100 likes | 128 Views
Safety Systems Configuration Management. E. Michael Saleski Control Dept Safety Systems Section QC Manager June 8, 2009. Configuration Control Elements. Prevention of Unintended Change Physical Security of System Labeling Training Control of Intended Change
E N D
Safety SystemsConfiguration Management E. Michael Saleski Control Dept Safety Systems Section QC Manager June 8, 2009
Configuration Control Elements • Prevention of Unintended Change • Physical Security of System • Labeling • Training • Control of Intended Change • Work Planning (adequate review of design) • Work Authorization (RSWCF) • Verification of Work (RSWCF) • Periodic Confirmation of System Integrity • Routine testing and inspections
SLAC Configuration Control Policies • Guidelines for Operations • Guideline 14 “Configuration Control of Radiation Safety Systems” • Safety-significant systems are protected from inadvertent tampering by unauthorized persons • This is achieved by a combination of physical security, system architecture, labeling/education, and frequent inspection • Maintenance by authorized persons is subject to authorization via Radiation Safety Work Control Form • Guideline 24 “Safety Review of Major Modifications” • Work is also subject to the prescribed Safety Lifecycle process whenever the system is ‘changed’ • Guidelines 27 “Testing of PPS Systems” • Radiation Safety Systems Technical Basis Document
Safety System Lifecycle • Describes the development, review, configuration management and testing process for the PPS from inception, to design, construction, commissioning, and through to operations and system modifications.
Established SSS Design Review Process • Strengths: • Emphasis on review and development process and documentation • Collects development and review docs for auditability • Areas for Improvement: • Increase emphasis that PDR = established system req’s • Provide mechanism for post-PDR change requests
Software Configuration Control Issues • Program Security: • All communication to the safety-critical PLCs is through TCP/IP to ‘buffer’ Allen-Bradley PLC, then via DeviceNet (serial data communication). • Safety-critical program ‘smart card’ cannot be written to while in the PLC • Communication from the safety-critical PLCs is through DeviceNet to ‘buffer’ Allen-Bradley PLC and output to control system via TCP/IP • Network Access Security: • Hardwire Enable from MCC required • Only specific IP addresses are allowed to issue PPS commands • Physical Access Security: • PLCs and DeviceNet are inside locked racks. • Version Management (next page):
Software Version Management • Software versions are checked during annual certification • Written procedures Exist for extracting PPS code from CVS and uploading it to PLCs • A documented training program tracks personnel PLC qualifications in the Section