Experience on the FMS Communication module Development for an Application to Safety- Critical Communication Network

International Nuclear Information System (INIS)

Son, Kwang Seop; Lee, Jang Soo; Kim, Jung Heon

2009-01-01

The field bus has been developed for a network system which supports the real-time communication of various controls and automation equipment. It is known for Profibus in the field of a production automation environment. The Profibus standard uses open communication based on the ISO/OSI model. The Probibus standard uses layer 1, layer 2, layer 7. Layer 7 of Probibus FMS(Fieldbus Message Specification) provides a information and the user of a station. The high-level communication of the safety-grade PLC (POSAFE-Q) developed through the KNICS(Korea Nuclear I and C System) project is the FMS This paper describes the design, the configuration, and the test method of the FMS communication module

How to interpret safety critical failures in risk and reliability assessments

International Nuclear Information System (INIS)

Selvik, Jon Tømmerås; Signoret, Jean-Pierre

2017-01-01

Management of safety systems often receives high attention due to the potential for industrial accidents. In risk and reliability literature concerning such systems, and particularly concerning safety-instrumented systems, one frequently comes across the term ‘safety critical failure’. It is a term associated with the term ‘critical failure’, and it is often deduced that a safety critical failure refers to a failure occurring in a safety critical system. Although this is correct in some situations, it is not matching with for example the mathematical definition given in ISO/TR 12489:2013 on reliability modeling, where a clear distinction is made between ‘safe failures’ and ‘dangerous failures’. In this article, we show that different interpretations of the term ‘safety critical failure’ exist, and there is room for misinterpretations and misunderstandings regarding risk and reliability assessments where failure information linked to safety systems are used, and which could influence decision-making. The article gives some examples from the oil and gas industry, showing different possible interpretations of the term. In particular we discuss the link between criticality and failure. The article points in general to the importance of adequate risk communication when using the term, and gives some clarification on interpretation in risk and reliability assessments.

Design Information from the PSA for Digital Safety-Critical Systems

International Nuclear Information System (INIS)

Kang, Hyun Gook; Jang, Seung Cheol

2005-01-01

Many safety-critical applications such as nuclear field application usually adopt a similar design strategy for digital safety-critical systems. Their differences from the normal design for the non-safety-critical applications could be summarized as: multiple-redundancy, highly reliable components, strengthened monitoring mechanism, verified software, and automated test procedure. These items are focusing on maintaining the capability to perform the given safety function when it is requested. For the past several decades, probabilistic safety assessment (PSA) techniques are used in the nuclear industry to assess the relative effects of contributing events on plant risk and system reliability. They provide a unifying means of assessing physical faults, recovery processes, contributing effects, human actions, and other events that have a high degree of uncertainty. The applications of PSA provide not only the analysis results of already installed system but also the useful information for the system under design. The information could be derived from the PSA experience of the various safety-critical systems. Thanks to the design flexibility, the digital system is one of the most suitable candidates for risk-informed design (RID). In this article, we will describe the feedbacks for system design and try to develop a procedure for RID. Even though the procedure is not sophisticated enough now, it could be the start point of the further investigation for developing more complete and practical methodology

Overview of Risk Mitigation for Safety-Critical Computer-Based Systems

Science.gov (United States)

Torres-Pomales, Wilfredo

2015-01-01

This report presents a high-level overview of a general strategy to mitigate the risks from threats to safety-critical computer-based systems. In this context, a safety threat is a process or phenomenon that can cause operational safety hazards in the form of computational system failures. This report is intended to provide insight into the safety-risk mitigation problem and the characteristics of potential solutions. The limitations of the general risk mitigation strategy are discussed and some options to overcome these limitations are provided. This work is part of an ongoing effort to enable well-founded assurance of safety-related properties of complex safety-critical computer-based aircraft systems by developing an effective capability to model and reason about the safety implications of system requirements and design.

Safety Justification and Safety Case for Safety-critical Software in Digital Reactor Protection System

International Nuclear Information System (INIS)

Kwon, Kee-Choon; Lee, Jang-Soo; Jee, Eunkyoung

2016-01-01

Nuclear safety-critical software is under strict regulatory requirements and these regulatory requirements are essential for ensuring the safety of nuclear power plants. The verification & validation (V and V) and hazard analysis of the safety-critical software are required to follow regulatory requirements through the entire software life cycle. In order to obtain a license from the regulatory body through the development and validation of safety-critical software, it is essential to meet the standards which are required by the regulatory body throughout the software development process. Generally, large amounts of documents, which demonstrate safety justification including standard compliance, V and V, hazard analysis, and vulnerability assessment activities, are submitted to the regulatory body during the licensing process. It is not easy to accurately read and evaluate the whole documentation for the development activities, implementation technology, and validation activities. The safety case methodology has been kwon a promising approach to evaluate the level and depth of the development and validation results. A safety case is a structured argument, supported by a body of evidence that provides a compelling, comprehensible, and valid case that a system is safe for a given application in a given operating environment. It is suggested to evaluate the level and depth of the results of development and validation by applying safety case methodology to achieve software safety demonstration. A lot of documents provided as evidence are connected to claim that corresponds to the topic for safety demonstration. We demonstrated a case study in which more systematic safety demonstration for the target system software is performed via safety case construction than simply listing the documents

Safety Justification and Safety Case for Safety-critical Software in Digital Reactor Protection System

Energy Technology Data Exchange (ETDEWEB)

Kwon, Kee-Choon; Lee, Jang-Soo [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of); Jee, Eunkyoung [KAIST, Daejeon (Korea, Republic of)

2016-10-15

Nuclear safety-critical software is under strict regulatory requirements and these regulatory requirements are essential for ensuring the safety of nuclear power plants. The verification & validation (V and V) and hazard analysis of the safety-critical software are required to follow regulatory requirements through the entire software life cycle. In order to obtain a license from the regulatory body through the development and validation of safety-critical software, it is essential to meet the standards which are required by the regulatory body throughout the software development process. Generally, large amounts of documents, which demonstrate safety justification including standard compliance, V and V, hazard analysis, and vulnerability assessment activities, are submitted to the regulatory body during the licensing process. It is not easy to accurately read and evaluate the whole documentation for the development activities, implementation technology, and validation activities. The safety case methodology has been kwon a promising approach to evaluate the level and depth of the development and validation results. A safety case is a structured argument, supported by a body of evidence that provides a compelling, comprehensible, and valid case that a system is safe for a given application in a given operating environment. It is suggested to evaluate the level and depth of the results of development and validation by applying safety case methodology to achieve software safety demonstration. A lot of documents provided as evidence are connected to claim that corresponds to the topic for safety demonstration. We demonstrated a case study in which more systematic safety demonstration for the target system software is performed via safety case construction than simply listing the documents.

Product Engineering Class in the Software Safety Risk Taxonomy for Building Safety-Critical Systems

Science.gov (United States)

Hill, Janice; Victor, Daniel

2008-01-01

When software safety requirements are imposed on legacy safety-critical systems, retrospective safety cases need to be formulated as part of recertifying the systems for further use and risks must be documented and managed to give confidence for reusing the systems. The SEJ Software Development Risk Taxonomy [4] focuses on general software development issues. It does not, however, cover all the safety risks. The Software Safety Risk Taxonomy [8] was developed which provides a construct for eliciting and categorizing software safety risks in a straightforward manner. In this paper, we present extended work on the taxonomy for safety that incorporates the additional issues inherent in the development and maintenance of safety-critical systems with software. An instrument called a Software Safety Risk Taxonomy Based Questionnaire (TBQ) is generated containing questions addressing each safety attribute in the Software Safety Risk Taxonomy. Software safety risks are surfaced using the new TBQ and then analyzed. In this paper we give the definitions for the specialized Product Engineering Class within the Software Safety Risk Taxonomy. At the end of the paper, we present the tool known as the 'Legacy Systems Risk Database Tool' that is used to collect and analyze the data required to show traceability to a particular safety standard

Analyzing Software Requirements Errors in Safety-Critical, Embedded Systems

Science.gov (United States)

Lutz, Robyn R.

1993-01-01

This paper analyzes the root causes of safety-related software errors in safety-critical, embedded systems. The results show that software errors identified as potentially hazardous to the system tend to be produced by different error mechanisms than non- safety-related software errors. Safety-related software errors are shown to arise most commonly from (1) discrepancies between the documented requirements specifications and the requirements needed for correct functioning of the system and (2) misunderstandings of the software's interface with the rest of the system. The paper uses these results to identify methods by which requirements errors can be prevented. The goal is to reduce safety-related software errors and to enhance the safety of complex, embedded systems.

Computational methods for criticality safety analysis within the scale system

International Nuclear Information System (INIS)

Parks, C.V.; Petrie, L.M.; Landers, N.F.; Bucholz, J.A.

1986-01-01

The criticality safety analysis capabilities within the SCALE system are centered around the Monte Carlo codes KENO IV and KENO V.a, which are both included in SCALE as functional modules. The XSDRNPM-S module is also an important tool within SCALE for obtaining multiplication factors for one-dimensional system models. This paper reviews the features and modeling capabilities of these codes along with their implementation within the Criticality Safety Analysis Sequences (CSAS) of SCALE. The CSAS modules provide automated cross-section processing and user-friendly input that allow criticality safety analyses to be done in an efficient and accurate manner. 14 refs., 2 figs., 3 tabs

SACS2: Dynamic and Formal Safety Analysis Method for Complex Safety Critical System

International Nuclear Information System (INIS)

Koh, Kwang Yong; Seong, Poong Hyun

2009-01-01

Fault tree analysis (FTA) is one of the most widely used safety analysis technique in the development of safety critical systems. However, over the years, several drawbacks of the conventional FTA have become apparent. One major drawback is that conventional FTA uses only static gates and hence can not capture dynamic behaviors of the complex system precisely. Although several attempts such as dynamic fault tree (DFT), PANDORA, formal fault tree (FFT) and so on, have been made to overcome this problem, they can not still do absolute or actual time modeling because they adapt relative time concept and can capture only sequential behaviors of the system. Second drawback of conventional FTA is its lack of rigorous semantics. Because it is informal in nature, safety analysis results heavily depend on an analyst's ability and are error-prone. Finally reasoning process which is to check whether basic events really cause top events is done manually and hence very labor-intensive and timeconsuming for the complex systems. In this paper, we propose a new safety analysis method for complex safety critical system in qualitative manner. We introduce several temporal gates based on timed computational tree logic (TCTL) which can represent quantitative notion of time. Then, we translate the information of the fault trees into UPPAAL query language and the reasoning process is automatically done by UPPAAL which is the model checker for time critical system

Research on communication system of underground safety management based on leaky feeder cable

Institute of Scientific and Technical Information of China (English)

CHEN Jian-hong; ZHANG Tao; CHENG Yun-cai; ZHANG Han

2007-01-01

According to the current working status of underground safety management and production scheduling, the importance and existed problem of underground mine radio communication were summarized, and the basic principle and classification of leaky feeder cable were introduced and the characteristics of cable were analyzed specifically in depth, and the application model of radio communication system for underground mine safety management was put forward. Meanwhile, the research explanation of the system component, function and evaluation was provided. The discussion result indicates that communication system of underground mine safety management which is integrated two-way relay amplifier and other equipment has many communication functions, and underground mine mobile communication can be achieved well.

A formal safety analysis for PLC software-based safety critical system using Z

International Nuclear Information System (INIS)

Koh, Jung Soo

1997-02-01

This paper describes a formal safety analysis technique which is demonstrated by performing empirical formal safety analysis with the case study of beamline hutch door Interlock system that is developed by using PLC (Programmable Logic Controller) systems at the Pohang Accelerator Laboratory. In order to perform formal safety analysis, we have built the Z formal specifications representation from user requirement written in ambiguous natural language and target PLC ladder logic, respectively. We have also studied the effective method to express typical PLC timer component by using specific Z formal notation which is supported by temporal history. We present a formal proof technique specifying and verifying that the hazardous states are not introduced into ladder logic in the PLC-based safety critical system. And also, we have found that some errors or mismatches in user requirement and final implemented PLC ladder logic while analyzing the process of the consistency and completeness of Z translated formal specifications. In the case of relatively small systems like Beamline hutch door interlock system, a formal safety analysis including explicit proof is highly recommended so that the safety of PLC-based critical system may be enhanced and guaranteed. It also provides a helpful benefits enough to comprehend user requirement expressed by ambiguous natural language

Diversity for security: case assessment for FPGA-based safety-critical systems

Directory of Open Access Journals (Sweden)

Kharchenko Vyacheslav

2016-01-01

Full Text Available Industrial safety critical instrumentation and control systems (I&Cs are facing more with information (in general and cyber, in particular security threats and attacks. The application of programmable logic, first of all, field programmable gate arrays (FPGA in critical systems causes specific safety deficits. Security assessment techniques for such systems are based on heuristic knowledges and the expert judgment. Main challenge is how to take into account features of FPGA technology for safety critical I&Cs including systems in which are applied diversity approach to minimize risks of common cause failure. Such systems are called multi-version (MV systems. The goal of the paper is in description of the technique and tool for case-based security assessment of MV FPGA-based I&Cs.

Remote mobile communication in safety support system

International Nuclear Information System (INIS)

Inagaki, Kanji; Kobayashi, Hiroyuki; Hatanaka, Takahiro; Sakuma, Akira; Fukumoto, Akira; Ikeda, Jun

1999-01-01

Safety Support System (SSS) is a computerized operator support system for nuclear power plants, which is now under development. The concept of SSS covers 1) earlier detection of failure symptom and prediction of its influence to the plant operation, 2) improved transparency and robustness of plant control systems, 3) advanced human-machine interface and communication. The authors have been working on the third concept and proposed a remote mobile communication system called Plant Communication System (PCS). PCS aims to realize convenient communication between main control room and other areas such as plant local areas and site offices, using Personal Handyphone System (PHS) and wireless LAN (Local Area Network). PCS can transmit not only data but also graphic displays and dynamic video displays between the main control room and plant local areas. MPEG4 (Moving Picture Experts Group 4) technology is utilized in video data compression and decompression. The authors have developed the special multiplexing unit that connects PHS Cell Stations (CSs) and exiting coaxial cables. Voice recognition and announcement capability is also realized in the system, which enables verbal retrieval of information in the computer systems in the main control room from local areas. (author)

Tank waste remediation system nuclear criticality safety program management review

International Nuclear Information System (INIS)

BRADY RAAP, M.C.

1999-01-01

This document provides the results of an internal management review of the Tank Waste Remediation System (TWRS) criticality safety program, performed in advance of the DOE/RL assessment for closure of the TWRS Nuclear Criticality Safety Issue, March 1994. Resolution of the safety issue was identified as Hanford Federal Facility Agreement and Consent Order (Tri-Party Agreement) Milestone M-40-12, due September 1999

Attacks to Cryptography Protocols of Wireless Industrial Communication Systems

Directory of Open Access Journals (Sweden)

Tomas Ondrasina

2010-01-01

Full Text Available The paper deals with problems of safety and security principles within wireless industrial communication systems. First safety requirements to wireless industrial communication system, summarisation of attack methods and the available measures for risks elimination are described with orientation to safety critical applications. The mainly part is oriented to identification of risks and summarisation of defensive methods of wireless communication based on cryptographic techniques. Practical part the cryptoanalytic’s attacks to COTS (Commercial Off-The-Shelf wireless communications are mentioned based on the IEEE 802.11 standards.

Status, plans, and capabilities of the Nuclear Criticality Information System

International Nuclear Information System (INIS)

Koponen, B.L.

1984-01-01

The Nuclear Criticality Information System (NCIS), in preparation since 1981, has substantially evolved and now contains a growing number of resources pertinent to nuclear criticality safety. These resources include bibliographic compilations, experimental data, communications media, and the International Directory of Nuclear Criticality Safety Personnel. These resources are part of the LLNL Technology Information System (TIS) which provides the host computer for NCIS. The TIS provides nationwide access to authorized members of the nuclear criticality community via interactive dial-up from computer terminals that utilize communication facilities such as commercial and federal telephone networks, toll-free WATS lines, TYMNET, and the ARPANET/MILNET computer network

Modelling and Verifying Communication Failure of Hybrid Systems in HCSP

DEFF Research Database (Denmark)

Wang, Shuling; Nielson, Flemming; Nielson, Hanne Riis

2016-01-01

Hybrid systems are dynamic systems with interacting discrete computation and continuous physical processes. They have become ubiquitous in our daily life, e.g. automotive, aerospace and medical systems, and in particular, many of them are safety-critical. For a safety-critical hybrid system......, in the presence of communication failure, the expected control from the controller will get lost and as a consequence the physical process cannot behave as expected. In this paper, we mainly consider the communication failure caused by the non-engagement of one party in communication action, i.......e. the communication itself fails to occur. To address this issue, this paper proposes a formal framework by extending HCSP, a formal modeling language for hybrid systems, for modeling and verifying hybrid systems in the absence of receiving messages due to communication failure. We present two inference systems...

Safety-Critical Java for Embedded Systems

DEFF Research Database (Denmark)

Rios Rivas, Juan Ricardo

for Java aims at providing a reduced set of the Java programming language that can be used for systems that need to be certified at the highest levels of criticality. Safety-critical Java (SCJ) restricts how a developer can structure an application by providing a specific programming model...... and by restricting the set of methods and libraries that can be used. Furthermore, its memory model do not use a garbage-collected heap but scoped memories. In this thesis we examine the use of the SCJ specification through an implementation in a time-predictable, FPGA-based Java processor. The specification is now...

Critical Characteristics of Radiation Detection System Components to be Dedicated for use in Safety Class and Safety Significant System

International Nuclear Information System (INIS)

DAVIS, S.J.

2000-01-01

This document identifies critical characteristics of components to be dedicated for use in Safety Significant (SS) Systems, Structures, or Components (SSCs). This document identifies the requirements for the components of the common, radiation area, monitor alarm in the WESF pool cell. These are procured as Commercial Grade Items (CGI), with the qualification testing and formal dedication to be performed at the Waste Encapsulation Storage Facility (WESF) for use in safety significant systems. System modifications are to be performed in accordance with the approved design. Components for this change are commercially available and interchangeable with the existing alarm configuration This document focuses on the operational requirements for alarm, declaration of the safety classification, identification of critical characteristics, and interpretation of requirements for procurement. Critical characteristics are identified herein and must be verified, followed by formal dedication, prior to the components being used in safety related applications

Tank waste remediation system nuclear criticality safety inspection and assessment plan

International Nuclear Information System (INIS)

VAIL, T.S.

1999-01-01

This plan provides a management approved procedure for inspections and assessments of sufficient depth to validate that the Tank Waste Remediation System (TWRS) facility complies with the requirements of the Project Hanford criticality safety program, NHF-PRO-334, ''Criticality Safety General, Requirements''

C-Band Airport Surface Communications System Engineering-Initial High-Level Safety Risk Assessment and Mitigation

Science.gov (United States)

Zelkin, Natalie; Henriksen, Stephen

2011-01-01

This document is being provided as part of ITT's NASA Glenn Research Center Aerospace Communication Systems Technical Support (ACSTS) contract: "New ATM Requirements--Future Communications, C-Band and L-Band Communications Standard Development." ITT has completed a safety hazard analysis providing a preliminary safety assessment for the proposed C-band (5091- to 5150-MHz) airport surface communication system. The assessment was performed following the guidelines outlined in the Federal Aviation Administration Safety Risk Management Guidance for System Acquisitions document. The safety analysis did not identify any hazards with an unacceptable risk, though a number of hazards with a medium risk were documented. This effort represents an initial high-level safety hazard analysis and notes the triggers for risk reassessment. A detailed safety hazards analysis is recommended as a follow-on activity to assess particular components of the C-band communication system after the profile is finalized and system rollout timing is determined. A security risk assessment has been performed by NASA as a parallel activity. While safety analysis is concerned with a prevention of accidental errors and failures, the security threat analysis focuses on deliberate attacks. Both processes identify the events that affect operation of the system; and from a safety perspective the security threats may present safety risks.

A study on methodologies for assessing safety critical network's risk impact on Nuclear Power Plant

International Nuclear Information System (INIS)

Lim, T. J.; Lee, H. J.; Park, S. K.; Seo, S. J.

2006-08-01

The objectives of this project is to investigate and study existing reliability analysis techniques for communication networks in order to develop reliability analysis models for Nuclear Power Plant's safety-critical networks. It is necessary to make a comprehensive survey of current methodologies for communication network reliability. Major outputs of the first year study are design characteristics of safety-critical communication networks, efficient algorithms for quantifying reliability of communication networks, and preliminary models for assessing reliability of safety-critical communication networks

Maintaining scale as a realiable computational system for criticality safety analysis

International Nuclear Information System (INIS)

Bowmann, S.M.; Parks, C.V.; Martin, S.K.

1995-01-01

Accurate and reliable computational methods are essential for nuclear criticality safety analyses. The SCALE (Standardized Computer Analyses for Licensing Evaluation) computer code system was originally developed at Oak Ridge National Laboratory (ORNL) to enable users to easily set up and perform criticality safety analyses, as well as shielding, depletion, and heat transfer analyses. Over the fifteen-year life of SCALE, the mainstay of the system has been the criticality safety analysis sequences that have featured the KENO-IV and KENO-V.A Monte Carlo codes and the XSDRNPM one-dimensional discrete-ordinates code. The criticality safety analysis sequences provide automated material and problem-dependent resonance processing for each criticality calculation. This report details configuration management which is essential because SCALE consists of more than 25 computer codes (referred to as modules) that share libraries of commonly used subroutines. Changes to a single subroutine in some cases affect almost every module in SCALE exclamation point Controlled access to program source and executables and accurate documentation of modifications are essential to maintaining SCALE as a reliable code system. The modules and subroutine libraries in SCALE are programmed by a staff of approximately ten Code Managers. The SCALE Software Coordinator maintains the SCALE system and is the only person who modifies the production source, executables, and data libraries. All modifications must be authorized by the SCALE Project Leader prior to implementation

Software coding for reliable data communication in a reactor safety system

International Nuclear Information System (INIS)

Maghsoodi, R.

