PLCCOTS based Interlock and Protection Systems Personnel Safety

  • Slides: 29
Download presentation
PLC/COTS based Interlock and Protection Systems Personnel Safety Systems at ESS Denis Paulic PLC

PLC/COTS based Interlock and Protection Systems Personnel Safety Systems at ESS Denis Paulic PLC engineer, Personnel Safety Systems ESS/ICS/PS Date: 2016 -02 -01

Agenda • Overview • PSS scope of work • PSS technical: standards, target risk

Agenda • Overview • PSS scope of work • PSS technical: standards, target risk and basic requirements • PSS subsystems • Accelerator PSS • Methodology and implementation • PSS planning for 2016. 2

ESS Overview • The European Spallation Source (ESS) will house the most powerful proton

ESS Overview • The European Spallation Source (ESS) will house the most powerful proton LINAC ever built. Parameter Target station Linear proton accelerator (600 m) 2 Ge. V Peak current 62. 5 m. A 14 Hz 2. 86 ms 5 MW 352/704 MHz 1 W/m Pulse length Average power RF frequency Over 150 individual high power RF sources, based on high-power electron tubes! Source 75 ke. V 2. 4 m 4. 6 m 352. 21 MHz 3. 8 m 39 m LEBT RFQ MEBT 3. 6 Me. V DTL 90 Me. V Maximum losses 704. 42 MHz 56 m 77 m Spokes Medium β 216 Me. V Units Max energy Repetition rate Neutron science instruments Value 571 Me. V 179 m High β HEBT & Contingency Target 2000 Me. V Tuning Dump 3

Hazards At ESS • Ionising radiation hazards: – Prompt • Beam Induced • Equipment

Hazards At ESS • Ionising radiation hazards: – Prompt • Beam Induced • Equipment induced (i. e. X rays in cavities) – Residual – Contamination • • • Cryogenic hazards (direct exposure - burns, ODH) Electrical hazards PSS primarily prevent both Magnetic field hazards the public and workers from Laser hazards the facility’s ionising radiation hazards, but also Motion hazards identify as well as mitigate Gas hazards (Explosion, ODH) against all other hazards! 4

PSS Scope Of Work • November 2014, approved by both Change Control Board and

PSS Scope Of Work • November 2014, approved by both Change Control Board and ESS Programme Group (EPG). • 10 initial systems for first beam to target in 2019: – – – – – The PSS for the on-site Cryogenic module test stand The Accelerator Personnel Safety System The Accelerator Radiation Monitoring System The Accelerator Oxygen Depletion System The Target Personnel Safety System The Target Radiation Monitoring System The Target Hot/Maintenance Cell Personnel Safety System The Neutron Instrument Lo. KI Personnel Safety System The Neutron Instrument NMX Personnel Safety System The Neutron Instrument ODIN Personnel Safety System 5

PSS Scope Of Work ODIN Cryo test stand Lo. KI NMX Target building Accelerator

PSS Scope Of Work ODIN Cryo test stand Lo. KI NMX Target building Accelerator tunnel 6

Ken Andersen, October 2015 HEIMDAL BIFROST n-nbar MAGIC T-REX C-SPEC BEER MIRACLES NMX 2

Ken Andersen, October 2015 HEIMDAL BIFROST n-nbar MAGIC T-REX C-SPEC BEER MIRACLES NMX 2 WA-NSE FREIA Sleipnir Mono-farm W LOKI HRNSE Test Instruments 1 -15 Possible instrument 16 Guesses for future Upgrade areas VOR Mono-farm S ESTIA ODIN DREAM ESPRESSO ANNI VESPA Surf. Scatt. SKADI

Standards • IEC 61508 : 2010 • The Swedish Radiation Authority (SSM) o SSM

Standards • IEC 61508 : 2010 • The Swedish Radiation Authority (SSM) o SSM 2014 -127 -1: “Review of application for licence for activity involving ionising radiation” chapter 10 “review of control systems”, o SSMFS 2008 -27: The Swedish Radiation Authority’s “regulations concerning operations at accelerators and with sealed radiation sources”. • IEC 61511 – new revision coming soon o PSS application software E/E/PE system design requirements specification Software safety requirements specification 8

Standards: SSM Summary The PSS systems will be designed to take into account the

Standards: SSM Summary The PSS systems will be designed to take into account the following: • • • External events Single failure Common cause failure Redundancy Diversity Separation Maintenance, design change and annual system testing of PSS will only be carried out during shutdown periods. Radiation risk analysis will be carried out before the facility is taken into operation. Design of the PSS will take into account the risk analysis. A formalised search of each PSS controlled area will be carried out before the facility is operated. Two independent technical design solutions will be used in each system. 9

