Wood Heating
System Design
Control Logic
Software Design
Electrical Schematic
Simple system w/ storage
Domestic Hot Water
Heat Storage
Solar Hot Water
System Components
User Guide
Programming Guide
Failsafe Design
Sample Application
LM35 Sensor Assembly
Pinout Info
Poor Man's VS Circ
Plastic Pipe Collector
Forum Solar-TodayWood-TodayBurn Planner

Fail-Safe Design Philosophy

The NFCS is a computer based controller that can provide sophisticated control of multiple heat sources and heat loads to optimize overall system performance. Typically, one of the heat sources will be a wood boiler. Both insurance rules and common sense dictate that a wood burning heat source should be designed and installed in conjunction with a backup heat source. This ensures that there will be heat if the owners are away for extended periods, or if there is any failure of the wood heating appliance or controls.

Ideally, the goal should be that backup heat source should provide heat even if the NFCS itself fails. A major part of that goal can be attained by the use of a 'fail safe' approach.

The backup heat source (typically a fossil fuel boiler) should be installed with its own thermostats in such a way that it does not depend on the NFCS for proper operation. Any relays that are involved should allow the backup to function if the relay is in the unpowered state.

For instance, a relay might be installed in such a way that it interrupts the demand signal that would normally go to the backup boiler when a zone valve is open. Such a relay should be installed so that it interrupts the demand signal only when power is applied.

The preferred implementation of the NFCS includes a relay box that connects thermostats and zone valves in a fail safe manner. The NFCS can disable the fossil boiler and can open zone valves as necessary, but the relay box allows normal operation of the fossil boiler whether or not the NFCS is present.

The NFCS typically will use temperature sensors for each zone to make its own decisions about heat load management. The backup thermostats should be used only for control of the backup heat source, and should be set to a low temperature.


Thermostats are set to a low temperature (such as 60 degrees) and used only to turn on the backup heat source. Temperature sensors are installed for each zone.

The failsafe box contains a relay for each zone which allows the NFCS to force that zone on independent of the zone thermostat. This is the normal mode of operation.

When a zone is forced on, there is a set of contacts either in the zone valve or circulator relay which normally trigger the boiler to turn on. The failsafe box contains a relay that allows the NFCS to disable that signal. Zone setpoints and setbacks are managed by the NFCS.

Any zones which don't have temperature sensors (such as indirect domestic hot water) must have a demand sensing relay in the failsafe box. While the NFCS can sense contact closure directly, there must be a method to provide both a demand signal for the backup heat source as well as a signal for the NFCS.

The NFCS enclosure carries no high voltage. Any 110vac loads are controlled via remote relay boxes mounted near the loads.

If the NFCS is intended to manage a device such as a circulator that is normally controlled by a separate controller, then the preferred approach is to use a pair of relays. The first relay disconnects the device from its own controller, and the second relay allows the NFCS to supply power as desired. In this way, control defaults to the original controller if the NFCS is not present.