Applying Layer of Protection Analysis (LOPA) to Accelerator Safety Systems Design. Feng Tao

Similar documents
Change History Log. Rev Revision Sections Affected Description of Change /22/08 All Initial Version

Options for Developing a Compliant PLC-based BMS

Measurement of Safety Integrity of E/E/PES according to IEC61508

Radiation Safety Systems

Doc. No. SP R0. CXI Reference Laser. Prepared by: Jean-Charles Castagna Signature Date Design Engineer

Radiation Safety Systems

SIL DETERMINATION AND PROBLEMS WITH THE APPLICATION OF LOPA

ANALYSIS OF HUMAN FACTORS FOR PROCESS SAFETY: APPLICATION OF LOPA-HF TO A FIRED FURNACE. Paul Baybutt Primatech Inc. and

LOPA. DR. AA Process Control and Safety Group

2015 Functional Safety Training & Workshops

IEC61511 Standard Overview

InstrumentationTools.com

Fire and Gas Detection and Mitigation Systems

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

The agri-motive safety performance integrity level Or how do you call it?

FUNCTIONAL SAFETY OF ELECTRICAL INSTALLATIONS IN INDUSTRIAL PLANTS BY OTTO WALCH

The SIL Concept in the process industry International standards IEC 61508/ 61511

Assessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry

El63 Laser Acceleration at the NLCTA

LCLS Front End Enclosure PPS Engineering Specification

Karl Watson, ABB Consulting Houston LOPA. A Storage Tank Case Study. ABB Inc. September 20, 2011 Slide 1

Functional Safety: What It Is, Why It s Important And How to Comply

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

SAFETY SERVICE RISK EVALUATION

innova-ve entrepreneurial global 1

PRIMATECH WHITE PAPER CHANGES IN THE SECOND EDITION OF IEC 61511: A PROCESS SAFETY PERSPECTIVE

LCLS DIRECTORATE Experimental Facilities Division

Goals Understand Responsibilities, Awareness, Communication. Beamline phases Design, Implementation, Commissioning, Operation

Tank protection example using Simatic

Safety Instrumented Systems Overview and Awareness. Workbook and Study Guide

Beyond Compliance Auditing: Drill til you find the pain points and release the pressure!

Fire protection of emergency electrical devices: effect on the level of risk a case study of a rail tunnel

Practical Methods for Process Safety Management

SAFETY MANUAL. PointWatch Eclipse Infrared Hydrocarbon Gas Detector Safety Certified Model PIRECL

Functional Safety of Machinery Presented by Greg Richards Manufacturing in America 02/22-23/2017

Is your current safety system compliant to today's safety standard?

Minimizing radiation and beam losses at the ESRF

LCLS Instruments. Jerry Hastings June 20, 2008 LCLS

Engineered and Administrative Safety Systems for the Control of Prompt Radiation Hazards at Accelerator Facilities

This document is a preview generated by EVS

HIPPS High Integrity Pressure Protection System

HIPPS High Integrity Pressure Protection System

INTERNATIONAL STANDARD

Process Safety - Market Requirements. V.P.Raman Mott MacDonald Pvt. Ltd.

SAFETY MANUAL. Electrochemical Gas Detector GT3000 Series Includes Transmitter (GTX) with H 2 S or O 2 Sensor Module (GTS)

ARCON/RAMSES: Current Status and Operational Risk

Hazardous goods management Latest trends in petroleum industry. C. Sasi Assistant Vice President Total LPG India Limited

SAFETY INTEGRITY LEVEL MANUAL. IEC and IEC XP95 and Discovery SIL Approved Product Range

Failure Modes, Effects and Diagnostic Analysis

SAFETY MANUAL. Multispectrum IR Flame Detector X3301

Integrated but separate

Injection with front ends open at the ESRF

High Integrity Pressure Protection System

Managing the Lifecycle of Independent Protection Layers


Safety in the process industry

North Dakota State University Laser Safety

Strathayr, Rhu-Na-Haven Road, Aboyne, AB34 5JB, Aberdeenshire, U.K. Tel: +44 (0)

