Editing Fail-safe (section)

==Other terminology==
Fail-safe ([[idiot proof|foolproof]]) devices are also known as ''[[poka-yoke]]'' devices. ''Poka-yoke'', a [[Japanese language|Japanese]] term, was coined by [[Shigeo Shingo]], a quality expert.<ref>Shingo, Shigeo; Andrew P. Dillon (1989). A study of the Toyota production system from an industrial engineering viewpoint. Portland, Oregon: Productivity Press. p. 22. {{ISBN|0-915299-17-8}}. {{OCLC|19740349}}</ref><ref>John R. Grout, Brian T. Downs. "A Brief Tutorial on Mistake-proofing, Poka-Yoke, and ZQC", [http://www.mistakeproofing.com/tutorial.html MistakeProofing.com] {{Webarchive|url=https://web.archive.org/web/20160319010910/http://www.mistakeproofing.com/tutorial.html |date=2016-03-19 }}</ref> "Safe to fail" refers to civil engineering designs such as the [[Room for the River (Netherlands)|Room for the River project in Netherlands]] and the Thames Estuary 2100 Plan<ref name=TE2100>{{cite web|title=Thames Estuary 2100 Plan |url=http://www.environment-agency.gov.uk/static/documents/Leisure/SE_TE2100_briefing.pdf |archive-url=http://webarchive.nationalarchives.gov.uk/20121210131034/http://www.environment-agency.gov.uk/static/documents/Leisure/SE_TE2100_briefing.pdf |url-status=dead |archive-date=2012-12-10 |publisher=UK Environment Agency |access-date=March 20, 2013 |date=November 2012 }}</ref><ref name=TE21>{{cite web|title=Thames Estuary 2100 (TE2100)|url=http://www.environment-agency.gov.uk/homeandleisure/floods/125045.aspx|publisher=UK Environment Agency|access-date=March 20, 2013}}</ref> which incorporate flexible adaptation strategies or [[climate change adaptation]] which provide for, and limit, damage, should severe events such as 500-year floods occur.<ref name=TDC032013>{{cite news|title=Adaptation expert Paul Kirshen proposes a new paradigm for civil engineers: 'safe to fail,' not 'fail safe'|url=http://wwwp.dailyclimate.org/tdc-newsroom/2013/03/flexible-infrastructure-climate-stress|access-date=March 20, 2013|newspaper=The Daily Climate|date=March 20, 2013|author=Jennifer Weeks|url-status=dead|archive-url=https://web.archive.org/web/20130513080832/http://wwwp.dailyclimate.org/tdc-newsroom/2013/03/flexible-infrastructure-climate-stress|archive-date=May 13, 2013}}</ref>

===Fail safe and fail secure===
''Fail-safe'' and ''fail-secure'' are distinct concepts. ''Fail-safe'' means that a device will not endanger lives or property when it fails. ''Fail-secure,'' also called ''fail-closed,'' means that access or data will not fall into the wrong hands in a security failure. Sometimes the approaches suggest opposite solutions. For example, if a building catches fire, fail-safe systems would unlock doors to ensure quick escape and allow firefighters inside, while fail-secure would lock doors to prevent unauthorized access to the building.

The opposite of ''fail-closed'' is called ''fail-open''.

===Fail active operational===
Fail active operational can be installed on systems that have a high degree of redundancy so that a single failure of any part of the system can be tolerated (fail active operational) and a second failure can be detected – at which point the system will turn itself off (uncouple, fail passive). One way of accomplishing this is to have three identical systems installed, and a control logic which detects discrepancies. An example for this are many aircraft systems, among them [[inertial navigation system]]s and [[pitot tube]]s.

===Failsafe point===
During the [[Cold War]], "failsafe point" was the term used for the point of no return for American [[Strategic Air Command]] nuclear bombers, just outside Soviet airspace. In the event of receiving an attack order, the bombers were required to linger at the failsafe point and wait for a second confirming order; until one was received, they would not arm their bombs or proceed further.<ref>{{cite web |url=https://www.dictionary.com/browse/failsafe |title=fail-safe |work=Dictionary.com |accessdate=November 7, 2021}}</ref> The design was to prevent any single failure of the American command system causing nuclear war. This sense of the term entered the American popular lexicon with the publishing of the 1962 novel ''[[Fail-Safe (novel)|Fail-Safe]]''.
  
(Other nuclear war command control systems have used the opposite scheme, [[fail-deadly]], which requires continuous or regular proof that an enemy first-strike attack has ''not'' occurred to ''prevent'' the launching of a nuclear strike.)