THCPA —  Functional Safety and Machine Protection Systems   (12-Oct-17   13:45—15:30)
Chair: M.T. Heron, DLS, Oxfordshire, United Kingdom
Paper Title Page
THCPA01 Safety Instrumented Systems and the AWAKE Plasma Control as a Use Case 1206
  • E. Blanco Viñuela, H.F. Braunmuller, B. Fernández Adiego, R. Speroni
    CERN, Geneva, Switzerland
  Safety is likely the most critical concern in many process industries, yet there is a general uncertainty on the proper engineering to reduce the risks and ensure the safety of persons or material at the same time of providing the process control system. Some of the reasons for this misperception are unclear requirements, lack of functional safety engineering knowledge or incorrect protection functionalities attributed to the BPCS (Basic Process Control System). Occasionally the control engineers are not aware of the hazards inherent to an industrial process and this causes the lack of the right design of the overall controls. This paper illustrates the engineering of the SIS (Safety Instrumented System) and the BPCS of the plasma vapour controls of the AWAKE R&D project, the first proton-driven plasma wakefield acceleration experiment in the world. The controls design and implementation refers to the IEC61511/ISA84 standard, including technological choices, design, operation and maintenance. Finally, the publication reveals usual difficulties appearing in such kind of industrial installations and the actions to be done to ensure the proper functional safety system design.  
slides icon Slides THCPA01 [6.199 MB]  
DOI • reference for this paper ※  
Export • reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)  
THCPA02 ESS Accelerator Safety Interlock System 1213
  • D. Paulic, S.L. Birch, M. Mansouri, A. Nordt, Y.K. Sin, A. Toral Diez
    ESS, Lund, Sweden
  Providing and assuring safe conditions for personnel is a key parameter required to operate the European Spallation Source (ESS). The main purpose of the Personnel Safety Systems (PSS) at ESS is to protect workers from the facility's ionising prompt radiation hazards, but also identify as well as mitigate against other hazards such as high voltage or oxygen depletion. PSS consist of three systems: the Safety interlock system, the Access control system and the Oxygen deficiency hazard (ODH) detection system. The Safety interlock system ensures the safety functions of the PSS by controlling all hazardous equipment for starting the beam operation and powering the RF-powered units and allowing its operation when personnel is safe. This paper will describe the ESS PSS Accelerator Safety interlock system's scope, strategy, methodology and current status.  
slides icon Slides THCPA02 [4.292 MB]  
DOI • reference for this paper ※  
Export • reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)  
THCPA03 Applying Layer of Protection Analysis (LOPA) to Accelerator Safety Systems Design 1217
  • F. Tao, J.M. Murphy
    SLAC, Menlo Park, California, USA
  Large accelerator safety system design is complex and challenging. The complexity comes from the wide geographical distribution and the entangled control/protection functions that are shared across multiple control systems. To ensure safety performance and avoid unnecessary overdesign, a systematic approach should be followed when setting the functional requirements and the associated safety integrity. Layer of Protection Analysis (LOPA) is a method in IEC61511 for assigning the SIL to a safety function. This method is well suited for complex applications and is widely adopted in the process industry. The outputs of the LOPA study provide not only the basis for setting safety functions design objective, but also a reference document for managing system change and determining test scope. In this paper, SLAC credited safety systems are used to demonstrate the application of this semi-quantitative method. This example will illustrate how to accurately assess the hazardous event, analyze the independence of different protection layers, and determine the reliability of a particular protection function.  
slides icon Slides THCPA03 [2.206 MB]  
DOI • reference for this paper ※  
Export • reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)  
THCPA04 Development of a Safety Classified System with LabView and EPICS 1221
  • C.H. Haquin, P. Anger, D.J.C. Deroy, G. Normand, F. Pillon, A. Savalle
    GANIL, Caen, France
  The Spiral2 linear accelerator will drive high intensity beams, up to 5 mA and 200 kW at linac exit. In tuning phase, or when not used by the experimental areas, the beam will be stopped in a dedicated beam dump. To avoid excessive activation of this beam dump, in order to allow human intervention, a safety classified system had been designed to integrate the number of particles dropped in it within each 24 hours time frame. For each kind of beam, a threshold will be defined and as soon as the threshold is reached a beam cut-off will be sent to the machine protection system. This system, called SLAAF: System for the Limitation of the Activation of the beam dump (Arret Faisceau in French) rely on LabView and EPICS (Experimental Physics and Industrial Control) technology. This paper will describe the specification and development processes and how we dealt to meet both functional and safety requirements using two technologies not commonly used for safety classified systems.  
