Printed from the blog of Lori Greene, AHC/CDC, CCPR, FDAI
Allegion
Email: lori_greene@allegion.com, Blog: www.idighardware.com or www.ihatehardware.com


Jul 01 2012

Decoded: Fail Safe vs. Fail Secure – When and Where? (August 2012)

Category: DHI,Egress,Electrified Hardware,Fire DoorsLori @ 11:42 pm Comments (16)
Share

This post was printed in the August 2012 issue of Doors & Hardware

[Click here to download the reprint of this article.]

This question comes up a lot…

“When do I need to specify/supply/install fail safe electrified hardware and when should I choose fail secure?” 

First, some basic definitions:

  • Fail safe products are unlocked when power is removed.  Power is applied to lock the door.
  • Fail secure products are locked when power is removed.  Power is applied to unlock the door.
  • Fail safe / fail secure refers to the status of the secure side (key side, outside) of the door.
  • Most products provide free egress whether they are fail safe or fail secure (see below).

An electric strike replaces the regular strike for a lockset or panic hardware.  For a single door it mounts in the frame, for a pair it mounts in the inactive leaf or on a mullion.  The lockset or panic hardware still functions as it normally would…free egress is available at all times, except in the case of double-cylinder institutional function locks.

The spring-loaded keeper on the electric strike controls the latchbolt of the lock/panic.  When access is allowed, the keeper is free and the latchbolt can be pulled through the keeper so the door can be opened.  When the strike is secure, the keeper secures the latchbolt and prevents the door from being opened.  In most cases, a key can be used to retract the latchbolt from the secure side of the door to allow access if a manual override is needed.  And because the lock or panic hardware functions independently of the electric strike, you can exit by turning the lever or pushing the touchpad of the panic hardware, regardless of whether the electric strike is fail safe or fail secure.

For electric strikes on fire-rated doors, fail secure strikes MUST be used per NFPA 80 – Standard for Fire Doors and Other Opening Protectives.  I specify fail secure strikes in almost all applications, except when access is required upon fire alarm.  There are very limited situations where access upon fire alarm is required (see below regarding stairwell re-entry).  I have been asked, “What about firefighter access?”  The use of an electric strike really doesn’t change anything in regard to firefighter access.  Their method for access on a door with a mechanical lockset can still be used.  That might be a key or card in the key box, or one of those handy tools they carry around.

You might think, “Let’s just make all electrified products fail safe…then I know there won’t be a problem.”  Well, don’t forget that electric strikes on fire doors MUST be fail secure so the door is positively-latched if there is a fire.  But in addition, there are security concerns.  Should the building or area be unlocked and allow free access every time there is a power failure?  A breach of security can be extremely dangerous to building occupants, along with the potential for loss or damage.  That’s not a liability I’m willing to take on.

An electromechanical lock is a lockset which has been electrified, so that it can be controlled by a card reader, remote release, or other access control device.  Most electromechanical locksets allow free egress at all times.  There are double-cylinder electromechanical locksets which do not allow free egress, just like a double-cylinder mechanical lockset, but neither of those should be used on any door that is required for egress.  Note that when you see a lock with two key cylinders, it may be a classroom security lock (which allows free egress), not an institutional function lock (which does not allow free egress).

A fail secure electromechanical lockset is locked on the secure side when there is no power to the lock.  To unlock it, power is applied and the lever can then be turned to retract the latch.  The latch remains projected until the lever is turned.

A fail safe electromechanical lockset is locked when power is applied, and unlocked when power is removed.  When power is removed, the lever can be turned to retract the latch.  Fail safe electromechanical locks are used for stairwell doors providing re-entry.  The lock is constantly powered so that the lever on the stair side is locked.  During a fire alarm, the lever on the stair side is unlocked (power removed) either by the fire alarm or a signal from the fire command center, depending on which code has been adopted.  Building occupants may then leave the stair to find another exit if necessary.  The stair doors would also be unlocked during a power failure.  The locks always allow free egress into the stair.

Electrified panic hardware trim refers to the outside lever on panic hardware or fire exit hardware.  It operates the same way that an electromechanical lock does – the power controls whether the outside lever can be turned or not.  The latch remains projected until the lever is turned, and free egress is always available by pushing the touchpad or crossbar of the panic hardware.

Fail safe electrified panic hardware trim is used for stairwell doors providing re-entry.  Most other doors are not required to allow access upon fire alarm, so I typically use fail secure electrified panic hardware trim in locations other than stairwells.  Keep in mind that the stair discharge door is not typically required by code to unlock upon fire alarm.  The door between the stairwell and the roof MAY be required/desired to be fail safe, allowing building occupants to reach the roof during a fire.  However, this is not a requirement of the International Building Code or NFPA 101 – The Life Safety Code.