SAFETY CERTIFIED MODEL FP-700 COMBUSTIBLE GAS DETECTOR

SAFETY MANUAL. X2200 UV, X9800 IR, X5200 UVIR SIL 2 Certified Flame Detectors

Functional Safety Application of IEC & IEC to asset protection

Guidelines. Safety Integrity Level - SIL - Valves and valve actuators. February Valves

ULT NE WORKSHOP ON THE PREVENTION OF WATER POLLUTION DUE TO PIPELINE ACCIDENTS

Benchmarking Industry Practices for the Use of Alarms as Safeguards and Layers of Protection

Particle Accelerators - Their Hazards and the Perception of Safety

STANFORD LINEAR ACCELERATOR CENTER

USER APPROVAL OF SAFETY INSTRUMENTED SYSTEM DEVICES

Safety Instrumented Systems

Technical Report Proven In Use SITRANS P500

RAMSES: THE LHC RADIATION MONITORING SYSTEM FOR THE ENVIRONMENT AND SAFETY

Session Number: 3 Making the Most of Alarms as a Layer of Protection

White Paper. Integrated Safety for a Single BMS Evaluation Based on Siemens Simatic PCS7 System

Radiation Safety issues for the PF-AR in KEK

NLCTA OPERATIONS SAFETY AUDIT REPORT 2001

Where Process Safety meets Machine Safety

Case Example SIL Classification

Using HAZOP/LOPA to Create an Effective Mechanical Integrity Program

Key Topics. Steven T. Maher, PE CSP. Using HAZOP/LOPA to Create an Effective Mechanical Integrity Program. David J. Childs

Laser Automation &Safety. ME 677: Laser Material Processing Instructor: Ramesh Singh 1

Effective Alarm Management for Dynamic and Vessel Control Systems

FUNCTIONAL SAFETY CERTIFICATE

Safety by Design. Phone: Fax: Box 2398, RR2, Collingwood, ON L9Y 3Z1

Certification Report of the ST 3000 Pressure Transmitter with HART 6

New Developments in the IEC61511 Edition 2

SAFETY RELAY APPLICATION

Licensing of FPGA-based Safety Platform RadICS: Case Study

100 & 120 Series Pressure and Temperature Switches Safety Manual

Lata Mishra Bhabha Atomic Research Centre, INDIA

G4 Pulsed Fiber Laser

HYDROGEN DETECTION INSTRUMENTATION FOR THE SIAC HYDROGEN RECOMBINERS. Summary

ADIPEC 2013 Technical Conference Manuscript

Table of Contents. Check the LCLS Project website to verify 2 of 12 that this is the correct version prior to use.

Certification Report of the ST3000 Pressure Transmitter

Accelerator Operations Safety Audit of NLCTA / ESB Carsten Hast (CEF)

Rutgers Environmental Health and Safety (REHS)

FUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK

Safety Speed Monitoring

General PSS principles an introductory guide

Risk-Informed Industrial Fire Protection Engineering

Transcription:

Applying Layer of Protection Analysis (LOPA) to Accelerator Safety Systems Design Feng Tao

Outline LOPA Methodology LCLS-II Oxygen Deficiency Monitoring (ODM) LCLS Personnel Protection System (PPS) LCLS Beam Containment System (BCS) Conclusion 2

LOPA: Basics A semi-quantitative risk assessment method used by process industry for SIL assignment Start after risks are identified in the consequence-cause pair Carefully evaluate the initiating events, enabling conditions and condition modifiers, 3

LOPA: Simple Math Identify existing protection layers, evaluate if they are Independent Protection Layers (IPL) Core Attributes: independence, functionality, integrity, reliability, auditability, access security, management of change Prevention IPL: lower the frequency of the event Mitigation IPL: lessen the severity of the consequence 4

Why LOPA Accelerator safety systems are more complex compared to machinery safeguarding In addition to safety systems, other risk reduction measures are deployed: alarms, periodic checkout, multiple layers of control and protection Radiation Physicists use a descriptive approach to mandate requirements for Radiation Safety Systems (PPS and BCS) Radiation Safety Systems are required to be: redundant, self-checking, fail-safe, etc. If classified as SIL rated, additional work to comply with standardcompliance development procedure FMEDA, structural constraints, SFF, QA 5