1978-01-01

A software coding method is proposed to improve the communication reliability of a microprocessor based fast-reactor safety system. This method which replaces the conventional coding circuitry, applies a program to code the data which is communicated between the processors via their data memories. The system requirements are studied and the suitable codes are suggested. The problems associated with hardware coders, and the advantages of software coding methods are discussed. The product code which proves a faster coding time over the cyclic code is chosen as the final code. Then the improvement of the communication reliability is derived for a processor and its data memory. The result is used to calculate the reliability improvement of the processing channel as the basic unit for the safety system. (author)

Security for safety critical space borne systems

Science.gov (United States)

Legrand, Sue

1987-01-01

The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

Quantitative reliability assessment for safety critical system software

International Nuclear Information System (INIS)

Chung, Dae Won; Kwon, Soon Man

2005-01-01

An essential issue in the replacement of the old analogue I and C to computer-based digital systems in nuclear power plants is the quantitative software reliability assessment. Software reliability models have been successfully applied to many industrial applications, but have the unfortunate drawback of requiring data from which one can formulate a model. Software which is developed for safety critical applications is frequently unable to produce such data for at least two reasons. First, the software is frequently one-of-a-kind, and second, it rarely fails. Safety critical software is normally expected to pass every unit test producing precious little failure data. The basic premise of the rare events approach is that well-tested software does not fail under normal routine and input signals, which means that failures must be triggered by unusual input data and computer states. The failure data found under the reasonable testing cases and testing time for these conditions should be considered for the quantitative reliability assessment. We will present the quantitative reliability assessment methodology of safety critical software for rare failure cases in this paper

L-Band Digital Aeronautical Communications System Engineering - Initial Safety and Security Risk Assessment and Mitigation

Science.gov (United States)

Zelkin, Natalie; Henriksen, Stephen

2011-01-01

This document is being provided as part of ITT's NASA Glenn Research Center Aerospace Communication Systems Technical Support (ACSTS) contract NNC05CA85C, Task 7: "New ATM Requirements--Future Communications, C-Band and L-Band Communications Standard Development." ITT has completed a safety hazard analysis providing a preliminary safety assessment for the proposed L-band (960 to 1164 MHz) terrestrial en route communications system. The assessment was performed following the guidelines outlined in the Federal Aviation Administration Safety Risk Management Guidance for System Acquisitions document. The safety analysis did not identify any hazards with an unacceptable risk, though a number of hazards with a medium risk were documented. This effort represents a preliminary safety hazard analysis and notes the triggers for risk reassessment. A detailed safety hazards analysis is recommended as a follow-on activity to assess particular components of the L-band communication system after the technology is chosen and system rollout timing is determined. The security risk analysis resulted in identifying main security threats to the proposed system as well as noting additional threats recommended for a future security analysis conducted at a later stage in the system development process. The document discusses various security controls, including those suggested in the COCR Version 2.0.

A formal safety analysis for PLC software-based safety critical system using Z

International Nuclear Information System (INIS)

Koh, Jung Soo; Seong, Poong Hyun

1997-01-01

This paper describes a formal safety analysis technique which is demonstrated by performing empirical formal safety analysis with the case study of beamline hutch door Interlock system that is developed by using PLC (Programmable Logic Controller) systems at the Pohang Accelerator Laboratory. In order to perform formed safety analysis, we have built the Z formal specifications representation from user requirement written in ambiguous natural language and target PLC ladder logic, respectively. We have also studied the effective method to express typical PLC timer component by using specific Z formal notation which is supported by temporal history. We present a formal proof technique specifying and verifying that the hazardous states are not introduced into ladder logic in the PLC-based safety critical system

Nuclear criticality safety handbook. Version 2

International Nuclear Information System (INIS)

1999-03-01

The Nuclear Criticality Safety Handbook, Version 2 essentially includes the description of the Supplement Report to the Nuclear Criticality Safety Handbook, released in 1995, into the first version of Nuclear Criticality Safety Handbook, published in 1988. The following two points are new: (1) exemplifying safety margins related to modelled dissolution and extraction processes, (2) describing evaluation methods and alarm system for criticality accidents. Revision is made based on previous studies for the chapter that treats modelling the fuel system: e.g., the fuel grain size that the system can be regarded as homogeneous, non-uniformity effect of fuel solution, and burnup credit. This revision solves the inconsistencies found in the first version between the evaluation of errors found in JACS code system and criticality condition data that were calculated based on the evaluation. (author)

Priming patient safety: A middle-range theory of safety goal priming via safety culture communication.

Science.gov (United States)

Groves, Patricia S; Bunch, Jacinda L

2018-05-18

The aim of this paper is discussion of a new middle-range theory of patient safety goal priming via safety culture communication. Bedside nurses are key to safe care, but there is little theory about how organizations can influence nursing behavior through safety culture to improve patient safety outcomes. We theorize patient safety goal priming via safety culture communication may support organizations in this endeavor. According to this theory, hospital safety culture communication activates a previously held patient safety goal and increases the perceived value of actions nurses can take to achieve that goal. Nurses subsequently prioritize and are motivated to perform tasks and risk assessment related to achieving patient safety. These efforts continue until nurses mitigate or ameliorate identified risks and hazards during the patient care encounter. Critically, this process requires nurses to have a previously held safety goal associated with a repertoire of appropriate actions. This theory suggests undergraduate educators should foster an outcomes focus emphasizing the connections between nursing interventions and safety outcomes, hospitals should strategically structure patient safety primes into communicative activities, and organizations should support professional development including new skills and the latest evidence supporting nursing practice for patient safety. © 2018 John Wiley & Sons Ltd.

Using fuzzy self-organising maps for safety critical systems

International Nuclear Information System (INIS)

Kurd, Zeshan; Kelly, Tim P.

2007-01-01

This paper defines a type of constrained artificial neural network (ANN) that enables analytical certification arguments whilst retaining valuable performance characteristics. Previous work has defined a safety lifecycle for ANNs without detailing a specific neural model. Building on this previous work, the underpinning of the devised model is based upon an existing neuro-fuzzy system called the fuzzy self-organising map (FSOM). The FSOM is type of 'hybrid' ANN which allows behaviour to be described qualitatively and quantitatively using meaningful expressions. Safety of the FSOM is argued through adherence to safety requirements-derived from hazard analysis and expressed using safety constraints. The approach enables the construction of compelling (product-based) arguments for mitigation of potential failure modes associated with the FSOM. The constrained FSOM has been termed a 'safety critical artificial neural network' (SCANN). The SCANN can be used for non-linear function approximation and allows certified learning and generalisation for high criticality roles. A discussion of benefits for real-world applications is also presented

SCALE system cross-section validation for criticality safety analysis

International Nuclear Information System (INIS)

Hathout, A.M.; Westfall, R.M.; Dodds, H.L. Jr.

1980-01-01

The purpose of this study is to test selected data from three cross-section libraries for use in the criticality safety analysis of UO 2 fuel rod lattices. The libraries, which are distributed with the SCALE system, are used to analyze potential criticality problems which could arise in the industrial fuel cycle for PWR and BWR reactors. Fuel lattice criticality problems could occur in pool storage, dry storage with accidental moderation, shearing and dissolution of irradiated elements, and in fuel transport and storage due to inadequate packing and shipping cask design. The data were tested by using the SCALE system to analyze 25 recently performed critical experiments

Qualification of safety-critical software for digital reactor safety system in nuclear power plants

International Nuclear Information System (INIS)

Kwon, Kee-Choon; Park, Gee-Yong; Kim, Jang-Yeol; Lee, Jang-Soo

2013-01-01

This paper describes the software qualification activities for the safety-critical software of the digital reactor safety system in nuclear power plants. The main activities of the software qualification processes are the preparation of software planning documentations, verification and validation (V and V) of the software requirements specifications (SRS), software design specifications (SDS) and codes, and the testing of the integrated software and integrated system. Moreover, the software safety analysis and software configuration management are involved in the software qualification processes. The V and V procedure for SRS and SDS contains a technical evaluation, licensing suitability evaluation, inspection and traceability analysis, formal verification, software safety analysis, and an evaluation of the software configuration management. The V and V processes for the code are a traceability analysis, source code inspection, test case and test procedure generation. Testing is the major V and V activity of the software integration and system integration phases. The software safety analysis employs a hazard operability method and software fault tree analysis. The software configuration management in each software life cycle is performed by the use of a nuclear software configuration management tool. Through these activities, we can achieve the functionality, performance, reliability, and safety that are the major V and V objectives of the safety-critical software in nuclear power plants. (author)

Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

Science.gov (United States)

Johnson, C. W.; Atencia Yepez, A.

2012-01-01

Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

Scheduling with Optimized Communication for Time-Triggered Embedded Systems

DEFF Research Database (Denmark)

Pop, Paul; Eles, Petru; Peng, Zebo

1999-01-01

We present an approach to process scheduling for synthesis of safety-critical distributed embedded systems.Our system model captures both the flow of data and that of control. The communication model is based on a time-triggered protocol. We take into consideration overheads due to communication...

Safety and security profiles of industry networks used in safety- critical applications

Directory of Open Access Journals (Sweden)

Mária FRANEKOVÁ

2008-01-01

Full Text Available The author describes the mechanisms of safety and security profiles of industry and communication networks used within safety – related applications in technological and information levels of process control recommended according to standards IEC 61784-3,4. Nowadays the number of vendors of the safety – related communication technologies who guarantees besides the standard communication, the communication amongst the safety – related equipment according to IEC 61508 is increasing. Also the number of safety – related products is increasing, e. g. safety Fieldbus, safety PLC, safety curtains, safety laser scanners, safety buttons, safety relays and other. According to world survey the safety Fieldbus denoted the highest growth from all manufactured safety products.The main part of this paper is the description of the safety-related Fieldbus communication system, which has to guaranty Safety Integrity Level.

Verification of the safety communication protocol in train control system using colored Petri net

International Nuclear Information System (INIS)

Chen Lijie; Tang Tao; Zhao Xianqiong; Schnieder, Eckehard

2012-01-01

This paper deals with formal and simulation-based verification of the safety communication protocol in ETCS (European Train Control System). The safety communication protocol controls the establishment of safety connection between train and trackside. Because of its graphical user interface and modeling flexibility upon the changes in the system conditions, this paper proposes a composition Colored Petri Net (CPN) representation for both the logic and the timed model. The logic of the protocol is proved to be safe by means of state space analysis: the dead markings are correct; there are no dead transitions; being fair. Further analysis results have been obtained using formal and simulation-based verification approach. The timed models for the open transmit system and the application process are created for the purpose of performance analysis of the safety communication protocol. The models describe the procedure of data transmission and processing, and also provide relevant timed and stochastic factors, as well as time delay and lost packet, which may influence the time for establishment of safety connection of the protocol. Time for establishment of safety connection of the protocol in normal state is verified by formal verification, and then time for establishment of safety connection with different probability of lost packet is simulated. After verification it is found that the time for establishment of safety connection of the safety communication protocol satisfies the safety requirements.

Overview of DOE/ONS criticality safety projects

International Nuclear Information System (INIS)

Barber, R.W.; Brown, B.P.; Hopper, C.M.

1985-01-01

The evolution of Federal involvement with nuclear criticality safety has traversed through the 1940's and early 1950's with the Manhattan Engineering District, the 1950's and 1960's with the Atomic Energy Commission, the early 1970's with the Energy Research and Development Administration, and the late 1970's to date with the US Department of Energy. The importance of nuclear criticality safety has been maintained throughout these periods; however, criticality safety has received shifting emphases in research/applications, promulgations of regulations/standards, origins of fiscal support and organization. In June 1981 the Office of Nuclear Safety was established in response to a Department of Energy study of the impact of the March 1979 Three Mile Island accident. The organizational structure of the ONS, its program for establishing and maintaining a progressive nuclear criticality safety program, and associated projects, and current history of ONS's fiscal support of program projects is presented. With the establishment of the ONS came concomitant missions to develop and maintain nuclear safety policy and requirements, to provide independent assurance that nuclear operations are performed safely, to provide resources and management for DOE responses to nuclear accidents, and to provide technical support. In the past four years, ONS has developed and initiated a continuing Department Nuclear Criticality Safety Program in such areas as communications and information, physics of criticality, knowledge of factors affecting criticality, and computational capability

Diversity requirements for safety critical software-based automation systems

International Nuclear Information System (INIS)

Korhonen, J.; Pulkkinen, U.; Haapanen, P.

1998-03-01

System vendors nowadays propose software-based systems even for the most critical safety functions in nuclear power plants. Due to the nature and mechanisms of influence of software faults new methods are needed for the safety and reliability evaluation of these systems. In the research project 'Programmable automation systems in nuclear power plants (OHA)' various safety assessment methods and tools for software based systems are developed and evaluated. This report first discusses the (common cause) failure mechanisms in software-based systems, then defines fault-tolerant system architectures to avoid common cause failures, then studies the various alternatives to apply diversity and their influence on system reliability. Finally, a method for the assessment of diversity is described. Other recently published reports in OHA-report series handles the statistical reliability assessment of software based (STUK-YTO-TR 119), usage models in reliability assessment of software-based systems (STUK-YTO-TR 128) and handling of programmable automation in plant PSA-studies (STUK-YTO-TR 129)

Evaluation of Model Driven Development of Safety Critical Software in the Nuclear Power Plant I and C system

International Nuclear Information System (INIS)

Jung, Jae Cheon; Chang, Hoon Seon; Chang, Young Woo; Kim, Jae Hack; Sohn, Se Do

2005-01-01

The major issues of the safety critical software are formalism and V and V. Implementing these two characteristics in the safety critical software will greatly enhance the quality of software product. The structure based development requires lots of output documents from the requirements phase to the testing phase. The requirements analysis phase is open omitted. According to the Standish group report in 2001, 49% of software project is cancelled before completion or never implemented. In addition, 23% is completed and become operational, but over-budget, over the time estimation, and with fewer features and functions than initially specified. They identified ten success factors. Among them, firm basic requirements and formal methods are technically achievable factors while the remaining eight are management related. Misunderstanding of requirements due to lack of communication between the design engineer and verification engineer causes unexpected result such as functionality error of system. Safety critical software shall comply with such characteristics as; modularity, simplicity, minimizing the sub-routine, and excluding the interrupt routine. In addition, the crosslink fault and erroneous function shall be eliminated. The easiness of repairing work after the installation shall be achieved as well. In consideration of the above issues, we evaluate the model driven development (MDD) methods for nuclear I and C systems software. For qualitative analysis, the unified modeling language (UML), functional block language (FBL) and the safety critical application environment (SCADE) are tested for the above characteristics

Outline of criticality safety research project

International Nuclear Information System (INIS)

Kobayashi, Iwao; Tachimori, Shoichi; Suzaki, Takenori; Takeshita, Isao; Miyoshi, Yoshinori; Nakajima, Ken; Sakurai, Satoshi; Yanagisawa, Hiroshi

1987-01-01

As the power generation capacity of LWRs in Japan increased, the establishment and development of nuclear fuel cycle have become the important subject. Conforming to the safety research project of the nation, the Japan Atomic Energy Research Institute has advanced the project of constructing a new research facility, that is, Nuclear Fuel Cycle Engineering Research Facility (NUCEF). In this facility, it is planned to carry out the research on criticality safety, upgraded reprocessing techniques, and the treatment and disposal of transuranium element wastes. In this paper, the subjects of criticality safety research and the research carried out with a criticality safety experiment facility which is expected to be installed in the NUCEF are briefly reported. The experimental data obtained from the criticality safety handbooks and published literatures in foreign countries are short of the data on the mixture of low enriched uranium and plutonium which is treated in the reprocessing of spent fuel from LWRs. The acquisition of the criticality data for various forms of fuel, the elucidation of the scenario of criticality accidents, and the soundness of the confinement system for gaseous fission products and plutonium are the main subjects. The Static Criticality Safety Facility, Transient Criticality Safety Facility and pulse column system are the main facilities. (Kako, I.)

ISSUES AND RECENT TRENDS IN VEHICLE SAFETY COMMUNICATION SYSTEMS

Directory of Open Access Journals (Sweden)

Sadayuki TSUGAWA

2005-01-01

Full Text Available This paper surveys the research on the applications of inter-vehicle communications, the issues of the deployment and technology, and the current status of inter-vehicle communications projects in Europe, the United States and Japan. The inter-vehicle communications, defined here as communications between on-board ITS computers, improve road traffic safety and efficiency by expanding the horizon of the drivers and on-board sensors. One of the earliest studies on inter-vehicle communications began in Japan in the early 1980s. The inter-vehicle communications play an essential role in automated platooning and cooperative driving systems developed since the 1990's by enabling vehicles to obtain data that would be difficult or impossible to measure with on-board sensors. During these years, interest in applications for inter-vehicle communications increased in the EU, the US and Japan, resulting in many national vehicle safety communications projects such as CarTALK2000 in the EU and VSCC in the US. The technological issues include protocol and communications media. Experiments employ various kinds of protocols and typically use infrared, microwave or millimeter wave media. The situation is ready for standardization. The deployment strategy is another issue. To be feasible, deployment should begin with multiple rather than single services that would work even at a low penetration rate of the communication equipment. In addition, non-technological, legal and institutional issues remained unsolved. Although inter-vehicle communications involve many issues, such applications should be promoted because they will lead to safer and more efficient automobile traffic.

Ending on a positive: Examining the role of safety leadership decisions, behaviours and actions in a safety critical situation.

Science.gov (United States)

Donovan, Sarah-Louise; Salmon, Paul M; Horberry, Timothy; Lenné, Michael G

2018-01-01

Safety leadership is an important factor in supporting safe performance in the workplace. The present case study examined the role of safety leadership during the Bingham Canyon Mine high-wall failure, a significant mining incident in which no fatalities or injuries were incurred. The Critical Decision Method (CDM) was used in conjunction with a self-reporting approach to examine safety leadership in terms of decisions, behaviours and actions that contributed to the incidents' safe outcome. Mapping the analysis onto Rasmussen's Risk Management Framework (Rasmussen, 1997), the findings demonstrate clear links between safety leadership decisions, and emergent behaviours and actions across the work system. Communication and engagement based decisions featured most prominently, and were linked to different leadership practices across the work system. Further, a core sub-set of CDM decision elements were linked to the open flow and exchange of information across the work system, which was critical to supporting the safe outcome. The findings provide practical implications for the development of safety leadership capability to support safety within the mining industry. Copyright © 2017 Elsevier Ltd. All rights reserved.

Criticality safety research on nuclear fuel cycle facility

Energy Technology Data Exchange (ETDEWEB)

Miyoshi, Yoshinori [Japan Atomic Energy Research Inst., Tokai, Ibaraki (Japan). Tokai Research Establishment

2004-07-01

This paper present d s current status and future program of the criticality safety research on nuclear fuel cycle made by Japan Atomic Energy Research Institute. Experimental research on solution fuel treated in reprocessing plant has been performed using two critical facilities, STACY and TRACY. Fundamental data of static and transient characteristics are accumulated for validation of criticality safety codes. Subcritical measurements are also made for developing a monitoring system for criticality safety. Criticality safety codes system for solution and power system, and evaluation method related to burnup credit are developed. (author)

Validation of the Continuous-Energy Monte Carlo Criticality-Safety Analysis System MVP and JENDL-3.2 Using the Internationally Evaluated Criticality Benchmarks

International Nuclear Information System (INIS)

Mitake, Susumu

2003-01-01

Validation of the continuous-energy Monte Carlo criticality-safety analysis system, comprising the MVP code and neutron cross sections based on JENDL-3.2, was examined using benchmarks evaluated in the 'International Handbook of Evaluated Criticality Safety Benchmark Experiments'. Eight experiments (116 configurations) for the plutonium solution and plutonium-uranium mixture systems performed at Valduc, Battelle Pacific Northwest Laboratories, and other facilities were selected and used in the studies. The averaged multiplication factors calculated with MVP and MCNP-4B using the same neutron cross-section libraries based on JENDL-3.2 were in good agreement. Based on methods provided in the Japanese nuclear criticality-safety handbook, the estimated criticality lower-limit multiplication factors to be used as a subcriticality criterion for the criticality-safety evaluation of nuclear facilities were obtained. The analysis proved the applicability of the MVP code to the criticality-safety analysis of nuclear fuel facilities, particularly to the analysis of systems fueled with plutonium and in homogeneous and thermal-energy conditions

Review of studies on criticality safety evaluation and criticality experiment methods

International Nuclear Information System (INIS)

Naito, Yoshitaka; Yamamoto, Toshihiro; Misawa, Tsuyoshi; Yamane, Yuichi

2013-01-01

Since the early 1960s, many studies on criticality safety evaluation have been conducted in Japan. Computer code systems were developed initially by employing finite difference methods, and more recently by using Monte Carlo methods. Criticality experiments have also been carried out in many laboratories in Japan as well as overseas. By effectively using these study results, the Japanese Criticality Safety Handbook was published in 1988, almost the intermediate point of the last 50 years. An increased interest has been shown in criticality safety studies, and a Working Party on Nuclear Criticality Safety (WPNCS) was set up by the Nuclear Science Committee of Organisation Economic Co-operation and Development in 1997. WPNCS has several task forces in charge of each of the International Criticality Safety Benchmark Evaluation Program (ICSBEP), Subcritical Measurement, Experimental Needs, Burn-up Credit Studies and Minimum Critical Values. Criticality safety studies in Japan have been carried out in cooperation with WPNCS. This paper describes criticality safety study activities in Japan along with the contents of the Japanese Criticality Safety Handbook and the tasks of WPNCS. (author)

Optimal task mapping in safety-critical real-time parallel systems

International Nuclear Information System (INIS)

Aussagues, Ch.

