SAFIR2014: CORSICA Coverage and rationality of the software I&C safety assurance

Similar documents
IEEE STD AND NEI 96-07, APPENDIX D STRANGE BEDFELLOWS?

Failure Mode and Effects Analysis of FPGA-Based Nuclear Power Plant Safety Systems

Energiforsk/ENSRIC Project

Scientific Certification

- Energiforsk Nuclear Safety Related Instrumentation and Control

Validation and Verification of Field Programmable Gate Array based systems

Research in automation, risk analysis, control rooms and organisational factors;

LICENSING THE PALLAS-REACTOR USING THE CONCEPTUAL SAFETY DOCUMENT

A FRAMEWORK FOR PERFORMING V&V WITHIN REUSE-BASED SOFTWARE ENGINEERING

Towards a multi-view point safety contract Alejandra Ruiz 1, Tim Kelly 2, Huascar Espinoza 1

PSA research in SAFIR2014. NPSAG-möte, Vattenfall, Berlin, Febr 2-3, 2011 Jan-Erik Holmberg VTT Technical Research Centre of Finland

Chapter 8: Verification & Validation

This document is downloaded from the Digital Open Access Repository of VTT. P.O. box 1000 FI VTT Finland VTT

IAEA Training in level 1 PSA and PSA applications. PSA Project. IAEA Guidelines for PSA

Piloting MDevSPICE - the Medical Device Software Process Assessment Framework

Institute for Energy. ENIQ 2020 Roadmap. ENIQ report No 43

Research on the evaluation model of the software reliability for

Phase 2 Executive Summary: Pre-Project Review of AECL s Advanced CANDU Reactor ACR

Harmonization of Nuclear Codes & Standards Pacific Nuclear Council Working and Task Group Report

An "asymmetric" approach to the assessment of safety-critical software during certification and licensing

Use of the Graded Approach in Regulation

Instrumentation and Control

UNIT-III LIFE-CYCLE PHASES

Pakistan Nuclear Regulatory Authority

Automated Driving Systems with Model-Based Design for ISO 26262:2018 and SOTIF

Dr Daniela Cancila. Laboratoire des composants logiciels pour la Sécurité et la Sûreté des Systèmes (L3S)

Energiforsk Nuclear power concrete structures R&D program

MDEP Technical Report TR-CSWG-05

THE CONSTRUCTION- AND FACILITIES MANAGEMENT PROCESS FROM AN END USERS PERSPECTIVE - ProFacil

Diversity for security: case assessment for FPGA-based safety-critical systems

The Development of the New Idea Safety Guide for Design of Instrumentation and Control Systems for Nuclear Power Plants

Introduction - Background to Medical Device Software Development

RadICS System EQ Testing: Results and Lessons Learned

TSO: Concept, Principles & Approach

Instrumentation and Control

Yolande Akl, Director, Canadian Nuclear Safety Commission Ottawa, Canada. Abstract

ONR Strategy 2015 to 2020

SYSTEM ANALYSIS & STUDIES (SAS) PANEL CALL FOR PAPERS

HARMONICS (Contract Number: )

Applied Safety Science and Engineering Techniques (ASSET TM )

Technology qualification management and verification

Software-Intensive Systems Producibility

NSNI Priorities related to Advanced Nuclear Designs

Applications & Benefits of Engineering Simulators

A NEW METHODOLOGY FOR SOFTWARE RELIABILITY AND SAFETY ASSURANCE IN ATM SYSTEMS

SAFETY CASE PATTERNS REUSING SUCCESSFUL ARGUMENTS. Tim Kelly, John McDermid

Structured Natural Language Requirements in Nuclear Energy Domain

Research in automation, risk analysis, control rooms and organisational factors; applications to plant life management

A Pathway to DEMO - Activities for DEMO in Korea

CIPM and CCPR What are these organizations and how do they affect my testing results. Maria Nadal Photometry, Surface Color and Appearance NIST

Governing energy transitions towards a low-carbon society: the role of reflexive regulation and strategic experiments

Operator Experiences on Working in Screen-Based Control Rooms. Leena Salo

SMR Conference Manchester 2014 Regulator s view UK and International. Bob Jennings Systems Lead for ONR s Generic Design Assessment (GDA)

How to Show Legacy Software Meets Modern Standards

Mitsubishi s computerized HSI and digital I&C system for PWR plants

Principled Construction of Software Safety Cases

DNVGL-RP-A203 Edition June 2017

Assessing the Welfare of Farm Animals

TECHNICAL AND OPERATIONAL NOTE ON CHANGE MANAGEMENT OF GAMBLING TECHNICAL SYSTEMS AND APPROVAL OF THE SUBSTANTIAL CHANGES TO CRITICAL COMPONENTS.

