Fail Safe vs. Fail Secure Tutorial

By: Brian Rhodes, Published on Sep 13, 2017

Few terms carry greater importance in access control than 'fail safe' and 'fail secure'.

Access control professionals must know how these concepts apply, and how to pick locks that are appropriate. Properly doing so determines whether door hardware risks harming people or assists their safety. Moreover, there is legal risk in failing to do so.

In this tutorial, we teach:

  • The difference between 'Fail Safe' and 'Fail Secure' locks
  • Why Free Egress Is So Important
  • Controlling Entry is the Goal
  • Mechanical Key Overrides Fail Secure
  • When To Use Fail Secure Hardware
  • Typical Access Control Locks for Fail Safe and Fail Secure
  • Proper application of maglocks and strikes for 'fail safe' and 'fail secure'

Finally, after reading, take our 5 question quiz.

Terms Defined

These terms have a specific meaning for door hardware. Whenever these functions are cited in specifications or code passages, they mean:

  • Fail Safe: When power is interrupted (fails), the electronic locking device is released (unlocked).
  • Fail Secure: When power is interrupted (fails), the electronic locking device is secured (locked).

These behaviors can impact hardware design and access control configuration, so noting the situations where each is used is very important.

*** ***** ***** ******* importance ** ****** ******* than '**** ****' *** 'fail ******'.

****** ******* ************* **** know *** ***** ******** apply, *** *** ** pick ***** **** *** appropriate. ******** ***** ** determines whether **** ******** ***** ******* people ** ******* ***** safety. ********, ***** ** ***** risk ** ******* ** do **.

** **** ********, ** teach:

  • *** ********** ******* '**** Safe' *** '**** ******' locks
  • *** **** ****** ** So *********
  • *********** ***** ** *** Goal
  • ********** *** ********* **** Secure
  • **** ** *** **** Secure ********
  • ******* ****** ******* ***** for **** **** *** Fail ******
  • ****** *********** ** ******** and ******* *** '**** safe' *** '**** ******'

*******, ***** *******,**** *** * ******** quiz.

Terms *******

***** ***** **** * specific ******* *** **** hardware. ******** ***** ********* are ***** ** ************** or **** ********, **** mean:

  • **** ****: **** ***** is *********** (*****), *** electronic ******* ****** ** released (********).
  • **** ******: **** ***** is *********** (*****), *** electronic ******* ****** ** secured (******).

***** ********* *** ****** hardware ****** *** ****** control *************, ** ****** the ********** ***** **** is **** ** **** important.

[***************]

Free ****** ******

*** ************* ** ***** terms ******** ***** **** of *** **** **** apply. '**** ******' *** 'Fail ****' *********** ********* applies ** ***** ******* only, ******* ****** ****** in ************ ********* ***** ** ******* ** *** times. ** ** ********* situation, ******* ****** ****** egress (** ****) **** a ********.

******* ** ******** **** doors *** * ******** and ****** ********** *********, so * *********** ******** of ****-****** *********** ****** will *** ***** ***** to ********** *******. **** means **** **** ***** must ****** ** ******** with ********** ***** ** override *********** ***** (**: panic **** ** **** devices) *** ** *********** hardware ****** ** **** to '**** ****', ** cannot ** ****.

Controlling ***** ** *** *****

*******, '**** ****' **. 'fail ******' ** * vital ******* ** ******* entry***** ******** ****** ** emergency. **** ******** ** medical ********** ***** ** locked *** ** ** area ** ** ** not ******** ********** ** 'fail ****'. ** *** other ****, ********* ***** inadvertently **** * ********, exposing ********* ********* ***** of * ******** ** 'fail ******' ** *** properly ***********.

*** ******** ** ******** when ***** ***** ** a *** **** ** building ******, *** **** functions **** * *** role ** ****** ******** a *********** ********* ********.

Mechanical *** *********

***** '**** ******' ******** is ****, ************** ******* * ********** override. ** *** **** of *******, *** ******** lever **** ** **** device ******** **** ********, but ***** ***** ** electrified ******** *** ******* additional '********** *** ********' components.

*******, *** ********** ******** is **** * ****** of ******* ** **** access ********** *****. ** someone ***** ***** ***** a ***, ****** ** granted ******* *** '******' able ** *** *** entered. ********* ********* ******* ***********, ********** overrides ****** ** '**** forced' ****** ** ****** control ****, *** ****** system ********* ********** ******.

** * ******, *** of ********** ******** **** are ***** **** **** on ** ********* ***** with ********** *** ********** - ** ******, ***** operational ************ *** ***** too ******* *** **** endusers ** *****.

Designing ******* **** **** ********** *****

*** **** ********, *** default ******** ** ** 'fail ****', ****** ********* noted ** ****** *********, hardware ********* (*** ***** below), ** ***** *********** plans ** '**** ****** required'.

