View
224
Download
1
Tags:
Embed Size (px)
Citation preview
E. M. Saleski
FAC 2008 [email protected]
11/11/08
Configuration Control of PPSFAC Review
November 2008
E. Michael SaleskiControls Dept Safety Systems QC Manager
E. M. Saleski
FAC 2008 [email protected]
11/11/08
Configuration Control Elements
Prevention of Unintended ChangePhysical Security of SystemLabelingTraining
Control of Intended ChangeWork Planning (adequate review of design)Work Authorization (RSWCF)Verification of Work (RSWCF)
Periodic Confirmation of System IntegrityRoutine testing and inspections
E. M. Saleski
FAC 2008 [email protected]
11/11/08
SLAC Configuration Control Policies
Guidelines for OperationsGuideline 14 “Configuration Control of Radiation Safety Systems”
Guideline 24 “Safety Review of Major Modifications”
Guidelines 27 “Testing of PPS Systems”
Radiation Safety Systems Technical Basis Document
E. M. Saleski
FAC 2008 [email protected]
11/11/08
CD Safety Systems SectionConfiguration Control Documentation
Change Control PlanDocument Management Plan
Document Change Control ProcedureDocument Change Order
Design Review PlanSoftware Configuration Management
Engineering Change Order ProcedureEngineering Change Order
Drawing Management Procedure
E. M. Saleski
FAC 2008 [email protected]
11/11/08
Physical SecurityPPS Equipment is situated in locked racksField devices are labeled as ‘PPS;’ checked regularly by OPSNew PLC-relevant issues:
Program Storage SecurityVersion ManagementNetwork Access Security
ADSO and the RSWCF are the gate-keepers for work on the system
E. M. Saleski
FAC 2008 [email protected]
11/11/08
PLC Physical Security
Software Security:Safety-critical program ‘smart card’ cannot be written on while in the PLCCommunication with the ‘supervisor’ PLC is through TCP/IPCommunication between the ‘supervisor’ PLC and the safety-critical PLCs is through DeviceNet serial data communication fully contained in a locked rack.
Operational Security:Hardwire Enable from MCC requiredOnly specific IP addresses are allowed to issue PPS commands
E. M. Saleski
FAC 2008 [email protected]
11/11/08
PPS PLC Architecture
Safety-CriticalDoors, EO, EE, Search Status, Keybank
Modulators, Stoppers
Non Safety-CriticalAccess States
Door/Keybank release
Status reporting
AB ControlLogix Digital Input
AB ControlLogix
5000
AB ControlLogix Digital Output
Non Safety-Critical Status
Non Safety-Critical Control
Pilz PLCSystem ‘A’
Safety-Critical Control
Chain ‘A’
Safety-Critical Status Device
Chain ‘A’
Pilz PLCSystem ‘B’
Safety-Critical Control
Chain ‘B’
Safety-Critical Status Device
Chain ‘B’
PPS Hardwire Enable
EPICS Display Panel
Controls Network
PLC PPSSafety-Critical Logic, Status and Control
MCC
2-wayTCP/IP
DeviceNet
E. M. Saleski
FAC 2008 [email protected]
11/11/08
Safety Lifecycle
Describes the development, review, configuration management and testing process for the PPS from inception, to design, construction, commissioning, and through to operations and system modifications.
Implementation, Operations, and
Maintenance Cycle
Development and Review
Cycle
E. M. Saleski
FAC 2008 [email protected]
11/11/08
Implementation, Operations, and
Maintenance Lifecycle
6 Months
12 Months
Correct the Procedure
Initiate RSWCF; Determine Tests
Repair Hardware
Close RSWCFNeed for New
Functional Requirements
Initiate RSWCF
Implement Change
Close RSWCF
Development and Review
CycleInitial Acceptance Test
Success
Problems
Safety Assurance TestSuccess
Problems
Interlock ChecksSuccess
Problems
Re-perform TestSuccess
Problems
System in OperationRoutine Testing Per Guideline 27 Problems
Assess Failure with RSO
Administrative Mitigation
Engineering Change
Assessment of Failure
Procedure Error
Failed Hardware
Undesired Functionality Discovered
Is the Failure Reportable?
E. M. Saleski
FAC 2008 [email protected]
11/11/08
Development and Review
Lifecycle
Safety Functions Requirements Specification
Software Functions Determination
Hardware Functions Determination
Hardware Design and Development
Safety Validation Planning
Deposit Software in Version-Control
Repository
Software Design and Development
Withdraw Software from Version-Control
Repository
Assign New Version Number
Need for New PPS System
Validation Scope and Methodology Determination
Implementation, Operations, and
Maintenance Cycle
Software Bench Testing
Rework Software
Success
ValidationProcedure Review
Success
Rework Procedure
System Review or Assessment
System Testing or Validation
System in Operation
Additional Cycle
Lifecycle Special Functions Key
Preliminary Design Review
(Project and RSO/RSC)Success
Rework Proposal
System Technical Design Review
(Project and RSO/RSC)
Rework Software
Success
Rework Hardware
Bench Testing Specified?
E. M. Saleski
FAC 2008 [email protected]
11/11/08
Software Portion of Dev&Rev Lifecycle
Hardware is design and reviewed per current SLAC practice
Software has a more rigorous version-control scheme
Includes documented bench testing of software
E. M. Saleski
FAC 2008 [email protected]
11/11/08
Software Configuration Management Procedure
PPS Software is stored in a dedicated PPS repositoryReleased software always has “N.0.0” version tagDocumented software bench testing is performed prior to deployment
E. M. Saleski
FAC 2008 [email protected]
11/11/08
Software Configuration Management Support
Software versions are checked during annual certification
Written procedures exist for extracting PPS code from CVS and for uploading it to PLCs
A documented training program tracks personnel PLC qualifications in the Section