be made to 'fail safe', it cannot be used.Disagree. Based on your definitions above. The fail safe or fail secure requirement does not typically impact egress.

“In most cases, door locks are required to 'fail safe'.”

Disagree. I would say that over 95% of the electrified locks installed (excluding magnetic locks) are fail secure.

Fail safe locks are rarely required (again, excluding magnetic locks). This is inclusive of electrified locks, electrified trim, electrified strikes and most other electrified lock types.

“However in specific applications, 'fail secure' is required by code. The most common areas where this is the case:

Fire Doors: These doors provide structural barriers to the spread of flame during a building fire, and are common features of fire control design, where a closed-door is used to seal off a portion of an engulfed structure. It is critically important for a fire door to remain closed in a fire, and positive latching 'fail secure' hardware is often specified to ensure a positive lock is always the case regardless of power.”

This is confusing locking and latching. This might apply with electrified strikes but certainly is not the case with electrified locks. I know of absolutely no code requirement that requires a fire door to be fail secure – only that the fire door is required to latch, which if an electric strike is used, would likely require a fail secure electric strike.

“Stairwell Doors: In many building occupancies, all stairwells are locked to reentry from the outside, so that evacuation always leads outside and not potentially into harm inside. This remains one of the most modified and scrutinized pieces of code, with many code revisions over the years resulting in confusion among AHJs.”

This is an unclear direction. Most facilities above 4 floors require reentry from the fire stairwell doors at least ever 4 floors. There are exceptions for building perimeter doors and there is a whole separate confusion around roof access doors.

“Firefighters or medical responders could be locked out of an area if it is not properly configured to 'fail safe'. On the other hand, occupants could inadvertently open a fire door, exposing otherwise protected parts of a building if 'fail secure' is not properly implemented.”

Firefighters have plenty of tools to open a door. Starting with a simple key, then to a halogen bar and before long an axe or saw. Fail safe is not for fire fighters to get in. Fail secure is not to keep people from getting into areas that are otherwise protected. That is what positively latched doors are important for.

“Designing Default Fail Safe Eliminates Risks

For most openings, the default function is to 'fail safe', unless otherwise noted on design documents, hardware schedules (see image below), or other engineering plans as 'fail secure required'.”

I would comfortably say that this statement is backwards. Default design should be fail secure unless there is a very significant reason for fail safe and if that is the case, there may be a more complicated code driven issue.

Out of respect to your site, I won’t provide direct links, but you may wish to add links to Lori Green’s site and Mike Silva’s site for some more good content around this topic.

Thanks again for all you do and I look forward to discussing further!

Agree: 4
Disagree: 1
Informative: 5
Unhelpful
Funny

I nominate this graphic as the most wrongestest (that feels like the appropriate word) graphic of the year from IPVM.

Excerpt from NFPA 101:

"An automatic release actuated by the fire alarm system shall unlock all stair enclosure doors to provide reentry"

Agree
Disagree
Informative: 2
Unhelpful
Funny

I nominate this graphic as the most wrongestest (that feels like the appropriate word) graphic of the year from IPVM.

that’s just like your opinion, man...

unless you have looked at every graphic this year ;)

Agree: 1
Disagree
Informative
Unhelpful
Funny

Thank you!! As you noted fire doors need to positively latch and, depending on AHJ, may require certain floors to be unlocked upon activation of the FA system. We usually just unlock them all in new high rise projects.

Agree
Disagree
Informative
Unhelpful
Funny

Actually, more and more AHJ’s are requiring all locks to be fail safe. Not just maglocks and stairwell locks. We do work with other integrators around the country and often we have to put in fail safe locks and if existing switch to fail safe. This is especially for prevalent on the East and West coast. For whatever reason the Midwest is typically behind changes.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Hi Shannon,

I've come across the same but rarely have ended up complying with the initial request. Typically if I say something like "fail safe and free egress in the path of egress but locked so people can't just walk into a secure room" the AHJ says "yeah, that's what we mean". Then we demonstrate a typical fail secure electrified locket and they are happy.

However, I must admit that there was one job where they wouldn't budge. Fail safe everything - even building perimeter. I explained the risks and they demanded that if there is a card reader, when the fire alarm goes off, the door unlocks. After attempting to educate and clarify with the AHJ, the customer decided it wasn't worth an argument and directed me to give in.

Agree
Disagree
Informative: 2
Unhelpful
Funny

Agree: 1
Disagree
Informative
Unhelpful
Funny: 1

I too had the same situation. In this case they wanted every perimeter door to unlock upon activation of the FA. There was no arguing it!

Agree
Disagree
Informative
Unhelpful
Funny

Thank you for saving me a lot of typing!!

Agree
Disagree
Informative
Unhelpful
Funny

Just to clarify - I contacted Brian in advance and asked if he wanted my comments privately or publicly and he was fine with public posting. My intent is to help educate the readers and inspire discussion, not conflict.

Thank you Brian for writing this and for being a good sport about my comments.

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny

Jon, you do a great job with IP Video. However, there were many errors in this article. Mr Glasser illuminated most of them and saved me a lot of typing!

The term fail secure is really not used by most AHJs or code issuing agencies, the term most often used is non- fail safe.

Free egress does not mean that we cannot delay egress. Most life safety codes allow the use of delayed egress hardware providing either 15 or 30 seconds of delay (NFPA is 15). Delayed egress panic hardware is preferred (in my opinion) as the activation sequence of a delayed egress maglock can be initiated by pulling on a door from the outside. Regardless of hardware type, only one delayed egress device can be installed in the path of egress and the delay must be eliminated upon activation of the FA.

Agree
Disagree
Informative
Unhelpful
Funny

Imagine there's no egress

It's is easy if you try

No AHJ below us

Above us only die

Imagine all the people

Typing for today (ah ah ah)

Agree
Disagree
Informative
Unhelpful
Funny

You might say I’m a slammer...

Agree
Disagree
Informative
Unhelpful
Funny

Just a follow up to this comment. The difference between 'free egress' and 'delayed egress' is not conflated into this post. We cover the issue of Delayed Egress in its own separate tutorial.

And to Mr. Glasser's comments, we appreciate them, and I have spoken with several AHJs and code authorities. I do believe this article needs to draw a sharper distinction on the differences between 'lock' and 'positive latching'.

I will respond in detail and make further edits to this tutorial later this week. I appreciate the concerns many of you raise, as we want to be clear (not confusing) on this important access concept.

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny

Prisoners usually run out of jails during fire as doors are fail-safe.

Agree
Disagree
Informative
Unhelpful
Funny

I am still new to mag locks, but I recently installed bypass key switches next to the push to exit buttons because the facility wanted extra redundancy.

Agree
Disagree
Informative
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 7,264 reports and 968 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.

Already a subscriber? Login here | Join now
Loading Related Reports