DANGER - safety with critical devices

We have discovered one potentially life-threatening eventuality. This relates to the use of devices that are potentially fatal if switched on inappropriately – particularly intravenous infusion pumps.

At the core of the Whisker system is a set of digital I/O boards that control your devices, and a server program that controls the I/O lines. Whenever you start or stop the server, it makes sure that all devices are off. While the server is running, it does its best to ensure that devices are never left switched on by mistake, using a number of safety features.

So far, so good. But when the computer is first turned on (or hard-reset), output relays on Amplicon cards are switched ON (see the Technical Note overleaf for an explanation). As soon as you run the Whisker server for the first time, everything is OK. But consider the situation: your tasks are running, there is a power cut; everything switches off. The power is restored; the computer powers up; all the devices are switched on, including i.v. pumps; before the computer finishes booting the animals are dead of an overdose.

We'd thought this through, and our computers had ATX motherboards that did not switch on when power is applied; they need someone to press the ON button. We though we were OK, but we had never tested the effects of very brief (<0.5 s) power cuts; this did cause the computer to reset, and all devices went on.

1.	Wire the power to the critical devices through a fail-safe devices. Whisker supports and is aware of fail-safe devices. This removes the danger from power cuts.

2.	Install uninterruptible power supplies for the control computers. This prevents the nuisance and data loss caused by power cuts, and removes the danger if somebody has forgotten to install a fail-safe device.

Never turn on or hard-reset the control computer with subjects in the operant chambers and the operant chambers powered on. Run the server software at least once first. (You can turn the computer on if you switch the box power supply off until the server is loaded, or you can take the rats out until the server is loaded, or whatever.) This prevents subjects being confused by devices switching on and off, and removes the danger if somebody has forgotten to install a fail-safe device.

Whisker is a system designed for research purposes only, and should never be used to control medical apparatus or other devices that could endanger human life.