Physics Based Sensor simulation

SMR Regulators Forum. Pilot Project Report. Report from Working Group on Graded Approach

Software Process Improvement & Roadmapping A Roadmap for Implementing IEC in Organizations Developing and Maintaining Medical Device Software

Table top exercise: Application of AM guidance to electrical cables

Nuclear Regulatory Needs and Activities Related to Liquefaction Assessment

RESEARCH IN AUTOMATION, RISK ANALYSIS, CONTROL ROOMS AND ORGANISATIONAL FACTORS; APPLICATIONS TO PLANT LIFE MANAGEMENT

Supplementary description for NKS application. Failure management in nuclear power plants. Research topic and justification

A Knowledge-Centric Approach for Complex Systems. Chris R. Powell 1/29/2015

QUANTITATIVE IMAGE TREATMENT FOR PDI-TYPE QUALIFICATION OF VT INSPECTIONS

A Process Assessment Model for Assessing the Risk Associated with placing a Medical Device on a Medical IT Network

TECHNOLOGY QUALIFICATION MANAGEMENT

Developing a Strong Nuclear Safety Culture. Larry Weber Chief Nuclear Officer, Senior Vice President American Electric Power Cook Nuclear Plant

DRAFT REGULATORY GUIDE DG-1029

2012 International Symposium on Safety Science and Technology Master of science in safety engineering at KU Leuven, Belgium

CSE - Annual Research Review. From Informal WinWin Agreements to Formalized Requirements

Overview of Information Barrier Concepts

SPICE: IS A CAPABILITY MATURITY MODEL APPLICABLE IN THE CONSTRUCTION INDUSTRY? Spice: A mature model

JOHANN CATTY CETIM, 52 Avenue Félix Louat, Senlis Cedex, France. What is the effect of operating conditions on the result of the testing?

Towards an MDA-based development methodology 1

IBC Information and Communication Committee, Nils Andreas Masvie 27 January Paris Marriott Opera Hotel. Ungraded

Radiological Protection: Old Questions Needing New Answers

Independent Communications Authority of South Africa Pinmill Farm, 164 Katherine Street, Sandton Private Bag X10002, Sandton, 2146

ASAMPSA2 WORKSHOP PRELIMINAR AGENDA

Functional safety for semiconductor IP

Technical Specifications: Supply of Seamless Grade TP304L Pipe and Grade WP304L Pipework Fittings to the ITER Organization (IO).

Issues and Challenges in Ecosystems of Federated Embedded Systems

New Reactors Programme. GDA close-out for the AP1000. GDA Issues GI-AP1000-CI-05 Smart Device Justification

White paper on professional practice in software engineering. Canadian Engineering Qualifications Board Software Engineering Task Force.

New Plant Cable Issues. SC-2 Knoxville Tennessee April 8, 2009

The System Safety Assessment by the Use of Programming Tools during the Licensing Process

Instructor Station for Apros Based Loviisa NPP Training Simulator

DIGITAL PRE-DISTORTION LINEARIZER FOR A REALIZATION OF AUTOMATIC CALIBRATION UNIT

MDEP Codes and Standards Working Group. CSWG s Initiative to Harmonize Nuclear Pressure-Boundary Codes and Standards

Floating Power Plant A/S POSEIDON project

Strategy for a Digital Preservation Program. Library and Archives Canada

Technology Roadmapping An Overview for MAA Thrust Area Work Groups

Trends in ICT Standards in European Standardisation Bodies and Standards Consortia

ONR perspectives on design assessment and licensing of SMRs

European Nuclear Education Network Association

Fishery Improvement Plan New Zealand EEZ Arrow Squid Trawl Fishery (SQU1T)

Office for Nuclear Regulation Strategy

Transcription:

SAFIR2014: CORSICA Coverage and rationality of the software I&C safety assurance Mid-Term Seminar 21.-22.3.2013 Jussi Lahtinen, Jukka Ranta, Lauri Lötjönen VTT Risto Nevalainen, Timo Varkoi, FiSMA

2 Introduction CORSICA is based on previous SAFIR2010 program to develop approaches to qualify and certify software intensive I&C systems for nuclear power plants. Current CORSICA topics in SAFIR2014 program: adequacy and relevance of process capability assessment in technical product evaluation; coverage and rationality of required development and assurance methods; certification and evaluation issues in using new technologies, for example FPGA; use of new standards in technical safety evaluation of nuclear I&C systems.

