120 likes | 137 Views
WP3 - Use of pre-developed products Key issues. N. Thuy EDF R&D. Objectives. I&C systems based on off-the-shelf products suitability for functions important to safety cost-effectiveness Application of safety framework (WP1) Software aspects. General approach.
E N D
WP3 - Use of pre-developed productsKey issues N. ThuyEDF R&D
Objectives • I&C systems based on off-the-shelf products • suitability for functions important to safety • cost-effectiveness • Application of safety framework (WP1) • Software aspects WP3_edf036_v01_FISA_November 2003
General approach • System properties essential to safety • what needs to be claimed and justified • application specific / generic properties • Product assessment • objective: state, justify generic claims • product claims reusable for justification of system claims • not a general safety label • functional, dependability assessments • ahead of projects, for a range of applications • System qualification • products used according to conditions of assessments • focus on application issues WP3_edf036_v01_FISA_November 2003
Main generic system propertiesessential to safety • Characterisation • of system and main sub-systems / components • identification, description / specification, integrity • Adequacy • of specification to real safety needs • Correctness • with respect to specification • Robustness • against postulated internal / external events • Maintenance of preceding properties over lifetime WP3_edf036_v01_FISA_November 2003
Generic product propertiesessential to safety • Refinement of main generic system properties • E.g., robustness • identification, characterisation of causes of non-nominal situations • intrinsic, passive robustness • detection of non-nominal situations • signaling of non-nominal situations • containment • graceful degradation to specified behavior • correct restoration of nominal service • « Projection » of system properties on products • may depend on nature of product, role assigned by system design • two main types of product properties: • functional properties • dependability properties WP3_edf036_v01_FISA_November 2003
Product taxonomies • Wide variety, one size does not fit all • Taxonomy for functional assessments • I&C platforms • communication equipment • « smart » devices • Taxonomy for dependability assessments • safety class • functional complexity • availability of technical information • amount of credible, applicable operational experience WP3_edf036_v01_FISA_November 2003
Product dependent Functional assessmentOverall process Product independent 1. Functional Modeling Main typical functions, interactorsfor each functional type Investigation groups, guidelines 2. Product CharacterisationAccording to investigation groupsand guidelines Project independent Project dependent 3. Functional UserRequirements Specification(cf. WP2) 4. Matching FURS andproduct characteristics WP3_edf036_v01_FISA_November 2003
Maintenance& servicing Operators Installation Engineering Investigation ProcessInstrumentation Other systems& equipment I&C system Functional Modeling Example I&C platforms: function and interactors System configurationSystem monitoring Application dev. &Maintenance HMI, Alarms System testing Archiving Event management, Management of RT data,Management of plant, system, procedures data Management ofErrors & Failures I/O data processing, Automation & Control Interfaces Interfaces Self-surveillance WP3_edf036_v01_FISA_November 2003
Functional Modeling ExampleI&C platforms: Investigation groups • Performances • In nominal modes • In down-graded modes • In avalanche conditions • In other influencing conditions • System servicing • Data archiving • Self supervision • Error & failure management • System configuration • System testing • Application development & maintenance • Software tools • Process description, system, procedures • Algorithms • Functional validation • Internal communications • Influencing conditions • Architectures and configurations • Modes of behaviour • Avalanche conditions • Other influencing conditions • Functions supporting plant operation • HM dialogue • Alarm management • Automation & control • Management of events, time stamping • Management of real-time supervision data • Description of process, system, procedures • Technical interfaces • Interfaces with process instrumentation • Interfaces with other systems • Data processing WP3_edf036_v01_FISA_November 2003
Dependability assessmentMain strategies White box without Experience White box with Experience Grey box without Experience Grey box with Experience Black box with Experience Black box without Experience A - Complex AW A - Medium A - Simple AW / AB AB B - Complex BG B - Medium BG / BB BB B - Simple BB • AW: white-box assessment for class A • AB: black-box assessment for class A • BG: grey-box assessment for class B • BB: black-box assessment for class B WP3_edf036_v01_FISA_November 2003
Rigor of justification • Justification may be based on • « rigorous proof » • sampling • operational experience • inspection • engineering processes • Properties of arguments • example: « rigorous proof » • applicability of proof principle • faithfulness of representation on which proof is performed • correct consideration of all relevant influencing factors • correctness of proof itself WP3_edf036_v01_FISA_November 2003
Safety, Cost- effectiveness • Off-the-shelf products usually more cost effective than bespoke solutions • Reduction of uncertainties • early identification of critical issues • solution for « new » issues • last minute questions costly in effort and delay • more open competition • Sharing of costs (and insights) among projects • I&C systems: main focus on applications WP3_edf036_v01_FISA_November 2003