Hazard Identification Risk Management Identify Hazard Register Assess the Risk Control the Risk Is

Hazard Identification Risk Management Identify Hazard Register Assess the Risk Control the Risk Is Risk acceptable Operate system Event Register Is system functioning Continue operation Decommission 10

Risk Model Residual Risk Tolerable Risk remaining after protective measures have been taken. Risk

Risk Model Residual Risk Tolerable Risk remaining after protective measures have been taken. Risk which is accepted in a given context based on the current values of society. EUC RISK ESS PSS Maximum Tolerable Risk will be 10 -6 Risk arising from dangerous failures in the EUC and EUC Control System. Demands Risk Necessary Risk Reduction Actual Risk Reduction Partial risk covered by other technology Safety-related systems Partial risk covered by E/E/PE Safetyrelated systems Partial risk covered by external risk reduction facilities Risk reduction achieved by all safety-related systems and external risk reduction facilities Risk = Frequency for a specified consequence EUC = Equipment Under Control

PSS Technical Stuart Birch, ESS-0047614 • SSM requirements for the Radiation safety functions will

PSS Technical Stuart Birch, ESS-0047614 • SSM requirements for the Radiation safety functions will be identified and categorised in accordance with ESS-0016468 document. Radiation Safety Function Risk Matrix – IEC 61508 methodologies will then follow H 1 C, H 1 D, H 1 E… - Unacceptable under the existing circumstances • All other safety functions will be identified in accordance with IEC 61508. H 1 A, H 1 B, H 2 A… - Acceptable based on risk mitigation H 3 A, H 4 B… - Acceptable 12

PSS Subsystems The Access Control System Ensuring safe entry into potentially hazardous areas ACS

PSS Subsystems The Access Control System Ensuring safe entry into potentially hazardous areas ACS The ODH Monitoring System ODH PSS Safety Interlocks The Safety Interlock System Ensuring fast switch off of the proton beam RMS The Radiation Monitoring System 13

Safety Interlock System - De-energise To Trip A loss of power to the coil

Safety Interlock System - De-energise To Trip A loss of power to the coil will result in a spurious trip and loss of production… (Safe Failure) for specified Safety Function Welded contacts will result in a failure to operate on demand (Dangerous Failure) for specified Safety Function 14

Accelerator PSS Accelerator Tunnel ZONE 7 ZONE 6 ZONE 5 ZONE 4 ZONE 3

Accelerator PSS Accelerator Tunnel ZONE 7 ZONE 6 ZONE 5 ZONE 4 ZONE 3 ZONE 2 ZONE 1 Zone 2 Zone 3 Zone 4 Zone 5 Zone 6 Zone 7 - Proton Source, LEBT, RFQ, MEBT DTL’s Spokes Cavities Elliptical Cavities HEBT A 2 T Gated fence between each zone.

Accelerator PSS – FBD Morteza Mansouri, August 2015 16

Accelerator PSS – FBD Morteza Mansouri, August 2015 16

ACS - Entry Station Red colour, with a window – alarm and beam status

ACS - Entry Station Red colour, with a window – alarm and beam status lights Outside should be visible from outside D 1 Normal entry D 1 Door position monitoring SIL 3 (IEC 61508): Reader 1 E-exit RFID Safety Switch + actuator Safety hinge switch D 2 Key exchange system D 2 Reader 2 PSS controlled area Magnetic Safety Switch Safety hinge switch D 1 cannot be unlocked at the same time as D 2! 17

ACS - Entry Sequence Entry: Outside Entry station empty? Normal entry D 1 Swipe

ACS - Entry Sequence Entry: Outside Entry station empty? Normal entry D 1 Swipe card - Card Reader 1 E-exit Enter the station and stand inside marked area D 2 Reader 2 PSS controlled area Single person check or Max time inside exceeded alarm? Confirm the questions on HMI and take the marked key Exit the station through D 1 Enter the controlled area 18

ACS - Key Exchange System PSS Control Room Front End Entrance Key Exchange Controlled

ACS - Key Exchange System PSS Control Room Front End Entrance Key Exchange Controlled Access “front End” Controlled Access “HEBT” Restricted Access “front End” Action of taking blue key will lock the red key in position. Red key will not be released until BOTH blue keys are returned to key exchange. Action of taking black key will lock the blue key in position. Blue key will not be released until LAST black key is returned to key exchange. Restricted Access “HEBT” HEBT Entrance Key Exchange Permit to main control system. “Power Down” via PLC. Start 60 minute timer before tunnel entry. Remove permit when Red key returned. Issue Permit to the “Run Permit” system when red key in position. • Controlled Access is regular access for authorised personnel. • Search is broken on entry. 19

