Skip to main content

System Overview

The shutdown circuit is wired throughout the car to ensure that if there is a fault, the car is in a safe state. This means that the shutdown circuit is wired through the Accumulator isolation relays, ensuring that no high voltage is present outside of the accumulator in the event of a fault. There are a few main requirements that need to be met to allow the shutdown circuit to be completed opened. 

Below is a diagram of the shutdown circuit, taken from the FSAE rules.

image.png

The shutdown circuit is designed so that when shutdown is high eg. 12v, it means that the system is nominal. This design means that if a component has failed, the circuit can determine the difference between the fault state and when the system in another state. This means for example if power is lost to only one part of the car, the shutdown circuit is still able to determine that there is a unknown condition and stay in the fault state. 

Just because shutdown is a fault state doesn't mean that the car is completely safe to touch. Capacitors can still store high voltage for a few minutes after the vehicle is shutdown so precaution is to be taken. 

SCUM

The shutdown control and universal monitoring (SCUM) is the module that is in charge of ensuring rules compliance and safe operation of the vehicle. The primary job is to monitor for faults and open the shutdown circuit when a fault condition is detected. This is broken down into multiple conditions. They are composed of:

  • Accumulator management system (AMS)
  •  Insulation monitoring device (IMD)
  •  Brake system plausibility device (BSPD)
Fault conditions

The AMS fault is triggered by the Orion BMS and is pulled down to ground in the event of a fault eg. overvoltage. The BMS protects the accumlator from fault conditions. (See https://www.orionbms.com/manuals/pdf/orionbms2_wiring_manual.pdf)  

The IMD fault is triggered by the Bender IR155-3204. The IMD detects when there is short circuit between the chassis and high voltage.  

The BSPD fault is triggered by a non-programmable circuit that prevents the driver from braking and accelerate at the same time, in order to prevent failures with stuck throttle pedals. 

Through monitoring these conditions, if the vehicle is entered a fault state, the vehicle can be shutdown safely by opening the shutdown circuit. The shutdown circuit is wired throughout the car to ensure that if there is a fault, the car is in a safe state. This means that the shutdown circuit is wired through the Accumulator isolation relays, ensuring that no high voltage is present outside of the accumulator in the event of a fault. 

Back to top