3 Tasks in CORSICA 2011-2014 1. Nuclear SPICE 1. Nuclear SPICE 1. Nuclear SPICE 1. Nuclear SPICE 2. NS->Reliability 3. Coverage & Rationality 3. Coverage & Rationality 3. Coverage & Rationality 3. Coverage & Rationality 4. Review techniques 6. Novel technologies 4. Review techniques 6. Novel technologies 4. FPGA 4. FPGA 2011 2012 2013 2014

4 Assessment of system & software development process with Nuclear SPICE The aim is to create an integrated family of methods to assess the degree of compliance with selected standards SPICE provides a generic framework for assessment content and criteria added from generic safety standards and from nuclear standards Nuclear SPICE is a method to assess process capability and compliance to standards Steps: Nuclear SPICE Process Assessment Model (PAM) Nuclear SPICE assessment process Validation of Nuclear SPICE

5 Software reliability and process assessment The original aim was to produce a mechanism to convert safetycritical process assessment (Nuclear SPICE) outcomes into a software reliability value. State-of-the-art study tried to identify means needed to relate development practices to product quality, especially reliability. Software reliability is a controversial concept and task was considered unsolvable. The goal was adjusted to provide a wider viewpoint to process related risks regarding safety and dependability. Software reliability is related to the operation of the software. Software reliability and safety could benefit of software development process modeling and evaluation as a means to reduce software-related risks.

6 Framework for safety evaluation based on Nuclear SPICE Firstly, software reliability was studied from process point of view Based on literature review Software reliability is a difficult concept Tedious to quantify Implication to safety questionnable Processes affect reliability (and safety) Probability not applicable (e.g. SIL) Maintainability Secondly, process assessment framework to evaluate safety characteristics of software development processes was developed Based on a new Process Quality concept and ISO/IEC 330xx standards for Process Assessment Defines relevant processes and process quality attributes Safety as a Process Quality Characteristic Reliability Dependability Availability

7 Safety as a Process Quality Characteristic Integrate safety improving practices directly into system/software development processes Safety dimension for process assessment Increased self-assurance, robustness and trust Key process quality attributes to deliver safe software trust in process Requirements control: traceability, coverage, constraints, reuse Safety engineering: safety demonstration, reviews, assurance Process dependability: reliability, availability, maintainability Key process quality attributes to manage safe software development safety culture Safety management: strategy, safety life cycle, resources, monitoring Compliance: standards, defined process and tailoring Risk management: risk mitigation, risk analysis, information security Quantitative management: analysis and variation control The aim is that risks related to achievement of safety goals can be evaluated with process assessment using specifically defined process quality attributes

8 Process Attributes for Safety Basic Trustworthy process Extended Safety culture PA 1 Process performance PA 2 Process dependability PA 3 Requirements control PA 4 Safety engineering PA 5 Safety management PA 6 Process compliance PA 7 Risk management PA 8 Quantitative management PA 1.1 process outcomes are achieved PA 2.1 reliability PA 3.1 traceability PA 4.1 safety demonstration PA 5.1 safety strategy alignment PA 6.1 standards PA 7.1 management of effect on business goals PA 8.1 quantitative analysis PA 2.2 availability PA 3.2 specifications coverage PA 4.2 reviews PA 5.2 safety life cycle PA 6.2 defined process PA 7.2 qualitative and quantitative risk analysis PA 8.2 quantitative control PA 2.3 maintainability PA 3.3 constraints PA 4.3 verification and validation PA 5.3 responsibilities and resourcing PA 6.3 process tailoring PA 7.3 information security PA 3.4 safety analysis PA 4.4 quality assurance PA 5.4 monitoring PA 3.5 reuse PA 5.5 test and simulation environments

9 Coverage and rationality of methods Functional testing plays a major role in the V&V of safety critical software of instrumentation and control in nuclear power plants Challenges: as a test is derived from the specification, it can only detect nonconformance to that specification, and cannot be used to prove software correctness full test coverage with respect to completeness and correctness is practically impossible Solutions: Software reviews, inspections and walkthroughs are techniques to be applied to any artefact of system and software Operational profile is used by analysing the software environment to tell criticality and frequency of the use of the software

10 Comparing U.S. NRC reactor trip software review process to the Finnish regulatory requirements Identifying the difference between the NRC and STUK regulatory requirements makes the approval of their systems easier The NRC-IEEE framework emphasises analysis and making of plans, whereas the STUK-IEC framework emphasises the management of requirements Safety classifications of I&C systems are different in U.S and Finland. In U.S, there are one safety class and four echelons of defence, which are only conceptual. In Finland there are two safety classes and absolute safety borders between systems which belong to different safety classes. Significant differences are in the implementation of backup systems NRC refers to IEEE standards, STUK mainly refers to IEC 60880

11 Reading techniques Reviews and inspections are typically used to locate software defects in the early life-cycle phases Perspective-Based Reading (PBR) examines a software artefact description from the perspectives of the artefact s stakeholders in order to identify defects Reviewers themselves create high-level work products based on the reviewed document. This leads to a more profound understanding of the system. Applied to the review of nuclear domain conceptual design plans Review instructions were written for five perspectives: an automation designer, a control room designer, an electrical designer, a safety designer, and a regulator.

12 Use of novel technologies in nuclear power plants Interest in the use of field programmable gate array (FPGA) technology in nuclear power plant (NPP) automation has increased Demonstration of software-based systems reliability and safety in the licensing process is difficult and laborious FPGAs are seen as an option that provides flexibility and capability similar to software but with lower complexity, simpler system structure, and improved hardware performance. Cyber security issues are also considered to be lesser with FPGAs than with software Case study: Stepwise Shutdown System (SWS)

13 Deliverables 2011 Task Report 1.1 FiSMA report 2011-1: S4N method description - Nuclear SPICE PRM and PAM. FiSMA 2012. 1.1 Nevalainen, Mäkinen, Varkoi: Towards SPICE for Nuclear (S4N) Integrating IEC 61508, IEC 60880 and SPICE. EuroSPI 2011 conference. 1.2 FiSMA report 2011-2: S4N Assessment Process - Requirements for Nuclear SPICE assessment. FiSMA 2012. 3 Rationality of functional testing at Category A software, VTT Working Report. 4 Application of the Perspective Based Reading technique in the nuclear I&C context, VTT Technology. 6 Current state of FPGA technology in a nuclear domain, VTT Technology.

14 Task Report Deliverables 2012 1.1 FiSMA report 2012-1: Nuclear SPICE PAM for pre-qualification process assessment. FiSMA 2013. 1.2 FiSMA report 2012-2: Nuclear SPICE assessment process. FiSMA 2013. 1 Varkoi T., Nevalainen R., and Mäkinen T.: Toward Nuclear SPICE integrating IEC 61508, IEC 60880 and SPICE. Journal of Software: Evolution and Process, published online 18.2.2013. 1 Development and use of standard based qualification procedures for safety systems and equipment in OL1 and OL2 nuclear power plants. Presentation in a workshop Application of IEC/SC45A CLC/TC45AX standards in nuclear installations, Petten 27.4.2012 1 & 2 Safety Issues In Process Assessment. SPICE 2012 conference tutorial, 29.5.2012. 1 & 2 Integrating different assessment approaches to evaluate safety-critical software development in nuclear domain, EuroSPI 2012 Industrial proceedings, Functional safety workshop, 27.6.2012. 2 FiSMA report 2012-3: Framework to evaluate software reliability based on Nuclear SPICE. FiSMA 2013. 3 Planning a review process for software of reactor trip system. Supplementary requirements to U.S. NRC. Research Report VTT-R-06436-12. 4 Development of a Review Technique for Conceptual Design Plans. Research report VTT-R-08337-12. 6 Working report: Multi-core Processing from NPP I&C Perspective. VTT Technology. 6 FPGA Implementation of the Stepwise Shutdown System. VTT Research report. VTT-R-06053-12..

15 CORSICA Coverage and rationality of the software I&C safety assurance Thank you for your attention!

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback