Presentation is loading. Please wait.

Presentation is loading. Please wait.

Personnel Safety Systems at ESS

Published byReynard Bruce Modified over 6 years ago

Similar presentations

Presentation on theme: "Personnel Safety Systems at ESS"— Presentation transcript:

1 Personnel Safety Systems at ESS
PLC/COTS based Interlock and Protection Systems Personnel Safety Systems at ESS Denis Paulic PLC engineer, Personnel Safety Systems ESS/ICS/PS Date:

2 Agenda Overview PSS scope of work
PSS technical: standards, target risk and basic requirements PSS subsystems Accelerator PSS Methodology and implementation PSS planning for 2016.

3 ESS Overview The European Spallation Source (ESS) will house the most powerful proton LINAC ever built. Parameter Value Units Max energy 2 GeV Peak current 62.5 mA Repetition rate 14 Hz Pulse length 2.86 ms Average power 5 MW RF frequency 352/704 MHz Maximum losses 1 W/m Target station Neutron science instruments Linear proton accelerator (600 m) Over 150 individual high power RF sources, based on high-power electron tubes! Spokes Medium β High β DTL MEBT RFQ LEBT Source HEBT & Contingency Target 2.4 m 4.6 m 3.8 m 39 m 56 m 77 m 179 m 75 keV 3.6 MeV 90 MeV 216 MeV 571 MeV 2000 MeV MHz MHz Tuning Dump

4 Hazards At ESS Ionising radiation hazards:
Prompt Beam Induced Equipment induced (i.e. X rays in cavities) Residual Contamination Cryogenic hazards (direct exposure - burns, ODH) Electrical hazards Magnetic field hazards Laser hazards Motion hazards Gas hazards (Explosion, ODH) PSS primarily prevent both the public and workers from the facility’s ionising radiation hazards, but also identify as well as mitigate against all other hazards!

5 PSS Scope Of Work November 2014, approved by both Change Control Board and ESS Programme Group (EPG). 10 initial systems for first beam to target in 2019: The PSS for the on-site Cryogenic module test stand The Accelerator Personnel Safety System The Accelerator Radiation Monitoring System The Accelerator Oxygen Depletion System The Target Personnel Safety System The Target Radiation Monitoring System The Target Hot/Maintenance Cell Personnel Safety System The Neutron Instrument LoKI Personnel Safety System The Neutron Instrument NMX Personnel Safety System The Neutron Instrument ODIN Personnel Safety System First beam December 2017

6 PSS Scope Of Work ODIN Cryo test stand LoKI NMX Target building
Accelerator tunnel

7 Instruments 1-15 Possible instrument 16 Guesses for future
HR-NSE BIFROST SKADI ESTIA HEIMDAL Surf.Scatt. LOKI FREIA WA-NSE Mono-farm S VOR VESPA Instruments 1-15 Possible instrument 16 Guesses for future Upgrade areas MAGIC C-SPEC MIRACLES T-REX BEER NMX ODIN DREAM Sleipnir n-nbar Ken Andersen, October 2015 ANNI ESPRESSO NMX2 Mono-farm W Test

8 Standards The Swedish Radiation Authority (SSM) IEC 61508 : 2010
SSM : “Review of application for licence for activity involving ionising radiation” chapter 10 “review of control systems”, SSMFS : The Swedish Radiation Authority’s “regulations concerning operations at accelerators and with sealed radiation sources”. IEC : 2010 IEC – new revision coming soon PSS application software E/E/PE system design requirements specification Software safety requirements specification

9 Standards: SSM Summary
The PSS systems will be designed to take into account the following: External events Single failure Common cause failure Redundancy Diversity Separation Maintenance, design change and annual system testing of PSS will only be carried out during shutdown periods. Radiation risk analysis will be carried out before the facility is taken into operation. Design of the PSS will take into account the risk analysis. A formalised search of each PSS controlled area will be carried out before the facility is operated. Two independent technical design solutions will be used in each system. Common Cause Failure: The result of one or more events, causing concurrent failures of two or more separate channels in a multiple channel system, leading to a system failure. Diversity: Different means and/or technologies used to perform a required function. Redundancy: The existence of more than one means for performing a required function or for representing information. Separation: Physical separation of independent systems to reduce the possibility of the personnel safe-ty systems being affected by the same external event. Single failure: An occurrence, which results in the loss of capability of a component to perform its in-tended safety functions. External event: An external event such as earth-quake, flooding, fire and power failure which can directly affect the facility and cause the degradation of the ESS personnel safety systems.

