Safety-related Control Systems Research Articles

Novel Approach for Network Data Exchange Among Safety-Related Control Systems of Nuclear Reactors

Industrially mature digital networking technologies form the backbone of the distributed control architectures of nuclear reactors. Typically, hundreds of control systems responsible for assuring safer and secure plant operations are located in the field and interconnected via wired isolated local area networks, which are also connected to centralized servers and operating consoles located in the main control room. Many of such control systems require data processed by other systems situated far away in the plant, which mandates multiple concurrent reliable TCP sessions to be active or live for such field-level control systems. Multi-socket communication beyond 10 is practically difficult for embedded systems with limited memory and processing capabilities; hence, data accumulation, extraction, and routing are typically done with the help of commercially available high-performance servers and switches. The servers and operating consoles of a plant are generally Linux-based commercial-off-the-shelf (COTS) industrial computers, whose development lifecycle is not accessible for review and in accordance with safety guides; hence, qualifying such components for safety operations is extremely difficult. This paper presents a novel way of independently offloading safety-related data transactions from such COTS components (reducing dependency) with the help of very simple, reliable, and secure hardware, which is referred to as a data exchange and processing unit (DEPU). An approach is proposed to realize distributed control architecture with this proposed hardware (to simplify qualification tasks) along with existing servers and operating consoles without compromising powerful and convenient human-machine interface as well as the data logging capabilities of such components. Hardware and software design perspectives, performance characterization, and qualification testing of the DEPU in accordance with nuclear power plant instrumentation and control system design guidelines are also briefed in this paper.

Common errors in machine safety-related control systems and methods of their elimination

The article focuses on the description of non-conformities occurring in safety-related control systems of machines collected by the author during safety audits of machines and production lines. The aim of the article is to familiarise machine designers with safety requirements and ways of eliminating common mistakes made during design, while at the same time indicating to investors buying machines which requirements to take into account when placing an order.

Simulation of Virtual Redundant Sensor Models for Safety-Related Applications.

Applications of safety-related control systems demand reliable and credible inputs from physical sensors, therefore there is a need to extend their capabilities to provide a validated input with high availability. Our main idea is to insert virtual sensors between physical sensors and the control system’s logic. The created solution can validate the values of real sensors and with the use of multiple virtual sensors we can achieve high availability in addition, therefore our solution is entitled as a virtual redundant sensor. It works by the digital twin’s concept and uses fusion function to calculate validated results. The fusion function is used to transform the measured values from the physical sensors according to designed numerical models. The selection of a numerical model with assigned fusion functions can be performed via the WEB-based graphical user interface. Proposal of the numerical model is created and validated on the experimental workplace with emulation of physical sensors and MQTT integration (smart IoT sensors). The results of testing have shown that our solution can be applied to validate the values of physical sensors. Proposed fusion functions calculated results according to the selected model in all cases, while non-standard cases were handled according to our definition. In addition, the high availability concept with a group of two virtual sensors has proven fast recovery and availability of results for safety-related applications as well.

Practices and needs of machinery designers and manufacturers in safety of machinery: An exploratory study in the province of Quebec, Canada

This paper presents an exploratory study on the integration of safety during the design and manufacturing phases of machinery in the province of Quebec, Canada. The objective was to better understand the practices and needs of machinery manufacturers for safeguarding their products. Data was collected during interviews and observations with 17 machinery manufacturers. Given the purpose of this study, these companies specialize in the design and manufacturing of machinery used for production in other manufacturing companies. The machines designed and built by these manufacturers are intended for several sectors and are sold in Canada and in various parts of the word. These machines are mainly built and assembled in the workshops. The manufacturers who were interviewed rely on design teams generally made up of mechanical, electrical and mechatronic engineers; technicians in these same fields; designers; machinists and electricians to design their machinery. These teams use on average between five and six normative and regulatory documents depending on their clients’ requirements. Most respondents are aware of the need to properly identify the risks related to the use of their machinery and to avoid improvising approaches that may prevent a comprehensive analysis. Their risk-analysis approaches are generally documented, depending on the scope of the project. All the manufacturers interviewed install guards and protective devices on their machines. They favour guards made up of rigid frames and polycarbonate panels and are less likely to use light curtains and laser scanners, because these devices are more expensive. Bypassing these safeguards remains a concern for most manufacturers. The causes cited for bypassing safeguards are summarized as problems related to the performance and adaptability of human-machinery interfaces; the lack of integrated safety measures; safeguards that make machine set-up phase complex, reconfiguration or maintenance operations; and the acceptance of safeguards by machine users. Costs, productivity and operating time are some of the constraints that require very particular attention from design teams. For operational reasons and in order to respect their specific procedures, sometimes clients ask manufacturers for safeguarding solutions that are appropriate for them or, refuse the safeguarding solutions that are proposed. In addition to safeguards bypass and constraints imposed by the client, this study identifies other problems and needs, namely: 1) inherently safe design measures; 2) managing risks during the building phases of the machinery’s life cycle besides production and maintenance; 3) ensuring the applicable standards are used and updated; 4) designing and validating safety-related control systems and; 5) making clients more conscious of the importance of safety of machinery.