1998-01-01

This PhD thesis is dealing with the correct design of safety-critical real-time parallel systems. Such systems constitutes a fundamental part of high-performance systems for command and control that can be found in the nuclear domain or more generally in parallel embedded systems. The verification of their temporal correctness is the core of this thesis. our contribution is mainly in the following three points: the analysis and extension of a programming model for such real-time parallel systems; the proposal of an original method based on a new operator of synchronized product of state machines task-graphs; the validation of the approach by its implementation and evaluation. The work addresses particularly the main problem of optimal task mapping on a parallel architecture, such that the temporal constraints are globally guaranteed, i.e. the timeliness property is valid. The results incorporate also optimally criteria for the sizing and correct dimensioning of a parallel system, for instance in the number of processing elements. These criteria are connected with operational constraints of the application domain. Our approach is based on the off-line analysis of the feasibility of the deadline-driven dynamic scheduling that is used to schedule tasks inside one processor. This leads us to define the synchronized-product, a system of linear, constraints is automatically generated and then allows to calculate a maximum load of a group of tasks and then to verify their timeliness constraints. The communications, their timeliness verification and incorporation to the mapping problem is the second main contribution of this thesis. FInally, the global solving technique dealing with both task and communication aspects has been implemented and evaluated in the framework of the OASIS project in the LETI research center at the CEA/Saclay. (author)

Modeling of requirement specification for safety critical real time computer system using formal mathematical specifications

International Nuclear Information System (INIS)

Sankar, Bindu; Sasidhar Rao, B.; Ilango Sambasivam, S.; Swaminathan, P.

2002-01-01

Full text: Real time computer systems are increasingly used for safety critical supervision and control of nuclear reactors. Typical application areas are supervision of reactor core against coolant flow blockage, supervision of clad hot spot, supervision of undesirable power excursion, power control and control logic for fuel handling systems. The most frequent cause of fault in safety critical real time computer system is traced to fuzziness in requirement specification. To ensure the specified safety, it is necessary to model the requirement specification of safety critical real time computer systems using formal mathematical methods. Modeling eliminates the fuzziness in the requirement specification and also helps to prepare the verification and validation schemes. Test data can be easily designed from the model of the requirement specification. Z and B are the popular languages used for modeling the requirement specification. A typical safety critical real time computer system for supervising the reactor core of prototype fast breeder reactor (PFBR) against flow blockage is taken as case study. Modeling techniques and the actual model are explained in detail. The advantages of modeling for ensuring the safety are summarized

Autoclave nuclear criticality safety analysis

Energy Technology Data Exchange (ETDEWEB)

D`Aquila, D.M. [Martin Marietta Energy Systems, Inc., Piketon, OH (United States); Tayloe, R.W. Jr. [Battelle, Columbus, OH (United States)

1991-12-31

Steam-heated autoclaves are used in gaseous diffusion uranium enrichment plants to heat large cylinders of UF{sub 6}. Nuclear criticality safety for these autoclaves is evaluated. To enhance criticality safety, systems are incorporated into the design of autoclaves to limit the amount of water present. These safety systems also increase the likelihood that any UF{sub 6} inadvertently released from a cylinder into an autoclave is not released to the environment. Up to 140 pounds of water can be held up in large autoclaves. This mass of water is sufficient to support a nuclear criticality when optimally combined with 125 pounds of UF{sub 6} enriched to 5 percent U{sup 235}. However, water in autoclaves is widely dispersed as condensed droplets and vapor, and is extremely unlikely to form a critical configuration with released UF{sub 6}.

Prerequisites of ideal safety-critical organizations

International Nuclear Information System (INIS)

Takeuchi, Michiru; Hikono, Masaru; Matsui, Yuko; Goto, Manabu; Sakuda, Hiroshi

2013-01-01

This study explores the prerequisites of ideal safety-critical organizations, marshalling arguments of 4 areas of organizational research on safety, each of which has overlap: a safety culture, high reliability organizations (HROs), organizational resilience, and leadership especially in safety-critical organizations. The approach taken in this study was to retrieve questionnaire items or items on checklists of the 4 research areas and use them as materials of abduction (as referred to in the KJ method). The results showed that the prerequisites of ideal safety-oriented organizations consist of 9 factors as follows: (1) The organization provides resources and infrastructure to ensure safety. (2) The organization has a sharable vision. (3) Management attaches importance to safety. (4) Employees openly communicate issues and share wide-ranging information with each other. (5) Adjustments and improvements are made as the organization's situation changes. (6) Learning activities from mistakes and failures are performed. (7) Management creates a positive work environment and promotes good relations in the workplace. (8) Workers have good relations in the workplace. (9) Employees have all the necessary requirements to undertake their own functions, and act conservatively. (author)

Nuclear Criticality Safety Handbook, Version 2. English translation

International Nuclear Information System (INIS)

2001-08-01

The Nuclear Criticality Safety Handbook, Version 2 essentially includes the description of the Supplement Report to the Nuclear Criticality Safety Handbook, released in 1995, into the first version of the Nuclear Criticality Safety Handbook, published in 1988. The following two points are new: (1) exemplifying safety margins related to modeled dissolution and extraction processes, (2) describing evaluation methods and alarm system for criticality accidents. Revision has been made based on previous studies for the chapter that treats modeling the fuel system: e.g., the fuel grain size that the system can be regarded as homogeneous, non-uniformity effect of fuel solution, an burnup credit. This revision has solved the inconsistencies found in the first version between the evaluation of errors found in JACS code system and the criticality condition data that were calculated based on the evaluation. This report is an English translation of the Nuclear Criticality Safety Handbook, Version 2, originally published in Japanese as JAERI 1340 in 1999. (author)

Critical roles of orthopaedic surgeon leadership in healthcare systems to improve orthopaedic surgical patient safety.

Science.gov (United States)

Kuo, Calvin C; Robb, William J

2013-06-01

The prevention of medical and surgical harm remains an important public health problem despite increased awareness and implementation of safety programs. Successful introduction and maintenance of surgical safety programs require both surgeon leadership and collaborative surgeon-hospital alignment. Documentation of success of such surgical safety programs in orthopaedic practice is limited. We describe the scope of orthopaedic surgical patient safety issues, define critical elements of orthopaedic surgical safety, and outline leadership roles for orthopaedic surgeons needed to establish and sustain a culture of safety in contemporary healthcare systems. We identified the most common causes of preventable surgical harm based on adverse and sentinel surgical events reported to The Joint Commission. A comprehensive literature review through a MEDLINE(®) database search (January 1982 through April 2012) to identify pertinent orthopaedic surgical safety articles found 14 articles. Where gaps in orthopaedic literature were identified, the review was supplemented by 22 nonorthopaedic surgical references. Our final review included 36 articles. Six important surgical safety program elements needed to eliminate preventable surgical harm were identified: (1) effective surgical team communication, (2) proper informed consent, (3) implementation and regular use of surgical checklists, (4) proper surgical site/procedure identification, (5) reduction of surgical team distractions, and (6) routine surgical data collection and analysis to improve the safety and quality of surgical patient care. Successful surgical safety programs require a culture of safety supported by all six key surgical safety program elements, active surgeon champions, and collaborative hospital and/or administrative support designed to enhance surgical safety and improve surgical patient outcomes. Further research measuring improvements from such surgical safety systems in orthopaedic care is needed.

Safety and Nonsafety Communications and Interactions in International Nuclear Power Plants

Energy Technology Data Exchange (ETDEWEB)

Kisner, Roger A [ORNL; Mullens, James Allen [ORNL; Wilson, Thomas L [ORNL; Wood, Richard Thomas [ORNL; Korsah, Kofi [ORNL; Qualls, A L [ORNL; Muhlheim, Michael David [ORNL; Holcomb, David Eugene [ORNL; Loebl, Andy [ORNL

2007-08-01

Current industry and NRC guidance documents such as IEEE 7-4.3.2, Reg. Guide 1.152, and IEEE 603 do not sufficiently define a level of detail for evaluating interdivisional communications independence. The NRC seeks to establish criteria for safety systems communications that can be uniformly applied in evaluation of a variety of safety system designs. This report focuses strictly on communication issues related to data sent between safety systems and between safety and nonsafety systems. Further, the report does not provide design guidance for communication systems nor present detailed failure modes and effects analysis (FMEA) results for existing designs. This letter report describes communications between safety and nonsafety systems in nuclear power plants outside the United States. A limited study of international nuclear power plants was conducted to ascertain important communication implementations that might have bearing on systems proposed for licensing in the United States. This report provides that following information: 1.communications types and structures used in a representative set of international nuclear power reactors, and 2.communications issues derived from standards and other source documents relevant to safety and nonsafety communications. Topics that are discussed include the following: communication among redundant safety divisions, communications between safety divisions and nonsafety systems, control of safety equipment from a nonsafety workstation, and connection of nonsafety programming, maintenance, and test equipment to redundant safety divisions during operation. Information for this report was obtained through publicly available sources such as published papers and presentations. No proprietary information is represented.

Safety and Nonsafety Communications and Interactions in International Nuclear Power Plants

International Nuclear Information System (INIS)

Kisner, Roger A.; Mullens, James Allen; Wilson, Thomas L.; Wood, Richard Thomas; Korsah, Kofi; Qualls, A.L.; Muhlheim, Michael David; Holcomb, David Eugene; Loebl, Andy

2007-01-01

Current industry and NRC guidance documents such as IEEE 7-4.3.2, Reg. Guide 1.152, and IEEE 603 do not sufficiently define a level of detail for evaluating interdivisional communications independence. The NRC seeks to establish criteria for safety systems communications that can be uniformly applied in evaluation of a variety of safety system designs. This report focuses strictly on communication issues related to data sent between safety systems and between safety and nonsafety systems. Further, the report does not provide design guidance for communication systems nor present detailed failure modes and effects analysis (FMEA) results for existing designs. This letter report describes communications between safety and nonsafety systems in nuclear power plants outside the United States. A limited study of international nuclear power plants was conducted to ascertain important communication implementations that might have bearing on systems proposed for licensing in the United States. This report provides that following information: 1.communications types and structures used in a representative set of international nuclear power reactors, and 2.communications issues derived from standards and other source documents relevant to safety and nonsafety communications. Topics that are discussed include the following: communication among redundant safety divisions, communications between safety divisions and nonsafety systems, control of safety equipment from a nonsafety workstation, and connection of nonsafety programming, maintenance, and test equipment to redundant safety divisions during operation. Information for this report was obtained through publicly available sources such as published papers and presentations. No proprietary information is represented

Anatomy of safety-critical computing problems

International Nuclear Information System (INIS)

Swu Yih; Fan Chinfeng; Shirazi, Behrooz

1995-01-01

This paper analyzes the obstacles faced by current safety-critical computing applications. The major problem lies in the difficulty to provide complete and convincing safety evidence to prove that the software is safe. We explain this problem from a fundamental perspective by analyzing the essence of safety analysis against that of software developed by current practice. Our basic belief is that in order to perform a successful safety analysis, the state space structure of the analyzed system must have some properties as prerequisites. We propose the concept of safety analyzability, and derive its necessary and sufficient conditions; namely, definability, finiteness, commensurability, and tractability. We then examine software state space structures against these conditions, and affirm that the safety analyzability of safety-critical software developed by current practice is severely restricted by its state space structure and by the problem of exponential growth cost. Thus, except for small and simple systems, the safety evidence may not be complete and convincing. Our concepts and arguments successfully explain the current problematic situation faced by the safety-critical computing domain. The implications are also discussed

Providing Survivable Real-Time Communication Service for Distributed Mission Critical Systems

National Research Council Canada - National Science Library

Zhao, Wei; Bettati, Riccardo; Vaidya, Nitin

2005-01-01

This document is the final report for Providing Survivable Real-Time Communication Service for Distributed Mission Critical Systems, a Texas A AND M project funded through the DARPA Fault Tolerant Networks Program...

Synthesis of Communication Schedules for TTEthernet-Based Mixed-Criticality Systems

DEFF Research Database (Denmark)

Tamas-Selicean, Domitian; Pop, Paul; Steiner, Wilfried

2012-01-01

In this paper we are interested in safety-critical distributed systems, composed of heterogeneous processing elements interconnected using the TTEthernet protocol. We address hard real-time mixed-criticality applications, which may have different criticality levels, and we focus on the optimization...... be integrated onto the same architecture only if there is enough spatial and temporal separation among them. TTEthernet offers spatial separation for mixed-criticality messages through the concept of virtual links, and temporal separation, enforced through schedule tables for TT messages and bandwidth...... allocation for RC messages. Given the set of mixed-criticality messages in the system and the topology of the virtual links on which the messages are transmitted, we are interested to synthesize offline the static schedules for the TT messages, such that the deadlines for the TT and RC messages are satisfied...

Martin Marietta Energy Systems Nuclear Criticality Safety Improvement Program

International Nuclear Information System (INIS)

Speas, I.G.

1987-01-01

This report addresses questions raised by criticality safety violation at several DOE plants. Two charts are included that define the severity and reporting requirements for the six levels of accidents. A summary is given of all reported criticality incident at the DOE plants involved. The report concludes with Martin Marietta's Nuclear Criticality Safety Policy Statement

K-effective as a measure of criticality safety

International Nuclear Information System (INIS)

Venner, J.; Haley, R.M.; Bowden, R.L.

2003-01-01

This paper considers the relation between the neutron multiplication of a system, k-effective, and critical parameters. It aims to investigate whether k-effective is always the most appropriate measure of safety. For simple systems handbook data can be effectively utilized, applying a safety factor to critical masses. In such situations, the criticality safety margin is readily apparent. However, more complex systems may use the calculated value of neutron multiplication to assess the criticality safety of the system under investigation. A problem arises because there is no exact consistency between k-effective and the physical margin of subcriticality, in terms of parameters such as mass. In the UK, commonly accepted safety criteria are applied to limit the k-effective of the system being assessed. These margins of subcriticality have no definitive justification to support the values chosen and might be considered rather arbitrary in nature. This paper aims to answer this question of suitability by investigating the relation between k-effective and the physical critical parameters for a wide range of systems. It concludes that the safety criteria currently applied in the UK are valid, but some difference exists between safety factors applied to the mass of fissile material present and the corresponding value of k-effective. (author)

RICIS Symposium 1992: Mission and Safety Critical Systems Research and Applications

Science.gov (United States)

1992-01-01

This conference deals with computer systems which control systems whose failure to operate correctly could produce the loss of life and or property, mission and safety critical systems. Topics covered are: the work of standards groups, computer systems design and architecture, software reliability, process control systems, knowledge based expert systems, and computer and telecommunication protocols.

An aspect-oriented approach for designing safety-critical systems

Science.gov (United States)

Petrov, Z.; Zaykov, P. G.; Cardoso, J. P.; Coutinho, J. G. F.; Diniz, P. C.; Luk, W.

The development of avionics systems is typically a tedious and cumbersome process. In addition to the required functions, developers must consider various and often conflicting non-functional requirements such as safety, performance, and energy efficiency. Certainly, an integrated approach with a seamless design flow that is capable of requirements modelling and supporting refinement down to an actual implementation in a traceable way, may lead to a significant acceleration of development cycles. This paper presents an aspect-oriented approach supported by a tool chain that deals with functional and non-functional requirements in an integrated manner. It also discusses how the approach can be applied to development of safety-critical systems and provides experimental results.

Reliability estimation of safety-critical software-based systems using Bayesian networks

International Nuclear Information System (INIS)

Helminen, A.

2001-06-01

Due to the nature of software faults and the way they cause system failures new methods are needed for the safety and reliability evaluation of software-based safety-critical automation systems in nuclear power plants. In the research project 'Programmable automation system safety integrity assessment (PASSI)', belonging to the Finnish Nuclear Safety Research Programme (FINNUS, 1999-2002), various safety assessment methods and tools for software based systems are developed and evaluated. The project is financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry (KTM) and the Technical Research Centre of Finland (VTT). In this report the applicability of Bayesian networks to the reliability estimation of software-based systems is studied. The applicability is evaluated by building Bayesian network models for the systems of interest and performing simulations for these models. In the simulations hypothetical evidence is used for defining the parameter relations and for determining the ability to compensate disparate evidence in the models. Based on the experiences from modelling and simulations we are able to conclude that Bayesian networks provide a good method for the reliability estimation of software-based systems. (orig.)

Applications of PRA in nuclear criticality safety

International Nuclear Information System (INIS)

McLaughlin, T.P.

1992-01-01

Traditionally, criticality accident prevention at Los Alamos has been based on a thorough review and understanding of proposed operations of changes to operations, involving both process supervision and criticality safety staff. The outcome of this communication was usually an agreement, based on professional judgement, that certain accident sequences were credible and had to be reduced in likelihood either by administrative controls or by equipment design and others were not credible, and thus did not warrant expenditures to further reduce their likelihood. The extent of analysis and documentation was generally in proportion to the complexity of the operation but did not include quantified risk assessments. During the last three years nuclear criticality safety related Probabilistic Risk Assessments (PRAs) have been preformed on operations in two Los Alamos facilities. Both of these were conducted in order to better understand the cost/benefit aspects of PRA's as they apply to largely ''hands-on'' operations with fissile material for which human errors or equipment failures significant to criticality safety are both rare and unique. Based on these two applications and an appreciation of the historical criticality accident record (frequency and consequences) it is apparent that quantified risk assessments should be performed very selectively

Quantitative risk assessment of digitalized safety systems

Energy Technology Data Exchange (ETDEWEB)

Shin, Sung Min; Lee, Sang Hun; Kang, Hym Gook [KAIST, Daejeon (Korea, Republic of); Lee, Seung Jun [UNIST, Ulasn (Korea, Republic of)

2016-05-15

A report published by the U.S. National Research Council indicates that appropriate methods for assessing reliability are key to establishing the acceptability of digital instrumentation and control (I and C) systems in safety-critical plants such as NPPs. Since the release of this issue, the methodology for the probabilistic safety assessment (PSA) of digital I and C systems has been studied. However, there is still no widely accepted method. Kang and Sung found three critical factors for safety assessment of digital systems: detection coverage of fault-tolerant techniques, software reliability quantification, and network communication risk. In reality the various factors composing digitalized I and C systems are not independent of each other but rather closely connected. Thus, from a macro point of view, a method that can integrate risk factors with different characteristics needs to be considered together with the micro approaches to address the challenges facing each factor.

Analysing context-dependent deviations in interacting with safety-critical systems

International Nuclear Information System (INIS)

Paterno, Fabio; Santoro, Carmen

2006-01-01

Mobile technology is penetrating many areas of human life. This implies that the context of use can vary in many respects. We present a method that aims to support designers in managing the complex design space when considering applications with varying contexts and help them to identify solutions that support users in performing their activities while preserving usability and safety. The method is a novel combination of an analysis of both potential deviations in task performance and most suitable information representations based on distributed cognition. The originality of the contribution is in providing a conceptual tool for better understanding the impact of context of use on user interaction in safety-critical domains. In order to present our approach we provide an example in which the implications of introducing new support through mobile devices in a safety-critical system are identified and analysed in terms of potential hazards

Decomobil, Deliverable 3.6, Human Centred Design for Safety Critical Transport Systems

OpenAIRE

PAUZIE, Annie; MENDOZA, Lucile; SIMOES, Anabela; BELLET, Thierry; MOREAU, Fabien

2014-01-01

The scientific seminar on 'Human Centred Design for Safety Critical Transport Systems' organized in the framework of DECOMOBIL has been held the 8th of September 2014 in Lisbon, Portugal, hosted by ADI/ISG. The aims of the event were to present the scientific problematic related to the safety of the complex transport systems and the increasing importance of human-­centred design, with a specific focus on Resilience Engineering concept, a new approach to safety management in highly complex sys...

Nuclear criticality safety department training implementation

International Nuclear Information System (INIS)

Carroll, K.J.; Taylor, R.G.; Worley, C.A.

1996-01-01

The Nuclear Criticality Safety Department (NCSD) is committed to developing and maintaining a staff of qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. The NCSD Qualification Program is described in Y/DD-694, Qualification Program, Nuclear Criticality Safety Department This document provides a listing of the roles and responsibilities of NCSD personnel with respect to training and details of the Training Management System (TMS) programs, Mentoring Checklists and Checksheets, as well as other documentation utilized to implement the program. This document supersedes Y/DD-696, Revision 2, dated 3/27/96, Training Implementation, Nuclear Criticality Safety Department. There are no backfit requirements associated with revisions to this document

Industrial Personal Computer based Display for Nuclear Safety System

International Nuclear Information System (INIS)

Kim, Ji Hyeon; Kim, Aram; Jo, Jung Hee; Kim, Ki Beom; Cheon, Sung Hyun; Cho, Joo Hyun; Sohn, Se Do; Baek, Seung Min

2014-01-01

The safety display of nuclear system has been classified as important to safety (SIL:Safety Integrity Level 3). These days the regulatory agencies are imposing more strict safety requirements for digital safety display system. To satisfy these requirements, it is necessary to develop a safety-critical (SIL 4) grade safety display system. This paper proposes industrial personal computer based safety display system with safety grade operating system and safety grade display methods. The description consists of three parts, the background, the safety requirements and the proposed safety display system design. The hardware platform is designed using commercially available off-the-shelf processor board with back plane bus. The operating system is customized for nuclear safety display application. The display unit is designed adopting two improvement features, i.e., one is to provide two separate processors for main computer and display device using serial communication, and the other is to use Digital Visual Interface between main computer and display device. In this case the main computer uses minimized graphic functions for safety display. The display design is at the conceptual phase, and there are several open areas to be concreted for a solid system. The main purpose of this paper is to describe and suggest a methodology to develop a safety-critical display system and the descriptions are focused on the safety requirement point of view

Industrial Personal Computer based Display for Nuclear Safety System

Energy Technology Data Exchange (ETDEWEB)

Kim, Ji Hyeon; Kim, Aram; Jo, Jung Hee; Kim, Ki Beom; Cheon, Sung Hyun; Cho, Joo Hyun; Sohn, Se Do; Baek, Seung Min [KEPCO, Youngin (Korea, Republic of)

2014-08-15

The safety display of nuclear system has been classified as important to safety (SIL:Safety Integrity Level 3). These days the regulatory agencies are imposing more strict safety requirements for digital safety display system. To satisfy these requirements, it is necessary to develop a safety-critical (SIL 4) grade safety display system. This paper proposes industrial personal computer based safety display system with safety grade operating system and safety grade display methods. The description consists of three parts, the background, the safety requirements and the proposed safety display system design. The hardware platform is designed using commercially available off-the-shelf processor board with back plane bus. The operating system is customized for nuclear safety display application. The display unit is designed adopting two improvement features, i.e., one is to provide two separate processors for main computer and display device using serial communication, and the other is to use Digital Visual Interface between main computer and display device. In this case the main computer uses minimized graphic functions for safety display. The display design is at the conceptual phase, and there are several open areas to be concreted for a solid system. The main purpose of this paper is to describe and suggest a methodology to develop a safety-critical display system and the descriptions are focused on the safety requirement point of view.