10 Hazard Identification
Risk Management Identify Hazard Hazard Register Assess the Risk Control the Risk Is Risk acceptable Operate system Event Register Is system functioning Continue operation Decommission

11 Risk Model Residual Risk Tolerable Risk EUC RISK Demands Risk
Risk which is accepted in a given context based on the current values of society. EUC RISK Risk arising from dangerous failures in the EUC and EUC Control System. Risk remaining after protective measures have been taken. ESS PSS Maximum Tolerable Risk will be 10-6 Demands Risk Necessary Risk Reduction Actual Risk Reduction The purpose of determining the tolerable risk for a specific hazardous event is to state what is deemed reasonable with respect to both the frequency of the hazardous event and its specific consequences. The tolerable risk will depend on many factors. For example, the severity of the consequences or injury, the number of people exposed to danger, the frequency and the duration of the exposure. Important factors will be the perception and views of those exposed to the hazardous event. Risk reduction is achieved by a combination of all the safety protective features, including any associated SIF. The necessary risk reduction to achieve the specified tolerable risk, from a starting point of the risk presented by the Equipment Under Control (EUC), is shown in Figure 4. Risk = Frequency for a specified consequence Partial risk covered by other technology Safety-related systems Partial risk covered by E/E/PE Safety-related systems Partial risk covered by external risk reduction facilities EUC = Equipment Under Control Risk reduction achieved by all safety-related systems and external risk reduction facilities

12 PSS Technical Stuart Birch, ESS SSM requirements for the Radiation safety functions will be identified and categorised in accordance with ESS document. IEC methodologies will then follow Radiation Safety Function Risk Matrix H1C, H1D, H1E… - Unacceptable under the existing circumstances H1A, H1B, H2A… - Acceptable based on risk mitigation All other safety functions will be identified in accordance with IEC61508. H3A, H4A, H4B… - Acceptable

13 The Radiation Monitoring System
PSS Subsystems The Access Control System Ensuring safe entry into potentially hazardous areas PSS ACS Safety Interlocks RMS ODH The ODH Monitoring System The Safety Interlock System Ensuring fast switch off of the proton beam The Radiation Monitoring System

14 Safety Interlock System - De-energise To Trip
A loss of power to the coil will result in a spurious trip and loss of production… (Safe Failure) for specified Safety Function It is the Safety Function that determines whether a failure is safe or dangerous Energise to trip A loss of power to the coil will result in a inability to trip (Dangerous Failure) for specified Safety Function Welded contacts will result in inability to start the plant (Safe Failure) for specified Safety Function Welded contacts will result in a failure to operate on demand (Dangerous Failure) for specified Safety Function

15 Accelerator PSS Accelerator Tunnel
ZONE 7 ZONE 6 ZONE 5 ZONE 4 Zone Proton Source, LEBT, RFQ, MEBT Zone DTL’s Zone Spokes Cavities Zone Elliptical Cavities Zone Elliptical Cavities Zone HEBT Zone A2T ZONE 3 ZONE 2 ZONE 1 Gated fence between each zone.

16 Accelerator PSS – FBD Morteza Mansouri, August 2015

17 ACS - Entry Station D1 Door position monitoring SIL 3 (IEC 61508): D2
Red colour, with a window – alarm and beam status lights should be visible from outside Door position monitoring SIL 3 (IEC 61508): D1 D2 E-exit Reader 1 Reader 2 PSS controlled area Outside Normal entry D1 RFID Safety Switch + actuator Safety hinge switch D2 Magnetic Safety Key exchange system D1 cannot be unlocked at the same time as D2!

18 ACS - Entry Sequence Entry: Swipe card - Card Reader 1
E-exit Reader 1 Reader 2 PSS controlled area Outside Normal entry Entry station empty? Enter the station and stand inside marked area Single person check or Max time inside exceeded alarm? Exit the station through D1 Confirm the questions on HMI and take the marked key Enter the controlled area

19 ACS - Key Exchange System
PSS Control Room Front End Entrance Key Exchange Controlled Access “front End” Controlled Access “HEBT” Restricted Access Access “front End” Action of taking blue key will lock the red key in position. Red key will not be released until BOTH blue keys are returned to key exchange . Action of taking black key will lock the blue key in position. Blue key will not be released until LAST black key is returned to key exchange. HEBT Entrance Key Exchange Restricted Access “HEBT” Permit to main control system. “Power Down” via PLC. Start 60 minute timer before tunnel entry. Remove permit when Red key returned. Issue Permit to the “Run Permit” system when red key in position. Controlled Access is regular access for authorised personnel. Search is broken on entry.

