Re Server failure issues

Hello I was asked to give a description of a concern I have, regarding your recent server outage and the lack of a fit for purpose local control option in the event of a server outage or loss of internet connection. I have ask my son Jon to write this, as he is a Chartered Engineer and more familiar with the technical details:

During the recent server outage, control over our heating system via the Tado controller was completely lost, to the point we had to isolate the boiler at the main electrical supply, to prevent it firing up of its own accord. We tried the manual control option from your website and this did not work.

After initially isolating the boiler we turned it back on and after about 10 minutes the boiler turned on again all of its own accord, and we only noticed because the radiators became extremely hot. We checked the app and it was jammed at 23 degs and we could not cancel it.

The heating system in my parents house is obviously quite important, especially as my mother suffers from heart failure and blood cancer. As you can imagine to arrive at a situation in the middle of a UK winter, where the heat system does not function, is a safety concern for me and causes unneeded stress and anxiety for someone in my mother’s condition.

I have previously emailed you stating our concerns about the reliance on a server link and asking what resilience options are available to be able to have local control over the system in the event of a server failure or internet failure. So far in my technical opinion this is a significant design flaw in Tado’s system, as I have not seen any option that allows for remote control or control of the schedule in the event of a failure occurring and the current manual control option is not fit for the purpose of controlling a home heating system in our operating context.

My advice would be for you to undertake a Failure Mode Effect Analysis (FMEA) of your system and when it comes to the server link dropping, if you take the customers view of Severity it will be high, the Occurance might be low now but it’s frequency is increasing and I would imagine Detectability will also be a key issue, as you can’t anticipate the failure happening until it has occurred this it’s is difficult to predict and prevent. This should give a high Risk Priority Number (RPN) against this failure mode.

When looking at how to mitigate the failure, I am fairly certain it will lead you to the point of needing a re design to perhaps keep remote control and schedule settings local to the devices in the home and remove the reliance on a server link or another suitable option that will continue to provide sufficient serviceability for the Customer. It would require the system to work thru a local home network in the home that is unaffected by internet or server outages.

In general I have been impressed with how the Tado system functions and did a lot of research before purchasing it. I am sure you will appreciate this as constructive feedback from one of your Customers. I dearly hope this time you seek to fix the issue or offer a suitable option for local control as the continued risk of failure is not one I would be content to live, with especially when it eventually occurs at 1 in the morning in the middle of winter, with no one manning your helpdesk.

Best regards

Jon Holmes BEng (Hons), MSc (Distn), CEng, MIMechE
4
4 votes

Active · Last Updated

Comments

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!