*** ***** ******** ** this *********** **** **** according ** *** ******, but ***** ******** ** 'fail ******' ***** ** *******, they *** ****** ****** called *** ** * excepting ** ******* ******:

When ** *** **** ******

** ****** ********** ***********, fail ****** ** **** commonly **** **:

  • **** *****:***** ***** ******* ********** barriers ** *** ****** of ***** ****** * building ****, *** *** common ******** ** **** control ******, ***** * closed **** ** **** to **** *** * portion ** ** ******** structure. ** ****, ** remains ********** ********* *** a **** **** ** remain ****** ** * fire, *** '**** ******' hardware ** ***** ********* to ****** * ******** lock ** ****** ********.
  • ********* *****: *** ** *** most ******** *** *********** pieces ** **** ******** stairwell *****, *** ******* or *** **** *** allowed ** ** ****** from *** ******* (*****) during ** *********. *** net ****** ** ** many **** ********* ** widespread ********* *** ********** understanding ***** ****. ** is **** ** ********* the *********** ** *** approving **** **** ******** work ** ***** ****** problems **** *********** ***** doors. 

**** ****** ***********, **** jails, *******, ****** ***** care **********, ** ******* homes *** *** **** Secure ****** ***********, *** are ********* ******* ********* and ***** ******* ** safe ********* ****** *** often ********.

Typical ****** ******* ***** *** **** **** *** **** ******

********: ** ******,*************** *********** ** *******, so **** ***** ** removed **** '**** ****' by *******. *** **** in ***** ** ***** a ********* ** *** fire-alarm ******, ** **** if *** **** **** is *********, *** ******** drop ***** ** *** same ****. **** *** cause ****** **** ******** security, ** *********** ******** ***** *** unlocked *** **** ** be ******** **** *** outside, ** ********** ***** are ** ********* ******* in **** ** ***** doors.

********* ****** ***** ** maglocks ** *** ****** adopted *** **** ********. When ****** ***** ** used **** ********, ** must ****** **** *** concurrent ******** ** *** AHJ *** ***** ** installed ** ***** ***** during ** ********* *****.  See ***: *** ** *** ******** With ******* ***** ******* **** *** **********.

*******: ***** ******* *** commonly ********** *** ****** 'fail ****' ** '**** secure' ******** ** ******** by ***** ******. ************ *** ***** ******** Strike ***** ****** *** ***** operation, *** ***** **** 'keeper' ******** ** ******* are ****** ** *********, changing *** ******* ******** of *** ******** *** cause *** ****** ** be ***** ** **** of *****, ** ********** moveable.

***** *** ************* ** either ******** ** ********* a ****** ****** ******* in *** ******, ******* are ***** *** ******* devices ** ******* '**** secure' *************. ***** *** mechanical ******** ** *** door ******* ******* ********** egress, ******* *** ****** additions ** *** ********** opening ** ******* **** feature.

***** ********: ***** *** * number ** ***** '**** secure' ******** ******* *********, including ********** *********, ****** locks, *** *********** *****. However, *** ******** *** use ** **** ******** may *** ****** **** codes ******** ** ********* egress *****, *** *** not ******** **** ** fail ****** *************.

****

*******, ***** *******, **** *** * ******** quiz.

[****: **** ***** *** originally ******* ** **** but ************* ******* ** 2017.]

Comments (20)

For most openings, the default function is to 'fail safe'.

Does that mean that those openings can be breached by the criminal element if the power can be interrupted maliciously?

 

 

Not necessarily, it means that mechanical locks are still a big part of physical security.

If a door is only secured by a maglock, power loss could be a security issue, but most exit doors have unpowered locks regardless.

Does the AHJ typically require emergency access to the mechanical keys of a building, regardless of whether A/C is in use?

 

 

Sure, they might require it.  This is where devices like Knox Boxes are used.

I might be interpreting this wrong, but by mechanical locks on an exit door you mean a lock that opens mechanically through the push bar (run of the mill exit door)? I assume that mechanically locking these door is completely against all free egress codes

In an exit door with a maglock, the pushbar would break the circuit and the maglock would demagnetize? Why would you add a maglock to a door that already has a mechanical lock connected to the pushbar - door status monitoring or other reasons?

I might be interpreting this wrong, but by mechanical locks on an exit door you mean a lock that opens mechanically through the push bar (run of the mill exit door)? I assume that mechanically locking these door is completely against all free egress codes.

'Mechanically locked' is not mutually exclusive of 'code compliant'.  It just means than unlatching is done by key, lever, paddle, or push bar. Being 'free egress' exit compliant means one motion max to both unlatch (unlock if required) and open the door.  This is why Exit Devices are so important.

In an exit door with a maglock, the pushbar would break the circuit and the maglock would demagnetize?

