518.1 Fail-safe/secure mapping

Document preferred philosophy and context (355). Mapping keeps HVM bollard behavior predictable.

Start by agreeing the fail-safe/secure philosophy for each lane and mode (normal, emergency, maintenance). Capture where “up” must be Fail-safe (up) to protect a secure perimeter, and where critical access requires Fail-secure (down). Reference the interlock logic in Control logic (342).

Make the mapping explicit in the I/O list and Alarm philosophy (536): what inhibits movement under fault; which BMS/SCADA tags represent fail-states; and how operators are guided to recover. Keep the map in the FDS and as-built pack.

518.2 Ride-through strategies

Use hold-up capacitors/accumulators for short sags. Ride-through prevents crash rated bollard mis-ops.

Specify ride-through for dips and sub-second outages: on hydraulic systems, use accumulator sizing and accumulator pre-charge checks; on electromechanical drives, add DC-bus ride-through capacitors with monitored discharge. Define minimum hold-up (e.g., 250–500 ms) so PLC sequences aren’t interrupted.

Record thresholds in the FDS and prove them during Performance & duty tests (636). For hot climates, consider thermal impact on capacitor ESR (link to Hot Climate Design 337) and accumulator leakage; add periodic checks in the Preventive maintenance plan (734).

518.3 UPS/generator switchover

Test transfer times and brownout handling. Switchover maintains automatic HVM bollard control (511).

Choose UPS autonomy based on operations per hour and safe shutdown time; document UPS autonomy, bypass, and battery monitoring. For generator tie-in, define ATS or STS strategy and the inhibit matrix if voltage/frequency is out of range. Confirm Supply & Sources (511) parameters in the SLD.

Prove total transfer time (UPS → gen) under load with bollards in different states (raising, lowering, idle). Log behavior in Remote fault logging (541) and include witness points in the SAT procedure (638).

518.4 Brownout/phase loss

Detect undervoltage/phase-loss and inhibit motion. Detection protects crash rated bollard drives.

Install monitored relays for brownout, phase loss, and phase reversal. PLC logic should inhibit motion and raise a latched alarm if limits are breached. Define recovery rules: minimum stable voltage duration before re-enable, and operator acknowledgement on the HMI.

Coordinate with Electrical Supply & Protection (514): SPDs, RCD/RCBO policies, and discrimination. Capture thresholds in the ITP and test with controlled undervoltage during Power-On & Controls Health (632).

518.5 Emergency manual release

Define safe, auditable release steps (637). Manual paths keep HVM bollard lanes usable.

Provide a reset-to-normal checklist and a clearly signed manual path (e.g., hand-pump for HPU systems; mechanical release for electromechanical). Include LOTO and zero-energy verification steps to protect personnel.

Record each manual release in the operational logs (544) and set an inspection trigger before returning to service. Where approvals apply in the UAE, note SIRA expectations on auditable recovery (SIRA Bollards — UAE).

518.6 Restart sequencing

Order panel, sensor, then drive starts. Sequencing avoids crash rated bollard surges (632).

After an outage, bring systems back in a defined order: (a) control panels/communications, (b) loops and safety devices & measures, (c) drives/HPUs. Use staggered timers to avoid inrush and hydraulic shock, and verify encoder/limit plausibility before enabling movement.

Embed the sequence in PLC states and display operator hints on the HMI. Prove sequencing during Power-On & Controls Health (632) and repeat during SAT (638).

518.7 Alarm/reporting

Log power events and notify operators (541, 536). Reporting speeds HVM bollard recovery.

Classify events: voltage out of band, ride-through used, UPS on battery, ATS transfer, manual release, and failed restart. For each, define SCADA/BMS points, severities, and latched acknowledgement rules. Trend counters like “UPS minutes on battery” and “brownout count/week” to feed KPIs in KPI Set & thresholds (542).

Surface recovery guidance in the HMI (“Operator recovery hint”) and push critical notifications to the duty team. Ensure logs are retained in the Change Log (718) when logic or thresholds change.

518.8 Drill/testing cadence

Schedule quarterly tests with evidence (638). Cadence maintains crash rated bollard readiness.

Define a quarterly script: simulate brownout, force UPS→gen transfer, perform one manual release, and execute controlled restart sequencing. Record evidence in the ITP checklist (photos of HMI alarms, timestamps, CSV exports). Include witness points from SAT (638) where appropriate and log issues into the Change Control & Versioning register (537).

Add a short toolbox talk before each drill and confirm site safety arrangements (traffic cones, stewarding) if testing live lanes.

518.9 Lessons captured

Feed findings into change control (537). Lessons improve HVM bollard resilience.

After each event or drill, run a short AAR (after-action review): what failed, what worked, what to change. Update the FDS, SAT script, and O&M with new thresholds (e.g., undervoltage set-points) and sequences. Push recurring faults into a preventative action—spares, firmware, or training—and track closure dates.

Close the loop via the Emergency Modes & Incident Response (547) workflow and the Service Levels & Availability (738) targets.

Power Failure Modes — FAQ