KAERI software safety guideline for developing safety-critical software in digital instrumentation and control system of nuclear power plant

International Nuclear Information System (INIS)

Lee, Jang Soo; Kim, Jang Yeol; Eum, Heung Seop.

1997-07-01

Recently, the safety planning for safety-critical software systems is being recognized as the most important phase in the software life cycle, and being developed new regulatory positions and standards by the regulatory and the standardization organization. The requirements for software important to safety of nuclear reactor are described in such positions and standards. Most of them are describing mandatory requirements, what shall be done, for the safety-critical software. The developers of such a software. However, there have been a lot of controversial factors on whether the work practices satisfy the regulatory requirements, and to justify the safety of such a system developed by the work practices, between the licenser and the licensee. We believe it is caused by the reason that there is a gap between the mandatory requirements (What) and the work practices (How). We have developed a guidance to fill such gap, which can be useful for both licenser and licensee to conduct a justification of the safety in the planning phase of developing the software for nuclear reactor protection systems. (author). 67 refs., 13 tabs., 2 figs

KAERI software safety guideline for developing safety-critical software in digital instrumentation and control system of nuclear power plant

Energy Technology Data Exchange (ETDEWEB)

Lee, Jang Soo; Kim, Jang Yeol; Eum, Heung Seop

1997-07-01

Recently, the safety planning for safety-critical software systems is being recognized as the most important phase in the software life cycle, and being developed new regulatory positions and standards by the regulatory and the standardization organization. The requirements for software important to safety of nuclear reactor are described in such positions and standards. Most of them are describing mandatory requirements, what shall be done, for the safety-critical software. The developers of such a software. However, there have been a lot of controversial factors on whether the work practices satisfy the regulatory requirements, and to justify the safety of such a system developed by the work practices, between the licenser and the licensee. We believe it is caused by the reason that there is a gap between the mandatory requirements (What) and the work practices (How). We have developed a guidance to fill such gap, which can be useful for both licenser and licensee to conduct a justification of the safety in the planning phase of developing the software for nuclear reactor protection systems. (author). 67 refs., 13 tabs., 2 figs.

A desktop 3D printer in safety-critical Java

DEFF Research Database (Denmark)

Strøm, Tórur Biskopstø; Schoeberl, Martin

2012-01-01

there exist several safety-critical Java framework implementations, there is a lack of safety-critical use cases implemented according to the specification. In this paper we present a 3D printer and its safety-critical Java level 1 implementation as a use case. With basis in the implementation we evaluate......It is desirable to bring Java technology to safety-critical systems. To this end The Open Group has created the safety-critical Java specification, which will allow Java applications, written according to the specification, to be certifiable in accordance with safety-critical standards. Although...

Design aspects of safety critical instrumentation of nuclear installations

Energy Technology Data Exchange (ETDEWEB)

Swaminathan, P. [Electronics Group, Indira Gandhi Centre for Atomic Research, Kalpakkam 603 102, Tamil Nadu (India)]. E-mail: swamy@igcar.ernet.in

2005-07-01

Safety critical instrumentation systems ensure safe shutdown/configuration of the nuclear installation when process status exceeds the safety threshold limits. Design requirements for safety critical instrumentation such as functional and electrical independence, fail-safe design, and architecture to ensure the specified unsafe failure rate and safe failure rate, human machine interface (HMI), etc., are explained with examples. Different fault tolerant architectures like 1/2, 2/2, 2/3 hot stand-by are compared for safety critical instrumentation. For embedded systems, software quality assurance is detailed both during design phase and O and M phase. Different software development models such as waterfall model and spiral model are explained with examples. The error distribution in embedded system is detailed. The usage of formal method is outlined to reduce the specification error. The guidelines for coding of application software are outlined. The interface problems of safety critical instrumentation with sensors, actuators, other computer systems, etc., are detailed with examples. Testability and maintainability shall be taken into account during design phase. Online diagnostics for safety critical instrumentation is detailed with examples. Salient details of design guides from Atomic Energy Regulatory Board, International Atomic Energy Agency and standards from IEEE, BIS are given towards the design of safety critical instrumentation systems. (author)

Design aspects of safety critical instrumentation of nuclear installations

International Nuclear Information System (INIS)

Swaminathan, P.

2005-01-01

Safety critical instrumentation systems ensure safe shutdown/configuration of the nuclear installation when process status exceeds the safety threshold limits. Design requirements for safety critical instrumentation such as functional and electrical independence, fail-safe design, and architecture to ensure the specified unsafe failure rate and safe failure rate, human machine interface (HMI), etc., are explained with examples. Different fault tolerant architectures like 1/2, 2/2, 2/3 hot stand-by are compared for safety critical instrumentation. For embedded systems, software quality assurance is detailed both during design phase and O and M phase. Different software development models such as waterfall model and spiral model are explained with examples. The error distribution in embedded system is detailed. The usage of formal method is outlined to reduce the specification error. The guidelines for coding of application software are outlined. The interface problems of safety critical instrumentation with sensors, actuators, other computer systems, etc., are detailed with examples. Testability and maintainability shall be taken into account during design phase. Online diagnostics for safety critical instrumentation is detailed with examples. Salient details of design guides from Atomic Energy Regulatory Board, International Atomic Energy Agency and standards from IEEE, BIS are given towards the design of safety critical instrumentation systems. (author)

A safety-critical decision support system evaluation using situation awareness and workload measures

International Nuclear Information System (INIS)

Naderpour, Mohsen; Lu, Jie; Zhang, Guangquan

2016-01-01

To ensure the safety of operations in safety-critical systems, it is necessary to maintain operators' situation awareness (SA) at a high level. A situation awareness support system (SASS) has therefore been developed to handle uncertain situations [1]. This paper aims to systematically evaluate the enhancement of SA in SASS by applying a multi-perspective approach. The approach consists of two SA metrics, SAGAT and SART, and one workload metric, NASA-TLX. The first two metrics are used for the direct objective and subjective measurement of SA, while the third is used to estimate operator workload. The approach is applied in a safety-critical environment called residue treater, located at a chemical plant in which a poor human-system interface reduced the operator's SA and caused one of the worst accidents in US history. A counterbalanced within-subjects experiment is performed using a virtual environment interface with and without the support of SASS. The results indicate that SASS improves operators' SA, and specifically has benefits for SA levels 2 and 3. In addition, it is concluded that SASS reduces operator workload, although further investigations in different environments with a larger number of participants have been suggested. - Highlights: • The suitability of a cognitive decision support system is investigated. • An evaluation approach considering situation awareness and workload measures is proposed. • A computerized system based on the proposed approach is implemented. • The implemented system is used in a safety-critical environment.

Fission, critical mass and safety-a historical review

International Nuclear Information System (INIS)

Meggitt, Geoff

2006-01-01

Since the discovery of fission, the notion of a chain reaction in a critical mass releasing massive amounts of energy has haunted physicists. The possibility of a bomb or a reactor prompted much of the early work on determining a critical mass, but the need to avoid an accidental critical excursion during processing or transport of fissile material drove much that took place subsequently. Because of the variety of possible situations that might arise, it took some time to develop adequate theoretical tools for criticality safety and the early assessments were based on direct experiment. Some extension of these experiments to closely similar situations proved possible, but it was not until the 1960s that theoretical methods (and computers to run them) developed enough for them to become reliable assessment tools. Validating such theoretical methods remained a concern, but by the end of the century they formed the backbone of criticality safety assessment. This paper traces the evolution of these methods, principally in the UK and USA, and summarises some related work concerned with the nature of criticality accidents and their radiological consequences. It also indicates how the results have been communicated and used in ensuring nuclear safety. (review)

A Practical Risk Assessment Methodology for Safety-Critical Train Control Systems

Science.gov (United States)

2009-07-01

This project proposes a Practical Risk Assessment Methodology (PRAM) for analyzing railroad accident data and assessing the risk and benefit of safety-critical train control systems. This report documents in simple steps the algorithms and data input...

System Guidelines for EMC Safety-Critical Circuits: Design, Selection, and Margin Demonstration

Science.gov (United States)

Lawton, R. M.

1996-01-01

Demonstration of safety margins for critical points (circuits) has traditionally been required since it first became a part of systems-level Electromagnetic Compatibility (EMC) requirements of MIL-E-6051C. The goal of this document is to present cost-effective guidelines for ensuring adequate Electromagnetic Effects (EME) safety margins on spacecraft critical circuits. It is for the use of NASA and other government agencies and their contractors to prevent loss of life, loss of spacecraft, or unacceptable degradation. This document provides practical definition and treatment guidance to contain costs within affordable limits.

Some Challenges in the Design of Human-Automation Interaction for Safety-Critical Systems

Science.gov (United States)

Feary, Michael S.; Roth, Emilie

2014-01-01

Increasing amounts of automation are being introduced to safety-critical domains. While the introduction of automation has led to an overall increase in reliability and improved safety, it has also introduced a class of failure modes, and new challenges in risk assessment for the new systems, particularly in the assessment of rare events resulting from complex inter-related factors. Designing successful human-automation systems is challenging, and the challenges go beyond good interface development (e.g., Roth, Malin, & Schreckenghost 1997; Christoffersen & Woods, 2002). Human-automation design is particularly challenging when the underlying automation technology generates behavior that is difficult for the user to anticipate or understand. These challenges have been recognized in several safety-critical domains, and have resulted in increased efforts to develop training, procedures, regulations and guidance material (CAST, 2008, IAEA, 2001, FAA, 2013, ICAO, 2012). This paper points to the continuing need for new methods to describe and characterize the operational environment within which new automation concepts are being presented. We will describe challenges to the successful development and evaluation of human-automation systems in safety-critical domains, and describe some approaches that could be used to address these challenges. We will draw from experience with the aviation, spaceflight and nuclear power domains.

Licensing process for safety-critical software-based systems

Energy Technology Data Exchange (ETDEWEB)

Haapanen, P. [VTT Automation, Espoo (Finland); Korhonen, J. [VTT Electronics, Espoo (Finland); Pulkkinen, U. [VTT Automation, Espoo (Finland)

2000-12-01

System vendors nowadays propose software-based technology even for the most critical safety functions in nuclear power plants. Due to the nature of software faults and the way they cause system failures new methods are needed for the safety and reliability evaluation of these systems. In the research project 'Programmable automation systems in nuclear power plants (OHA)', financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry (KTM) and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. As a part of the OHA-work a reference model for the licensing process for software-based safety automation systems is defined. The licensing process is defined as the set of interrelated activities whose purpose is to produce and assess evidence concerning the safety and reliability of the system/application to be licensed and to make the decision about the granting the construction and operation permissions based on this evidence. The parties of the licensing process are the authority, the licensee (the utility company), system vendors and their subcontractors and possible external independent assessors. The responsibility about the production of the evidence in first place lies at the licensee who in most cases rests heavily on the vendor expertise. The evaluation and gauging of the evidence is carried out by the authority (possibly using external experts), who also can acquire additional evidence by using their own (independent) methods and tools. Central issue in the licensing process is to combine the quality evidence about the system development process with the information acquired through tests, analyses and operational experience. The purpose of the licensing process described in this report is to act as a reference model both for the authority and the licensee when planning the licensing of individual applications

Licensing process for safety-critical software-based systems

International Nuclear Information System (INIS)

Haapanen, P.; Korhonen, J.; Pulkkinen, U.

2000-12-01

System vendors nowadays propose software-based technology even for the most critical safety functions in nuclear power plants. Due to the nature of software faults and the way they cause system failures new methods are needed for the safety and reliability evaluation of these systems. In the research project 'Programmable automation systems in nuclear power plants (OHA)', financed together by the Radiation and Nuclear Safety Authority (STUK), the Ministry of Trade and Industry (KTM) and the Technical Research Centre of Finland (VTT), various safety assessment methods and tools for software based systems are developed and evaluated. As a part of the OHA-work a reference model for the licensing process for software-based safety automation systems is defined. The licensing process is defined as the set of interrelated activities whose purpose is to produce and assess evidence concerning the safety and reliability of the system/application to be licensed and to make the decision about the granting the construction and operation permissions based on this evidence. The parties of the licensing process are the authority, the licensee (the utility company), system vendors and their subcontractors and possible external independent assessors. The responsibility about the production of the evidence in first place lies at the licensee who in most cases rests heavily on the vendor expertise. The evaluation and gauging of the evidence is carried out by the authority (possibly using external experts), who also can acquire additional evidence by using their own (independent) methods and tools. Central issue in the licensing process is to combine the quality evidence about the system development process with the information acquired through tests, analyses and operational experience. The purpose of the licensing process described in this report is to act as a reference model both for the authority and the licensee when planning the licensing of individual applications. Many of the

Criticality safety studies at VTT Energy

International Nuclear Information System (INIS)

Roine, T.; Anttila, M.

1995-01-01

At VTT Energy a compact reactor physics calculation system is applied in many kind of problems. Generation of group constants for static and dynamic core calculations, flux and dose rate calculations as well as criticality safety studies are performed basically with the same codes. In the presentation a short overview of the wide variety of criticality safety problems analyzed at VTT Energy is given. The calculation system with some illustrative examples is also described. (12 refs., 1 tab.)

Communicating on risk and safety in terms of awareness

International Nuclear Information System (INIS)

Hammar, L.; Andersson, Kjell

1999-01-01

'Safety awareness' is proposed as a possibly constructive concept for the purpose of promoting initiatives in nuclear safety work and gaining improved understanding when communicating on nuclear safety. Safety is thus conceived as resulting essentially from and actually constituting awareness of critical factors in regard of safety. The concept aims specifically at promoting the view of 'safety' as 'awareness of required conditions for being in control of risk'. It aims as well at making clearer sense in calling for constant improvement of safety, according to practice in a safety culture. This proposed view would be expected to lead to applying the usual types of safety criteria but offers the merit of attracting due attention to 'awareness goals' in process oriented safety management which are fundamental to maintaining and improving safety. Applications are discussed in regard of communicating on nuclear safety between decision-makers and the general public, developing and maintaining safety culture, integrating specialist expert contributions in over-all safety assessment, setting safety goals and using safety indicators

Criticality safety validation: Simple geometry, single unit 233U systems

International Nuclear Information System (INIS)

Putman, V.L.

1997-06-01

Typically used LMITCO criticality safety computational methods are evaluated for suitability when applied to INEEL 233 U systems which reasonably can be modeled as simple-geometry, single-unit systems. Sixty-seven critical experiments of uranium highly enriched in 233 U, including 57 aqueous solution, thermal-energy systems and 10 metal, fast-energy systems, were modeled. These experiments include 41 cylindrical and 26 spherical cores, and 41 reflected and 26 unreflected systems. No experiments were found for intermediate-neutron-energy ranges, or with interstitial non-hydrogenous materials typical of waste systems, mixed 233 U and plutonium, or reflectors such as steel, lead, or concrete. No simple geometry experiments were found with cubic or annular cores, or approximating infinite sea systems. Calculations were performed with various tools and methodologies. Nine cross-section libraries, based on ENDF/B-IV, -V, or -VI.2, or on Hansen-Roach source data, were used with cross-section processing methods of MCNP or SCALE. The k eff calculations were performed with neutral-particle transport and Monte Carlo methods of criticality codes DANT, MCNP 4A, and KENO Va

Is Model-Based Development a Favorable Approach for Complex and Safety-Critical Computer Systems on Commercial Aircraft?

Science.gov (United States)

Torres-Pomales, Wilfredo

2014-01-01

A system is safety-critical if its failure can endanger human life or cause significant damage to property or the environment. State-of-the-art computer systems on commercial aircraft are highly complex, software-intensive, functionally integrated, and network-centric systems of systems. Ensuring that such systems are safe and comply with existing safety regulations is costly and time-consuming as the level of rigor in the development process, especially the validation and verification activities, is determined by considerations of system complexity and safety criticality. A significant degree of care and deep insight into the operational principles of these systems is required to ensure adequate coverage of all design implications relevant to system safety. Model-based development methodologies, methods, tools, and techniques facilitate collaboration and enable the use of common design artifacts among groups dealing with different aspects of the development of a system. This paper examines the application of model-based development to complex and safety-critical aircraft computer systems. Benefits and detriments are identified and an overall assessment of the approach is given.

Use of modern software - based instrumentation in safety critical systems

International Nuclear Information System (INIS)

Emmett, J.; Smith, B.

2005-01-01

Many Nuclear Power Plants are now ageing and in need of various degrees of refurbishment. Installed instrumentation usually uses out of date 'analogue' technology and is often no longer available in the market place. New technology instrumentation is generally un-qualified for nuclear use and specifically the new 'smart' technology contains 'firmware', (effectively 'soup' (Software of Uncertain Pedigree)) which must be assessed in accordance with relevant safety standards before it may be used in a safety application. Particular standards are IEC 61508 [1] and the British Energy (BE) PES (Programmable Electronic Systems) guidelines EPD/GEN/REP/0277/97. [2] This paper outlines a new instrument evaluation system, which has been developed in conjunction with the UK Nuclear Industry. The paper concludes with a discussion about on-line monitoring of Smart instrumentation in safety critical applications. (author)

Software reliability for safety-critical applications

International Nuclear Information System (INIS)

Everett, B.; Musa, J.

1994-01-01

In this talk, the authors address the question open-quotes Can Software Reliability Engineering measurement and modeling techniques be applied to safety-critical applications?close quotes Quantitative techniques have long been applied in engineering hardware components of safety-critical applications. The authors have seen a growing acceptance and use of quantitative techniques in engineering software systems but a continuing reluctance in using such techniques in safety-critical applications. The general case posed against using quantitative techniques for software components runs along the following lines: safety-critical applications should be engineered such that catastrophic failures occur less frequently than one in a billion hours of operation; current software measurement/modeling techniques rely on using failure history data collected during testing; one would have to accumulate over a billion operational hours to verify failure rate objectives of about one per billion hours

Nuclear Criticality Safety Department Qualification Program

International Nuclear Information System (INIS)

Carroll, K.J.; Taylor, R.G.; Worley, C.A.

1996-01-01

The Nuclear Criticality Safety Department (NCSD) is committed to developing and maintaining a staff of highly qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. This document defines the Qualification Program to address the NCSD technical and managerial qualification as required by the Y-1 2 Training Implementation Matrix (TIM). This Qualification Program is in compliance with DOE Order 5480.20A and applicable Lockheed Martin Energy Systems, Inc. (LMES) and Y-1 2 Plant procedures. It is implemented through a combination of WES plant-wide training courses and professional nuclear criticality safety training provided within the department. This document supersedes Y/DD-694, Revision 2, 2/27/96, Qualification Program, Nuclear Criticality Safety Department There are no backfit requirements associated with revisions to this document

Applications of PRA in nuclear criticality safety

International Nuclear Information System (INIS)

McLaughlin, T.P.

1992-01-01

Traditionally, criticality accident prevention at Los Alamos National Laboratory (LANL) has been based on a thorough review and understanding of proposed operations or changes to operations involving both process supervision and criticality safety staff. The outcome of this communication was usually an agreement, based on professional judgment, that certain accident sequences were credible and had to be precluded by design; others were incredible and thus did not warrant expenditures to further reduce their likelihood. The extent of documentation was generally in proportion to the complexity of the operation but never as detailed as that associated with quantified risk assessments. During the last 3 yr, nuclear criticality safety-related probabilistic risk assessments (PRAs) have been performed on operations in two LANL facilities. Both of these were conducted in order to better understand the cost/benefit aspects of PRAs as they apply to largely hands-on operations with fissile material

47 CFR 80.1109 - Distress, urgency, and safety communications.

Science.gov (United States)

2010-10-01

... 47 Telecommunication 5 2010-10-01 2010-10-01 false Distress, urgency, and safety communications. 80.1109 Section 80.1109 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES STATIONS IN THE MARITIME SERVICES Global Maritime Distress and Safety System (GMDSS...

Estimating Impact and Frequency of Risks to Safety and Mission Critical Systems Using CVSS

NARCIS (Netherlands)

Houmb, S.H.; Nunes Leal Franqueira, V.; Engum, E.A.

2008-01-01

Many safety and mission critical systems depend on the correct and secure operation of both supportive and core software systems. E.g., both the safety of personnel and the effective execution of core missions on an oil platform depend on the correct recording storing, transfer and interpretation of

X-real-time executive (X-RTE) an ultra-high reliable real-time executive for safety critical systems

International Nuclear Information System (INIS)

Suresh Babu, R.M.