Yes, and this arrangement is fairly common with RTE equipped bars like these.

Why would you add a maglock to a door that already has a mechanical lock connected to the pushbar - door status monitoring or other reasons?

There are a number of decisions that factor into lock selection.  There is an extreme bias against maglocks - both AHJ and otherwise - but if an electric strike, electrically retracting vertical rod/latch, or some other electrified latch cannot be installed, a maglock might be the best option.

Maglocks tend to be easier devices to install, and that is where some of the bias comes from. They have a 'trunkslammer' reputation.  

In some cases, the exit device may be 'dogged down' (locked open) during busy hours, so a maglock on such a door would be a matter of convenience locking, but maglocked and mechanically undogged latch during the night.

The State of Indiana has been a hotbed of dialog between the AHJ and legit installers. They banned all new installations of maglocks several years ago, due to an installation where the Fire Alarm did not interface with the maglock and thus didn't "fail safe" when the Fire Alarm was triggered. Consequently, they couldn't get through a door that was magnetically locked. The state fire marshal said 'no more maglocks' for that one bad apple.

Some rogue installers thumb their nose at the law and still install maglocks, hoping they don't get caught. It was these types that hurt the rest of us by not installing the system correctly to begin with. 

Consequently, they couldn't get through a door that was magnetically locked.

Cuttting the power to the facility didn't work?

Does Indiana require electric strikes to drop on fire alarm?  Why does there seem to be more stringent regs on mag-locks than strikes in regards to life/safety, especially those maglocks operating without backup power?

Is it because they don't have mechanical override keys, or because the entrance may be harder to bust through, or?

Apologies for failing to disclose a critical tidbit!

The installer had backup batteries in the power supply, thinking they were doing the right thing...

Strikes do not - and are not required to - drop on fire alarm - as long as the key in the Knox Box allows entrance. No key switch controlling the maglock. Maybe if the establishment had included a card / fob in the Knox Box, we may not be talking about this now...

 

Brian, in the content of your article, you state that Stairwell Doors would be a place to use FAIL SECURE, but in the high-rise buildings we service, they use FAIL SAFE and the power supply is required to interface with the fire alarm system so that power is interrupted in case it is triggered. At that point, the locks are in passage mode. They don't want anyone trapped in the stairwell in case of a fire. They also want the guys in turnout gear to be able to check out floors unimpeded while they are investigating.

The 'fail secure' requirement is written into the codes specifically for stairwells to prevent re-entry into other floors.

Once the stairwell is 'egressed to' (apologies for the made-up term?), the only path to continue escape is toward the ground floor and outside.

My understanding is the building occupancy code plays a key role in how this is applied.  In your case, either the occupancy code may allow for Fail Safe, or the AHJs may supersede the model codes and require it!

Fail Safe: When power is interrupted (fails), the electronic locking device is released (unlocked).
Fail Secure: When power is interrupted (fails), the electronic locking device is secured (locked).

Is there no need for a third mode?

Fail Same: When power is interrupted (fails), the electronic locking device is stays secured if already secured, unsecured if already unsecured.

Forgive the naïveté :)

'Fail Same' is not absolute enough.  It either needs to act one way or the other when power drops in order to be accounted for in design.

'Fail Safe' is not absolute enough.

I assume you mean 'Fail Same'.

Yet mechanical locks 'Fail Same' when the power drops, obviously thats because they are not powered.  Still that indicates that there is no direct correlation between power loss and the locked/unlocked state of a door.

So let's imagine an electrified, integrated lockset with mechanical override key with free egress, which is powered from an internal battery continuously charged from the mains.

This lockset by default would 'Fail Same'.  I see no additional difficulties in accounting for the behavior of this lockset compared to a purely mechanical one.

 

Thanks, fixed.

When speaking about the default behavior of non-powered mechanical locks, there is a new set of criteria used to describe it: Understanding the 20+ Lock Functions. (That report is in the queue to be updated for better formatting and images.)

Some functions, when locked, stay locked unless a key is used. (Not generally 'free egress' compliant). Other functions are locked on the outside, but always let somebody twisting a lever handle/knob/paddle on the inside to unlatch it.

Its a good report but Its quiet short for the level of detail and implementation, You need to gain in order to do a proper design and adequately enforce these rules..

1- what state do you live in will determine the type and level of implementation by the AHJ.

2 - High end Residential Building VS High end Government Building, Its a 180 contrast ..

3 - You guys need to explain in better detail what ROLE FIRE ALARMS Play into ALL of this!!

4 - Electric strikes in some states are completely Forbidden. !! there's no mention of this in your Article !!!!

""The 2012 IBC will allow control of
electromagnetic locks with proven and listed switches in panic and fire exit hardware as long as the use of the bar directly
interrupts power supplying the electromagnetic lock. There will be no requirement for fire system connection, and no
other releasing devices are required. Control of the door is returned to the user and safety and security are possible using
electromagnetic locks""

This is super important and there's not One single mention in this Article. !!! I understand this is quiet a Big theme but sure you can provide some links or something to make it more complete, this article feels rushed or not finished .... 