Electric latch retraction (EL) is a function typically used on panic hardware or fire exit hardware.  EL devices (or QEL for the Von Duprin “Quiet” EL) are only available fail secure.  When power is applied, the latch retracts automatically, and stays retracted as long as power is applied.  When power is removed, the latch is projected, securing the door.  Again, free egress is provided via the touchpad of the panic hardware.  EL devices are sometimes used on fire doors, to allow push/pull function during normal use, and allow positive latching during a fire alarm (a signal from the fire alarm system to the power supply is needed). 

EL devices are often used with automatic operators, so the latch is retracted before the door begins to open.  Electric strikes can perform this function as well.  Fail safe or fail secure products can be used in this application, but I typically use fail secure except in the very rare case where access is required upon fire alarm.  Electromechanical locks and electrified panic hardware trim are not used with automatic operators because the latch is not retracted until someone turns the lever, which would prevent the auto operator from opening the door.

An electromagnetic lock is an electromagnet which mounts on the frame, with a steel armature mounted on the door.  When you apply power to the magnet, it bonds to the armature, securing the door.  Electromagnetic locks are only available fail safe.  When you remove power, the electromagnetic lock unlocks.

Because a mag-lock does not provide free egress like other electrified hardware, release devices are required by code in order to allow egress.  An electromagnetic lock that is released by door-mounted hardware (like a request-to-exit switch in panic hardware), is required to unlock upon loss of power.  If the electromagnetic lock is released by a sensor, it must also unlock upon actuation of a push button located beside the door, upon actuation of the fire alarm / sprinkler system, and upon loss of power.

So, to recap:

  • Fail safe locks should be used on stairwell doors requiring re-entry, and any other doors which must allow free access upon fire alarm or power failure.
  • Fail safe electric strikes can’t be used for stairwell re-entry, because fire doors require fail secure electric strikes for positive latching (fire doors do not require fail secure electric locks – only fail secure electric strikes).
  • Be aware that when a fail safe product is used, the door will be unlocked whenever there is a fire alarm or power failure, which is an obvious security risk.
  • Electric latch retraction panic hardware is only available fail secure.
  • Electromagnetic locks are only available fail safe.
  • Fail secure products are more common than fail safe, due to security concerns.  Power consumption may also be an issue.  Fail secure products provide security when there is no power applied.
  • Most electrified products, with the exception of electromagnetic locks, allow free egress at all times, regardless of whether they are fail safe or fail secure.

This post was originally created on May 30, 2012, and was printed in the August 2012 issue of Doors & Hardware magazine.

16 Responses to “Decoded: Fail Safe vs. Fail Secure – When and Where? (August 2012)”

  1. Joe says:

    Lori, along with stairwell re-entry, I have come across a number of situations where cross-corridor doors are locked. In many cases, I have specified “fail-safe” locks in order to provide safer access during an emergency for both occupants and fire fighters. Of course, these openings would not be required to be tied to the fire-alarm, but my hope is that they usually follow my recommendations.

    • Lori says:

      Hi Joe –

      As long as security isn’t a concern, safer access is always better. Your comment reminded me that in some cases I have seen locked corridor doors which would prevent someone from leaving one stair and moving to another if the first stair was compromised. In these applications I specify a fail safe lock on the corridor door to allow egress from one stair to another during a fire alarm.

  2. Zeke says:

    Lori, nicely done.

    I use the following for deciding fail safe or fail secure when using electric locks for access control: “In the absence of the access control system, would the door be locked thus requiring the use a mechanical key for access? If so the electric locking should be fail secure.”

  3. Chad says:

    I am working on some exterior gates (Dual gates with no mullion ~12′ tall X 4′ wide 500 lbs) with the following note:

    HARDWARE COORDINATION:
    EGRESS GATES SHALL BE PROVIDED
    WITH A MANUAL RELEASE DEVICE TO
    ALLOW EGRESS ON NON-EVENT DAYS. THE
    PANIC DEVICES WILL BE TIED INTO THE
    FIRE-ALARM SYSTEM SO THAT UNDER
    EMERGENCY CONDITIONS, THE GATES WILL
    AUTOMATICALLY RELEASE.

    Does a mag-lock cover this?

  4. Jim Elder says:

    A problem with fail safe locks is that they are warm to the touch; thereby providing a “tell” that they may be entered when the fire alarm is activated. And of course the fire alarm pull station is nearby.

  5. LDL says:

    Increasing level of security = Fail Open, Fail Safe, Fail Secure.
    Fail Open would be similar to maglocks.
    Fail Safe
    Fail Secure would be blocking of a secure room (Server Room)

  6. Omar says:

    I lean more towards the fail open. Security is not a concern with my applications but a new main lobby door is.

  7. Craig says:

    Hi, is the EL561 AA lock the better for a secure data room. I require card access in and out. Im concerned about fail secure. Thanks

    • Lori says:

      Hi Craig –

      Typically you have to provide free egress out of the room at all times. I usually use an alarm on the egress side that is shunted by a credential. You could also use a delayed egress lock.

