No: 1 CEMSIS 1 WP3 - Use of pre-developed products Key issues N. Thuy EDF R&D.

1

no: 1 CEMSIS

WP3 - Use of pre-developed products

Key issues

N. ThuyEDF R&D

WP3_edf036_v01_FISA_November 2003

CEMSIS no: 2

Objectives

I&C systems based on off-the-shelf products suitability for functions important to safety cost-effectiveness

Application of safety framework (WP1)

Software aspects


CEMSIS no: 3

General approach

System properties essential to safety what needs to be claimed and justified application specific / generic properties

Product assessment objective: state, justify generic claims

— product claims reusable for justification of system claims— not a general safety label

functional, dependability assessments ahead of projects, for a range of applications

System qualification products used according to conditions of assessments focus on application issues


CEMSIS no: 4

Main generic system propertiesessential to safety

Characterisation of system and main sub-systems / components identification, description / specification, integrity

Adequacy of specification to real safety needs

Correctness with respect to specification

Robustness against postulated internal / external events

Maintenance of preceding properties over lifetime


CEMSIS no: 5

Generic product propertiesessential to safety

Refinement of main generic system properties E.g., robustness

— identification, characterisation of causes of non-nominal situations

— intrinsic, passive robustness

— detection of non-nominal situations

— signaling of non-nominal situations

— containment

— graceful degradation to specified behavior

— correct restoration of nominal service

« Projection » of system properties on products may depend on nature of product, role assigned by system design two main types of product properties:

— functional properties

— dependability properties


CEMSIS no: 6

Product taxonomies

Wide variety, one size does not fit all

Taxonomy for functional assessments I&C platforms communication equipment « smart » devices

Taxonomy for dependability assessments safety class functional complexity availability of technical information amount of credible, applicable operational experience


CEMSIS no: 7

Functional assessmentOverall process

3. Functional UserRequirements Specification

(cf. WP2)

Product independent Product dependent

1. Functional ModelingMain typical functions, interactors

for each functional typeInvestigation groups, guidelines

Project independent

Project dependent

2. Product CharacterisationAccording to investigation groups

and guidelines

4. Matching FURS andproduct characteristics


CEMSIS no: 8

Functional Modeling Example I&C platforms: function and interactors

OperatorsMaintenance& servicing

Installation Engineering Investigation

I&C systemOther systems& equipment

ProcessInstrumentation

Self-surveillanceInterfaces Interfaces

I/O data processing, Automation & Control

Event management, Management of RT data,Management of plant, system, procedures data

HMI, Alarms Archiving System testing

Management ofErrors & Failures

Application dev. &Maintenance

System configurationSystem monitoring


CEMSIS no: 9

Functional Modeling ExampleI&C platforms: Investigation groups

Influencing conditions Architectures and configurations Modes of behaviour Avalanche conditions Other influencing conditions

Functions supporting plant operation HM dialogue Alarm management Automation & control Management of events, time stamping Management of real-time supervision data Description of process, system, procedures

Technical interfaces Interfaces with process instrumentation Interfaces with other systems Data processing

Performances In nominal modes In down-graded modes In avalanche conditions In other influencing conditions

System servicing Data archiving Self supervision Error & failure management System configuration System testing

Application development & maintenance Software tools Process description, system, procedures Algorithms Functional validation Internal communications


CEMSIS no: 10

Dependability assessmentMain strategies

White boxwithout

Experience

White boxwith

Experience

Grey boxwithout

Experience

Grey boxwith

Experience

Black boxwith

Experience

Black boxwithout

Experience

A - Complex

A - Medium

A - Simple

B - Complex

B - Medium

B - Simple

AW

AW / AB

BG

BG / BB

AB

BB

BB

AW: white-box assessment for class A AB: black-box assessment for class A BG: grey-box assessment for class B BB: black-box assessment for class B


CEMSIS no: 11

Rigor of justification

Justification may be based on « rigorous proof » sampling operational experience inspection engineering processes

Properties of arguments example: « rigorous proof »

— applicability of proof principle

— faithfulness of representation on which proof is performed

— correct consideration of all relevant influencing factors

— correctness of proof itself


CEMSIS no: 12

Safety, Cost- effectiveness

Off-the-shelf products usually more cost effective than bespoke solutions

Reduction of uncertainties early identification of critical issues solution for « new » issues last minute questions costly in effort and delay more open competition

Sharing of costs (and insights) among projects

I&C systems: main focus on applications

No: 1 CEMSIS 1 WP3 - Use of pre-developed products Key issues N. Thuy EDF R&D.

Documents

Transcript of No: 1 CEMSIS 1 WP3 - Use of pre-developed products Key issues N. Thuy EDF R&D.