Software Failure Mode and Effects Analysis of Concept Phase for Radiation Monitoring System Digital Replacement

Similar documents
Portable Survey Instruments NISP-RP-01

NUCLEAR INDUSTRY STANDARD PROCESS Radiological Protection. Level 3 Information Use

Design Characteristics and Classification Issue of the I&C Systems for the JRTR

Licensing of FPGA-based Safety Platform RadICS: Case Study

PORTABLE ISOTOPE IDENTIFIER Search Tool / Sample Counting System

CHARCOAL CANISTER (Activated Charcoal Adsorption Device) by Proportional Counting

Quality Assurance/ Quality Control. Topic 4 - Audio 46. Key Points

TECHNICAL REPORT IEC TR 62987

HEALTH AND SAFETY MANUAL

Intrusion Detection Measures Against Insider Threats In Al-Tuwaitha Nuclear Site

Maximize safety and productivity. Thermo Scientific Nuclear Power Radiation Detection and Monitoring Solutions

National Atomic Energy Commission ( NATEC ) Radiation Exposure and Laboratories General Directorate

Effective Alarm Management for Dynamic and Vessel Control Systems

Brazil. Current status in NPP I&C and Discussion Topics. 24th Meeting of the IAEA TWG-NPPIC

COMPANY PROFILE. DETECTION & MEASUREMENT OF IONIZING RADIATIONS RADIOLOGICAL MONITORING SYSTEMS HEALTH AND ENVIRONMENTAL SAFETY

NEX-BETA-ABG FACILITY Drinking Water Safety Monitor

Lata Mishra Bhabha Atomic Research Centre, INDIA

DIRECTIVE NO: D-B

Licensing of digital Instrumentation & Control in Radioisotope Production Facility

Instrumentation. Post RDD Event Urban Reoccupancy. James P. Menge PE. The world leader in serving science

HIGHLY SENSITIVE FOR NUCLEAR POWER PLANTS Real-Time Continuous Water Monitor

SENSITIVE ENOUGH TO DETECT RUNOFF FROM SECRET NUCLEAR PLANTS

I&C Upgradation and Modernization at CHASNUPP 1 & 2. Presented By: Waseem Uddin Farooqi PAEC, Pakistan

COURSE 474 CONTINUOUS EMISSION MONITORING Extended Agenda

POSITRON EMISSION TOMOGRAPHY (PET) CENTER MONITORS

DRAFT NFPA 805 TRANSITION PILOT PLANT OBSERVATION GUIDANCE

Continuous and Point Level Measurement. Radiometric Sensors for Liquid and Solid Level Measurement

stationary dose rate measuring systems

The Impact from Fire PSA Hazard Factor for the PWR Plant

Environmental Radiation Monitoring System

RAMSES: THE LHC RADIATION MONITORING SYSTEM FOR THE ENVIRONMENT AND SAFETY

Alpha Attenuation Due to Dust Loading. Amber E. Dailey Francis Marion University Savannah River Site

Fundamentals is subdivided into Sources of Radiation, Biological Effects, Mathematics, Chemistry, Physics, and Units and Terminology.

Safety. Reliability. Experience.

US CMS Trigger. DOE-NSF Review Wesley H. Smith, U. Wisconsin CMS Trigger Project Manager April 9, 2003

PROCESS CONTROL COURSES

Technologies, Solutions, and Applications. Radiation-based Level

FUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK

DELOMATIC 400, DM-400 HYDRO

LAUNDRY MONITORING SYSTEM Model # LIM-64S

Development of Post-Accident Monitoring System for Severe Accidents

Measurement Devices. Topic 5 - Audio 56

Reactor Protection Systems for the Replacement Research Reactor, ANSTO

Radiation Monitoring Systems

AP1000 Advanced Control Room

Application Note. Application Note for BAYEX

RADIATION PROCEDURES MANUAL Procedure Cover Sheet

SENSITIVE ENOUGH TO DETECT RUNOFF CHANGES IN GROUNDWATER TRITIUM PLUMES

safe and your operations compliant

AP1000 European 11. Radioactive Waste Management Design Control Document

Advanced Radiation Measurement Solutions

22 Radiological and Environmental Monitoring Systems Functions, Basic Configuration, and Interfaces

RC4000 Radiation Detection System

Area Monitor/Frisker Count Rate Meter Victoreen

Radiation Safety and Equipment Considerations. Bonnie Meilner Regional Sales Manager LAURUS Systems Inc.