1995-01-01

With growing number of application of computers in safety critical systems of nuclear plants there has been a need to assure high quality and reliability of the software used in these systems. One way to assure software quality is to use qualified software components. Since the safety systems and control systems are real-time systems there is a need for a real-time supervisory software to guarantee temporal response of the system. This report describes one such software package, called X-Real-Time Executive (or X-RTE), which was developed in Reactor Control Division, BARC. The report describes all the capabilities and unique features of X-RTE and compares it with a commercially available operating system. The features of X-RTE include pre-emptive scheduling, process synchronization, inter-process communication, multi-processor support, temporal support, debug facility, high portability, high reliability, high quality, and extensive documentation. Examples have been used very liberally to illustrate the underlying concepts. Besides, the report provides a brief description about the methods used, during the software development, to assure high quality and reliability of X-RTE. (author). refs., 11 figs., tabs

Mayday system infiniti communicator; Kinkyu tsuho system Infiniti Communicator

Energy Technology Data Exchange (ETDEWEB)

Iijima, Y.; Ito, T.; Isono, Y.; Sekiya, M.; Koizumi, H.; Miyazaki, S.; Kishore, A.; Lawor, D. [Nissan Motor Co. Ltd., Tokyo (Japan)

1999-02-01

To respond to emergency situations associated with vehicle accidents and mechanical problems on the road, a novel emergency communication system, which combines vehicle electronics, GPS and communication systems, has been developed and is contributing to safety in the U.S. In addition to emergency communication, other features including theft protection, security, convenience features, etc. are to be added to this system in the future. An emergency communication system, `The Infiniti Communicator`, which began its service in March 1998 under such a market trend, is explained in this report. (author)

Use of a Web Site to Enhance Criticality Safety Training

International Nuclear Information System (INIS)

Huang, S T; Morman, J

2003-01-01

Currently, a website dedicated to enhancing communication and dissemination of criticality safety information is sponsored by the U.S. Department of Energy (DOE) Nuclear Criticality Safety Program (NCSP). This website was developed as part of the DOE response to the Defense Nuclear Facilities Safety Board (DNFSB) Recommendation 97-2, which reflected the need to make criticality safety information available to a wide audience. The website is the focal point for DOE nuclear criticality safety (NCS) activities, resources and references, including hyperlinks to other sites actively involved in the collection and dissemination of criticality safety information. The website is maintained by the Lawrence Livermore National Laboratory (LLNL) under auspices of the NCSP management. One area of the website contains a series of Nuclear Criticality Safety Engineer Training (NCSET) modules. During the past few years, many users worldwide have accessed the NCSET section of the NCSP website and have downloaded the training modules as an aid for their training programs. This trend was remarkable in that it points out a continuing need of the criticality safety community across the globe. It has long been recognized that training of criticality safety professionals is a continuing process involving both knowledge-based training and experience-based operations floor training. As more of the experienced criticality safety professionals reach retirement age, the opportunities for mentoring programs are reduced. It is essential that some method be provided to assist the training of young criticality safety professionals to replenish this limited human expert resource to support on-going and future nuclear operations. The main objective of this paper is to present the features of the NCSP website, including its mission, contents, and most importantly its use for the dissemination of training modules to the criticality safety community. We will discuss lessons learned and several ideas

The Nuclear Criticality Information System: An update

International Nuclear Information System (INIS)

Koponen, B.L.

1991-07-01

The US Department of Energy's Nuclear Criticality Information System (NCIS) has served the criticality community for the past ten years with publications and with an online information system. NCIS provides a mean for widely distributed nuclear criticality specialists to communicate and work together instantly. Users of the system may receive assistance from all members of the NCIS community, which provides a much broader base of support than is available at any single site. When unified by NCIS, these diverse specialists provide a resource that has proven to be very useful in the safe handling of fissile material. NCIS also is a source of current nuclear criticality safety information; the rapid access of such up-to-date information on the handling of fissile materials outside of nuclear reactors is international in scope, extending beyond political and geographical boundaries

The Department of Energy nuclear criticality safety program

International Nuclear Information System (INIS)

Felty, J.R.

2004-01-01

This paper broadly covers key events and activities from which the Department of Energy Nuclear Criticality Safety Program (NCSP) evolved. The NCSP maintains fundamental infrastructure that supports operational criticality safety programs. This infrastructure includes continued development and maintenance of key calculational tools, differential and integral data measurements, benchmark compilation, development of training resources, hands-on training, and web-based systems to enhance information preservation and dissemination. The NCSP was initiated in response to Defense Nuclear Facilities Safety Board Recommendation 97-2, Criticality Safety, and evolved from a predecessor program, the Nuclear Criticality Predictability Program, that was initiated in response to Defense Nuclear Facilities Safety Board Recommendation 93-2, The Need for Critical Experiment Capability. This paper also discusses the role Dr. Sol Pearlstein played in helping the Department of Energy lay the foundation for a robust and enduring criticality safety infrastructure.

Nuclear criticality safety parameter evaluation for uranium metallic alloy

Energy Technology Data Exchange (ETDEWEB)

Sanchez, Andrea; Abe, Alfredo, E-mail: andreasdpz@hotmail.com, E-mail: abye@uol.com.br [Instituto de Pesquisas Energeticas e Nucleares (IPEN/CNEN-SP), Sao Paulo, SP (Brazil). Centro de Energia Nuclear

2013-07-01

Nuclear criticality safety during fuel fabrication process, transport and storage of fissile and fissionable materials requires criticality safety analysis. Normally the analysis involves computer calculations and safety parameters determination. There are many different Criticality Safety Handbooks where such safety parameters for several different fissile mixtures are presented. The handbooks have been published to provide data and safety principles for the design, safety evaluation and licensing of operations, transport and storage of fissile and fissionable materials. The data often comprise not only critical values, but also subcritical limits and safe parameters obtained for specific conditions using criticality safety calculation codes such as SCALE system. Although many data are available for different fissile and fissionable materials, compounds, mixtures, different enrichment level, there are a lack of information regarding a uranium metal alloy, specifically UMo and UNbZr. Nowadays uranium metal alloy as fuel have been investigated under RERTR program as possible candidate to became a new fuel for research reactor due to high density. This work aim to evaluate a set of criticality safety parameters for uranium metal alloy using SCALE system and MCNP Monte Carlo code. (author)

Use of a web site to enhance criticality safety training

International Nuclear Information System (INIS)

Huang, Song T.; Morman, James A.

2003-01-01

Establishment of the NCSP (Nuclear Criticality Safety Program) website represents one attempt by the NCS (Nuclear Criticality Safety) community to meet the need to enhance communication and disseminate NCS information to a wider audience. With the aging work force in this important technical field, there is a common recognition of the need to capture the corporate knowledge of these people and provide an easily accessible, web-based training opportunity to those people just entering the field of criticality safety. A multimedia-based site can provide a wide range of possibilities for criticality safety training. Training modules could range from simple text-based material, similar to the NCSET (Nuclear Criticality Safety Engineer Training) modules, to interactive web-based training classes, to video lecture series. For example, the Los Alamos National Laboratory video series of interviews with pioneers of criticality safety could easily be incorporated into training modules. Obviously, the development of such a program depends largely upon the need and participation of experts who share the same vision and enthusiasm of training the next generation of criticality safety engineers. The NCSP website is just one example of the potential benefits that web-based training can offer. You are encouraged to browse the NCSP website at http://ncsp.llnl.gov. We solicit your ideas in the training of future NCS engineers and welcome your participation with us in developing future multimedia training modules. (author)

Application of an integrated PC-based neutronics code system to criticality safety

International Nuclear Information System (INIS)

Briggs, J.B.; Nigg, D.W.

1991-01-01

An integrated system of neutronics and radiation transport software suitable for operation in an IBM PC-class environment has been under development at the Idaho National Engineering Laboratory (INEL) for the past four years. Four modules within the system are particularly useful for criticality safety applications. Using the neutronics portion of the integrated code system, effective neutron multiplication values (k eff values) have been calculated for a variety of benchmark critical experiments for metal systems (Plutonium and Uranium), Aqueous Systems (Plutonium and Uranium) and LWR fuel rod arrays. A description of the codes and methods used in the analysis and the results of the benchmark critical experiments are presented in this paper. In general, excellent agreement was found between calculated and experimental results. (Author)

Safety critical systems handbook a straightforward guide to functional safety : IEC 61508 (2010 edition) and related standards

CERN Document Server

Smith, David J

2010-01-01

Electrical, electronic and programmable electronic systems increasingly carry out safety functions to guard workers and the public against injury or death and the environment against pollution. The international functional safety standard IEC 61508 was revised in 2010, and this is the first comprehensive guide available to the revised standard. As functional safety is applicable to many industries, this book will have a wide readership beyond the chemical and process sector, including oil and gas, power generation, nuclear, aircraft, and automotive industries, plus project, instrumentation, design, and control engineers. * The only comprehensive guide to IEC 61508, updated to cover the 2010 amendments, that will ensure engineers are compliant with the latest process safety systems design and operation standards* Helps readers understand the process required to apply safety critical systems standards* Real-world approach helps users to interpret the standard, with case studies and best practice design examples...

Study on criticality safety evaluation of a system where flood will never occur

International Nuclear Information System (INIS)

Naito, Yoshitaka; Yamamoto, Toshihiro; Komuro, Yuichi; Itahara, Kuniyuki.

1995-03-01

Criticality safety evaluation for a single unit containing nuclear fuel has usually been performed on the assumption that there is a fully thick water reflector around the unit. For a system where flood will never occur, however, the thick reflector assumption is usually not applied recently. In such cases, a method is proposed, which models surrounding structural material and branch pipes as 2.5cm thick water reflector. This report shows that reactivity worth of structural material and branch pipes is, in many cases, less than that of 2.5cm thick water reflector. Further, another method is shown to evaluate criticality safety for a multiple unit system, using computed results with surrounding structural material and branch pipes neglected. And it is shown with many sample calculations that the method with 2.5cm thick water reflector in place of structural material and pipes gives safety side results to similar systems to real reprocessing plants. (author)

Criticality Safety Evaluation for the TACS at DAF

Energy Technology Data Exchange (ETDEWEB)

Percher, C. M. [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States); Heinrichs, D. P. [Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

2011-06-10

Hands-on experimental training in the physical behavior of multiplying systems is one of ten key areas of training required for practitioners to become qualified in the discipline of criticality safety as identified in DOE-STD-1135-99, Guidance for Nuclear Criticality Safety Engineer Training and Qualification. This document is a criticality safety evaluation of the training activities and operations associated with HS-3201-P, Nuclear Criticality 4-Day Training Course (Practical). This course was designed to also address the training needs of nuclear criticality safety professionals under the auspices of the NNSA Nuclear Criticality Safety Program1. The hands-on, or laboratory, portion of the course will utilize the Training Assembly for Criticality Safety (TACS) and will be conducted in the Device Assembly Facility (DAF) at the Nevada Nuclear Security Site (NNSS). The training activities will be conducted by Lawrence Livermore National Laboratory following the requirements of an Integrated Work Sheet (IWS) and associated Safety Plan. Students will be allowed to handle the fissile material under the supervision of an LLNL Certified Fissile Material Handler.

2011 Annual Criticality Safety Program Performance Summary

Energy Technology Data Exchange (ETDEWEB)

Andrea Hoffman

2011-12-01

The 2011 review of the INL Criticality Safety Program has determined that the program is robust and effective. The review was prepared for, and fulfills Contract Data Requirements List (CDRL) item H.20, 'Annual Criticality Safety Program performance summary that includes the status of assessments, issues, corrective actions, infractions, requirements management, training, and programmatic support.' This performance summary addresses the status of these important elements of the INL Criticality Safety Program. Assessments - Assessments in 2011 were planned and scheduled. The scheduled assessments included a Criticality Safety Program Effectiveness Review, Criticality Control Area Inspections, a Protection of Controlled Unclassified Information Inspection, an Assessment of Criticality Safety SQA, and this management assessment of the Criticality Safety Program. All of the assessments were completed with the exception of the 'Effectiveness Review' for SSPSF, which was delayed due to emerging work. Although minor issues were identified in the assessments, no issues or combination of issues indicated that the INL Criticality Safety Program was ineffective. The identification of issues demonstrates the importance of an assessment program to the overall health and effectiveness of the INL Criticality Safety Program. Issues and Corrective Actions - There are relatively few criticality safety related issues in the Laboratory ICAMS system. Most were identified by Criticality Safety Program assessments. No issues indicate ineffectiveness in the INL Criticality Safety Program. All of the issues are being worked and there are no imminent criticality concerns. Infractions - There was one criticality safety related violation in 2011. On January 18, 2011, it was discovered that a fuel plate bundle in the Nuclear Materials Inspection and Storage (NMIS) facility exceeded the fissionable mass limit, resulting in a technical safety requirement (TSR) violation. The

Culture, communication and safety: lessons from the airline industry.

Science.gov (United States)

d'Agincourt-Canning, Lori G; Kissoon, Niranjan; Singal, Mona; Pitfield, Alexander F

2011-06-01

Communication is a critical component of effective teamwork and both are essential elements in providing high quality of care to patients. Yet, communication is not an innate skill but a process influenced by internal (personal/cultural values) as well as external (professional roles and hierarchies) factors. To provide illustrative cases, themes and tools for improving communication. Literature review and consensus opinion based on extensive experience. Professional autonomy should be de-emphasized. Tools such as SBAR and simulation are important in communication and teamwork. Tools designed to improve communication and safety in the aviation industry may have applicability to the pediatric intensive care unit.

Car-to-Pedestrian Communication Safety System Based on the Vehicular Ad-Hoc Network Environment: A Systematic Review

Directory of Open Access Journals (Sweden)

Peng Jing

2017-10-01

Full Text Available With the unparalleled growth of motor vehicles, traffic accident between pedestrians and vehicles is one of the most serious issues in the word-wild. Plenty of injuries and fatalities are caused by the traffic accidents and crashes. The connected vehicular ad hoc network as an emerging approach which has the potential to reduce and even avoid accidents have been focused on by many researchers. A large number of car-to-pedestrian communication safety systems based on the vehicular ad hoc network are researching and developing. However, to our limited knowledge, a systematic review about the car-to-pedestrian communication safety system based on the vehicular ad-hoc network has not be written. The purpose and goal of this review is to systematically evaluate and access the reliability of car-to-pedestrian communication safety system based on the vehicular ad-hoc network environment and provide some recommendations for the future works according to throwing some light on the previous literatures. A quality evaluation was developed through established items and instruments tailored to this review. Future works are needed to focus on developing a valid as well as effective communication safety system based on the vehicular ad hoc network to protect the vulnerable road users.

Critical/non-critical system methodology report

International Nuclear Information System (INIS)

1989-01-01

The method used to determine how the waste Isolation Pilot Plant (WIPP) facilities/systems were classified as critical or non-critical to the receipt of CH waste is described within this report. All WIPP critical facilities/systems are listed in the Operational Readiness Review Dictionary. Using the Final Safety Analysis Report (FSAR) as a guide to define the boundaries of the facilities/systems, a direct correlation of the ORR Dictionary to the FSAR can be obtained. The critical facilities/systems are those which are directly related to or have a critical support role in the receipt of CH waste. The facility/systems must meet one of the following requirements to be considered critical: (a) confinement or measure of the release of radioactive materials; (b) continued receipt and/or storage of transuranic waste (TRU) without an interruption greater than one month according to the shipping plan schedule; (c) the environmental and occupational safety of personnel meets the established site programs; and (d) the physical security of the WIPP facilities

Implementation of a closed-loop reporting system for critical values and clinical communication in compliance with goals of the joint commission.

Science.gov (United States)

Parl, Fritz F; O'Leary, Mandy F; Kaiser, Allen B; Paulett, John M; Statnikova, Kristina; Shultz, Edward K

2010-03-01

Current practices of reporting critical laboratory values make it challenging to measure and assess the timeliness of receipt by the treating physician as required by The Joint Commission's 2008 National Patient Safety Goals. A multidisciplinary team of laboratorians, clinicians, and information technology experts developed an electronic ALERTS system that reports critical values via the laboratory and hospital information systems to alphanumeric pagers of clinicians and ensures failsafe notification, instant documentation, automatic tracking, escalation, and reporting of critical value alerts. A method for automated acknowledgment of message receipt was incorporated into the system design. The ALERTS system has been applied to inpatients and eliminated approximately 9000 phone calls a year made by medical technologists. Although a small number of phone calls were still made as a result of pages not acknowledged by clinicians within 10 min, they were made by telephone operators, who either contacted the same physician who was initially paged by the automated system or identified and contacted alternate physicians or the patient's nurse. Overall, documentation of physician acknowledgment of receipt in the electronic medical record increased to 95% of critical values over 9 months, while the median time decreased to communication by developing an electronic system for reporting of critical values that is in compliance with The Joint Commission's goals.

Nuclear criticality safety 2005 and 2006. Monitoring, follow-up and communication

International Nuclear Information System (INIS)

Mennerdahl, Dennis

2007-03-01

A number of selected issues have dominated during 2005 and 2006. This include development of models for realism based on physics (not only statistics and praxis), criteria for criticality safety, regulations and standards, burnup credit, determination of source convergence in calculations, substantial improvements in calculation methods, validation of those methods, etc. In spite of some criticism against certain parts of the NRC FCSS/ISG-10, it is an important document. It should support both authorities and utilities to determine adequate safety margins. To a large extent, the principles that have been applied in Sweden since the 1970's are supported. The extra safety margin (MMS or Δk m ) that protects against unknown uncertainties in k eff should be related to the known uncertainty. In Sweden this has been achieved by limitation of the total, statistically determined standard deviation to 0.01. In addition, FCSS/ISG-10 supports the principle of using different values of Δk m for normal situations than for design basis incidents (must have very low probabilities). In Sweden, Δk m have been included in the design limits that have been 0.95 for normal scenarios and 0.98 for incident scenarios. The corresponding values of Δk m are 0.05 and 0.02. They are exactly the same values as are mentioned in FCSS/ISG-10. The recently issued SCALE 5.1 is very important for burnup credit. Similar capabilities have been available in Sweden, in the form of CASMO, PHOENIX and their predecessor BUXY, for more than 30 years. SCALE 5.1 makes reactor calculations available in a procedure that is easily accessible to specialists on criticality safety. The physics simulation of the irradiation (Monte Carlo through KENO in 3-D or deterministic through NEWT in 2-D) becomes much more realistic with SCALE 5.1 than with earlier versions. A very important project is the OECD/NEA study on reference values for criticality safety. The final report has now been distributed. Among other issues

The PSA of safety-critical digital I and C system: the determination of important factors and sensitivity analysis

International Nuclear Information System (INIS)

Kang, H. G.; Sung, T. Y.; Eom, H. S.; Jeong, H. S.; Park, J. K.; Lee, K. Y.; Park, J. K.

2002-01-01

This report is prepared to suggest a practical Probabilistic Safety Assessment (PSA) methodology of safety-critical digital instrumentation and control (I and C) systems. Even though conventional probabilistic safety assessment methods are immature for applying to microprocessor-based digital systems, practical needs force to apply it because the result of probabilistic safety assessment plays very important role in proving the safety of a designed system. Microprocessors and software technologies make the digital system very complex and hard to analyze the safety of their applications. The aim of this is: (1) To summarize the factors which should be represented by the model for probabilistic safety assessment and to propose a standpoint of evaluation for digital systems. (2) To quantitatively presents the results of a mathematical case study which examines the analysis framework of the safety of digital systems in the context of the PSA. (3) To show the results of a sensitivity study for some critical factors

Nuclear criticality safety staff training and qualifications at Los Alamos National Laboratory

International Nuclear Information System (INIS)

Monahan, S.P.; McLaughlin, T.P.

1997-01-01

Operations involving significant quantities of fissile material have been conducted at Los Alamos National Laboratory continuously since 1943. Until the advent of the Laboratory's Nuclear Criticality Safety Committee (NCSC) in 1957, line management had sole responsibility for controlling criticality risks. From 1957 until 1961, the NCSC was the Laboratory body which promulgated policy guidance as well as some technical guidance for specific operations. In 1961 the Laboratory created the position of Nuclear Criticality Safety Office (in addition to the NCSC). In 1980, Laboratory management moved the Criticality Safety Officer (and one other LACEF staff member who, by that time, was also working nearly full-time on criticality safety issues) into the Health Division office. Later that same year the Criticality Safety Group, H-6 (at that time) was created within H-Division, and staffed by these two individuals. The training and education of these individuals in the art of criticality safety was almost entirely self-regulated, depending heavily on technical interactions between each other, as well as NCSC, LACEF, operations, other facility, and broader criticality safety community personnel. Although the Los Alamos criticality safety group has grown both in size and formality of operations since 1980, the basic philosophy that a criticality specialist must be developed through mentoring and self motivation remains the same. Formally, this philosophy has been captured in an internal policy, document ''Conduct of Business in the Nuclear Criticality Safety Group.'' There are no short cuts or substitutes in the development of a criticality safety specialist. A person must have a self-motivated personality, excellent communications skills, a thorough understanding of the principals of neutron physics, a safety-conscious and helpful attitude, a good perspective of real risk, as well as a detailed understanding of process operations and credible upsets

Plant safety review from mass criticality accident

International Nuclear Information System (INIS)

Susanto, B.G.

2000-01-01

The review has been done to understand the resent status of the plant in facing postulated mass criticality accident. From the design concept of the plant all the components in the system including functional groups have been designed based on favorable mass/geometry safety principle. The criticality safety for each component is guaranteed because all the dimensions relevant to criticality of the components are smaller than dimensions of 'favorable mass/geometry'. The procedures covering all aspects affecting quality including the safety related are developed and adhered to at all times. Staff are indoctrinated periodically in short training session to warn the important of the safety in process of production. The plant is fully equipped with 6 (six) criticality detectors in strategic places to alert employees whenever the postulated mass criticality accident occur. In the event of Nuclear Emergency Preparedness, PT BATAN TEKNOLOGI has also proposed the organization structure how promptly to report the crisis to Nuclear Energy Control Board (BAPETEN) Indonesia. (author)

CSER 96-014: criticality safety of project W-151, 241-AZ-101 retrieval system process test

Energy Technology Data Exchange (ETDEWEB)

Vail, T.S., Fluor Daniel Hanford

1997-02-06

This Criticality Safety Evaluation Report (CSER) documents a review of the criticality safety implications of a process test to be performed in tank 241-AZ-101 (101-AZ). The process test will determine the effectiveness of the retrieval system for mobilization of solids and the practicality of the system for future use in the underground storage tanks at Hanford. The scope of the CSER extends only to the testing and operation of the mixer pumps and does not include the transfer of waste from the tank. Justification is provided that a nuclear criticality is extremely unlikely, if not impossible, in this tank.

Nuclear criticality safety guide

International Nuclear Information System (INIS)

Pruvost, N.L.; Paxton, H.C.

1996-09-01

This technical reference document cites information related to nuclear criticality safety principles, experience, and practice. The document also provides general guidance for criticality safety personnel and regulators

Nuclear criticality safety guide

Energy Technology Data Exchange (ETDEWEB)

Pruvost, N.L.; Paxton, H.C. [eds.

1996-09-01

This technical reference document cites information related to nuclear criticality safety principles, experience, and practice. The document also provides general guidance for criticality safety personnel and regulators.

Fault tree synthesis for software design analysis of PLC based safety-critical systems

International Nuclear Information System (INIS)

Koo, S. R.; Cho, C. H.; Seong, P. H.

2006-01-01

As a software verification and validation should be performed for the development of PLC based safety-critical systems, a software safety analysis is also considered in line with entire software life cycle. In this paper, we propose a technique of software safety analysis in the design phase. Among various software hazard analysis techniques, fault tree analysis is most widely used for the safety analysis of nuclear power plant systems. Fault tree analysis also has the most intuitive notation and makes both qualitative and quantitative analyses possible. To analyze the design phase more effectively, we propose a technique of fault tree synthesis, along with a universal fault tree template for the architecture modules of nuclear software. Consequently, we can analyze the safety of software on the basis of fault tree synthesis. (authors)

SDL-Based Protocol Validation for the Integrated Safety Communication Network in Nuclear Power Plants

International Nuclear Information System (INIS)

Kim, Jung-hun; Kim, Dong-hoon; Lee, Dong-young; Park, Sung-woo

2006-01-01

The communication protocol in nuclear power plants needs to be validated systematically to avoid the critical situation that may be caused by its own faults. We establish the methodology to validate the protocol designed for the Integrated Safety Communication Networks (ISCN) of Korea Nuclear Instrumentation and Control System (KNICS). The ISCN protocol is specified using the formal description technique called the SDL. The validation of ISCN protocol is done via the Simulator and Validator, both of which are main functions provided by the SDL

Evaluating Models of Human Performance: Safety-Critical Systems Applications

Science.gov (United States)

Feary, Michael S.

2012-01-01

This presentation is part of panel discussion on Evaluating Models of Human Performance. The purpose of this panel is to discuss the increasing use of models in the world today and specifically focus on how to describe and evaluate models of human performance. My presentation will focus on discussions of generating distributions of performance, and the evaluation of different strategies for humans performing tasks with mixed initiative (Human-Automation) systems. I will also discuss issues with how to provide Human Performance modeling data to support decisions on acceptability and tradeoffs in the design of safety critical systems. I will conclude with challenges for the future.

Risk communication activities toward nuclear safety in Tokai: your safety is our safety

International Nuclear Information System (INIS)

Tsuchiya, T.

2007-01-01

As several decades have passed since the construction of nuclear power plants began, residents have become gradually less interested in nuclear safety. The Tokai criticality accident in 1909, however, had roused residents in Tokai-Mura to realize that they live with nuclear technology risks. To prepare a field of risk communication, the Tokai-Mura C 3 project began as a pilot research project supported by NISA. Alter the project ended, we are continuing risk. communication activities as a non-profit organisation. The most important activity of C 3 project is the citizen's inspection programme for nuclear related facilities. This programme was decided by participants who voluntarily applied to the project. The concept of the citizen's inspection programme is 'not the usual facility tours'. Participants are involved from the planning stage and continue to communicate with workers of the inspected nuclear facility. Since 2003, we have conducted six programmes for five nuclear related organisations. Participants evaluated that radiation protection measures were near good but there were some problems concerning the worker's safety and safety culture, and proposed a mixture of advice based on personal experience. Some advice was accepted and it did improve the facility's safety measures. Other suggestions were not agreed upon by nuclear organisations. The reason lies in the difference of concept between the nuclear expert's 'safety' and the citizen's 'safety'. Residents do not worry about radiation only, but also about the facility's safety as a whole including the worker's safety. They say, 'If the workers are not safe, you also are unable to protect us'. Although the disagreement remained, the participants and the nuclear industry learned much about each other. Participating citizens received a substantial amount of knowledge about the nuclear industry and its safety measures, and feel the credibility and openness of the nuclear industry. On the other hand, the nuclear

Criticality safety

International Nuclear Information System (INIS)

Walker, G.

1983-01-01

When a sufficient quantity of fissile material is brought together a self-sustaining neutron chain reaction will be started in it and will continue until some change occurs in the fissile material to stop the chain reaction. The quantity of fissile material required is the 'Critical Mass'. This is not a fixed quantity even for a given type of fissile material but varies between quite wide limits depending on a number of factors. In a nuclear reactor the critical mass of fissile material is assembled under well-defined condition to produce a controllable chain reaction. The same materials have to be handled outside the reactor in all stages of fuel element manufacture, storage, transport and irradiated fuel reprocessing. At any stage it is possible (at least in principle) to assemble a critical mass and thus initiate an accidental and uncontrollable chain reaction. Avoiding this is what criticality safety is all about. A system is just critical when the rate of production of neutrons balances the rate of loss either by escape or by absorption. The factors affecting criticality are, therefore, those which effect neutron production and loss. The principal ones are:- type of nuclide and enrichment (or isotopic composition), moderation, reflection, concentration (density), shape and interaction. Each factor is considered in detail. (author)

48 CFR 209.270 - Aviation and ship critical safety items.

Science.gov (United States)

2010-10-01

... Requirements 209.270 Aviation and ship critical safety items. ... 48 Federal Acquisition Regulations System 3 2010-10-01 2010-10-01 false Aviation and ship critical safety items. 209.270 Section 209.270 Federal Acquisition Regulations System DEFENSE ACQUISITION...

Analysis of Critical Characteristics for Safety Graded Personnel Computers in the KNICS Architecture

International Nuclear Information System (INIS)

Lee, Hyun Chul; Lee, Dong Young

2009-01-01

Critical characteristics analysis of a safety related item is to identify characteristics to be verified to replace an original item with the dedicated item. It is sure that the dedicated item meeting critical characteristics would perform its intended safety function instead of the specified item. KNICS project developed two safety systems: IDiPS RPS (Reactor Protection System) and IDiPS ESF-CCS (Engineered Safety Features-Component Control System). Two safety systems of IDiPS are equipped with personnel computers, so-called COMs (Cabinet Operator Modules), in their cabinets. The personnel computers, COMs, are responsible for safety system monitoring, testing, and maintaining. Even though two safety systems are safety critical system, the personnel computers of two systems, i.e. COMs, are not graded as safety-graded items. Regulation requirements are expected to be strengthened, and the functions of the personnel computer may be enhanced to include safety-related functions and safety functions, it would be necessary that the grade of the personnel computers is adjusted to a higher level, the safety grade. To try to upgrade a non safety system, i.e. COMs, to a safety system, its safety functions and requirements, i.e. critical characteristics, must be identified and verified. This paper describes the process of the identification of critical characteristics and the results of analysis

Request from nuclear fuel cycle and criticality safety design

International Nuclear Information System (INIS)

Hamasaki, Manabu; Sakashita, Kiichiro; Natsume, Toshihiro

2005-01-01

The quality and reliability of criticality safety design of nuclear fuel cycle systems such as fuel fabrication facilities, fuel reprocessing facilities, storage systems of various forms of nuclear materials or transportation casks have been largely dependent on the quality of criticality safety analyses using qualified criticality calculation code systems and reliable nuclear data sets. In this report, we summarize the characteristics of the nuclear fuel cycle systems and the perspective of the requirements for the nuclear data, with brief comments on the recent issue about spent fuel disposal. (author)

Nuclear criticality information system

International Nuclear Information System (INIS)

Koponen, B.L.; Hampel, V.E.

1981-01-01

The nuclear criticality safety program at LLNL began in the 1950's with a critical measurements program which produced benchmark data until the late 1960's. This same time period saw the rapid development of computer technology useful for both computer modeling of fissile systems and for computer-aided management and display of the computational benchmark data. Database management grew in importance as the amount of information increased and as experimental programs were terminated. Within the criticality safety program at LLNL we began at that time to develop a computer library of benchmark data for validation of computer codes and cross sections. As part of this effort, we prepared a computer-based bibliography of criticality measurements on relatively simple systems. However, it is only now that some of these computer-based resources can be made available to the nuclear criticality safety community at large. This technology transfer is being accomplished by the DOE Technology Information System (TIS), a dedicated, advanced information system. The NCIS database is described

Safety assessment of inter-channel / inter-system digital communications: A defensive measures approach

International Nuclear Information System (INIS)

Thuy, N. N. Q.

2006-01-01

Inappropriately designed inter-channel and inter-system digital communications could initiate common cause failure of multiple channels or multiple systems. Defensive measures were introduced in EPRI report TR-1002835 (Guideline for Performing Defense-in-Depth and Diversity Assessments for Digital Upgrades) to assess, on a deterministic basis, the susceptibility of digital systems architectures to common-cause failures. This paper suggests how this approach could be applied to assess inter-channel and inter-system digital communications from a safety standpoint. The first step of the approach is to systematically identify the so called 'influence factors' that one end of the data communication path can have on the other. Potential factors to be considered would typically include data values, data volumes and data rates. The second step of the approach is to characterize the ways possible failures of a given end of the communication path could affect these influence factors (e.g., incorrect data values, excessive data rates, time-outs, incorrect data volumes). The third step is to analyze the designed-in measures taken to guarantee independence of the other end. In addition to classical error detection and correction codes, typical defensive measures are one-way data communication, fixed-rate data communication, fixed-volume data communication, validation of data values. (authors)

Method of V ampersand V for safety-critical software in NPPs

International Nuclear Information System (INIS)

Kim, Jang-Yeol; Lee, Jang-Soo; Kwon, Kee-Choon

1997-01-01

Safety-critical software is software used in systems in which a failure could affect personal or equipment safety or result in large financial or social loss. Examples of systems using safety-critical software are systems such as plant protection systems in nuclear power plants (NPPs), process control systems in chemical plants, and medical instruments such as the Therac-25 medical accelerator. This paper presents verification and validation (V ampersand V) methodology for safety-critical software in NPP safety systems. In addition, it addresses issues related to NPP safety systems, such as independence parameters, software safety analysis (SSA) concepts, commercial off-the-shelf (COTS) software evaluation criteria, and interrelationships among software and system assurance organizations. It includes the concepts of existing industrial standards on software V ampersand V, Institute of Electrical and Electronics Engineers (IEEE) Standards 1012 and 1059. This safety-critical software V ampersand V methodology covers V ampersand V scope, a regulatory framework as part of its acceptance criteria, V ampersand V activities and task entrance and exit criteria, reviews and audits, testing and quality assurance records of V ampersand V material, configuration management activities related to V ampersand V, and software V ampersand V (SVV) plan (SVVP) production

Criticality safety validation: Simple geometry, single unit {sup 233}U systems

Energy Technology Data Exchange (ETDEWEB)

Putman, V.L.

1997-06-01

Typically used LMITCO criticality safety computational methods are evaluated for suitability when applied to INEEL {sup 233}U systems which reasonably can be modeled as simple-geometry, single-unit systems. Sixty-seven critical experiments of uranium highly enriched in {sup 233}U, including 57 aqueous solution, thermal-energy systems and 10 metal, fast-energy systems, were modeled. These experiments include 41 cylindrical and 26 spherical cores, and 41 reflected and 26 unreflected systems. No experiments were found for intermediate-neutron-energy ranges, or with interstitial non-hydrogenous materials typical of waste systems, mixed {sup 233}U and plutonium, or reflectors such as steel, lead, or concrete. No simple geometry experiments were found with cubic or annular cores, or approximating infinite sea systems. Calculations were performed with various tools and methodologies. Nine cross-section libraries, based on ENDF/B-IV, -V, or -VI.2, or on Hansen-Roach source data, were used with cross-section processing methods of MCNP or SCALE. The k{sub eff} calculations were performed with neutral-particle transport and Monte Carlo methods of criticality codes DANT, MCNP 4A, and KENO Va.

Agility in Development of Safety-Critical Software: A Conceptual Model

DEFF Research Database (Denmark)

Tordrup Heeager, Lise; Nielsen, Peter Axel

2018-01-01

Safety-critical information systems are being used increasingly as we see applications in new areas such as personal medical devices, traffic control and detection of pathogens. A current research debate is whether safety-critical systems must be developed with traditional waterfall processes...

Intermediate probabilistic safety assessment approach for safety critical digital systems

International Nuclear Information System (INIS)

Taeyong, Sung; Hyun Gook, Kang

2001-01-01

Even though the conventional probabilistic safety assessment methods are immature for applying to microprocessor-based digital systems, practical needs force to apply it. In the Korea, UCN 5 and 6 units are being constructed and Korean Next Generation Reactor is being designed using the digital instrumentation and control equipment for the safety related functions. Korean regulatory body requires probabilistic safety assessment. This paper analyzes the difficulties on the assessment of digital systems and suggests an intermediate framework for evaluating their safety using fault tree models. The framework deals with several important characteristics of digital systems including software modules and fault-tolerant features. We expect that the analysis result will provide valuable design feedback. (authors)

Software safety analysis techniques for developing safety critical software in the digital protection system of the LMR

Energy Technology Data Exchange (ETDEWEB)

Lee, Jang Soo; Cheon, Se Woo; Kim, Chang Hoi; Sim, Yun Sub

2001-02-01

This report has described the software safety analysis techniques and the engineering guidelines for developing safety critical software to identify the state of the art in this field and to give the software safety engineer a trail map between the code and standards layer and the design methodology and documents layer. We have surveyed the management aspects of software safety activities during the software lifecycle in order to improve the safety. After identifying the conventional safety analysis techniques for systems, we have surveyed in details the software safety analysis techniques, software FMEA(Failure Mode and Effects Analysis), software HAZOP(Hazard and Operability Analysis), and software FTA(Fault Tree Analysis). We have also surveyed the state of the art in the software reliability assessment techniques. The most important results from the reliability techniques are not the specific probability numbers generated, but the insights into the risk importance of software features. To defend against potential common-mode failures, high quality, defense-in-depth, and diversity are considered to be key elements in digital I and C system design. To minimize the possibility of CMFs and thus increase the plant reliability, we have provided D-in-D and D analysis guidelines.

Software safety analysis techniques for developing safety critical software in the digital protection system of the LMR

International Nuclear Information System (INIS)

Lee, Jang Soo; Cheon, Se Woo; Kim, Chang Hoi; Sim, Yun Sub

2001-02-01

This report has described the software safety analysis techniques and the engineering guidelines for developing safety critical software to identify the state of the art in this field and to give the software safety engineer a trail map between the code and standards layer and the design methodology and documents layer. We have surveyed the management aspects of software safety activities during the software lifecycle in order to improve the safety. After identifying the conventional safety analysis techniques for systems, we have surveyed in details the software safety analysis techniques, software FMEA(Failure Mode and Effects Analysis), software HAZOP(Hazard and Operability Analysis), and software FTA(Fault Tree Analysis). We have also surveyed the state of the art in the software reliability assessment techniques. The most important results from the reliability techniques are not the specific probability numbers generated, but the insights into the risk importance of software features. To defend against potential common-mode failures, high quality, defense-in-depth, and diversity are considered to be key elements in digital I and C system design. To minimize the possibility of CMFs and thus increase the plant reliability, we have provided D-in-D and D analysis guidelines

47 CFR 80.1133 - Transmission of safety communications.

Science.gov (United States)

2010-10-01

... SERVICES STATIONS IN THE MARITIME SERVICES Global Maritime Distress and Safety System (GMDSS) Operating... safety traffic frequencies specified in § 80.1077, or via the maritime mobile satellite service or on... 47 Telecommunication 5 2010-10-01 2010-10-01 false Transmission of safety communications. 80.1133...

Towards the Verification of Safety-critical Autonomous Systems in Dynamic Environments

Directory of Open Access Journals (Sweden)

Adina Aniculaesei

2016-12-01

Full Text Available There is an increasing necessity to deploy autonomous systems in highly heterogeneous, dynamic environments, e.g. service robots in hospitals or autonomous cars on highways. Due to the uncertainty in these environments, the verification results obtained with respect to the system and environment models at design-time might not be transferable to the system behavior at run time. For autonomous systems operating in dynamic environments, safety of motion and collision avoidance are critical requirements. With regard to these requirements, Macek et al. [6] define the passive safety property, which requires that no collision can occur while the autonomous system is moving. To verify this property, we adopt a two phase process which combines static verification methods, used at design time, with dynamic ones, used at run time. In the design phase, we exploit UPPAAL to formalize the autonomous system and its environment as timed automata and the safety property as TCTL formula and to verify the correctness of these models with respect to this property. For the runtime phase, we build a monitor to check whether the assumptions made at design time are also correct at run time. If the current system observations of the environment do not correspond to the initial system assumptions, the monitor sends feedback to the system and the system enters a passive safe state.

Validation of Safety-Critical Systems for Aircraft Loss-of-Control Prevention and Recovery

Science.gov (United States)

Belcastro, Christine M.

2012-01-01

Validation of technologies developed for loss of control (LOC) prevention and recovery poses significant challenges. Aircraft LOC can result from a wide spectrum of hazards, often occurring in combination, which cannot be fully replicated during evaluation. Technologies developed for LOC prevention and recovery must therefore be effective under a wide variety of hazardous and uncertain conditions, and the validation framework must provide some measure of assurance that the new vehicle safety technologies do no harm (i.e., that they themselves do not introduce new safety risks). This paper summarizes a proposed validation framework for safety-critical systems, provides an overview of validation methods and tools developed by NASA to date within the Vehicle Systems Safety Project, and develops a preliminary set of test scenarios for the validation of technologies for LOC prevention and recovery

Calculational study for criticality safety data of fissionable actinides

International Nuclear Information System (INIS)

Nojiri, Ichiro; Fukasaku, Yasuhiro.

1997-01-01

This study has been carried out to obtain basic criticality safety characteristics of minor actinides nuclides. Criticality safety data of minor actinides nuclides have been surveyed through public literatures. Critical mass of seven nuclides, Np-237, Am-241, Am-242m, Am-243, Cm-243, Cm-244 and Cm-245, have been calculated by using two code systems of criticality safety analysis, SCALE-4 and MCNP4A, under some material and reflector conditions. Some applicable cross-section libraries have been used for each code systems. Calculated data have been compared with each other and with published data. The results of this comparison shows that there is no discrepancy within the computational codes and the calculated data is strongly depend on the cross-section library. (author)

The human factor: the critical importance of effective teamwork and communication in providing safe care.

Science.gov (United States)

Leonard, M; Graham, S; Bonacum, D

2004-10-01

Effective communication and teamwork is essential for the delivery of high quality, safe patient care. Communication failures are an extremely common cause of inadvertent patient harm. The complexity of medical care, coupled with the inherent limitations of human performance, make it critically important that clinicians have standardised communication tools, create an environment in which individuals can speak up and express concerns, and share common "critical language" to alert team members to unsafe situations. All too frequently, effective communication is situation or personality dependent. Other high reliability domains, such as commercial aviation, have shown that the adoption of standardised tools and behaviours is a very effective strategy in enhancing teamwork and reducing risk. We describe our ongoing patient safety implementation using this approach within Kaiser Permanente, a non-profit American healthcare system providing care for 8.3 million patients. We describe specific clinical experience in the application of surgical briefings, properties of high reliability perinatal care, the value of critical event training and simulation, and benefits of a standardised communication process in the care of patients transferred from hospitals to skilled nursing facilities. Additionally, lessons learned as to effective techniques in achieving cultural change, evidence of improving the quality of the work environment, practice transfer strategies, critical success factors, and the evolving methods of demonstrating the benefit of such work are described.

Safety culture and subcontractor network governance in a complex safety critical project

International Nuclear Information System (INIS)

Oedewald, Pia; Gotcheva, Nadezhda

2015-01-01

In safety critical industries many activities are currently carried out by subcontractor networks. Nevertheless, there are few studies where the core dimensions of resilience would have been studied in safety critical network activities. This paper claims that engineering resilience into a system is largely about steering the development of culture of the system towards better ability to anticipate, monitor, respond and learn. Thus, safety culture literature has relevance in resilience engineering field. This paper analyzes practical and theoretical challenges in applying the concept of safety culture in a complex, dynamic network of subcontractors involved in the construction of a new nuclear power plant in Finland, Olkiluoto 3. The concept of safety culture is in focus since it is widely used in nuclear industry and bridges the scientific and practical interests. This paper approaches subcontractor networks as complex systems. However, the management model of the Olkiluoto 3 project is to a large degree a traditional top-down hierarchy, which creates a mismatch between the management approach and the characteristics of the system to be managed. New insights were drawn from network governance studies. - Highlights: • We studied a relevant topical subject safety culture in nuclear new build project. • We integrated safety science challenges and network governance studies. • We produced practicable insights in managing safety of subcontractor networks

Determination of safety specifications as for criticality in pipelines systems with intersection

International Nuclear Information System (INIS)

Santos, R. dos; Vellozo, S.O.

