No: 1 CEMSIS 1 WP3 - Use of pre-developed products Key issues N. Thuy EDF R&D.
-
Upload
rudolph-walton -
Category
Documents
-
view
213 -
download
1
Transcript of No: 1 CEMSIS 1 WP3 - Use of pre-developed products Key issues N. Thuy EDF R&D.
1
no: 1 CEMSIS
WP3 - Use of pre-developed products
Key issues
N. ThuyEDF R&D
WP3_edf036_v01_FISA_November 2003
CEMSIS no: 2
Objectives
I&C systems based on off-the-shelf products suitability for functions important to safety cost-effectiveness
Application of safety framework (WP1)
Software aspects
WP3_edf036_v01_FISA_November 2003
CEMSIS no: 3
General approach
System properties essential to safety what needs to be claimed and justified application specific / generic properties
Product assessment objective: state, justify generic claims
— product claims reusable for justification of system claims— not a general safety label
functional, dependability assessments ahead of projects, for a range of applications
System qualification products used according to conditions of assessments focus on application issues
WP3_edf036_v01_FISA_November 2003
CEMSIS no: 4
Main generic system propertiesessential to safety
Characterisation of system and main sub-systems / components identification, description / specification, integrity
Adequacy of specification to real safety needs
Correctness with respect to specification
Robustness against postulated internal / external events
Maintenance of preceding properties over lifetime
WP3_edf036_v01_FISA_November 2003
CEMSIS no: 5
Generic product propertiesessential to safety
Refinement of main generic system properties E.g., robustness
— identification, characterisation of causes of non-nominal situations
— intrinsic, passive robustness
— detection of non-nominal situations
— signaling of non-nominal situations
— containment
— graceful degradation to specified behavior
— correct restoration of nominal service
« Projection » of system properties on products may depend on nature of product, role assigned by system design two main types of product properties:
— functional properties
— dependability properties
WP3_edf036_v01_FISA_November 2003
CEMSIS no: 6
Product taxonomies
Wide variety, one size does not fit all
Taxonomy for functional assessments I&C platforms communication equipment « smart » devices
Taxonomy for dependability assessments safety class functional complexity availability of technical information amount of credible, applicable operational experience
WP3_edf036_v01_FISA_November 2003
CEMSIS no: 7
Functional assessmentOverall process
3. Functional UserRequirements Specification
(cf. WP2)
Product independent Product dependent
1. Functional ModelingMain typical functions, interactors
for each functional typeInvestigation groups, guidelines
Project independent
Project dependent
2. Product CharacterisationAccording to investigation groups
and guidelines
4. Matching FURS andproduct characteristics
WP3_edf036_v01_FISA_November 2003
CEMSIS no: 8
Functional Modeling Example I&C platforms: function and interactors
OperatorsMaintenance& servicing
Installation Engineering Investigation
I&C systemOther systems& equipment
ProcessInstrumentation
Self-surveillanceInterfaces Interfaces
I/O data processing, Automation & Control
Event management, Management of RT data,Management of plant, system, procedures data
HMI, Alarms Archiving System testing
Management ofErrors & Failures
Application dev. &Maintenance
System configurationSystem monitoring
WP3_edf036_v01_FISA_November 2003
CEMSIS no: 9
Functional Modeling ExampleI&C platforms: Investigation groups
Influencing conditions Architectures and configurations Modes of behaviour Avalanche conditions Other influencing conditions
Functions supporting plant operation HM dialogue Alarm management Automation & control Management of events, time stamping Management of real-time supervision data Description of process, system, procedures
Technical interfaces Interfaces with process instrumentation Interfaces with other systems Data processing
Performances In nominal modes In down-graded modes In avalanche conditions In other influencing conditions
System servicing Data archiving Self supervision Error & failure management System configuration System testing
Application development & maintenance Software tools Process description, system, procedures Algorithms Functional validation Internal communications
WP3_edf036_v01_FISA_November 2003
CEMSIS no: 10
Dependability assessmentMain strategies
White boxwithout
Experience
White boxwith
Experience
Grey boxwithout
Experience
Grey boxwith
Experience
Black boxwith
Experience
Black boxwithout
Experience
A - Complex
A - Medium
A - Simple
B - Complex
B - Medium
B - Simple
AW
AW / AB
BG
BG / BB
AB
BB
BB
AW: white-box assessment for class A AB: black-box assessment for class A BG: grey-box assessment for class B BB: black-box assessment for class B
WP3_edf036_v01_FISA_November 2003
CEMSIS no: 11
Rigor of justification
Justification may be based on « rigorous proof » sampling operational experience inspection engineering processes
Properties of arguments example: « rigorous proof »
— applicability of proof principle
— faithfulness of representation on which proof is performed
— correct consideration of all relevant influencing factors
— correctness of proof itself
WP3_edf036_v01_FISA_November 2003
CEMSIS no: 12
Safety, Cost- effectiveness
Off-the-shelf products usually more cost effective than bespoke solutions
Reduction of uncertainties early identification of critical issues solution for « new » issues last minute questions costly in effort and delay more open competition
Sharing of costs (and insights) among projects
I&C systems: main focus on applications