slides icon Slides THCPA04 [0.471 MB]  
DOI • reference for this paper ※  
Export • reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)  
Development and Implementation of the Treatment Control System in Shanghai Proton Therapy Facility  
  • M. Liu, K.C. Chu, C.X. Yin, L.Y. Zhao
    SINAP, Shanghai, People's Republic of China
  Shanghai Proton Therapy Facility is in the phase of commissioning. We developed the treatment control system in consideration of a plurality of IEC standards. The system is comprised of the irradiation control sub-system (ICS) and the treatment interlock sub-system (TIS). The irradiation flow was implemented and monitored by firmware in ICS, with the benefit of low latency. Hardware based TIS conducts the calculation of interlock logics. The protection of patients and the machine from hazards could be guaranteed by TIS with high reliability. ICS is integrated into the main timing system, and ICS controls treatment-related sequence of the accelerator complex via the timing system. The function of switching treatment rooms is realized by hardware in the timing system. The design philosophy, the safety analysis and the design of critical modules are demonstrated in the paper.  
slides icon Slides THCPA05 [2.278 MB]  
Export • reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)  
THCPA06 A Real-Time Beam Monitoring System for Highly Dynamic Irradiations in Scanned Proton Therapy 1224
  • G. Klimpki, C. Bula, M. Eichin, A.L. Lomax, D. Meer, S. Psoroulas, U. Rechsteiner, D.C. Weber
    PSI, Villigen PSI, Switzerland
  • D.C. Weber
    University of Zurich, University Hospital, Zurich, Switzerland
  Funding: This work is supported by the Giuliana and Giorgio Stefanini Foundation.
Patient treatments in scanned proton therapy exhibit dead times, e.g. when adjusting beamline settings for a different energy or lateral position. On the one hand, such dead times prolong the overall treatment time, but on the other hand they grant possibilities to (retrospectively) validate that the correct amount of protons has been delivered to the correct position. Efforts in faster beam delivery aim to minimize such dead times, which calls for different means of monitoring irradiation parameters. To address this issue, we report on a real-time beam monitoring system that supervises the proton beam position and current during beam-on, hence while the patient is under irradiation. For this purpose, we sample 1-axis Hall probes placed in beam-scanning magnets and plane-parallel ionization chambers every 10 μs. FPGAs compare sampled signals against verification tables - time vs. position/current charts containing upper and lower tolerances for each signal - and issue interlocks whenever samples fall outside. Furthermore, we show that by implementing real-time beam monitoring in our facility, we are able to respect patient safety margins given by international norms and guidelines.
slides icon Slides THCPA06 [1.841 MB]  
DOI • reference for this paper ※  
Export • reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)  
THCPA07 Development of an Expert System for the High Intensity Neutrino Beam Facility at J-PARC 1229
  • K. Nakayoshi, Y. Fujii, T. Nakadaira, K. Sakashita
    KEK, Tsukuba, Japan
  A high intensity neutrino beam produced at J-PARC is utilized by the T2K long baseline neutrino oscillation experiment. To generate the high intensity neutrino beam, a high intensity proton beam is extracted from the 30 GeV Main Ring synchrotron to the neutrino primary beamline. In the beamline, one mistaken shot can potentially do serious damage to beamline equipment. To avoid such a consequence, many beamline equipment interlocks which automatically stop the beam operation are implemented. If an interlock is activated, the beam operator references the operation manual, confirms the safety of the beamline equipment and resumes the beam operation. In order to improve the present system, we are developing an expert system for prompt and efficient understanding of the status of the beamline to quickly resume the beam operation. When an interlock is activated, the expert system references previous interlock patterns and infers what happened in the beamline. And the expert system will suggest how to resume the beam operation to the beam operator. We have developed and evaluated this expert system. In this talk, we will report the development status and initial results.  
slides icon Slides THCPA07 [2.034 MB]  
DOI • reference for this paper ※  
Export • reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)