1982-01-01

By the Monte Carlo method, criticality calculations were done for pipelines with several types of reflexion and configurations, filled with solution of plutonium nitrate, with 100 per cent of weight of Pu-239 isotope, in water. From the more simple pipeline intersection condition, type T, an intersection type cross and Double cross are studied. A second central column is aded. The intersections are studied in the minimal, nominal and maximal reflexion condition. Critical safety values are presented for some systems. (E.G.) [pt

SCALE 5: Powerful new criticality safety analysis tools

International Nuclear Information System (INIS)

Bowman, Stephen M.; Hollenbach, Daniel F.; Dehart, Mark D.; Rearden, Bradley T.; Gauld, Ian C.; Goluoglu, Sedat

2003-01-01

Version 5 of the SCALE computer software system developed at Oak Ridge National Laboratory, scheduled for release in December 2003, contains several significant new modules and sequences for criticality safety analysis and marks the most important update to SCALE in more than a decade. This paper highlights the capabilities of these new modules and sequences, including continuous energy flux spectra for processing multigroup problem-dependent cross sections; one- and three-dimensional sensitivity and uncertainty analyses for criticality safety evaluations; two-dimensional flexible mesh discrete ordinates code; automated burnup-credit analysis sequence; and one-dimensional material distribution optimization for criticality safety. (author)

SCALE Graphical Developments for Improved Criticality Safety Analyses

International Nuclear Information System (INIS)

Barnett, D.L.; Bowman, S.M.; Horwedel, J.E.; Petrie, L.M.

1999-01-01

New computer graphic developments at Oak Ridge National Ridge National Laboratory (ORNL) are being used to provide visualization of criticality safety models and calculational results as well as tools for criticality safety analysis input preparation. The purpose of this paper is to present the status of current development efforts to continue to enhance the SCALE (Standardized Computer Analyses for Licensing Evaluations) computer software system. Applications for criticality safety analysis in the areas of 3-D model visualization, input preparation and execution via a graphical user interface (GUI), and two-dimensional (2-D) plotting of results are discussed

Formal verification and validation of the safety-critical software in a digital reactor protection system

International Nuclear Information System (INIS)

Kwon, K. C.; Park, G. Y.

2006-01-01

This paper describes the Verification and Validation (V and V) activities for the safety-critical software in a Digital Reactor Protection System (DRPS) that is being developed through the Korea nuclear instrumentation and control system project. The main activities of the DRPS V and V process are a preparation of the software planning documentation, a verification of the software according to the software life cycle, a software safety analysis and a software configuration management. The verification works for the Software Requirement Specification (SRS) of the DRPS consist of a technical evaluation, a licensing suitability evaluation, a inspection and traceability analysis, a formal verification, and preparing a test plan and procedure. Especially, the SRS is specified by the formal specification method in the development phase, and the formal SRS is verified by a formal verification method. Through these activities, we believe we can achieve the functionality, performance, reliability, and safety that are the major V and V objectives of the nuclear safety-critical software in a DRPS. (authors)

KAERI software verification and validation guideline for developing safety-critical software in digital I and C system of NPP

Energy Technology Data Exchange (ETDEWEB)

Kim, Jang Yeol; Lee, Jang Soo; Eom, Heung Seop

1997-07-01

This technical report is to present V and V guideline development methodology for safety-critical software in NPP safety system. Therefore it is to present V and V guideline of planning phase for the NPP safety system in addition to critical safety items, for example, independence philosophy, software safety analysis concept, commercial off the shelf (COTS) software evaluation criteria, inter-relationships between other safety assurance organizations, including the concepts of existing industrial standard, IEEE Std-1012, IEEE Std-1059. This technical report includes scope of V and V guideline, guideline framework as part of acceptance criteria, V and V activities and task entrance as part of V and V activity and exit criteria, review and audit, testing and QA records of V and V material and configuration management, software verification and validation plan production etc., and safety-critical software V and V methodology. (author). 11 refs.

KAERI software verification and validation guideline for developing safety-critical software in digital I and C system of NPP

International Nuclear Information System (INIS)

Kim, Jang Yeol; Lee, Jang Soo; Eom, Heung Seop.

1997-07-01

This technical report is to present V and V guideline development methodology for safety-critical software in NPP safety system. Therefore it is to present V and V guideline of planning phase for the NPP safety system in addition to critical safety items, for example, independence philosophy, software safety analysis concept, commercial off the shelf (COTS) software evaluation criteria, inter-relationships between other safety assurance organizations, including the concepts of existing industrial standard, IEEE Std-1012, IEEE Std-1059. This technical report includes scope of V and V guideline, guideline framework as part of acceptance criteria, V and V activities and task entrance as part of V and V activity and exit criteria, review and audit, testing and QA records of V and V material and configuration management, software verification and validation plan production etc., and safety-critical software V and V methodology. (author). 11 refs

Test process for the safety-critical embedded software

International Nuclear Information System (INIS)

Sung, Ahyoung; Choi, Byoungju; Lee, Jangsoo

2004-01-01

Digitalization of nuclear Instrumentation and Control (I and C) system requires high reliability of not only hardware but also software. Verification and Validation (V and V) process is recommended for software reliability. But a more quantitative method is necessary such as software testing. Most of software in the nuclear I and C system is safety-critical embedded software. Safety-critical embedded software is specified, verified and developed according to V and V process. Hence two types of software testing techniques are necessary for the developed code. First, code-based software testing is required to examine the developed code. Second, after code-based software testing, software testing affected by hardware is required to reveal the interaction fault that may cause unexpected results. We call the testing of hardware's influence on software, an interaction testing. In case of safety-critical embedded software, it is also important to consider the interaction between hardware and software. Even if no faults are detected when testing either hardware or software alone, combining these components may lead to unexpected results due to the interaction. In this paper, we propose a software test process that embraces test levels, test techniques, required test tasks and documents for safety-critical embedded software. We apply the proposed test process to safety-critical embedded software as a case study, and show the effectiveness of it. (author)

Criticality safety (prospect of study in NUCEF)

International Nuclear Information System (INIS)

Itagaki, Masafumi

1996-01-01

Experimental studies of criticality safety are under way using STACY and TRACY in NUCEF. Collection of fundamental data on criticality in a solution system is undergoing with STACY to confirm that the likelihood of criticality safety in the system constructed on the assumption of apparatuses in a reprocessing plant is enough large. Whereas some experiments simulating criticality accidents in a reprocessing plant using TRACY were designed to investigate the behaviors of fuel solution and radioactive matters in order to clarify whether it is possible to safely shut them in the facility even if a critical accident occurs. Both STACY and TRACY reached the criticality in 1995. Up to now a series of criticality experiments have been done using STACY with a core tank φ60 cm and the first periodical examination is now under way. On the other hand, we have a plan using TRACY to investigate the behaviors of nuclear heat solution at a criticality accident, and the releasing, transfer and deposition of radioactive materials. After reaching the criticality for the first, the performance verification test has been conducted. The full-scale study using TRACY is planned to begin in the second half of 1996. (M.N.)

Critical care providers refer to information tools less during communication tasks after a critical care clinical information system introduction.

Science.gov (United States)

Ballermann, Mark; Shaw, Nicola T; Mayes, Damon C; Gibney, R T Noel

2011-01-01

Electronic documentation methods may assist critical care providers with information management tasks in Intensive Care Units (ICUs). We conducted a quasi-experimental observational study to investigate patterns of information tool use by ICU physicians, nurses, and respiratory therapists during verbal communication tasks. Critical care providers used tools less at 3 months after the CCIS introduction. At 12 months, care providers referred to paper and permanent records, especially during shift changes. The results suggest potential areas of improvement for clinical information systems in assisting critical care providers in ensuring informational continuity around their patients.

Applicability of object-oriented design methods and C++ to safety-critical systems

International Nuclear Information System (INIS)

Cuthill, B.B.

1994-01-01

This paper reports on a study identifying risks and benefits of using a software development methodology containing object-oriented design (OOD) techniques and using C++ as a programming language relative to selected features of safety-critical systems development. These features are modularity, functional diversity, removing ambiguous code, traceability, and real-time performance

Criticality Safety in the Handling of Fissile Material. Specific Safety Guide

Energy Technology Data Exchange (ETDEWEB)

NONE

2014-05-15

This Safety Guide provides guidance and recommendations on how to meet the relevant requirements for ensuring subcriticality when dealing with fissile material and for planning the response to criticality accidents. The guidance and recommendations are applicable to both regulatory bodies and operating organizations. The objectives of criticality safety are to prevent a self-sustained nuclear chain reaction and to minimize the consequences of this if it were to occur. The Safety Guide makes recommendations on how to ensure subcriticality in systems involving fissile materials during normal operation, anticipated operational occurrences, and, in the case of accident conditions, within design basis accidents, from initial design through commissioning, operation, and decommissioning and disposal.

Criticality safety evaluations - a open-quotes stalking horseclose quotes for integrated safety assessment

International Nuclear Information System (INIS)

Williams, R.A.

1995-01-01

The Columbia Fuel Fabrication Facility of the Westinghouse Commercial Nuclear Fuel Division manufactures low-enriched uranium fuel and associated components for use in commercial pressurized water power reactors. To support development of a comprehensive integrated safety assessment (ISA) for the facility, as well as to address increasing U.S. Nuclear Regulatory Commission (NRC) expectations regarding such a facility's criticality safety assessments, a project is under way to complete criticality safety evaluations (CSEs) of all plant systems used in processing nuclear materials. Each CSE is made up of seven sections, prepared by a multidisciplinary team of process engineers, systems engineers, safety engineers, maintenance representatives, and operators. This paper provides a cursory outline of the type of information presented in a CSE

Nuclear criticality safety guide

International Nuclear Information System (INIS)

Ro, Seong Ki; Shin, Hee Seong; Park, Seong Won; Shin, Young Joon.

1997-06-01

Nuclear criticality safety guide was described for handling, transportation and storage of nuclear fissile materials in this report. The major part of the report was excerpted frp, TID-7016(revision 2) and nuclear criticality safety written by Knief. (author). 16 tabs., 44 figs., 5 refs

A Survey on Formal Verification Techniques for Safety-Critical Systems-on-Chip

Directory of Open Access Journals (Sweden)

Tomás Grimm

2018-05-01

Full Text Available The high degree of miniaturization in the electronics industry has been, for several years, a driver to push embedded systems to different fields and applications. One example is safety-critical systems, where the compactness in the form factor helps to reduce the costs and allows for the implementation of new techniques. The automotive industry is a great example of a safety-critical area with a great rise in the adoption of microelectronics. With it came the creation of the ISO 26262 standard with the goal of guaranteeing a high level of dependability in the designs. Other areas in the safety-critical applications domain have similar standards. However, these standards are mostly guidelines to make sure that designs reach the desired dependability level without explicit instructions. In the end, the success of the design to fulfill the standard is the result of a thorough verification process. Naturally, the goal of any verification team dealing with such important designs is complete coverage as well as standards conformity, but as these are complex hardware, complete functional verification is a difficult task. From the several techniques that exist to verify hardware, where each has its pros and cons, we studied six well-established in academia and in industry. We can divide them into two categories: simulation, which needs extremely large amounts of time, and formal verification, which needs unrealistic amounts of resources. Therefore, we conclude that a hybrid approach offers the best balance between simulation (time and formal verification (resources.

French safety and criticality testing programmes

International Nuclear Information System (INIS)

Barbry, F.; Leclerc, J.; Manaranche, J.C.; Maubert, L.

1982-01-01

This article underlines the need to include experimental safety-criticality programmes in the French nuclear effort. The means and methods used at the Section of Experimental Nuclear Safety and Criticality Research, attached to the CEA Valduc Centre, are described. Three experimental programmes are presented: safety-criticality of the PWR fuel cycle, neutron poisoning of plutonium solutions by gadolinium and safety-criticality of slightly enriched and slightly moderated uranium oxide. Criticality accidents studies in solution are then described [fr

ALARP considerations in criticality safety assessments

International Nuclear Information System (INIS)

Bowden, Russell L.; Barnes, Andrew; Thorne, Peter R.; Venner, Jack

2003-01-01

Demonstrating that the risk to the public and workers is As Low As Reasonably Practicable (ALARP) is a fundamental requirement of safety cases for nuclear facilities in the United Kingdom. This is embodied in the Safety Assessment Principles (SAPs) published by the Regulator, the essence of which is incorporated within the safety assessment processes of the various nuclear site licensees. The concept of ALARP within criticality safety assessments has taken some time to establish in the United Kingdom. In principle, the licensee is obliged to search for a deterministic criticality safety solution, such as safe geometry vessels and passive control features, rather than placing reliance on active measurement devices and plant administrative controls. This paper presents a consideration of some ALARP issues in relation to the development of criticality safety cases. The paper utilises some idealised examples covering a range of issues facing the criticality safety assessor, including new plant design, operational plant and decommissioning activities. These examples are used to outline the elements of the criticality safety cases and present a discussion of ALARP in the context of criticality safety assessments. (author)

Software Reliability Issues Concerning Large and Safety Critical Software Systems

Science.gov (United States)

Kamel, Khaled; Brown, Barbara

1996-01-01

This research was undertaken to provide NASA with a survey of state-of-the-art techniques using in industrial and academia to provide safe, reliable, and maintainable software to drive large systems. Such systems must match the complexity and strict safety requirements of NASA's shuttle system. In particular, the Launch Processing System (LPS) is being considered for replacement. The LPS is responsible for monitoring and commanding the shuttle during test, repair, and launch phases. NASA built this system in the 1970's using mostly hardware techniques to provide for increased reliability, but it did so often using custom-built equipment, which has not been able to keep up with current technologies. This report surveys the major techniques used in industry and academia to ensure reliability in large and critical computer systems.

Research on neutron source multiplication method in nuclear critical safety

International Nuclear Information System (INIS)

Zhu Qingfu; Shi Yongqian; Hu Dingsheng

2005-01-01

The paper concerns in the neutron source multiplication method research in nuclear critical safety. Based on the neutron diffusion equation with external neutron source the effective sub-critical multiplication factor k s is deduced, and k s is different to the effective neutron multiplication factor k eff in the case of sub-critical system with external neutron source. The verification experiment on the sub-critical system indicates that the parameter measured with neutron source multiplication method is k s , and k s is related to the external neutron source position in sub-critical system and external neutron source spectrum. The relation between k s and k eff and the effect of them on nuclear critical safety is discussed. (author)

NuSEE: an integrated environment of software specification and V and V for PLC based safety-critical systems

International Nuclear Information System (INIS)

Koo, Seo Ryong; Seong, Poong Hyun; Yoo, Jun Beom; Cha, Sung Deok; Youn, Cheong; Han, Hyun Chul

2006-01-01

As the use of digital systems becomes more prevalent, adequate techniques for software specification and analysis have become increasingly important in Nuclear Power Plant (NPP) safety-critical systems. Additionally, the importance of software Verification and Validation (V and V) based on adequate specification has received greater emphasis in view of improving software quality. For thorough V and V of safety-critical systems, V and V should be performed throughout the software lifecycle. However, systematic V and V is difficult as it involves many manual-oriented tasks. Tool support is needed in order to more conveniently perform software V and V. In response, we developed four kinds of Computer Aided Software Engineering (CASE) tools to support system specification for a formal-based analysis according to the software lifecycle. In this work, we achieved optimized integration of each tool. The toolset, NuSEE, is an integrated environment for software specification and V and V for PLC based safety-critical systems. In accordance with the software lifecycle, NuSEE consists of NuSISRT for the concept phase, NuSRS for the requirements phase, NuSDS for the design phase and NuSCM for configuration management. It is believed that after further development our integrated environment will be a unique and promising software specification and analysis toolset that will support the entire software lifecycle for the development of PLC based NPP safety-critical systems

A framework for the system-of-systems analysis of the risk for a safety-critical plant exposed to external events

International Nuclear Information System (INIS)

Zio, E.; Ferrario, E.

2013-01-01

We consider a critical plant exposed to risk from external events. We propose an original framework of analysis, which extends the boundaries of the study to the interdependent infrastructures which support the plant. For the purpose of clearly illustrating the conceptual framework of system-of-systems analysis, we work out a case study of seismic risk for a nuclear power plant embedded in the connected power and water distribution, and transportation networks which support its operation. The technical details of the systems considered (including the nuclear power plant) are highly simplified, in order to preserve the purpose of illustrating the conceptual, methodological framework of analysis. Yet, as an example of the approaches that can be used to perform the analysis within the proposed framework, we consider the Muir Web as system analysis tool to build the system-of-systems model and Monte Carlo simulation for the quantitative evaluation of the model. The numerical exercise, albeit performed on a simplified case study, serves the purpose of showing the opportunity of accounting for the contribution of the interdependent infrastructure systems to the safety of a critical plant. This is relevant as it can lead to considerations with respect to the decision making related to safety critical-issues. -- Highlights: ► We consider a critical plant exposed to risk from external events. ► We consider also the interdependent infrastructures that support the plant. ► We use Muir Web as system analysis tool to build the system-of-systems model. ► We use Monte Carlo simulation for the quantitative evaluation of the model. ► We find that the interdependent infrastructures should be considered as they can be a support for the critical plant safety

Year 2000 Compliance of Selected Mission Critical Command, Control, and Communications Systems Managed by The Defense Information Systems Agency

National Research Council Canada - National Science Library

1999-01-01

...) has adequately planned for and managed year 2000 conversion risks to avoid undue disruption to selected mission critical command, control, and communications systems used in support of Unified...

Supplement report to the Nuclear Criticality Safety Handbook of Japan

International Nuclear Information System (INIS)

Okuno, Hiroshi; Komuro, Yuichi; Nakajima, Ken

1995-10-01

Supplementing works to 'The Nuclear Criticality Safety Handbook' of Japan have been continued since 1988, the year the handbook edited by the Science and Technology Agency first appeared. This report publishes the fruits obtained in the supplementing works. Substantial improvements are made in the chapters of 'Modelling the evaluation object' and 'Methodology for analytical safety assessment', and newly added are chapters of 'Criticality safety of chemical processes', 'Criticality accidents and their evaluation methods' and 'Basic principles on design and installation of criticality alarm system'. (author)

ASIC-based design of NMR system health monitor for mission/safety-critical applications.

Science.gov (United States)

Balasubramanian, P

2016-01-01

N-modular redundancy (NMR) is a generic fault tolerance scheme that is widely used in safety-critical circuit/system designs to guarantee the correct operation with enhanced reliability. In passive NMR, at least a majority (N + 1)/2 out of N function modules is expected to operate correctly at any time, where N is odd. Apart from a conventional realization of the NMR system, it would be useful to provide a concurrent indication of the system's health so that an appropriate remedial action may be initiated depending upon an application's safety criticality. In this context, this article presents the novel design of a generic NMR system health monitor which features: (i) early fault warning logic, that is activated upon the production of a conflicting result by even one output of any arbitrary function module, and (ii) error signalling logic, which signals an error when the number of faulty function modules unfortunately attains a majority and the system outputs may no more be reliable. Two sample implementations of NMR systems viz. triple modular redundancy and quintuple modular redundancy with the proposed system health monitoring are presented in this work, with a 4-bit ALU used for the function modules. The simulations are performed using a 32/28 nm CMOS process technology.

Providing Nuclear Criticality Safety Analysis Education through Benchmark Experiment Evaluation

International Nuclear Information System (INIS)

Bess, John D.; Briggs, J. Blair; Nigg, David W.

2009-01-01

One of the challenges that today's new workforce of nuclear criticality safety engineers face is the opportunity to provide assessment of nuclear systems and establish safety guidelines without having received significant experience or hands-on training prior to graduation. Participation in the International Criticality Safety Benchmark Evaluation Project (ICSBEP) and/or the International Reactor Physics Experiment Evaluation Project (IRPhEP) provides students and young professionals the opportunity to gain experience and enhance critical engineering skills.

49 CFR 193.2519 - Communication systems.

Science.gov (United States)

2010-10-01

...: FEDERAL SAFETY STANDARDS Operations § 193.2519 Communication systems. (a) Each LNG plant must have a primary communication system that provides for verbal communications between all operating personnel at... 49 Transportation 3 2010-10-01 2010-10-01 false Communication systems. 193.2519 Section 193.2519...

Information System Hazard Analysis: A Method for Identifying Technology-induced Latent Errors for Safety.

Science.gov (United States)

Weber, Jens H; Mason-Blakley, Fieran; Price, Morgan

2015-01-01

Many health information and communication technologies (ICT) are safety-critical; moreover, reports of technology-induced adverse events related to them are plentiful in the literature. Despite repeated criticism and calls to action, recent data collected by the Institute of Medicine (IOM) and other organization do not indicate significant improvements with respect to the safety of health ICT systems. A large part of the industry still operates on a reactive "break & patch" model; the application of pro-active, systematic hazard analysis methods for engineering ICT that produce "safe by design" products is sparse. This paper applies one such method: Information System Hazard Analysis (ISHA). ISHA adapts and combines hazard analysis techniques from other safety-critical domains and customizes them for ICT. We provide an overview of the steps involved in ISHA and describe.

Recommendations relating to safety-critical real-time software in nuclear power plants

International Nuclear Information System (INIS)

1992-01-01

The Advisory Committee on Nuclear Safety (ACNS) has reviewed safety issues associated with the software for the digital computers in the safety shutdown systems for the Darlington NGS. From this review the ACNS has developed four recommendations for safety-critical real-time software in nuclear power plants. These recommendations cover: the completion of the present efforts to develop an overall standard and sub-tier standards for safety-critical real-time software; the preparation of schedules and lists of responsibilities for this development; the concentration of AECB efforts on ensuring the scrutability of safety-critical real-time software; and, the collection of data on reliability and causes of failure (error) of safety-critical real-time software systems and on the probability and causes of common-mode failures (errors). (9 refs.)

