Machine Protection PLC Based System Verification and Validation Plan Paulina Skog On behalf of Protection Systems Group www.europeanspallationsource.se 28 June, 2019

Agenda Scope and purpose Roles and responsibilities 2019-06-28 Scope and purpose Roles and responsibilities Verification strategy Verification activity flow Validation Agenda Paulina Skog Protection Systems Group

Protection Systems Group Scope and purpose The purpose MPS V&V activities is to verify global protection The purpose MPS V&V activities is not to verify local protection safety and health of persons, nor environment protection 2019-06-28 Paulina Skog, Protection Systems Group

Protection Systems Group Applicable standards IEC 61508 The protection development method used, is inspired by the IEC 61508 standard’s overall safety lifecycle concept SS-EN 62381 Automation systems in the process industry – Factory acceptance test (FAT), site acceptance test (SAT), and site integration test (SIT) 2019-06-28 Paulina Skog, Protection Systems Group

Protection Systems Group ESS guidelines ESS guideline for validation Factory Acceptance Test (FAT) and Site Acceptance Test (SAT) ESS Handbook for System Verification 2019-06-28 Paulina Skog, Protection Systems Group

Roles and responsibilities 2019-06-28 Paulina Skog, Protection Systems Group

Verification strategy – part 1 Hardware and software component tests and system integration tests, the tests planning, and documentation shall be carried out according to SS-EN 62381:2012 ESS guideline for validation Factory Acceptance Test (FAT) and Site Acceptance Test (SAT) 2019-06-28 Paulina Skog, Protection Systems Group

Verification strategy – part 2 The software shall have documented code reviews All documents shall be reviewed and approved by appropriate reviewers 2019-06-28 Paulina Skog, Protection Systems Group

Reviews usually conducted specifically for the MPS specific systems: Preliminary design review (PDR) Critical design review (CDR) Test readiness review (TRR) 2019-06-28 Paulina Skog, Protection Systems Group

Reviews conducted for the parent or overall system Installation readiness review (IRR) Test readiness review (TRR) System Acceptance Review (SAR) Operational Readiness Review (ORR) 2019-06-28 Paulina Skog, Protection Systems Group

Factory Acceptance Test (FAT) Verifies that the as-built system (Racks) meets the specified design. Performed by the vendor, but it will be accepted by ESS. 2019-06-28 Paulina Skog, Protection Systems Group

Site Acceptance Test (SAT) Verifies that a system works as specified in its operational environment. SAT includes installation and integration verification of a system. The SAT shall be performed by ESS on the site. Note that this only verifies the MPS equipment itself and not the whole system which it shall protect. 2019-06-28 Paulina Skog, Protection Systems Group

Protection Systems Group Software Pre-SIT Note that this activity can be divided into two parts Develop the software to make the racks testable in the SAT Develop the software for the “smart” rack specially developed to ease the testing of the system. 2019-06-28 Paulina Skog, Protection Systems Group

Protection Systems Group Software Pre-SiT The main verification objectives during pre-SIT are to reveal: software design defects avoid systematic failures ensure compliance with the software safety requirements. 2019-06-28 Paulina Skog, Protection Systems Group

Verification activity flow 6/28/2019 Paulina Skog, Protection Systems Group

Protection Systems Group Validation Operation of the facility, even with low power beam, shall only be possible if the minimum required MP-SoS protection functions are in place and validated. 2019-06-28 Paulina Skog, Protection Systems Group

Protection Systems Group Validation strategy The validation shall be performed step by step as well when the constituent systems or its prototypes are integrated into the MP-SoS. Those validation activities should start early, and can be performed in the laboratory and should cover as much functionality as possible. 2019-06-28 Paulina Skog, Protection Systems Group

Protection Systems Group Scope of SIT Normal operation for all proton beam destinations and proton beam modes. Worst case timing situations. Abnormal operation situations. Interfaces to higher level control and other systems. 2019-06-28 Paulina Skog, Protection Systems Group

Entry criteria’s met by the constituents systems It shall be ensured that all cabling is correct and that the connections comply to their specification. A procedure shall be developed to confirm that the actual MP-SoS configuration corresponds to the setup in the MP-SoS configuration data base 2019-06-28 Paulina Skog, Protection Systems Group

Entry criteria’s met by the constituents systems All interfaces of all protection functions shall be validated inside the final MP-SoS setup for all signals A complete end to end test of the signal flow through sensors, logic and actuators including timing measurements shall be planned and carried out for each protection functions 2019-06-28 Paulina Skog, Protection Systems Group

SIT acceptance criteria All requirements shall be met by the MP-SoS. The correct system behavior shall be validated. Non-conformities The result has been documented and stored in CHESS. 2019-06-28 Paulina Skog, Protection Systems Group

Protection Systems Group Validation Continuous validation Validation after MP-SOS Changes 2019-06-28 Paulina Skog, Protection Systems Group

Thank you Questions? www.europeanspallationsource.se 28 June, 2019