20 Safety Interlock System - Beam OFF Station
Beam-off stations installed in 76 points of the accelerator tunnel to switch off the beam in case of emergency (e.g. somebody was left inside the tunnel during the search). Oxygen deficiency hazard indicator for different zones. Search button and siren. Buzzer E-Stop pressed Area searched PSS zones ODH indicator E-Stop button Search button Beam ON warning ODH alarm

21 Search Patrol A predefined search of each PSS controlled area will be done prior to beam operation. Morteza Mansouri, August 2015

22 Implementation Total of 2200 I/O-s for Accelerator PSS, around 700 F-I/O-s. All safety equipment will be powered by Uninterruptible Power Systems (UPS). Two independent Siemens S F-PLCs will be used for functional safety implementation, principally through safety functions in the software (TIA Portal V13). All sensors and actuators for PSS will be connected locally to the Siemens ET200SP distributed I/O stations with fail-safe I/O modules. A general safety function block will be implemented for each type of the important safety element.

23 Accelerator PSS – PLC Architecture
ET200SP station ET200SP station ET200SP station ET200SP station ET200SP station Front End racks HMI HMI Switch ET200SP station ET200SP station IO racks Switch Switch HMI F-PLC ET200SP station Ethernet/Profinet Fiber optics PLC rack

24 Example: Door Position Monitoring
Profinet FO Ethernet/FO Switches F-PLC RFID position switch Mechanical position switch ET200SP station ET200SP station

25 Door Position Monitoring - Reaction
ET200SP station Contactors 1 Safety relay High voltage platform PS Power down Contactors 2 Power down Plasma chamber coils PS Feedback C2 Contactors 3 Power down RFQ 50ms delay ET200SP station Safety relay

26 Door Position Monitoring: SIL Evaluation
F-DI F-CPU F-DO Contactors 1 Mechanical safety switch Contactors 2 F-DI F-CPU F-DO Magnetic safety switch Contactors 3 Each PSS will be a two train system. This will offer:- Diversity Separation Single failure Common Cause failure Diversity in Sensor level Separation in Evaluation Unit / Logic Solver and Final Element Common Cause failure effect is relatively small in LS unit Diversity Separation Separation CCF CCF CCF Detection Evaluation Reaction Single failure

27 SIF Door Position Monitoring
Switch 1 Switch 2 CCF PLC 1 PLC 2 Contactors 1 Contactors 2 Contactors 3 SIF: Upon detecting abnormal entry/exit via 2 safety position switches on the door (1oo2), the safety PLC (1oo2) sends the signal to switch off proton source and RFQ power supplies (PS): High voltage platform PS (Contactors 1) Plasma chamber coils PS (Contactors 2) RFQ (Contactors 3). Stopping one of these 3 pair of contactors would stop the beam!

28 PSS Planning For 2016 Documentation Complete Accelerator PSS analysis
Complete Accelerator PSS design Purchase all Accelerator PSS equipment Complete Target PSS analysis Complete Target PSS design Start hazard identification on 3 initial neutron instruments: LoKI, ODIN, NMX 2016 = Year Of Documents!

29 Thank you!

Download ppt "Personnel Safety Systems at ESS"

Similar presentations

SESAME Radiation Safety and PSS Phase I : Microtron + Booster Morteza Mansouri on behalf of Safety group TAC 2013 1SESAME TAC 2013 : Morteza Mansouri.

SESAME Radiation Safety and PSS Phase I : Microtron + Booster Morteza Mansouri on behalf of Safety group TAC SESAME TAC 2013 : Morteza Mansouri.
1 BROOKHAVEN SCIENCE ASSOCIATES NSLS-II Shielding Workshop S. Buda Personnel Protective Systems March 27, 2007.

1 BROOKHAVEN SCIENCE ASSOCIATES NSLS-II Shielding Workshop S. Buda Personnel Protective Systems March 27, 2007.
Crane Operations Objective

Crane Operations Objective
1 Personnel Protection System (PPS) – Definition Interlock system, to protect personnel from Ionising Radiation (and other hazards) –(Note: does not include.

