Safety Systems Configuration Management

Reviews

Shared by: juelz11

Tags

configuration management, system safety, safety management, change control, nuclear power plants, safety system, line management, software configuration management, software safety, system engineer, implementation plan, department of energy, safety risk management, air traffic, safety management system

Stats

views:: 2
rating:: not rated
reviews:: 0
posted:: 11/6/2009
language:: English
pages:: 0

Public Domain

Safety Systems Configuration Management E. Michael Saleski Control Dept Safety Systems Section QC Manager June 8, 2009 Safety Systems Configuration Control FAC 2009 1 1 Mike Saleski saleski@slac.stanford.edu Configuration Control Elements Prevention of Unintended Change Physical Security of System Labeling Training Control of Intended Change Work Planning (adequate review of design) Work Authorization (RSWCF) Verification of Work (RSWCF) Periodic Confirmation of System Integrity Routine testing and inspections Safety Systems Configuration Control FAC 2009 2 2 Mike Saleski saleski@slac.stanford.edu SLAC Configuration Control Policies Guidelines for Operations Guideline 14 “Configuration Control of Radiation Safety Systems” Safety-significant systems are protected from inadvertent tampering by unauthorized persons This is achieved by a combination of physical security, system architecture, labeling/education, and frequent inspection Maintenance by authorized persons is subject to authorization via Radiation Safety Work Control Form Guideline 24 “Safety Review of Major Modifications” Work is also subject to the prescribed Safety Lifecycle process whenever the system is „changed‟ Guidelines 27 “Testing of PPS Systems” Radiation Safety Systems Technical Basis Document Safety Systems Configuration Control FAC 2009 3 3 Mike Saleski saleski@slac.stanford.edu Safety Systems Section Docs Management of Change Plan CD-SS-MAN-00-01-02 Design Review Plan CD-SS-MAN-00-01-03 Document Management Plan CD-SS-MAN-00-02-02 Engineering Change Order CD-SS-MAN-00-02-07 Software Configuration Management CD-SS-MAN-00-02-01 SLAC Guidelines for Operations SLAC-I-010-00100-000 Safety Systems Configuration Control FAC 2009 4 4 Mike Saleski saleski@slac.stanford.edu Safety System Lifecycle Describes the development, review, configuration management and testing process for the PPS from inception, to design, construction, commissioning, and through to operations and system modifications. Development and Review Cycle Implementation, Operations, and Maintenance Cycle Safety Systems Configuration Control FAC 2009 5 5 Mike Saleski saleski@slac.stanford.edu Implementation, Operations, and Maintenance Initiate RSWCF Implement Change Initial Acceptance Test Success Problems Development and Review Cycle Close RSWCF 12 Months Safety Assurance Test Success Problems 6 Months Interlock Checks Success Problems Routine Testing Per Guideline 27 System in Operation Problems Assessment of Failure Correct the Procedure Is the Failure Reportable? Procedure Error Undesired Functionality Discovered Failed Hardware Assess Failure with RSO Administrative Mitigation Engineering Change Initiate RSWCF; Determine Tests Repair Hardware Re-perform Test Success Problems Need for New Functional Requirements Close RSWCF Safety Systems Configuration Control FAC 2009 6 6 Mike Saleski saleski@slac.stanford.edu Proposed PLC PPS ‘Dev and Rev’ Need for New PPS System Safety Functions Requirements Specification Validation Scope and Methodology Determination Software Functions Determination Hardware Functions Determination Rework Proposal Preliminary Design Review (Project and RSO/RSC) Success Withdraw Software from Version-Control Repository Software Design and Development Safety Validation Planning Bench Testing Specified? Hardware Design and Development Rework Software Software Bench Testing Success Deposit Software in Version-Control Repository Assign New Version Number Validation Procedure Review Success Rework Software Rework Procedure System Technical Design Review (Project and RSO/RSC) Success Rework Hardware Lifecycle Special Functions Key System Review or Assessment System Testing or Validation System in Operation Additional Cycle Implementation, Operations, and Maintenance Cycle Safety Systems Configuration Control FAC 2009 7 7 Mike Saleski saleski@slac.stanford.edu Established SSS Design Review Process Start Memo to Engineering Group Leader initiating change request Notification to ADSO/RSO of job, risk assessment, and review plan Strengths: Emphasis on review and development process and documentation Collects development and review docs for auditability NO Proposal Accepted Yes Drop Request Assign Engineer ECO Initiated RSO/RSC Review Scope Defined Formal Requirements Produced Engineer/Design Work Action Item Management System Implement Action Items Areas for Improvement: Increase emphasis that PDR = established system req‟s Provide mechanism for post-PDR change requests Weekly PeerReview „as needed,‟ including Risk Assessment Action Item Closeout Memo Issued RSWCF (and WAF if applicable) Work is Performed Assessment of work performed during weekly meetings NO Ready for Formal Review? Yes Conduct Formal Review Yes Approve NO Evaluation by Controls Department Management Safety Systems Configuration Control FAC 2009 8 8 Mike Saleski saleski@slac.stanford.edu Software Configuration Control Issues Program Security: All communication to the safety-critical PLCs is through TCP/IP to „buffer‟ Allen-Bradley PLC, then via DeviceNet (serial data communication). Safety-critical program „smart card‟ cannot be written to while in the PLC Communication from the safety-critical PLCs is through DeviceNet to „buffer‟ Allen-Bradley PLC and output to control system via TCP/IP Network Access Security: Hardwire Enable from MCC required Only specific IP addresses are allowed to issue PPS commands Physical Access Security: PLCs and DeviceNet are inside locked racks. Version Management (next page): Safety Systems Configuration Control FAC 2009 9 9 Mike Saleski saleski@slac.stanford.edu Software Version Management Start New Code or Revision? Revision Check Out from CVS Increment Internal Version Tag to „X.Y.Z+1‟ New Edit Software Create New Code. Set Internal Version Tag to „0.0.0‟ Bench Testing/Peer Review Ready for Formal Review? Yes No Increment Internal Version Tag to „X.Y.Z+1‟ at Developer‟s Discretion. Use of CVS at Developer‟s Discretion Increment Internal Version Tag to „X.Y+1.0‟ Place Program in CVS with CVS Version Tag „X.Y+1.0‟ Design Review Pass? No Yes Increment Internal and CVS Version Tags to „X+1.0.0‟ Software versions are checked during annual certification Written procedures Exist for extracting PPS code from CVS and uploading it to PLCs A documented training program tracks personnel PLC qualifications in the Section Update Version References in Testing Procedures End Safety Systems Configuration Control FAC 2009 10 10 Mike Saleski saleski@slac.stanford.edu

Related docs

Safety Management Systems

Views: 42 | Downloads: 0

Safety Management Systems

Views: 21 | Downloads: 0

CONFIGURATION MANAGEMENT IMPLEMENTATION

Views: 2 | Downloads: 0

Configuration Management Plan

Views: 15 | Downloads: 8

What Is Configuration Management

Views: 124 | Downloads: 37

Configuration Management for Digital Upgrades Configuration