      – Lori

  8. Neal Mongold says:

    We just ran into the problem of stairway doors needing re-entry per section 1008.1.9.10 of the 2009 IBC. We have a small 3 story apartment bldg with 6 units (2 per floor) with the unit entrance/egress doors opening directly into the stairway. It appears that 1008.1.9.10 (exception 3) requires that if those doors are lockable, (which of course they would be because they provide security for the apartment), then they have to be capable of being unlocked simultaneously from a single location inside the main entrance to the building. This provision really seems at odds with a residential door lock and latch. Some issues: 1. Usually tenants want to be able to have a deadbolt on an apartment door. If we use an interconnected lock, is there a way to unlock the interconnected lock from a central location? Would this lock arrangement have to be fail safe? So if there was a power outage, the apartment doors would all be unlocked? This seems illogical and a security problem. As has been discussed elsewhere in this blog, if the doors are unlocked from a central location, would an electric strike still keep the doors latched to resist pressure differentials in a fire condition. Do you have any experience with this code issue 1008.1.9.10 for doors opening directly from apartments into an egress stair?

    • Lori says:

      Hi Neal –

      I sent a response to your direct email but I will copy the answer here too in case anyone reads your comment and has similar questions:

      The 2009 IBC doesn’t include an exception for Residential occupancies, so technically the locks must be capable of remote release. The 2012 edition of the IBC does include an exception for R-2 occupancies with a single exit stair. I don’t know if you have a single stair, but it makes sense that if allowing access to the unit will not lead someone to a second stair, there’s no point in letting someone into the unit. Here’s the exception: Stairway exit doors shall be openable from the egress side and shall only be locked from the opposite side in Group R-2 occupancies where the only interior access to the dwelling unit is from a single exit stair where permitted in Section 1021.2.

      If the doors are fire rated, an electric strike is not typically allowed because fail safe locks are used for stairwell reentry and an electric strike on a fire door is required to be fail secure. The IBC doesn’t specifically state that a fail safe product has to be used, but this is the way I’ve always seen it done. You may be able to get permission from the AHJ to use a fail secure strike, but note that it will not release the doors if there is a loss of power. NFPA 101 requires the locks to be released by the fire alarm system, which is why fail safe locks have traditionally been used. The IBC requires the doors to be unlocked by a switch at the fire command center or other location, so technically either fail safe or fail secure would work but I believe the intent of the code is for the locks to be fail safe. This is a grey area of the IBC. You’re correct in saying that the residents would not be able to reenter their apartments until the fire department arrived. I think NFPA 101’s requirement is safer, but the Massachusetts State Fire Code removes that section from NFPA 1 and directs us back to the building code.

      I don’t know of an electrified interconnected lock – it’s possible that one exists but I haven’t seen it.

      – Lori

  9. Paolo says:

    Hi,
    I am installing access control system with mag locks, and the client specs call for : fail safe= unlocks instantly when electricity is discontinued by switches, fire panel deactivation or power failure.
    Questions :
    1) do I need a battery backup for the power supply module ?
    2) do I need to connect the system to the main UPS ?

    Reason for the question is : if backup battery is there, maglock will not unlock in case of power failure …

    Thanks for all your comments !!!!
    Paolo

    • Lori says:

      Hi Paolo –

      Sorry I didn’t see your comment until now. I do not recommend using battery back-up that only powers the mag-lock, because of the code requirements for the mag-lock to release upon power failure. If there is emergency power in the building and the lock and fire alarm could be on the same system, this is usually acceptable. There’s more information on this here: http://idighardware.com/2010/12/nfpa-72-on-access-control-2/. Having the door unlock on power failure and fire alarm can be a problem for security, but it is what the codes require.

      – Lori

  10. Robert Spicher says:

    I was 99% sure that the fail-safe/fail-secure terminology referred to the latching/unlatching of a door but now I guess I am still a little unsure of the fail-secure locks. In a rated wall assembly is the lock required to fail into a locked condition or just a latched condition. As opposed to the fail-safe lock which would fail into an unlocked and unlatched condition???

    • Lori says:

      Hi Robert –

      A fire door is required to be latched during a fire alarm, and that is ensured on openings with electrified hardware by using a fail safe or fail secure lock, fail safe or fail secure panic hardware trim, electric latch retraction fire exit hardware, or a fail secure electric strike – connected to the fire alarm system. These products will all be latched when the power is cut.

      For stairwell reentry, the fire door has to be latched AND UNLOCKED on the stair side during a fire. For most applications the egress side of the door allows free egress at all times. To ensure that someone can leave the stair during a fire if necessary, a fail safe product is used. Since fail safe electric strikes are not listed for use on a fire door, a fail safe lock or fire exit hardware with fail safe trim is used. You could also use an electromagnetic lock and a passage set or panic hardware that is not lockable on the stair side, if all of the code requirements for electromagnetic locks are met.

      So fail safe and fail secure terminology refers to the locking/unlocking of the door, but for fire doors the latching has to be addressed as well.

      I hope this helps – let me know if you have other questions.

      – Lori

Leave a Reply

*