MITICA is the prototype of the ITER heating neutral beam injector. It will use an extensive computer-based safety system (MS) to provide occupational safety without addressing nuclear safety as not required. The MS will integrate all personnel safety aspects. We performed a detailed risk analysis to identify the possible hazards and associated risks. To mitigate safety risks, we determined the needed safety instrumented functions (SIFs) and the associated Safety Integrity Levels (SIL), as prescribed in the IEC 61508 technical standard on functional safety in electronic systems. Finally, we verified the SIFs versus the required SIL. Through the analysis activity, we identified 53 SIFs, 3 of which allocated to SIL2, 23 to SIL1, and the others without SIL. From the requirements stated in the system analysis, we defined the MS architecture, also considering the following design criteria: - Using IEC 61508 and IEC 61511 as guidelines for MS development; - Using system hardware to allow up to SIL3 SIFs; - Using software tools to allow programming up to SIL3 SIFs. The requirement of SIL3 hardware/software derives from the need to minimize the share of the probability of failure of the hardware and software components, thus allowing maximum share to sensors and actuators. The paper summarizes the requirements for the MITICA safety systems and proposes the system design to meet them. Due to the required system reliability and availability, the hardware architecture is fully redundant for all components involved in safety functions. Given the need to choose proven solutions, the system implementation is based on industrial components.

Final Design of the Safety System of the Prototype of the ITER Negative-Ion Heating Neutral Beam Injector

Luchetta A;Grando L;Moressa M;
2023

Abstract

MITICA is the prototype of the ITER heating neutral beam injector. It will use an extensive computer-based safety system (MS) to provide occupational safety without addressing nuclear safety as not required. The MS will integrate all personnel safety aspects. We performed a detailed risk analysis to identify the possible hazards and associated risks. To mitigate safety risks, we determined the needed safety instrumented functions (SIFs) and the associated Safety Integrity Levels (SIL), as prescribed in the IEC 61508 technical standard on functional safety in electronic systems. Finally, we verified the SIFs versus the required SIL. Through the analysis activity, we identified 53 SIFs, 3 of which allocated to SIL2, 23 to SIL1, and the others without SIL. From the requirements stated in the system analysis, we defined the MS architecture, also considering the following design criteria: - Using IEC 61508 and IEC 61511 as guidelines for MS development; - Using system hardware to allow up to SIL3 SIFs; - Using software tools to allow programming up to SIL3 SIFs. The requirement of SIL3 hardware/software derives from the need to minimize the share of the probability of failure of the hardware and software components, thus allowing maximum share to sensors and actuators. The paper summarizes the requirements for the MITICA safety systems and proposes the system design to meet them. Due to the required system reliability and availability, the hardware architecture is fully redundant for all components involved in safety functions. Given the need to choose proven solutions, the system implementation is based on industrial components.
2023
Istituto per la Scienza e Tecnologia dei Plasmi - ISTP
safety system
ITER prototype
negative-ion heating
neutral beam injector
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/459188
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact