MITICA is the prototype of the ITER heating neutral beam injector. It will use an extensive computer-based safety system (MS) to provide occupational safety without addressing nuclear safety as not required. The MS will integrate all personnel safety aspects. We performed a detailed risk analysis to identify the possible hazards and associated risks. To mitigate safety risks, we determined the needed safety instrumented functions (SIFs) and the associated Safety Integrity Levels (SIL), as prescribed in the IEC 61508 technical standard on functional safety in electronic systems. Finally, we verified the SIFs versus the required SIL. Through the analysis activity, we identified 53 SIFs, 3 of which allocated to SIL2, 23 to SIL1, and the others without SIL. From the requirements stated in the system analysis, we defined the MS architecture, also considering the following design criteria: - Using IEC 61508 and IEC 61511 as guidelines for MS development; - Using system hardware to allow up to SIL3 SIFs; - Using software tools to allow programming up to SIL3 SIFs. The requirement of SIL3 hardware/software derives from the need to minimize the share of the probability of failure of the hardware and software components, thus allowing maximum share to sensors and actuators. The paper summarizes the requirements for the MITICA safety systems and proposes the system design to meet them. Due to the required system reliability and availability, the hardware architecture is fully redundant for all components involved in safety functions. Given the need to choose proven solutions, the system implementation is based on industrial components.
Final Design of the Safety System of the Prototype of the ITER Negative-Ion Heating Neutral Beam Injector
Luchetta A;Grando L;Moressa M;
2023
Abstract
MITICA is the prototype of the ITER heating neutral beam injector. It will use an extensive computer-based safety system (MS) to provide occupational safety without addressing nuclear safety as not required. The MS will integrate all personnel safety aspects. We performed a detailed risk analysis to identify the possible hazards and associated risks. To mitigate safety risks, we determined the needed safety instrumented functions (SIFs) and the associated Safety Integrity Levels (SIL), as prescribed in the IEC 61508 technical standard on functional safety in electronic systems. Finally, we verified the SIFs versus the required SIL. Through the analysis activity, we identified 53 SIFs, 3 of which allocated to SIL2, 23 to SIL1, and the others without SIL. From the requirements stated in the system analysis, we defined the MS architecture, also considering the following design criteria: - Using IEC 61508 and IEC 61511 as guidelines for MS development; - Using system hardware to allow up to SIL3 SIFs; - Using software tools to allow programming up to SIL3 SIFs. The requirement of SIL3 hardware/software derives from the need to minimize the share of the probability of failure of the hardware and software components, thus allowing maximum share to sensors and actuators. The paper summarizes the requirements for the MITICA safety systems and proposes the system design to meet them. Due to the required system reliability and availability, the hardware architecture is fully redundant for all components involved in safety functions. Given the need to choose proven solutions, the system implementation is based on industrial components.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.