Safety of Machinery: Significant Differences in Two Widely Used International Standards for the Design of Safety-Related Control Systems

Industrial machines are known to possess many hazards. There are many laws, regulations, standards and practices that aim at ensuring that machines are safe for different workers performing various tasks including operation and maintenance. Safeguards protect workers by stopping hazardous motion when actuated. Those safeguards are integrated into machinery using two widely used international standards for functional safety. However, these standards have some significant differences although they are both based on similar principles. This paper explores those differences and their potential impacts. Subjectivity in the specification and design of safety systems, based on the differences, can lead to different levels of reliability in the safety systems even when considering the same hazard zone of machinery based on which standard is used.

Analysis, specification and verification requirements for control systems cloud training platforms

Digital control systems are now an essential and critical part of Cloud Training Platforms. Numerous methods, tools and standards have been developed to ensure that such systems will comply with their requirements. However, the development of such requirements often does not receive the same level of attention. Indeed, in the case of highly reliable, mission-critical or safety-related control systems, operating experience shows that problems due to inadequate requirements tend to outnumber those due to incorrect design and implementation. This paper proposes an approach to the analysis, specification and verification of Sliding Mode control systems requirements for Bus Cloud Triple H-Avatar.

Analysis, specification and verification requirements for control systems cloud training platforms

Digital control systems are now an essential and critical part of Cloud Training Platforms. Numerous methods, tools and standards have been developed to ensure that such systems will comply with their requirements. However, the development of such requirements often does not receive the same level of attention. Indeed, in the case of highly reliable, mission-critical or safety-related control systems, operating experience shows that problems due to inadequate requirements tend to outnumber those due to incorrect design and implementation. This paper proposes an approach to the analysis, specification and verification of Sliding Mode control systems requirements for Bus Cloud Triple H-Avatar.

Safety Evalution of Cryptography Modules within Safety Related Control Systems for Railway Applications

The paper deals with the problem of safety evaluation of cryptographic modules used within safety-related control system for applications with increasing safety integrity level. The requirements to cryptographic techniques in safety-related communication for railway application are describe. The mainly part is oriented to description of mathematical apparatus for an error probability of cryptography code with a safety code, used in an additional safety communication layer. The practical results are related with the quantitative evaluation of an average error probability of code word for Euroradio protocol recommended for communication in European Train Control System.

Safety Evaluation of Fail-Safe Fieldbus in Safety Related Control System

Safety Evaluation of Fail-Safe Fieldbus in Safety Related Control System The paper deals with the problem of modelling safety features of the safety Fieldbus transmission system used within safety related control systems. The basic principles of the modelling failures effect upon the safety of closed transmission system and standards used in the process of safety evaluation are summarized in the paper. The practical part is oriented to a description of a realized Markov model for determination of the random failures effect on the safety of a closed transmission system. The model reflects the safety analysis of failures effect caused by electromagnetic interference in the communication channel and random HW failures of the transmission system. In the paper the results of simulation of parameters of the transmission system are discussed, such as the probability of an undetected corrupted message.

Study on Validation Method of Operative Reliability of Safety-Related Control Systems

Study on Validation Method of Operative Reliability of Safety-Related Control Systems

Introducing X-machine models to verify PLC ladder diagrams

Ladder diagram is a ubiquitous PLC programming language often used in safety-related control and protection systems. The design and analysis of ladder diagram programs by engineers is often ad hoc using a variety of techniques that may be applied with varying levels of rigour. This paper introduces X-machines, a state-based formalism, to consistently model and verify PLC ladder diagrams. X-machines model control and data flow unambiguously, and have associated with them a test set generation method that is amenable to automation. This work shows by an example, namely an oil tank warning system, how ladder diagram programs, can be successfully modelled using variants of the X-machine model.

Design, Organisation, Planning According to Functional Safety Methodology

This paper deals with the problems of the planning and the design of safety related control systems. Such systems are used not only for protection purposes, but first of all for control purposes, as the many operation functions, e.g. start, stop, emergency stop, restart are considered as safety related functions. The safety life cycle of the system is presented and its design phase is discussed in details. The measure of functional safety - integrity level - is defined and the corresponding requirements are referenced. On this basis, the organising actions, required by the functional safety methodology, are presented.

Functional safety in the field of industrial automation. The influence of IEC 61508 on the improvement of safety-related control systems

The safety of machinery depends on the correct functioning of its safety-related control equipment. The development of this equipment started with electromechanical devices performing simple interlocking and enabling functions. Meanwhile, it is possible to use programmable electronics such as safety PLCs to implement sophisticated safety functions. The approach to achieve the necessary safety integrity is described in the new IEC 61508 standard.