Evolution of LOPA From concept to widely adopted Guidelines for Safe Automation of Chemical Processes IEC 61511-3 Guidelines for Initiating Events and Independent Protection Layers in Layer of Protection Analysis 2001 2014 1990 1993 2004 2015 Layer of Protection Analysis: Simplified Process Risk Assessment Guidelines for Enabling Conditions and Conditional Modifiers in Layers of Protection Analysis 6

The picture can't be displayed. LCLS-II Oxygen Deficiency Monitoring LCLS-II will introduce significant cryogenic hazards An Oxygen Deficiency Monitoring (ODM) system will be added to the credited safety system list Risk Criteria: fatality rate per area Using results from FMEA to get the list of event, frequency and consequence SLAC s tolerable risk threshold: fatality rate 1x 10-7 /hour 7

LCLS-II ODM Risk Unmitigated risk is high -Improve the system -Add instrumented functions to reduce the risk 8

ODM Alarm & Control Instrumented Alarms Instrumented control function (SIL 1 rated) Turn on 9000 ft 3 /min active ventilation, tunnel air exchange before setting access Turn on emergency ventilation ODM will mitigate part of the risks by about a factor of 10 9

Experimental Area (photon) PPS Hutch Protection System (HPS) HPS controller system Risk is relatively low compared to electron beamline 10 Risk Parameter Classification Consequence (C) C1 Light injury to persons C2 Serious permanent injury to one or more persons; death of one person C3 Death of several persons C4 Catastrophic effect, very many people killed Frequency of presence in the hazardous zone multiplied with the exposure time (F) Possibility of avoiding the consequences of the hazardous event (P) Probability of the unwanted occurrence (W) F1 F2 P1 P2 W1 W2 W3 Rare to more frequent exposure in the hazardous zone Frequent to permanent exposure in the hazardous zone Possible under certain conditions Almost impossible A very slight probability that the unwanted occurrences occur and only a few unwanted occurrences are likely A slight probability that the unwanted occurrences occur and few unwanted occurrences are likely A relatively high probability that the unwanted occurrences occur and frequent unwanted occurrences are likely

HPS LOPA List all potential scenarios as well as protection layers for each case Case 1, 2, 4: Already have 2 IPLs Case 3: One SIL2 function; or take additional efforts to credit another IPL 11

Application to SLAC RSS Design Requirements Documentation SLAC Requirements for standard PPS and BCS designs are covered in the Radiation Safety Systems Technical Basis Document, ESH Division SLAC-I-720-0A05Z-002. Operations Requirements Documentation SLAC Requirements for the operation, maintenance, and periodic testing of the Radiation Safety Systems are described in the SLAC Guidelines for Operations, Accelerator Systems Division SLAC-I-010-00100-000. 12

Electron PPS Safe access with beam parked Operators park the beam on the Beam Switch Yard (BSY) stopper set, to allow personnel downstream access Protection layers 3-stopper set (5kW x1, 500W x2) BCS beam power interlock Beam energy interlock (bend magnet current) Average Current Monitor 6 Protection Ion Chambers (PICs) installed, interlocked to BCS 1 Burn Through Monitor (2 pressure switches) interlock to PPS 13

Beam Transport Hall (BTH) Beam Loss The BTH is above the ground and the shielding is insufficient Protection Layers: Protection Collimators PICs installed on Protection Collimators PPS interlocked to BTMs at the back of collimators BCS interlocked to Long Ion Chambers (LION) PPS interlocked to Beam Shutoff Ion Chambers (BSIOC) There are 4 PLs for the hazards, but they are not all independent: PIC and LION sensors are connected to the same signal processing chassis Need to find more IPLs Or the PIC/LION chassis should be SIL2 capable 14

Summary LOPA methodology explained Used three SLAC safety systems to illustrate methodology One IPL is equivalent to one SIL 1 function, but may simplify the hardware development efforts The LOPA worksheet is a good reference for decision making. 15

Another Perspective 16

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback