Fail safe vs. fail secure: When and where to specify

by Samantha Ashenhurst | June 28, 2018 4:42 pm

All images courtesy Allegion[1]
All images courtesy Allegion

by Lori Greene, AHC/CDC, CCPR, FDAI, FDHI
Many specifiers are uncertain of the difference between fail-safe and fail-secure security products, and how these functions apply to electric strikes, electromechanical locks, panic hardware, and electromagnetic locks. The two terms have both life safety and security implications.

While fail-safe products are unlocked when power is removed (i.e. power is applied to lock the door), fail-secure products are locked when power is removed (i.e. power is applied to unlock the door). Fail safe/fail secure refers to the status of the secure side (key side, outside) of the door. Most products provide free egress whether they are fail safe or fail secure.

Electric strikes
An electric strike replaces the regular strike for a lockset or panic hardware to electrically control access. For a single door, the electric strike mounts in the frame, and for a pair, it mounts in the inactive leaf or on a mullion. The lockset or panic hardware still functions as it normally would—free egress is available at all times, except in the case of double-cylinder institutional function locks.

The spring-loaded keeper on the electric strike controls the latchbolt of the lock or panic hardware. When access is allowed, the keeper is free and the latchbolt can be pulled through the keeper, so the door can be opened. When the strike is secure, the keeper secures the latchbolt and prevents the door from being opened. In most cases, a key can be used to retract the latchbolt from the secure side of the door to allow access if a manual override is needed. Since the lock or panic hardware functions independently of the electric strike, you can exit by turning the lever or pushing the touchpad of the panic hardware, regardless of whether the electric strike is fail safe or fail secure.

For electric strikes on fire-rated doors, fail-secure strikes must be used per the National Fire Protection Association (NFPA) 80, Standard for Fire Doors and Other Opening Protectives. Fail-secure strikes are typical for most applications, except when access is required upon fire alarm. There are very limited situations where access upon fire alarm is required. It is also important to know the use of an electric strike does not affect firefighter access. Their method for access on a door with a mechanical lockset (e.g. key or access-control credential in the key box or a tool) can still be used.

Additionally, there are security concerns with fail-safe hardware. Should the building or area be unlocked and free access be provided every time there is a power failure? A breach of security can be extremely dangerous for building occupants, along with the potential for loss or damage.

You May Also Like  Collaborative curtain wall design fast-tracks Seattle project

Electromechanical locks
An electromechanical lock is a lockset which has been electrified so it can be controlled by a card reader, remote release, or other access control device. Most electromechanical locksets allow free egress at all times. There are double-cylinder electromechanical locksets which do not allow free egress, just like a double-cylinder mechanical lockset, but neither of those should be used on doors required for egress. Note a lock with two key-cylinders may be a classroom security lock, which allows free egress, and not an institutional function lock, which does not allow free egress.

A fail-secure electromechanical lockset is locked on the secure side when there is no power to the lock. To unlock it, power is applied and the lever can then be turned to retract the latch. The latch remains projected until the lever is turned.

A fail-safe electromechanical lockset is locked when power is applied. When power is removed, the lever can be turned to retract the latch. Fail-safe electromechanical locks are used for stairwell doors providing re-entry. The lock is constantly powered so the lever on the stair side is locked. During a fire alarm, the lever on the stair side is unlocked (power removed) either by the fire alarm or a signal from the fire command center, depending on which code has been adopted. Building occupants may then leave the stair to find another exit if necessary. The stair doors would also be unlocked during a power failure. The locks always allow free egress into the stair, with the exception of the stair discharge door, which can be mechanically or electrically locked on the outside but allows egress out of the stairwell.

Electric latch retraction panic hardware automatically latches upon loss of power, so it is appropriate for fail-secure applications.[5]
Electric latch retraction panic hardware automatically latches upon loss of power, so it is appropriate for fail-secure applications.

Electrified panic hardware trim
Electrified panic hardware trim refers to the outside lever on panic hardware or fire exit hardware. It operates the same way as an electromechanical lock does—the power controls the whether the outside lever can be turned or not. The latch remains projected until the lever is turned, and free egress is always available by pushing the touchpad or crossbar of the panic hardware.

Fail-safe electrified panic hardware trim is used for stairwell doors providing re-entry. Most other doors are not required to allow access upon fire alarm, so fail-secure electrified panic hardware trim is more common in locations other than stairwell doors. Design professionals must keep in mind the stair discharge door is not typically required by code to unlock upon fire alarm. The door between the stairwell and the roof may be required, or desired, to be fail safe. This is not typical and is not a requirement of the International Building Code (IBC) or NFPA 101, The Life Safety Code, except in rare instances where the path of egress leads onto the roof.

You May Also Like  Biotech firm's new building is net-zero

Electric latch retraction
Electric latch retraction is an optional function for panic hardware or fire exit hardware. This hardware is available in two variations—EL for standard electric latch retraction and QEL for the “quiet” version. The sound of hardware operation can cause interruptions that may decrease productivity and can even affect patient recovery in healthcare facilities. Devices with electric latch retraction are only available fail secure. When power is applied, the latch retracts automatically and stays retracted as long as power is applied. When power is removed, the latch is projected, securing the door. Again, free egress is provided via the touchpad of the panic hardware. EL/QEL devices are sometimes used on fire doors to allow push/pull function during normal use and provide positive latching during a fire alarm. A signal from the fire alarm system to the power supply is needed.

Electromagnetic locks are unlocked when power is removed, so they are only used where fail-safe hardware is acceptable.[6]
Electromagnetic locks are unlocked when power is removed, so they are only used where fail-safe hardware is acceptable.

EL devices are often used with automatic operators, so the latch is retracted before the door begins to open. Electric strikes can perform this function as well. Fail-safe or fail-secure products can be used in this application, but fail secure is typically used except in the very rare case where access is required upon fire alarm. Electromechanical locks and electrified panic hardware trim are not used with automatic operators because the latch is not retracted until someone turns the lever, which would prevent the auto operator from opening the door.

Electromagnetic locks
An electromagnetic lock mounts on the frame with a steel armature mounted on the door. When power is applied to the magnet, it bonds to the armature, securing the door. Electromagnetic locks are only available fail safe. When power is removed, the electromagnetic lock unlocks.

Since magnetic locks do not provide free egress like other electrified hardware, release devices are required by code to allow egress. An electromagnetic lock released by door-mounted hardware (e.g. a request-to-exit switch in panic hardware) is required to unlock upon loss of power. If the electromagnetic lock is released by a sensor, it must also unlock upon actuation of a push button located beside the door, upon actuation of the fire alarm or sprinkler system, and loss of power.

You May Also Like  San Francisco building designed with alternating sloped windows

Conclusion
Whether the electrified hardware for a specific location should be fail safe or fail secure depends more on security requirements than on life safety, as most applications allow free egress regardless of whether the hardware is fail safe or fail secure. Fail-safe locks should be used on stairwell doors requiring reentry and any other doors that need free access upon fire alarm or power failure.  Fail-safe electric strikes cannot be used for stairwell reentry because fire doors require fail-secure electric strikes for positive latching. An obvious security risk for fail-safe products is that the door will be unlocked whenever power is removed.

For some types of hardware, the fail safe or fail secure function is inherent. For example, electric latch retraction panic hardware is only available fail secure (the latch projects when power is removed), whereas electromagnetic locks are only available fail safe (there is no magnetic bond when power is removed). Other types of electrified hardware, including electromechanical locks, electric strikes, and electrified trim for panic hardware, are available either fail safe or fail secure. Some hardware must be ordered as the desired function, while other products are field-selectable.

Fail-secure products are more common than fail safe due to security concerns; power consumption may also be an issue. Fail-secure products provide security when no power is applied, so when deciding which function to use, consider what needs to happen to the outside lever when power is removed. If the hardware is required to allow access when power is removed, specify fail-safe products. If a secure outside lever is needed when power is removed, specify fail-secure hardware. Finally, verify the hardware on the egress side of the door will function as required by the applicable code requirements.

[7]Lori Greene, AHC/CDC, CCPR, FDAI, FDHI, is the manager of codes and resources for Allegion. She has been in the industry for more than 30 years, and used to be a hardware consultant writing specifications. Greene is a member of CSI, the Door and Hardware Institute (DHI), the International Code Council (ICC), the National Fire Protection Association (NFPA), and the Builders Hardware Manufacturers Association (BHMA) Codes and Government Affairs Committee. She blogs at www.iDigHardware.com[8]. Greene can be contacted at lori.greene@allegion.com[9].

Endnotes:
  1. [Image]: https://www.constructionspecifier.com/wp-content/uploads/2018/06/opener-2.jpg
  2. [Image]: https://www.constructionspecifier.com/wp-content/uploads/2018/06/Electric-Strike-e1498763622568.jpg
  3. [Image]: https://www.constructionspecifier.com/wp-content/uploads/2018/06/electromechanical-lock.jpg
  4. [Image]: https://www.constructionspecifier.com/wp-content/uploads/2018/06/Electrified-Trim.jpg
  5. [Image]: https://www.constructionspecifier.com/wp-content/uploads/2018/06/99-Rim-768x203.jpg
  6. [Image]: https://www.constructionspecifier.com/wp-content/uploads/2018/06/Electromagnetic-Lock.jpg
  7. [Image]: https://www.constructionspecifier.com/wp-content/uploads/2018/06/aut_crop.jpg
  8. www.iDigHardware.com: http://www.iDigHardware.com
  9. lori.greene@allegion.com: mailto:lori.greene@allegion.com

Source URL: https://www.constructionspecifier.com/fail-safe-vs-fail-secure-when-and-where-to-specify/

Copyright ©2025 Construction Specifier unless otherwise noted.