Glossary term
Interlock
A mechanical, electrical, software, or procedural constraint that prevents unsafe or invalid equipment states.
Definition
deviceAn interlock is a constraint that prevents a machine, process, or system from entering an unsafe, incompatible, or invalid state.
Interlocks can be mechanical, electrical, pneumatic, hydraulic, software-based, or procedural. They are used to enforce sequencing, prevent access to hazards, stop equipment when guards are open, avoid conflicting commands, prevent energization under unsafe conditions, and protect equipment from damaging states. A good interlock is designed from the hazard or failure mode it must control, not merely from a convenient signal.
An interlock prevents a system from doing something unless required conditions are satisfied. A guard door interlock prevents machine motion while a person can reach a hazard. An electrical interlock prevents two contactors from energizing simultaneously. A process permissive prevents a pump from starting unless a valve is open and minimum level is available. A mechanical key interlock enforces a safe sequence before access is possible.
Interlocks may protect people, equipment, product quality, process stability, or data integrity. Safety interlocks require especially careful design because a hidden failure can leave the system apparently normal while protection is lost.
Types
Mechanical interlocks use physical geometry, keys, latches, cams, trapped-key systems, or linkages to enforce sequencing. Electrical interlocks use contacts, relays, contactors, safety relays, programmable safety controllers, or hardwired circuits. Software interlocks use logic conditions in a controller or supervisory system. Procedural interlocks rely on operator actions and administrative controls, but they are weaker because they depend on human behaviour.
In automation, a permissive allows an action only when conditions are true. A trip or shutdown interlock removes permission or drives the system to a safe state after a fault. A lockout is a stronger state that usually requires deliberate reset after investigation.
Design and validation
An interlock should be traceable to a hazard analysis, failure mode, regulatory requirement, or equipment protection need. The design must specify what condition is sensed, what action is prevented, what safe state is commanded, what happens on sensor failure, how reset works, and how bypasses are controlled. For safety functions, diagnostic coverage, redundancy, fault tolerance, response time, and required performance level may be defined by relevant standards.
Validation is essential. It is not enough for an interlock bit to appear in software. The complete chain must be tested: sensor, wiring, logic, actuator, power removal, fault indication, reset behaviour, and failure response. Periodic proof testing may be required because some dangerous failures are not self-revealing.
Common mistakes
A common mistake is adding an interlock as an afterthought to compensate for poor design. Another is allowing routine bypasses without management control, time limits, indication, and risk assessment. Poorly designed interlocks can also create usability problems that encourage defeat. A good interlock reduces risk while making correct operation clear and practical.