| Paper |
Title |
Page |
| WEP106 |
Configuration Management Plan for Interlock Safety Systems at the Linac Coherent Light Source (LCLS)
|
1 |
| |
- M. E. Saleski, E. Carrone
SLAC, Menlo Park, California
|
|
| |
Safety critical systems require more than good design in order to provide adequate safety assurance: the configuration must be controlled so that system operation is not compromised and coherent maintenance is guaranteed; new designs and design changes must be thoroughly examined and rigorously reviewed to ensure the system operates as intended; routine system testing must be performed to ensure system's resiliency and to reveal covert un-safe failures; documentation, plans, guidelines and procedures must be properly managed to ensure appropriate implementation, testing, and troubleshooting. This paper shows how a Quality Assurance (QA) Program which incorporates elements of IEC61508, ANSI/ISA 84.01, and ISO9001 standards has been implemented in the SLAC National Accelerator Laboratory to design and operate Safety Interlock Systems for the LCLS facility. The aim is to create a tailored QA program that satisfies the above mentioned requisites, as well as the Department of Energy's 'Integrated Safety Management System' requirements.
|
|
| WEP107 |
Linac Coherent Light Source Personnel Protection System Architecture
|
1 |
| |
- P. A. Bong, E. Carrone
SLAC, Menlo Park, California
|
|
| |
Programmable systems are becoming the de facto standard for Safety Interlock Systems, allowing for increasing complexity of personnel protection. The SLAC National Accelerator Laboratory has implemented a programmable safety interlock system utilizing a graded approach to protect personnel from exposure to prompt radiation. The Personnel Protection System architecture is based on two tiers of programmable systems performing access control and safety interlocks. The strategy consists in isolating the safety functions from the access control and system monitoring performed through EPICS. The isolation allows the safety functions to be guaranteed even in the absence of a fully working control system. The safety functions are performed by redundant Programmable Logic Controllers certified for safety applications. Each PLCs was programmed by an independent engineer to provide some level of diversity and defense from coding errors. Functional testing was performed through a test bench and, after deployment, through a field checkout procedure designed to certify the system for operation. New processes were developed to manage the life cycle and the integration with existing installations.
|
|
|
Poster
|
|