Safety Interlock System - Beam OFF Station • • • Beam-off stations installed in

Safety Interlock System - Beam OFF Station • • • Beam-off stations installed in 76 points of the accelerator tunnel to switch off the beam in case of emergency (e. g. somebody was left inside the tunnel during the search). Oxygen deficiency hazard indicator for different zones. Search button and siren. Buzzer E-Stop pressed Area searched PSS zones ODH indicator E-Stop button Beam ON warning Search button ODH alarm 20

Search Patrol A predefined search of each PSS controlled area will be done prior

Search Patrol A predefined search of each PSS controlled area will be done prior to beam operation. Morteza Mansouri, August 2015 21

Implementation • Total of 2200 I/O-s for Accelerator PSS, around 700 F-I/O-s. • All

Implementation • Total of 2200 I/O-s for Accelerator PSS, around 700 F-I/O-s. • All safety equipment will be powered by Uninterruptible Power Systems (UPS). • Two independent Siemens S 7 -1518 F-PLCs will be used for functional safety implementation, principally through safety functions in the software (TIA Portal V 13). • All sensors and actuators for PSS will be connected locally to the Siemens ET 200 SP distributed I/O stations with fail-safe I/O modules. • A general safety function block will be implemented for each type of the important safety element. 22

Accelerator PSS – PLC Architecture ET 200 SP station ET 200 SP station Front

Accelerator PSS – PLC Architecture ET 200 SP station ET 200 SP station Front End racks HMI ET 200 SP station Switch HMI ET 200 SP station IO racks Switch F-PLC HMI ET 200 SP station Ethernet/Profinet Fiber optics PLC rack 23

Example: Door Position Monitoring ET 200 SP station F-PLC Profinet RFID position switch Profinet

Example: Door Position Monitoring ET 200 SP station F-PLC Profinet RFID position switch Profinet FO Ethernet/FO Switches FO Profinet F-PLC Profinet ET 200 SP station Mechanical position switch 24

Door Position Monitoring - Reaction ET 200 SP station Safety relay Contactors 1 Power

Door Position Monitoring - Reaction ET 200 SP station Safety relay Contactors 1 Power down High voltage platform PS Power down Plasma chamber coils PS Contactors 2 Feedback C 2 Contactors 3 Power down 50 ms delay ET 200 SP station RFQ Safety relay 25

Door Position Monitoring: SIL Evaluation Mechanical safety switch Magnetic safety switch F-DI FCPU Contactors

Door Position Monitoring: SIL Evaluation Mechanical safety switch Magnetic safety switch F-DI FCPU Contactors 1 Contactors 2 F-DI FCPU Diversity Separation CCF Detection F-DO Evaluation F-DO Contactors 3 Separation CCF Reaction Single failure 26

SIF Door Position Monitoring PLC 1 Switch 1 CCF Switch 2 Contactors 1 PLC

SIF Door Position Monitoring PLC 1 Switch 1 CCF Switch 2 Contactors 1 PLC 2 Contactors 2 CCF Contactors 3 SIF: Upon detecting abnormal entry/exit via 2 safety position switches on the door (1 oo 2), the safety PLC (1 oo 2) sends the signal to switch off proton source and RFQ power supplies (PS): • High voltage platform PS (Contactors 1) • Plasma chamber coils PS (Contactors 2) • RFQ (Contactors 3). Stopping one of these 3 pair of contactors would stop the beam! 27

PSS Planning For 2016 Ø Documentation Ø Complete Accelerator PSS analysis ! s t

PSS Planning For 2016 Ø Documentation Ø Complete Accelerator PSS analysis ! s t Ø Complete Accelerator PSS designen m u c oequipment Ø Purchase all Accelerator PSS D f O r Ø Complete Target PSS Yanalysis ea = 6 1 design Ø Complete Target 20 PSS Ø Start hazard identification on 3 initial neutron instruments: Lo. KI, ODIN, NMX 28

Thank you!

Thank you!

PERSONNEL SECURITY Personnel Security Investigation Definition Personnel SecurityPERSONNEL SECURITY Personnel Security Investigation Definition Personnel Security
CHIEF MILITARY PERSONNEL Strength through personnel CHEF PERSONNELCHIEF MILITARY PERSONNEL Strength through personnel CHEF PERSONNEL
Personnel Safety System Overview Introduction The Personnel SafetyPersonnel Safety System Overview Introduction The Personnel Safety
Magnet protection and Interlock systems Ongoing improvements forMagnet protection and Interlock systems Ongoing improvements for
Machine Protection and Interlock Systems for the LHCMachine Protection and Interlock Systems for the LHC
LCLS Personnel Protection System Patrick Bong SLAC PersonnelLCLS Personnel Protection System Patrick Bong SLAC Personnel
Operating Systems Protection Alok Kumar Jagadev Protection ProtectionOperating Systems Protection Alok Kumar Jagadev Protection Protection
The Need for Interlock Protection for Megawatt ProtonThe Need for Interlock Protection for Megawatt Proton
RF Local Protection System Slow Interlock Module HardwareRF Local Protection System Slow Interlock Module Hardware
The Need for Interlock Protection for Megawatt ProtonThe Need for Interlock Protection for Megawatt Proton
Safety Review Global Interlock System Design and ScheduleSafety Review Global Interlock System Design and Schedule
AutoMetal Shop Safety General Safety Eye Protection SafetyAutoMetal Shop Safety General Safety Eye Protection Safety
AutoMetal Shop Safety General Safety Eye Protection SafetyAutoMetal Shop Safety General Safety Eye Protection Safety
AutoMetal Shop Safety General Safety Eye Protection SafetyAutoMetal Shop Safety General Safety Eye Protection Safety
Personnel 101 What Every Commander and Personnel OfficerPersonnel 101 What Every Commander and Personnel Officer
PDT 209 INDUSTRIAL SAFETY Industrial Safety and PersonnelPDT 209 INDUSTRIAL SAFETY Industrial Safety and Personnel
Behavior Based Safety Behavior Based Safety BBS SebabBehavior Based Safety Behavior Based Safety BBS Sebab
Personnel selection Week 6 What is personnel selectionPersonnel selection Week 6 What is personnel selection
School Personnel Reporting Heather Butler Director School PersonnelSchool Personnel Reporting Heather Butler Director School Personnel
MILITARY PERSONNEL GENERATION GNRATION du PERSONNEL MILITAIRE BILCMILITARY PERSONNEL GENERATION GNRATION du PERSONNEL MILITAIRE BILC
Change Personnel Number via ZMTRRTravelWorkLi Change Personnel NumberChange Personnel Number via ZMTRRTravelWorkLi Change Personnel Number
Change Personnel Number via ZMTRRTravelWorkLi Change Personnel NumberChange Personnel Number via ZMTRRTravelWorkLi Change Personnel Number
Personnel Administration Actions HRPA310 Personnel Administration Actions VPersonnel Administration Actions HRPA310 Personnel Administration Actions V
Training of MOUs personnel including MODUs personnel STCWTraining of MOUs personnel including MODUs personnel STCW
SALARIED PERSONNEL ACTIONS Salaried Personnel Levels restructure businessSALARIED PERSONNEL ACTIONS Salaried Personnel Levels restructure business
PERSONNEL MATTERS MRS STEPHANIE CHARLESSOVERALL PRINCIPAL PERSONNEL OFFICERPERSONNEL MATTERS MRS STEPHANIE CHARLESSOVERALL PRINCIPAL PERSONNEL OFFICER
Personnel 2016 Budget Presentation Personnel What We DoPersonnel 2016 Budget Presentation Personnel What We Do
Personnel Deployment Welfare Measures Categories of personnel requiredPersonnel Deployment Welfare Measures Categories of personnel required
IDEA Part B Annual Personnel Data Reporting PersonnelIDEA Part B Annual Personnel Data Reporting Personnel
Personnel Security Personnel Security in General Purpose toPersonnel Security Personnel Security in General Purpose to
Theatre Personnel Theatre Personnel Producer the head administratorTheatre Personnel Theatre Personnel Producer the head administrator
Theatre Personnel Theatre Personnel Producer Brings together theTheatre Personnel Theatre Personnel Producer Brings together the
Personnel Security Update January 2016 Presented by PersonnelPersonnel Security Update January 2016 Presented by Personnel
Child Protection and Social Protection Social Protection mustChild Protection and Social Protection Social Protection must
Child Protection and Social Protection Social Protection mustChild Protection and Social Protection Social Protection must
FALL PROTECTION Duty To Have Fall Protection ProtectionFALL PROTECTION Duty To Have Fall Protection Protection
3 3 Protection Protection Protection means providing care3 3 Protection Protection Protection means providing care
Upgraded Injector Test Facility UITF Personnel Safety SystemsUpgraded Injector Test Facility UITF Personnel Safety Systems
Personnel Safety Systems Bryce Karnaghan Australian Synchrotron BackgroundPersonnel Safety Systems Bryce Karnaghan Australian Synchrotron Background
VXD Monitoring and Interlock Subgroup organization tasks andVXD Monitoring and Interlock Subgroup organization tasks and