Hello Luis:

Thanks for the comment.  I have some questions/comments for you:

#1 & #2 are covered in detail here: Building Occupancy Codes and Access Control Tutorial

#3: Entirely agree fire alarms are important.  What role do they play in lock behavior?  'Fail safe' means when power is dropped, regardless of the method used (ie: Fire Alarm loops)  If needed, we will overtly state this in text.

#4: Which states forbid electric strikes? Also, what is allowed when strikes are forbidden?

Thanks!

 

 

Why would strikes ever be forbidden? With electric strikes, there's always a mechanical override - from both entrance and egress.

In Indiana, the DHS Code Enforcement (a/k/a State Fire Marshal) has banned new installations of maglocks because of loss of life due to the system not properly interfaced with FACP. Power supplies have interface terminals, but they weren't used. They will grant a waiver in certain circumstances. I know integrators still install them, then beg forgiveness later if they get caught.

When considering emergency egress, should I be as concerned about someone getting in, as I am people being able to exit freely?

Describe a concern that you might have.  In general, 'free egress' does not facilitate 'free ingress' beyond what the system allows, like Tailgating.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Open Access Controller Guide (Axis, HID, Isonas, Mercury) on Sep 19, 2019
In the access control market, there are many software platforms, but only a few companies that make non-proprietary door controllers. Recently,...
Directory of 68 Video Surveillance Startups on Sep 18, 2019
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known. 2019...
Fingerprints for Access Control Guide on Sep 09, 2019
Users can lose badges, but they never misplace a finger, right? The most common biometric used in access are fingerprints, and it has become one...
Assa Acquires LifeSafety Power on Sep 04, 2019
Assa Abloy is acquiring LifeSafety Power, adding to their growing collection of access control brands like Mercury, August, Pioneer Doors, and...
Mobile Access Control Guide on Aug 28, 2019
One of the biggest trends in access for the last few years has been the marriage of mobile phones and access cards. But how does this...
ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Suprema Biometric Mass Leak Examined on Aug 19, 2019
While Suprema is rarely discussed even within the physical security market, the South Korean biometrics manufacturer made global news this past...
Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
ProdataKey (PDK) Access Company Profile on Aug 09, 2019
Utah based ProdataKey touts low cost cloud access, wireless controllers, and no dealer required national distribution availability. But how does...
Axis Door Station A8207-VE Tested on Aug 07, 2019
Axis newest door station, the A8207-VE, claims to deliver "video surveillance, two-way communication, and access control" in a single device. But...

Most Recent Industry Reports

Open Access Controller Guide (Axis, HID, Isonas, Mercury) on Sep 19, 2019
In the access control market, there are many software platforms, but only a few companies that make non-proprietary door controllers. Recently,...
Axis Perimeter Defender Improves, Yet Worse Than Dahua and Wyze on Sep 19, 2019
While Axis Perimeter Defender analytics improved from our 2018 testing, the market has improved much faster, with much less expensive offerings...
Directory of 68 Video Surveillance Startups on Sep 18, 2019
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known. 2019...
Uniview Prime Series 4K Camera Tested on Sep 18, 2019
Is the new Uniview 'Prime' better than the more expensive existing Uniview 'Pro'? In August, IPVM tested Uniview 4K 'Pro' but members advocated...
US Army Base To Buy Banned Honeywell Surveillance on Sep 17, 2019
The U.S. Army's Fort Gordon, home to their Cyber Center of Excellence, has issued a solicitation to purchase Honeywell products that are US...
Vivotek "Neural Network-Powered Detection Engine" Analytics Tested on Sep 17, 2019
Vivotek has released "a neural network-powered detection engine", named Smart Motion Detection, claiming that "swaying vegetation, vehicles passing...
Schmode is Back, Aims To Turn Boulder AI Into Giant on Sep 16, 2019
One of the most influential and controversial executives in the past decade is back. Bryan Schmode ascended and drove the hypergrowth of Avigilon...
Manufacturers Unhappy With Weak ASIS GSX 2019 And 2020 Shift on Sep 16, 2019
Manufacturers were generally unhappy with ASIS GSX, both for weak 2019 booth traffic and a scheduling shift for the 2020 show, according to a new...
How Cobalt Robotics May Disrupt Security on Sep 13, 2019
While security robots have largely become a joke over the last few years, one organization, Cobalt Robotics, has raised $50+ million from top US...
Panasonic 4K Camera Tested (WV-S2570L) on Sep 13, 2019
Panasonic has released their latest generation 4K dome, the WV-S2570L, claiming "Extreme image quality allows evidence to be captured even under...