Safety-related control and protection systems: standards update

This article provides an overview of the current working version of the proposed international standard on the functional safety of safety-related systems being developed by the International Electrotechnical Commission (IEC). The article also provides information on a number of other topics of current interest on safety-related systems. The Appendix gives an overview of risk and safety integrity concepts.

Risk and system integrity concepts for safety-related control systems

This paper provides an overview of the concepts of ‘risk’ and ‘safety integrity’ in relation to safety-related electrical/electronic/programmable electronic systems. The paper is an abridged version of Annex A of the emerging International Electrotechnical Commission (IEC) Standard: ‘Functional safety of electrical/electronic/programmable electronic systems’. Although based on Annex A, the authors have deviated in a few instances from its strict wording in order to more properly represent their own views. Where this occurs, a note in the text has been added to alert the reader to the deviation. The concepts of risk, including tolerable risk, safety integrity, safety-related systems, system and software integrity levels, are discussed.

Risk and system integrity concepts for safety-related control systems

This paper provides an overview of the concepts of “risk” and “safety-integrity” in relation to safety-related electrical/electronic/programmable electronic systems. The paper is an abridged version of Annex A of the emerging International Electrotechnical Commission (IEC) Standard; “Functional safety of electrical/electronic/programmable electronic systems”. Although based on Annex A, the authors have deviated in a few instances, from the strict wording of Annex A in order to more properly represent their own views. Where this occurs, a note in the text has been added to alert the reader of the deviation. The concepts of risk (including tolerable risk; safety integrity; safety-related system; System and Software Integrity Levels) are discussed.

Applying Programmable Gate Arrays to Provide Diversity in Safety Relevant Systems

Although there are already a number of established methods and guidelines, which have proven their usefulness for the development and verification of high integrity software employed for the control of safety related technical processes, these measures cannot ultimately guarantee the correctness of larger programs with mathematical rigour, yet, and, hence, corresponding safety licences are generally denied. As a remedy for this unsatisfactory situation, a novel approach based on the utilisation of programmable gate arrays is presented. The hard-wired discrete logic built of relays or LSI/MSI-chips, which operates in many safety related control systems in parallel to computers, is replaced by programmable logic constructed from PGAs. Thus, the flexibility of programmable electronic systems is combined with the long established and generally accepted rigorous certify ability of hardwired sequential circuits, since in both cases the same design and verification procedures are employed. A PGA is programmed to perform certain Boolean or sequential functions by loading appropriate bit patterns into internal static memory cells. A method for the verification of their contents is detailed, which is based on diverse backward analysis and which can easily be automated. The utilisation of PGAs is not only advantageous for re-placing hard-wired by programmable logic, but also as a novel means of providing diverse redundancy in programmable electronic systems comprising computers and programmable logic controllers.

Safety, Availability and Cost Questions About Diversity

Required safety and availability properties of a control system that is to be developed can be gained by risk considerations. Complex systems cannot be verified by systematic means; probabilistic methods are to be used instead. The failure probability that is still to be expected after a certain amount of testing is calculated. The effort for testing is expressed in units of development effort. The number of test cases corresponding to this unity is higher for functionally simple systems, than for complex ones. Appropriate curves are drawn for both singular systems and diverse systems. A particular advantage for a diverse system is the possibility to test its subsystems against each other. The mentioned curves provide some help for the decision whether or not safety related control systems should be made diverse.

On the Use of a Computer-Aided Specification Tool to Support the Development and Licensing of Safety-Related Systems

This paper discusses the problems of the development and licensing of safety-related control systems, which are caused by the use of “new”-technologies like microcomputer systems. It describes why the classical principles to proof the safety of hard-wired equipment such as relay-circuits cannot be applied to more complex hardware/software-systems. Additionally to physically induced faults (e.g. hardware failures), the aspects and effects of human faults (e.g. design errors, documentation errors) have to be considered carefully.Guidelines have been written by several organizations, intended to give rules how to develop safety-related systems which are as error free as possible from the very beginning and which can easily be verified by licensing personnel.The paper shows, that many of these guidelines and rules can be included in a computer-aided development support system, thus eliminating the need to control the application of these guidelines and rules by a licensing authority.The properties of computer-aided development support systems (using the EPOS- system as an example) are presented, showing their means for efficacious fault-avoidance and fault-removal during all phases of the system development and how thereby the safety problems of complex systems can be mastered. Especially it is shown that a specification language combined with an analysing program system, is a very powerful tool to detect many classes of specification, design and programming errors in the early phases of the development.

Protection, Electric and Instrumentation System Standards and the International Atomic Energy Agency Nuclear Safety Standards Program

The International Atomic Energy Agency (IAEA) Nuclear Safety Standards Program is described. The program consists of codes of practice, describing safety objectives and broad requirements and safety guides describing means of implementing requirements of the codes. Procedures for developing codes and guides are described. Some of the technical points covered by three of the guides are covered. These guides address protection systems and related features, emergency electric power systems, and other safety-related instruments and control systems. Assistance in helping form U.S. policy on the issues addressed in IAEA codes and guides is requested.