Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Safety Systems Configuration Management E. Michael Saleski

advertisement 
Safety Systems
Configuration Management
E. Michael Saleski
Control Dept Safety Systems Section QC Manager
June 8, 2009
Safety Systems Configuration Control
FAC 2009
1
1
Mike Saleski
saleski@slac.stanford.edu
Configuration Control Elements
Prevention of Unintended Change
Physical Security of System
Labeling
Training
Control of Intended Change
Work Planning (adequate review of design)
Work Authorization (RSWCF)
Verification of Work (RSWCF)
Periodic Confirmation of System Integrity
Routine testing and inspections
Safety Systems Configuration Control
FAC 2009
2
2
Mike Saleski
saleski@slac.stanford.edu
SLAC Configuration Control Policies
Guidelines for Operations
Guideline 14 “Configuration Control of Radiation
Safety Systems”
Safety-significant systems are protected from inadvertent
tampering by unauthorized persons
This is achieved by a combination of physical security, system
architecture, labeling/education, and frequent inspection
Maintenance by authorized persons is subject to
authorization via Radiation Safety Work Control Form
Guideline 24 “Safety Review of Major Modifications”
Work is also subject to the prescribed Safety Lifecycle
process whenever the system is ‘changed’
Guidelines 27 “Testing of PPS Systems”
Radiation Safety Systems Technical Basis
Document
Safety Systems Configuration Control
FAC 2009
3
3
Mike Saleski
saleski@slac.stanford.edu
Safety Systems Section Docs
Management of Change Plan
CD-SS-MAN-00-01-02
Document Management Plan
CD-SS-MAN-00-02-02
Design Review Plan
CD-SS-MAN-00-01-03
Engineering Change Order
CD-SS-MAN-00-02-07
Software Configuration Management
CD-SS-MAN-00-02-01
SLAC Guidelines for Operations
SLAC-I-010-00100-000
Safety Systems Configuration Control
FAC 2009
4
4
Mike Saleski
saleski@slac.stanford.edu
Safety System Lifecycle
Describes the
development, review,
configuration
management and testing
process for the PPS from
inception, to design,
construction,
commissioning, and
through to operations and
system modifications.
Safety Systems Configuration Control
FAC 2009
Development
and Review
Cycle
Implementation,
Operations, and
Maintenance
Cycle
5
5
Mike Saleski
saleski@slac.stanford.edu
Implementation, Operations, and Maintenance
Initiate RSWCF
Implement Change
Initial Acceptance Test
Development
and Review
Cycle
Problems
Success
Close RSWCF
12 Months
Safety Assurance Test
Problems
Success
6 Months
Interlock Checks
Problems
Success
Routine Testing
Per Guideline 27
System in Operation
Problems
Assessment of Failure
Correct the Procedure
Is the Failure Reportable?
Procedure
Error
Undesired
Functionality
Discovered
Initiate RSWCF;
Determine Tests
Assess Failure with RSO
Administrative
Mitigation
Failed
Hardware
Engineering
Change
Repair Hardware
Re-perform Test
Problems
Success
Need for New
Functional
Requirements
Safety Systems Configuration Control
FAC 2009
Close RSWCF
6
6
Mike Saleski
saleski@slac.stanford.edu
Proposed PLC PPS ‘Dev and Rev’
Need for New PPS
System
Safety Functions
Requirements
Specification
Validation Scope and
Methodology
Determination
Software Functions
Determination
Rework Proposal
Hardware Functions
Determination
Preliminary Design
Review
(Project and RSO/RSC)
Success
Withdraw Software
from Version-Control
Repository
Software Design and
Development
Safety Validation
Planning
Rework
Software
Hardware Design and
Development
Software
Bench Testing
Bench Testing
Specified?
Success
Deposit Software in
Version-Control
Repository
Assign New Version
Number
Rework
Procedure
Validation
Procedure Review
Rework Software
Success
Lifecycle Special Functions Key
Safety Systems Configuration Control
FAC 2009
System Technical
Design Review
Rework Hardware
(Project and RSO/RSC)
Success
System Review
or Assessment
System in
Operation
System Testing
or Validation
Additional
Cycle
Implementation,
Operations, and
Maintenance
Cycle
7
7
Mike Saleski
saleski@slac.stanford.edu
Established SSS Design Review Process
Start
Memo to Engineering
Group Leader initiating
change request
NO
Proposal
Accepted
Drop
Request
Strengths:
Notification to
ADSO/RSO of
job, risk
assessment,
and review plan
Emphasis on review and
development process and
documentation
Collects development and
review docs for auditability
Yes
RSO/RSC Review
Assign Engineer
ECO Initiated
Scope Defined
Formal
Requirements
Produced
Action Item
Management
System
Engineer/Design
Work
Areas for Improvement:
Implement Action
Items
Weekly PeerReview ‘as needed,’
including Risk
Assessment
NO
Increase emphasis that
PDR = established system
req’s
Provide mechanism for
post-PDR change requests
Action Item Closeout Memo Issued
RSWCF
(and WAF if applicable)
Ready for
Formal
Review?
Work is Performed
Yes
Assessment of work
performed during
weekly meetings
Conduct Formal
Review
Yes
Approve
NO
Safety Systems Configuration Control
FAC 2009
Evaluation by
Controls
Department
Management
8
8
Mike Saleski
saleski@slac.stanford.edu
Software Configuration Control Issues
Program Security:
All communication to the safety-critical PLCs is
through TCP/IP to ‘buffer’ Allen-Bradley PLC, then via
DeviceNet (serial data communication).
Safety-critical program ‘smart card’ cannot be written
to while in the PLC
Communication from the safety-critical PLCs is
through DeviceNet to ‘buffer’ Allen-Bradley PLC and
output to control system via TCP/IP
Network Access Security:
Hardwire Enable from MCC required
Only specific IP addresses are allowed to issue PPS
commands
Physical Access Security:
PLCs and DeviceNet are inside locked racks.
Version Management (next page):
Safety Systems Configuration Control
FAC 2009
9
9
Mike Saleski
saleski@slac.stanford.edu
Software Version Management
Start
New
Code or
Revision?
Revision
Check Out from CVS
Increment Internal Version
Tag to ‘X.Y.Z+1’
New
Edit Software
Create New Code.
Set Internal Version Tag to
‘0.0.0’
Bench Testing/Peer Review
Ready for
Formal
Review?
Increment Internal
Version Tag to
‘X.Y.Z+1’ at
Developer’s Discretion.
Use of CVS at
Developer’s Discretion
No
Yes
Increment Internal Version
Tag to ‘X.Y+1.0’
Place Program in CVS with
CVS Version Tag ‘X.Y+1.0’
Design Review
Pass?
No
Yes
Software versions are
checked during annual
certification
Written procedures Exist
for extracting PPS code
from CVS and uploading
it to PLCs
A documented training
program tracks personnel
PLC qualifications in the
Section
Increment Internal and CVS
Version Tags to ‘X+1.0.0’
Update Version References in
Testing Procedures
Safety Systems Configuration Control
FAC 2009
End
10 10
Mike Saleski
saleski@slac.stanford.edu
Related documents
Configuration Control of PPS FAC Review November 2008 E. Michael Saleski
Configuration Control of PPS FAC Review November 2008 E. Michael Saleski
POWER OF ATTORNEY INDIVIDUAL INTERNATIONAL USER
POWER OF ATTORNEY INDIVIDUAL INTERNATIONAL USER
Download
advertisement