PLCCOTS based Interlock and Protection Systems Personnel Safety
PLC/COTS based Interlock and Protection Systems Personnel Safety Systems at ESS Denis Paulic PLC engineer, Personnel Safety Systems ESS/ICS/PS Date: 2016 -02 -01
Agenda • Overview • PSS scope of work • PSS technical: standards, target risk and basic requirements • PSS subsystems • Accelerator PSS • Methodology and implementation • PSS planning for 2016. 2
ESS Overview • The European Spallation Source (ESS) will house the most powerful proton LINAC ever built. Parameter Target station Linear proton accelerator (600 m) 2 Ge. V Peak current 62. 5 m. A 14 Hz 2. 86 ms 5 MW 352/704 MHz 1 W/m Pulse length Average power RF frequency Over 150 individual high power RF sources, based on high-power electron tubes! Source 75 ke. V 2. 4 m 4. 6 m 352. 21 MHz 3. 8 m 39 m LEBT RFQ MEBT 3. 6 Me. V DTL 90 Me. V Maximum losses 704. 42 MHz 56 m 77 m Spokes Medium β 216 Me. V Units Max energy Repetition rate Neutron science instruments Value 571 Me. V 179 m High β HEBT & Contingency Target 2000 Me. V Tuning Dump 3
Hazards At ESS • Ionising radiation hazards: – Prompt • Beam Induced • Equipment induced (i. e. X rays in cavities) – Residual – Contamination • • • Cryogenic hazards (direct exposure - burns, ODH) Electrical hazards PSS primarily prevent both Magnetic field hazards the public and workers from Laser hazards the facility’s ionising radiation hazards, but also Motion hazards identify as well as mitigate Gas hazards (Explosion, ODH) against all other hazards! 4
PSS Scope Of Work • November 2014, approved by both Change Control Board and ESS Programme Group (EPG). • 10 initial systems for first beam to target in 2019: – – – – – The PSS for the on-site Cryogenic module test stand The Accelerator Personnel Safety System The Accelerator Radiation Monitoring System The Accelerator Oxygen Depletion System The Target Personnel Safety System The Target Radiation Monitoring System The Target Hot/Maintenance Cell Personnel Safety System The Neutron Instrument Lo. KI Personnel Safety System The Neutron Instrument NMX Personnel Safety System The Neutron Instrument ODIN Personnel Safety System 5
PSS Scope Of Work ODIN Cryo test stand Lo. KI NMX Target building Accelerator tunnel 6
Ken Andersen, October 2015 HEIMDAL BIFROST n-nbar MAGIC T-REX C-SPEC BEER MIRACLES NMX 2 WA-NSE FREIA Sleipnir Mono-farm W LOKI HRNSE Test Instruments 1 -15 Possible instrument 16 Guesses for future Upgrade areas VOR Mono-farm S ESTIA ODIN DREAM ESPRESSO ANNI VESPA Surf. Scatt. SKADI
Standards • IEC 61508 : 2010 • The Swedish Radiation Authority (SSM) o SSM 2014 -127 -1: “Review of application for licence for activity involving ionising radiation” chapter 10 “review of control systems”, o SSMFS 2008 -27: The Swedish Radiation Authority’s “regulations concerning operations at accelerators and with sealed radiation sources”. • IEC 61511 – new revision coming soon o PSS application software E/E/PE system design requirements specification Software safety requirements specification 8
Standards: SSM Summary The PSS systems will be designed to take into account the following: • • • External events Single failure Common cause failure Redundancy Diversity Separation Maintenance, design change and annual system testing of PSS will only be carried out during shutdown periods. Radiation risk analysis will be carried out before the facility is taken into operation. Design of the PSS will take into account the risk analysis. A formalised search of each PSS controlled area will be carried out before the facility is operated. Two independent technical design solutions will be used in each system. 9
Hazard Identification Risk Management Identify Hazard Register Assess the Risk Control the Risk Is Risk acceptable Operate system Event Register Is system functioning Continue operation Decommission 10
Risk Model Residual Risk Tolerable Risk remaining after protective measures have been taken. Risk which is accepted in a given context based on the current values of society. EUC RISK ESS PSS Maximum Tolerable Risk will be 10 -6 Risk arising from dangerous failures in the EUC and EUC Control System. Demands Risk Necessary Risk Reduction Actual Risk Reduction Partial risk covered by other technology Safety-related systems Partial risk covered by E/E/PE Safetyrelated systems Partial risk covered by external risk reduction facilities Risk reduction achieved by all safety-related systems and external risk reduction facilities Risk = Frequency for a specified consequence EUC = Equipment Under Control
PSS Technical Stuart Birch, ESS-0047614 • SSM requirements for the Radiation safety functions will be identified and categorised in accordance with ESS-0016468 document. Radiation Safety Function Risk Matrix – IEC 61508 methodologies will then follow H 1 C, H 1 D, H 1 E… - Unacceptable under the existing circumstances • All other safety functions will be identified in accordance with IEC 61508. H 1 A, H 1 B, H 2 A… - Acceptable based on risk mitigation H 3 A, H 4 B… - Acceptable 12
PSS Subsystems The Access Control System Ensuring safe entry into potentially hazardous areas ACS The ODH Monitoring System ODH PSS Safety Interlocks The Safety Interlock System Ensuring fast switch off of the proton beam RMS The Radiation Monitoring System 13
Safety Interlock System - De-energise To Trip A loss of power to the coil will result in a spurious trip and loss of production… (Safe Failure) for specified Safety Function Welded contacts will result in a failure to operate on demand (Dangerous Failure) for specified Safety Function 14
Accelerator PSS Accelerator Tunnel ZONE 7 ZONE 6 ZONE 5 ZONE 4 ZONE 3 ZONE 2 ZONE 1 Zone 2 Zone 3 Zone 4 Zone 5 Zone 6 Zone 7 - Proton Source, LEBT, RFQ, MEBT DTL’s Spokes Cavities Elliptical Cavities HEBT A 2 T Gated fence between each zone.
Accelerator PSS – FBD Morteza Mansouri, August 2015 16
ACS - Entry Station Red colour, with a window – alarm and beam status lights Outside should be visible from outside D 1 Normal entry D 1 Door position monitoring SIL 3 (IEC 61508): Reader 1 E-exit RFID Safety Switch + actuator Safety hinge switch D 2 Key exchange system D 2 Reader 2 PSS controlled area Magnetic Safety Switch Safety hinge switch D 1 cannot be unlocked at the same time as D 2! 17
ACS - Entry Sequence Entry: Outside Entry station empty? Normal entry D 1 Swipe card - Card Reader 1 E-exit Enter the station and stand inside marked area D 2 Reader 2 PSS controlled area Single person check or Max time inside exceeded alarm? Confirm the questions on HMI and take the marked key Exit the station through D 1 Enter the controlled area 18
ACS - Key Exchange System PSS Control Room Front End Entrance Key Exchange Controlled Access “front End” Controlled Access “HEBT” Restricted Access “front End” Action of taking blue key will lock the red key in position. Red key will not be released until BOTH blue keys are returned to key exchange. Action of taking black key will lock the blue key in position. Blue key will not be released until LAST black key is returned to key exchange. Restricted Access “HEBT” HEBT Entrance Key Exchange Permit to main control system. “Power Down” via PLC. Start 60 minute timer before tunnel entry. Remove permit when Red key returned. Issue Permit to the “Run Permit” system when red key in position. • Controlled Access is regular access for authorised personnel. • Search is broken on entry. 19
Safety Interlock System - Beam OFF Station • • • Beam-off stations installed in 76 points of the accelerator tunnel to switch off the beam in case of emergency (e. g. somebody was left inside the tunnel during the search). Oxygen deficiency hazard indicator for different zones. Search button and siren. Buzzer E-Stop pressed Area searched PSS zones ODH indicator E-Stop button Beam ON warning Search button ODH alarm 20
Search Patrol A predefined search of each PSS controlled area will be done prior to beam operation. Morteza Mansouri, August 2015 21
Implementation • Total of 2200 I/O-s for Accelerator PSS, around 700 F-I/O-s. • All safety equipment will be powered by Uninterruptible Power Systems (UPS). • Two independent Siemens S 7 -1518 F-PLCs will be used for functional safety implementation, principally through safety functions in the software (TIA Portal V 13). • All sensors and actuators for PSS will be connected locally to the Siemens ET 200 SP distributed I/O stations with fail-safe I/O modules. • A general safety function block will be implemented for each type of the important safety element. 22
Accelerator PSS – PLC Architecture ET 200 SP station ET 200 SP station Front End racks HMI ET 200 SP station Switch HMI ET 200 SP station IO racks Switch F-PLC HMI ET 200 SP station Ethernet/Profinet Fiber optics PLC rack 23
Example: Door Position Monitoring ET 200 SP station F-PLC Profinet RFID position switch Profinet FO Ethernet/FO Switches FO Profinet F-PLC Profinet ET 200 SP station Mechanical position switch 24
Door Position Monitoring - Reaction ET 200 SP station Safety relay Contactors 1 Power down High voltage platform PS Power down Plasma chamber coils PS Contactors 2 Feedback C 2 Contactors 3 Power down 50 ms delay ET 200 SP station RFQ Safety relay 25
Door Position Monitoring: SIL Evaluation Mechanical safety switch Magnetic safety switch F-DI FCPU Contactors 1 Contactors 2 F-DI FCPU Diversity Separation CCF Detection F-DO Evaluation F-DO Contactors 3 Separation CCF Reaction Single failure 26
SIF Door Position Monitoring PLC 1 Switch 1 CCF Switch 2 Contactors 1 PLC 2 Contactors 2 CCF Contactors 3 SIF: Upon detecting abnormal entry/exit via 2 safety position switches on the door (1 oo 2), the safety PLC (1 oo 2) sends the signal to switch off proton source and RFQ power supplies (PS): • High voltage platform PS (Contactors 1) • Plasma chamber coils PS (Contactors 2) • RFQ (Contactors 3). Stopping one of these 3 pair of contactors would stop the beam! 27
PSS Planning For 2016 Ø Documentation Ø Complete Accelerator PSS analysis ! s t Ø Complete Accelerator PSS designen m u c oequipment Ø Purchase all Accelerator PSS D f O r Ø Complete Target PSS Yanalysis ea = 6 1 design Ø Complete Target 20 PSS Ø Start hazard identification on 3 initial neutron instruments: Lo. KI, ODIN, NMX 28
Thank you!
- Slides: 29