MULTI-POINT DENSITY ARRAY FIXED-POINT INTERFACE PROFILING MEASUREMENT

LHCb Rich Detectors Control and High Voltage Systems

LOW MINIMUM DETECTABLE ACTIVITY (MDA)

Failure Modes, Effects and Diagnostic Analysis

TABLE OF CONTENTS. 1.0 INTRODUCTION Scope References Test Specimen Description Summary 1

SECTION SECURITY TESTING AND COMMISSIONING

Electrical failure during NPP cable fires

IEC Functional Safety Assessment

Maximizing safety and productivity. Nuclear Power Radiation Detection and Monitoring Solutions

PROFILER Family IC PROFILER, IC PROFILER - MR & SRS PROFILER. Your Most Valuable QA and Dosimetry Tools

An improved Algorithm of Generating Network Intrusion Detector Li Ma 1, a, Yan Chen 1, b

R&D for the improvement of O&M in CSP plants. Dr. Marcelino Sánchez. - November,

Dosimeters/Survey meters

MODEL 1925-PR TRITIUM HEAVY WATER LEAK DETECTOR

Applying Layer of Protection Analysis (LOPA) to Accelerator Safety Systems Design. Feng Tao

Plant Performance 2017 User Symposium

Safety in the process industry

Reliability and Safety Assessment in Offshore and Process Industries

AIR or STACK MONITOR NOBLE GAS, GROSS BETA-GAMMA PARTICULATE, & IODINE. Optional Alpha, Tritium, Carbon-14

50(394) IEC. ore content meter ore sorting equipment overvoltage (of a Geiger-Müller county tube)...

NEXT GENERATION DRINKING WATER RADIATION SAFETY MONITOR

Addressing Challenges in HIPPS Design and Implementation

LAB ID and/or LABORATORY NAME: ASSESSOR NAME: ALPHA TRACK. Method Number: ELAP method number SOP Number: Revision Number: SOP Date:

An Approach to First Responder Radiological Preparedness Tom O Connell and Paul Ares

ISO INTERNATIONAL STANDARD

Post Accident Monitoring in PFBR Safety in Nuclear Power Plant

Criteria I&C and Inherent Characteristics

Design and Development of Industrial Pollution Monitoring System using LabVIEW and GSM

Functional Safety: What It Is, Why It s Important And How to Comply

Undercounter Refrigerator Operation Manual i.series and Horizon Series

ISO 3999 INTERNATIONAL STANDARD. Radiation protection Apparatus for industrial gamma radiography Specifications for performance, design and tests

Radioactivity dosimeter RD01. User's Manual

CO-ORDINATION OF NOTIFIED BODIES PPE Regulation 2016/425 RECOMMENDATION FOR USE

NUCLEAR REGULATORY COMMISSION. [Docket No ; NRC ] Exemption Requests for Special Nuclear Material License SNM-362,

ATSTORM v2. The sensor with FCES technology is connected to the interface with a communication cable.

The New DUSTTRAK II and DRX Aerosol Monitors

Leak Detection Program Management (RP 1175) April 24-26, 2018 St. Louis, Missouri

Safeguards in Prototype Fast Breeder Reactor Monju

MOVING FILTER AIR MONITOR ALPHA, BETA/GAMMA PARTICULATES

INDUSTRIAL SEWING MACHINES PLK-G4030/G4030R PLK-G6030/G6030R PLK-G5050/G5050R PLK-G10050/G10050R. Wide-area Series

SUPREMATouch. Modular Fire & Gas Detection System

User s Manual. YTA110, YTA310, YTA320, and YTA710 Temperature Transmitters. Manual Change No

The New DUSTTRAK II and DRX Aerosol Monitors

SUPREMATouch. Modular Fire & Gas Detection System

SMD601 Plus. The most Sensitive Multi-Zone Metal Detector for Law Enforcement and Correctional Facilities. Threat Detection through Electromagnetics

Transcription:

PSAM 2013 Topical Conference in Tokyo GS-III : PSA Applications and Software Reliability (#1079) Software Failure Mode and Effects Analysis of Concept Phase for Radiation Monitoring System Digital Replacement Hui-Wen Huang, Tsu-Mu Kao, Wen-wei Kuo, Mao-sheng Tseng, and Yuan-chang Yu Institute of Nuclear Energy Research (INER), Taiwan Hyatt Regency Tokyo, Japan April 16, 2013

Outline Introduction Functional Description FMEA of Computational Module Conclusion Institute of Nuclear Energy Research Page 2

Introduction Due to the obsolescence and spare parts shortage issue, the safetyrelated radiation monitoring system (RMS) of Maanshan Nuclear Power Plant (MSNPP) is under the digital replacement process in Taiwan. Software Failure Mode and Effects Analysis (FMEA) is adopted as Hazard Analysis (HA) of Software Verification and Validation (SV&V) Under the following regulation and standard: Branch Technical Position (BTP) 7-14, "Guide on Software Review for Digital Computer-based Instrumentation and Control System" Regulatory Guide 1.168 Revision 1, "Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants" IEEE Std 1012-1998, "IEEE Standard for Software Verification and Validation" Institute of Nuclear Energy Research Page 3

Introduction The life cycle of digital RMS development includes: Concept phase Plant level description Requirement phase System level Software functional description Design phase Logic diagram, Flow chart, or Pseudo code Detailed design Implementation phase Software module development/test Software integration development/test Institute of Nuclear Energy Research Page 4

Introduction Software/hardware integration phase Control card Component level test Validation phase Control cabinet System level test - Factory Acceptance Test (FAT) Installation phase Installed in NPP site Plant level test - Site Acceptance Test (SAT) Institute of Nuclear Energy Research Page 5

Software development life cycle phases combined from BTP 7-14 and IEEE Std 1012 Institute of Nuclear Energy Research Page 6

Introduction 18 RMS stations are safety related in MSNPP Their radiation exposure rate or radiation concentration output signals are sent to safety related interfaces as the initiation basis for Engineered Safety Feature Actuation System (ESFAS). Three types of detectors are included: Geiger-Muller (GM) Counter Ion Chamber (IC) Scintillation Counter (SC). Institute of Nuclear Energy Research Page 7

Functional Description Functional Diagram of Radiation Monitoring System Digital Replacement Institute of Nuclear Energy Research Page 8

Functional Description Internal functions: (1) Conversion Obtaining counting rate by (a) performing pulse shaping and pulse counting, if the detector is a GM tube. (b) performing current/frequency conversion, if the detector is an Ion Chamber. (c) performing analog/digital conversion and pulse counting, if the detector is a Scintillation Counter. (2) Digital Signal Transfer Calculating Exposure rate or Radioactive concentration Exposure rate (mr/hr) = CPM x CF Radioactive concentration(µci/cc) = CPM x CF where CPM denotes Counts per minute CF denotes conversion factor (3) Parameter Storage Storing parameters, such as CF or setpoint. (4) Comparison with Setpoint If the exposure rate or radioactive concentration is greater then setpoint, an alarm Boolean variable will turn to TRUE. Institute of Nuclear Energy Research Page 9

Functional Description Interfaces: (1) with Detectors Receiving signals from detectors. (a) If the detector is a GM tube, the signal type is pulse. (b) If the detector is an Ion Chamber, the signal type is current. (c) If the detector is a Scintillation Counter, the signal type is pulse. (2) with Initiation Module Exposure rate or Radioactive concentration is sent to Initiation Module. Under offline status, the maintenance personnel can modify the parameters in Computation Module via Initiation Module. (3) with Communication Module The following variables are sent to Communication Module with one-way communication. (1) Exposure rate or Radioactive concentration (2) the alarm Boolean variable (4) with Local Alarm If the alarm Boolean variable is TRUE, the local alarm will be initiated. (5) with Local Digital Meter The Exposure rate or Radioactive concentration is sent to a Local Digital Meter continuously. Institute of Nuclear Energy Research Page 10

Functional List of Computation Module, Communication Module, and Initiation Module Computation Module (Safety Related, in the digital replacement scope) Internal Functions Interfaces Conversion with Detectors Digital Signal Transfer with Initiation Module Parameter Storage with Communication Module Comparison with Setpoints with Local Alarm - with Local Digital Meter Historical Records Instant Record Communication Module (Non-safety Related, in the digital replacement scope) Internal Functions Interfaces with Computation Module with Control Console Initiation Module (Safety Related, not in the digital replacement scope) Internal Functions Interfaces Comparison with Setpoints with Computation Module - with SSILS Institute of Nuclear Energy Research Page 11

FMEA of Computational Module Two independent RMS stations with different type of detectors (e.g., GM tube vs. Scintillation Counter) are designed as diverse backup for each other. Each train includes specific detector, Computation Module, and Initiation Module. The two stations are linked together with an OR gate. The signal from OR gate is sent to SSILS for actuating ESF. This design can mitigate the independent/single failure of one of the redundant trains. System level redundant design Institute of Nuclear Energy Research Page 12

FMEA of Computational Module The items in FMEA include: Function, Failure Mode, Failure Mechanism, Failure Effect, Method of Failure Detection, and Resolution. The failures of internal functions and communication failures of the interfaces are addressed in the FMEA. Two kinds of surveillance tests are in the maintenance procedure. The daily surveillance test makes sure that the DMS function is normal. The operator performs the daily surveillance test in main control room. Because the detectors degrade gradually, the threemonthly surveillance test performs calibration of CF value. The maintenance personnel reaches each local DMS to perform the daily surveillance test. Communication failure with Local Alarm is an undetected failure. There is no automatic detection to identify the failure. The three-monthly surveillance test can identify the communication failure manually. Institute of Nuclear Energy Research Page 13

FMEA of Computation Module in Concept Phase Institute of Nuclear Energy Research Page 14

FMEA of Computation Module in Concept Phase Institute of Nuclear Energy Research Page 15

FMEA of Computation Module in Concept Phase Institute of Nuclear Energy Research Page 16

FMEA of Computation Module in Concept Phase Institute of Nuclear Energy Research Page 17

Conclusions This work performed the Software FMEA of Concept Phase for the safety related radiation monitoring system digital replacement. The software functions of safety-related Computation Module have been identified. All the failure modes of these functions have been analyzed. The independent/single failures of safetyrelated functions were addressed with system level redundant design. The common mode failures of safety-related functions were addressed by the period surveillance test. Communication Module and Control Console are non-safety related components, however, their functions are important means for detecting the failure of safety related Computation Module. Institute of Nuclear Energy Research Page 18

Institute of Nuclear Energy Research Page 19

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback