Machine Protection PLC Based System Verification and Validation

Machine Protection PLC Based System Verification and Validation Plan Paulina Skog On behalf of Protection Systems Group www. europeanspallationsource. se

2020 -11 -30 Agenda • • • Scope and purpose Roles and responsibilities Verification strategy Verification activity flow Validation Paulina Skog Protection Systems Group 2

Scope and purpose • The purpose MPS V&V activities is to verify – global protection • The purpose MPS V&V activities is not to verify – local protection – safety and health of persons, nor environment protection 2020 -11 -30 Paulina Skog, Protection Systems Group 3

Applicable standards • IEC 61508 – The protection development method used, is inspired by the IEC 61508 standard’s overall safety lifecycle concept • SS-EN 62381 – Automation systems in the process industry – Factory acceptance test (FAT), site acceptance test (SAT), and site integration test (SIT) 2020 -11 -30 Paulina Skog, Protection Systems Group 4

ESS guidelines • ESS guideline for validation Factory Acceptance Test (FAT) and Site Acceptance Test (SAT) • ESS Handbook for System Verification 2020 -11 -30 Paulina Skog, Protection Systems Group 5

Roles and responsibilities 2020 -11 -30 Paulina Skog, Protection Systems Group 6

Verification strategy – part 1 • Hardware and software component tests and system integration tests, the tests planning, and documentation shall be carried out according to – SS-EN 62381: 2012 – ESS guideline for validation Factory Acceptance Test (FAT) and Site Acceptance Test (SAT) 2020 -11 -30 Paulina Skog, Protection Systems Group 7

Verification strategy – part 2 • The software shall have documented code reviews • All documents shall be reviewed and approved by appropriate reviewers 2020 -11 -30 Paulina Skog, Protection Systems Group 8

Reviews usually conducted specifically for the MPS specific systems: • Preliminary design review (PDR) • Critical design review (CDR) • Test readiness review (TRR) 2020 -11 -30 Paulina Skog, Protection Systems Group 9

Reviews conducted for the parent or overall system • • Installation readiness review (IRR) Test readiness review (TRR) System Acceptance Review (SAR) Operational Readiness Review (ORR) 2020 -11 -30 Paulina Skog, Protection Systems Group 10

Factory Acceptance Test (FAT) • Verifies that the as-built system (Racks) meets the specified design. • Performed by the vendor, but it will be accepted by ESS. 2020 -11 -30 Paulina Skog, Protection Systems Group 11

Site Acceptance Test (SAT) • Verifies that a system works as specified in its operational environment. • SAT includes installation and integration verification of a system. • The SAT shall be performed by ESS on the site. Note that this only verifies the MPS equipment itself and not the whole system which it shall protect. 2020 -11 -30 Paulina Skog, Protection Systems Group 12

Software Pre-SIT Note that this activity can be divided into two parts – Develop the software to make the racks testable in the SAT – Develop the software for the “smart” rack specially developed to ease the testing of the system. 2020 -11 -30 Paulina Skog, Protection Systems Group 13

Software Pre-Si. T The main verification objectives during pre-SIT are to reveal: – software design defects – avoid systematic failures – ensure compliance with the software safety requirements. 2020 -11 -30 Paulina Skog, Protection Systems Group 14

Verification activity flow 11/30/2020 Paulina Skog, Protection Systems Group 15

Validation Operation of the facility, even with low power beam, shall only be possible if the minimum required MP-So. S protection functions are in place and validated. 2020 -11 -30 Paulina Skog, Protection Systems Group 16

Validation strategy • The validation shall be performed step by step as well when the constituent systems or its prototypes are integrated into the MP-So. S. • Those validation activities should start early, and can be performed in the laboratory and should cover as much functionality as possible. 2020 -11 -30 Paulina Skog, Protection Systems Group 17

Scope of SIT • Normal operation for all proton beam destinations and proton beam modes. • Worst case timing situations. • Abnormal operation situations. • Interfaces to higher level control and other systems. 2020 -11 -30 Paulina Skog, Protection Systems Group 18

Entry criteria’s met by the constituents systems • It shall be ensured that all cabling is correct and that the connections comply to their specification. • A procedure shall be developed to confirm that the actual MP-So. S configuration corresponds to the setup in the MP-So. S configuration data base 2020 -11 -30 Paulina Skog, Protection Systems Group 19

Entry criteria’s met by the constituents systems • All interfaces of all protection functions shall be validated inside the final MP-So. S setup for all signals • A complete end to end test of the signal flow through sensors, logic and actuators including timing measurements shall be planned and carried out for each protection functions 2020 -11 -30 Paulina Skog, Protection Systems Group 20

SIT acceptance criteria • • All requirements shall be met by the MP-So. S. The correct system behavior shall be validated. Non-conformities The result has been documented and stored in CHESS. 2020 -11 -30 Paulina Skog, Protection Systems Group 21

Validation • Continuous validation • Validation after MP-SOS Changes 2020 -11 -30 Paulina Skog, Protection Systems Group 22

Thank you Questions? www. europeanspallationsource. se