1 Personnel Protection System (PPS) – Definition Interlock system, to protect personnel from Ionising Radiation (and other hazards) –(Note: does not include.
MODULE “PROJECT MANAGEMENT AND CONTROL” EMERGENCY PLANNING SAFE DECOMMISSIONING OF NUCLEAR POWER PLANTS Project BG/04/B/F/PP-166005, Programme “Leonardo.

MODULE “PROJECT MANAGEMENT AND CONTROL” EMERGENCY PLANNING SAFE DECOMMISSIONING OF NUCLEAR POWER PLANTS Project BG/04/B/F/PP , Programme “Leonardo.
T. Bajd, M. Mihelj, J. Lenarčič, A. Stanovnik, M. Munih, Robotics, Springer, 2010 SAFETY IN INDUSTRIAL ROBOTICS R. Kamnik, T. Bajd and M. Mihelj.

T. Bajd, M. Mihelj, J. Lenarčič, A. Stanovnik, M. Munih, Robotics, Springer, 2010 SAFETY IN INDUSTRIAL ROBOTICS R. Kamnik, T. Bajd and M. Mihelj.
Protection Against Occupational Exposure

Protection Against Occupational Exposure
SESAME PSS Phase I : Microtron + Booster Morteza Mansouri SESAME PSS engineer on behalf of Safety group TAC 2012 1 Morteza Mansouri, SESAME TAC 2012, Nov.10th,2012.

SESAME PSS Phase I : Microtron + Booster Morteza Mansouri SESAME PSS engineer on behalf of Safety group TAC Morteza Mansouri, SESAME TAC 2012, Nov.10th,2012.
Www.franklinengineering.com FRANKLIN engineering group, inc. Start-up Shutdown Malfunction Plan Development and Implementation Duncan F. Kimbro 615-591-0058.

FRANKLIN engineering group, inc. Start-up Shutdown Malfunction Plan Development and Implementation Duncan F. Kimbro
Accelerators for ADS 20-21 March 2014 CERN Approach for a reliable cryogenic system T. Junquera (ACS) *Work supported by the EU, FP7 MAX contract number.

Accelerators for ADS March 2014 CERN Approach for a reliable cryogenic system T. Junquera (ACS) *Work supported by the EU, FP7 MAX contract number.
Beam Interlock System PR-101007-b-CTM, October 7th, 2010 Cesar Torcato de Matos.

Beam Interlock System PR b-CTM, October 7th, 2010 Cesar Torcato de Matos.
1 BROOKHAVEN SCIENCE ASSOCIATES Redundancy Requirements for Critical Devices R. Casey August 8, 2007.

1 BROOKHAVEN SCIENCE ASSOCIATES Redundancy Requirements for Critical Devices R. Casey August 8, 2007.
Product & Technology Quality. Excellence. Support SIL Explanation 27.JAN 2006 Automation & Safety.

Product & Technology Quality. Excellence. Support SIL Explanation 27.JAN 2006 Automation & Safety.
Thursday August 20, 2009 John Anderson Page 1 Accelerator Interlock System Issues Flow Down of Requirements from the Safety Order to Engineered Safety.

Thursday August 20, 2009 John Anderson Page 1 Accelerator Interlock System Issues Flow Down of Requirements from the Safety Order to Engineered Safety.
Personnel Safety Systems Stuart Birch Senior Engineer, Personnel Safety Systems www.europeanspallationsource.se November 6 th, 2014.

Personnel Safety Systems Stuart Birch Senior Engineer, Personnel Safety Systems November 6 th, 2014.
Process Safety Management Soft Skills Programme Nexus Alliance Ltd.

Process Safety Management Soft Skills Programme Nexus Alliance Ltd.
Machine Protection Systems (MPS) Arden Warner, and Jim Steimel Project X Machine Advisory Committee March 18-19, 2013.

Machine Protection Systems (MPS) Arden Warner, and Jim Steimel Project X Machine Advisory Committee March 18-19, 2013.
MI Shielding Machine Protection Credit D. Capista March 7,2010.

MI Shielding Machine Protection Credit D. Capista March 7,2010.
1 Interfaces, Engineering and Standards. 2 Interfaces LoKI Interface document description for deliverables Elements: PBS number, Deliverable description,

1 Interfaces, Engineering and Standards. 2 Interfaces LoKI Interface document description for deliverables Elements: PBS number, Deliverable description,
M. Munoz April 2, 2014 Beam Commissioning at ESS.

M. Munoz April 2, 2014 Beam Commissioning at ESS.

Similar presentations

Ads by Google