Nuclear criticality safety: 2-day training course

International Nuclear Information System (INIS)

Schlesser, J.A.

1997-02-01

This compilation of notes is presented as a source reference for the criticality safety course. At the completion of this training course, the attendee will: be able to define terms commonly used in nuclear criticality safety; be able to appreciate the fundamentals of nuclear criticality safety; be able to identify factors which affect nuclear criticality safety; be able to identify examples of criticality controls as used as Los Alamos; be able to identify examples of circumstances present during criticality accidents; have participated in conducting two critical experiments; be asked to complete a critique of the nuclear criticality safety training course

Nuclear criticality safety: 2-day training course

Energy Technology Data Exchange (ETDEWEB)

Schlesser, J.A. [ed.] [comp.

1997-02-01

This compilation of notes is presented as a source reference for the criticality safety course. At the completion of this training course, the attendee will: be able to define terms commonly used in nuclear criticality safety; be able to appreciate the fundamentals of nuclear criticality safety; be able to identify factors which affect nuclear criticality safety; be able to identify examples of criticality controls as used as Los Alamos; be able to identify examples of circumstances present during criticality accidents; have participated in conducting two critical experiments; be asked to complete a critique of the nuclear criticality safety training course.

Criticality safety and facility design considerations

International Nuclear Information System (INIS)

Waltz, W.R.

1991-06-01

Operations with fissile material introduce the risk of a criticality accident that may be lethal to nearby personnel. In addition, concerns over criticality safety can result in substantial delays and shutdown of facility operations. For these reasons, it is clear that the prevention of a nuclear criticality accident should play a major role in the design of a nuclear facility. The emphasis of this report will be placed on engineering design considerations in the prevention of criticality. The discussion will not include other important aspects, such as the physics of calculating limits nor criticality alarm systems

Proceedings of KURRI symposium on criticality safety

International Nuclear Information System (INIS)

Nishina, Kojiro; Kanda, Keiji

1984-01-01

On August 8, 1984, at the Reactor Application Center of the Research Reactor Institute, Kyoto University, the symposium on criticality safety was held, and 81 participants from various fields of reactor physics, nuclear fuel cycle engineering, reactor chemistry, nuclear chemistry, health physics and so on discussed the problem. The gists of the presentation are collected in this report. The contents are the techniques of evaluating criticality safety in respective fuel facilities, the system of control and its concept, the course and plan of the research on criticality safety in Japan and foreign countries, the techniques of determining multiplication factor and so on, and the review of present status, the pointing-out of problems and the report of new techniques were made. The measures coping with criticality safety have been mostly to meet urgent demand, but its fundamental examination and long term research should be carried out. This symposium was planned as the preparation for such research project, and favorable comment was given by the participants. In the next symposium, it is considered better to limit the themes and to allot more time to respective lectures. (Kako, I.)

Criticality safety evaluations - a {open_quotes}stalking horse{close_quotes} for integrated safety assessment

Energy Technology Data Exchange (ETDEWEB)

Williams, R.A. [Westinghouse Electric Corp., Columbia, SC (United States)

1995-12-31

The Columbia Fuel Fabrication Facility of the Westinghouse Commercial Nuclear Fuel Division manufactures low-enriched uranium fuel and associated components for use in commercial pressurized water power reactors. To support development of a comprehensive integrated safety assessment (ISA) for the facility, as well as to address increasing U.S. Nuclear Regulatory Commission (NRC) expectations regarding such a facility`s criticality safety assessments, a project is under way to complete criticality safety evaluations (CSEs) of all plant systems used in processing nuclear materials. Each CSE is made up of seven sections, prepared by a multidisciplinary team of process engineers, systems engineers, safety engineers, maintenance representatives, and operators. This paper provides a cursory outline of the type of information presented in a CSE.

Safety Information System Guide

International Nuclear Information System (INIS)

Bullock, M.G.

1977-03-01

This Guide provides guidelines for the design and evaluation of a working safety information system. For the relatively few safety professionals who have already adopted computer-based programs, this Guide may aid them in the evaluation of their present system. To those who intend to develop an information system, it will, hopefully, inspire new thinking and encourage steps towards systems safety management. For the line manager who is working where the action is, this Guide may provide insight on the importance of accident facts as a tool for moving ideas up the communication ladder where they will be heard and acted upon; where what he has to say will influence beneficial changes among those who plan and control his operations. In the design of a safety information system, it is suggested that the safety manager make friends with a computer expert or someone on the management team who has some feeling for, and understanding of, the art of information storage and retrieval as a new and better means for communication

Safety physics inter-comparison of advanced concepts of critical reactors and ADS

International Nuclear Information System (INIS)

Slessarev, I.

2001-01-01

Enhanced safety based on the principle of the natural ''self-defence'' is one of the most desirable features of innovative nuclear systems (critical or sub-critical) regarding both TRU transmutation and ''clean'' energy producer concepts. For the evaluation of the ''self-defence'' domain, the method of the asymptotic reactivity balance has been generalised. The promising option of Hybrids systems (that use a symbiosis of fission and spallation in sub-critical cores) which could benefit the advantages of both Accelerated Driven Systems of the traditional type and regular critical systems, has been advocated. General features of Hybrid dynamics have been presented and analysed. It was demonstrated that an external neutron source of Hybrids can expand the inherent safety potential significantly. This analysis has been applied to assess the safety physics potential of innovative concepts for prospective nuclear power both for energy producers and for transmutation. It has been found, that safety enhancement goal defines a choice of sub-criticality of Hybrids. As for energy producers with Th-fuel cycle, a significant sub-criticality level is required due to a necessity of an improvement of neutronics together with safety enhancement task. (author)

Work Practice Simulation of Complex Human-Automation Systems in Safety Critical Situations: The Brahms Generalized berlingen Model

Science.gov (United States)

Clancey, William J.; Linde, Charlotte; Seah, Chin; Shafto, Michael

2013-01-01

The transition from the current air traffic system to the next generation air traffic system will require the introduction of new automated systems, including transferring some functions from air traffic controllers to on­-board automation. This report describes a new design verification and validation (V&V) methodology for assessing aviation safety. The approach involves a detailed computer simulation of work practices that includes people interacting with flight-critical systems. The research is part of an effort to develop new modeling and verification methodologies that can assess the safety of flight-critical systems, system configurations, and operational concepts. The 2002 Ueberlingen mid-air collision was chosen for analysis and modeling because one of the main causes of the accident was one crew's response to a conflict between the instructions of the air traffic controller and the instructions of TCAS, an automated Traffic Alert and Collision Avoidance System on-board warning system. It thus furnishes an example of the problem of authority versus autonomy. It provides a starting point for exploring authority/autonomy conflict in the larger system of organization, tools, and practices in which the participants' moment-by-moment actions take place. We have developed a general air traffic system model (not a specific simulation of Überlingen events), called the Brahms Generalized Ueberlingen Model (Brahms-GUeM). Brahms is a multi-agent simulation system that models people, tools, facilities/vehicles, and geography to simulate the current air transportation system as a collection of distributed, interactive subsystems (e.g., airports, air-traffic control towers and personnel, aircraft, automated flight systems and air-traffic tools, instruments, crew). Brahms-GUeM can be configured in different ways, called scenarios, such that anomalous events that contributed to the Überlingen accident can be modeled as functioning according to requirements or in an

Preparation for the second edition of nuclear criticality safety handbook

International Nuclear Information System (INIS)

Okuno, Hiroshi; Nomura, Yasushi

1997-01-01

The making of the second edition of Nuclear Criticality Safety Handbook entered the final stage of investigation by the working group. In the second edition, the newest results of the researches in Japan were taken. In this report, among the subjects which were examined continuously from the first edition published in 1988, the size of fuel particles which can be regarded as homogeneous even in a heterogeneous system, the reactivity effect when fuel concentration distribution became not uniform in a homogeneous fuel system, the method of evaluating criticality safety in which submersion is not assumed, and the criticality data when fuel burning is considered are explained. Further, about the matters related to the criticality in chemical processes and the matters related to criticality accident, the outlines are introduced. Finally, the state of preparation for aiming at the third edition is mentioned. Criticality safety control is important for overall nuclear fuel cycle including the transportation and storage of fuel. The course of the publication of this Handbook is outlined. The matters which have been successively examined from the first edition, the results of criticality safety analysis for the dissolving tanks of fuel reprocessing, and the analysis code and the simplified evaluation method for criticality accident are reported. (K.I.)

Creating Critical Objectives and Assessments Using a Critical Communication Pedagogical Framework

Science.gov (United States)

Kahl, David H., Jr.

2018-01-01

Courses: Instructional Communication, Graduate Teaching Assistant Training Programs. Objectives: Students will (1) understand critical communication pedagogy (CCP); (2) evaluate traditional and critical objectives and assessment procedures; and (3) create critical objectives and assessment procedures.

Nuclear criticality safety: 2-day training course

International Nuclear Information System (INIS)

Schlesser, J.A.

1992-11-01

This compilation of notes is presented as a source reference for the criticality safety course. At the completion of this training course, the attendee will: (1) be able to define terms commonly used in nuclear criticality safety; (2) be able to appreciate the fundamentals of nuclear criticality safety; (3) be able to identify factors which affect nuclear criticality safety; (4) be able to identify examples of criticality controls as used at Los Alamos; (5) be able to identify examples of circumstances present during criticality accidents; (6) have participated in conducting two critical experiments

The Qualification Experiences for Safety-critical Software of POSAFE-Q

Energy Technology Data Exchange (ETDEWEB)

Kim, Jang Yeol; Son, Kwang Seop; Cheon, Se Woo; Lee, Jang Soo; Kwon, Kee Choon [Korea Atomic Energy Research Institute, Daejeon (Korea, Republic of)

2009-05-15

Programmable Logic Controllers (PLC) have been applied to the Reactor Protection System (RPS) and the Engineered Safety Feature (ESF)-Component Control System (CCS) as the major safety system components of nuclear power plants. This paper describes experiences on the qualification of the safety-critical software including the pCOS kernel and system tasks related to a safety-grade PLC, i.e. the works done for the Software Verification and Validation, Software Safety Analysis, Software Quality Assurance, and Software Configuration Management etc.

A Critical Examination of Communication Textbooks

Science.gov (United States)

Hanasono, Lisa K.

2018-01-01

Courses: This single-class teaching activity was designed for courses on critical communication pedagogy (CCP), gender and race, communication education, research methods, and visual communication. Objectives: By completing this activity, students should be able to (1) describe the principles of CCP, (2) examine critically how race and gender are…

Leader communication approaches and patient safety: An integrated model.

Science.gov (United States)

Mattson, Malin; Hellgren, Johnny; Göransson, Sara

2015-06-01

Leader communication is known to influence a number of employee behaviors. When it comes to the relationship between leader communication and safety, the evidence is more scarce and ambiguous. The aim of the present study is to investigate whether and in what way leader communication relates to safety outcomes. The study examines two leader communication approaches: leader safety priority communication and feedback to subordinates. These approaches were assumed to affect safety outcomes via different employee behaviors. Questionnaire data, collected from 221 employees at two hospital wards, were analyzed using structural equation modeling. The two examined communication approaches were both positively related to safety outcomes, although leader safety priority communication was mediated by employee compliance and feedback communication by organizational citizenship behaviors. The findings suggest that leader communication plays a vital role in improving organizational and patient safety and that different communication approaches seem to positively affect different but equally essential employee safety behaviors. The results highlights the necessity for leaders to engage in one-way communication of safety values as well as in more relational feedback communication with their subordinates in order to enhance patient safety. Copyright © 2015 Elsevier Ltd. and National Safety Council. Published by Elsevier Ltd. All rights reserved.

Possibilities and Limitations of Applying Software Reliability Growth Models to Safety- Critical Software

International Nuclear Information System (INIS)

Kim, Man Cheol; Jang, Seung Cheol; Ha, Jae Joo

2006-01-01

As digital systems are gradually introduced to nuclear power plants (NPPs), the need of quantitatively analyzing the reliability of the digital systems is also increasing. Kang and Sung identified (1) software reliability, (2) common-cause failures (CCFs), and (3) fault coverage as the three most critical factors in the reliability analysis of digital systems. For the estimation of the safety-critical software (the software that is used in safety-critical digital systems), the use of Bayesian Belief Networks (BBNs) seems to be most widely used. The use of BBNs in reliability estimation of safety-critical software is basically a process of indirectly assigning a reliability based on various observed information and experts' opinions. When software testing results or software failure histories are available, we can use a process of directly estimating the reliability of the software using various software reliability growth models such as Jelinski- Moranda model and Goel-Okumoto's nonhomogeneous Poisson process (NHPP) model. Even though it is generally known that software reliability growth models cannot be applied to safety-critical software due to small number of expected failure data from the testing of safety-critical software, we try to find possibilities and corresponding limitations of applying software reliability growth models to safety critical software

Design of safety-critical systems using the complementarities of success and failure domains with a case study

International Nuclear Information System (INIS)

Ahmed, Rizwan; Koo, June Mo; Jeong, Yong Hoon; Heo, Gyunyoung

2011-01-01

A safety-critical system has to qualify the performance-related requirements and the safety-related requirements simultaneously. Conceptually, design processes should consider both of them simultaneously but the practices do not and/or cannot follow such a theoretical approach due to the limitation of design resources. From our experience, we found that safety-related functions must be simultaneously resolved with the development of performance-related functions, particularly, in case of safety-critical systems. Since, success and failure domain analyses are essential for the investigation of performance-related and safety-related requirements, respectively, we articulated our perception to Axiomatic Design (AD), Fault Tree Analysis (FTA), and TRIZ. A design evolution procedure considering feedbacks from AD to identify functional couplings, TRIZ methodology to explore uncoupling solutions and FTA to improve reliability in a systematic way is presented here. A case study regarding design of safety injection tank installed in a nuclear power plant is also included to illustrate the proposed framework. It is expected that several iterations between AD-TRIZ-FTA would result into an optimized design which could be tested against the desired performance and safety criteria.

Design of safety-critical systems using the complementarities of success and failure domains with a case study

Energy Technology Data Exchange (ETDEWEB)

Ahmed, Rizwan; Koo, June Mo [Department of Nuclear Engineering, Kyung Hee University, Yongin-si, Gyeonggi-do 446-701 (Korea, Republic of); Jeong, Yong Hoon [Korea Advanced Institute of Science and Technology, 373-1 Guseong-dong, Yuseong-gu, Daejeon 305-701 (Korea, Republic of); Heo, Gyunyoung, E-mail: gheo@khu.ac.k [Department of Nuclear Engineering, Kyung Hee University, Yongin-si, Gyeonggi-do 446-701 (Korea, Republic of)

2011-01-15

A safety-critical system has to qualify the performance-related requirements and the safety-related requirements simultaneously. Conceptually, design processes should consider both of them simultaneously but the practices do not and/or cannot follow such a theoretical approach due to the limitation of design resources. From our experience, we found that safety-related functions must be simultaneously resolved with the development of performance-related functions, particularly, in case of safety-critical systems. Since, success and failure domain analyses are essential for the investigation of performance-related and safety-related requirements, respectively, we articulated our perception to Axiomatic Design (AD), Fault Tree Analysis (FTA), and TRIZ. A design evolution procedure considering feedbacks from AD to identify functional couplings, TRIZ methodology to explore uncoupling solutions and FTA to improve reliability in a systematic way is presented here. A case study regarding design of safety injection tank installed in a nuclear power plant is also included to illustrate the proposed framework. It is expected that several iterations between AD-TRIZ-FTA would result into an optimized design which could be tested against the desired performance and safety criteria.

Expressing best practices in (risk) analysis and testing of safety-critical systems using patterns

DEFF Research Database (Denmark)

Herzner, Wolfgang; Sieverding, Sven; Kacimi, Omar

2014-01-01

The continuing pervasion of our society with safety-critical cyber-physical systems not only demands for adequate (risk) analysis, testing and verification techniques, it also generates growing experience on their use, which can be considered as important as the tools themselves for their efficient...

Safety critical FPGA-based NPP instrumentation and control systems: assessment, development and implementation

International Nuclear Information System (INIS)

Bakhmach, E. S.; Siora, A. A.; Tokarev, V. I.; Kharchenko, V. S.; Sklyar, V. V.; Andrashov, A. A.

2010-10-01

The stages of development, production, verification, licensing and implementation methods and technologies of safety critical instrumentation and control systems for nuclear power plants (NPP) based on FPGA (Field Programmable Gates Arrays) technologies are described. A life cycle model and multi-version technologies of dependability and safety assurance of FPGA-based instrumentation and control systems are discussed. An analysis of NPP instrumentation and control systems construction principles developed by Research and Production Corporation Radiy using FPGA-technologies and results of these systems implementation and operation at Ukrainian and Bulgarian NPP are presented. The RADIY TM platform has been designed and developed by Research and Production Corporation Radiy, Ukraine. The main peculiarity of the RADIY TM platform is the use of FPGA as programmable components for logic control operation. The FPGA-based RADIY TM platform used for NPP instrumentation and control systems development ensures sca lability of system functions types, volume and peculiarities (by changing quantity and quality of sensors, actuators, input/output signals and control algorithms); sca lability of dependability (safety integrity) (by changing a number of redundant channel, tiers, diagnostic and reconfiguration procedures); sca lability of diversity (by changing types, depth and method of diversity selection). (Author)

Safety physics inter-comparison of advanced concepts of critical reactors and ADS

Energy Technology Data Exchange (ETDEWEB)

Slessarev, I. [CEA Cadarache, 13 - Saint-Paul-lez-Durance (France). Dept. d' Etudes des Reacteurs

2001-07-01

Enhanced safety based on the principle of the natural ''self-defence'' is one of the most desirable features of innovative nuclear systems (critical or sub-critical) regarding both TRU transmutation and ''clean'' energy producer concepts. For the evaluation of the ''self-defence'' domain, the method of the asymptotic reactivity balance has been generalised. The promising option of Hybrids systems (that use a symbiosis of fission and spallation in sub-critical cores) which could benefit the advantages of both Accelerated Driven Systems of the traditional type and regular critical systems, has been advocated. General features of Hybrid dynamics have been presented and analysed. It was demonstrated that an external neutron source of Hybrids can expand the inherent safety potential significantly. This analysis has been applied to assess the safety physics potential of innovative concepts for prospective nuclear power both for energy producers and for transmutation. It has been found, that safety enhancement goal defines a choice of sub-criticality of Hybrids. As for energy producers with Th-fuel cycle, a significant sub-criticality level is required due to a necessity of an improvement of neutronics together with safety enhancement task. (author)

ASIC-based design of NMR system health monitor for mission/safety?critical applications

OpenAIRE

Balasubramanian, P.

2016-01-01

N-modular redundancy (NMR) is a generic fault tolerance scheme that is widely used in safety?critical circuit/system designs to guarantee the correct operation with enhanced reliability. In passive NMR, at least a majority (N?+?1)/2 out of N function modules is expected to operate correctly at any time, where N is odd. Apart from a conventional realization of the NMR system, it would be useful to provide a concurrent indication of the system?s health so that an appropriate remedial action may...

Reliability assessment for safety critical systems by statistical random testing

International Nuclear Information System (INIS)

Mills, S.E.

1995-11-01

In this report we present an overview of reliability assessment for software and focus on some basic aspects of assessing reliability for safety critical systems by statistical random testing. We also discuss possible deviations from some essential assumptions on which the general methodology is based. These deviations appear quite likely in practical applications. We present and discuss possible remedies and adjustments and then undertake applying this methodology to a portion of the SDS1 software. We also indicate shortcomings of the methodology and possible avenues to address to follow to address these problems. (author). 128 refs., 11 tabs., 31 figs

Reliability assessment for safety critical systems by statistical random testing

Energy Technology Data Exchange (ETDEWEB)

Mills, S E [Carleton Univ., Ottawa, ON (Canada). Statistical Consulting Centre

1995-11-01

In this report we present an overview of reliability assessment for software and focus on some basic aspects of assessing reliability for safety critical systems by statistical random testing. We also discuss possible deviations from some essential assumptions on which the general methodology is based. These deviations appear quite likely in practical applications. We present and discuss possible remedies and adjustments and then undertake applying this methodology to a portion of the SDS1 software. We also indicate shortcomings of the methodology and possible avenues to address to follow to address these problems. (author). 128 refs., 11 tabs., 31 figs.

An integrated environment of software development and V and V for PLC based safety-critical systems

International Nuclear Information System (INIS)

Koo, Seo Ryong

2005-02-01

To develop and implement a safety-critical system, the requirements of the system must be analyzed thoroughly during the phases of a software development's life cycle because a single error in the requirements can generate serious software faults. We therefore propose an Integrated Environment (IE) approach for requirements which is an integrated approach that enables easy inspection by combining requirement traceability and effective use of a formal method. For the V and V tasks of requirements phase, our approach uses software inspection, requirement traceability, and formal specification with structural decomposition. Software inspection and the analysis of requirements traceability are the most effective methods of software V and V. Although formal methods are also considered an effective V and V activity, they are difficult to use properly in nuclear fields, as well as in other fields, because of their mathematical nature. We also propose another Integrated Environment (IE) for the design and implementation of safety-critical systems. In this study, a nuclear FED-style design specification and analysis (NuFDS) approach was proposed for PLC based safety-critical systems. The NuFDS approach is suggested in a straightforward manner for the effective and formal specification and analysis of software designs. Accordingly, the proposed NuFDS approach comprises one technique for specifying the software design and another for analyzing the software design. In addition, with the NuFDS approach, we can analyze the safety of software on the basis of fault tree synthesis. To analyze the design phase more effectively, we propose a technique of fault tree synthesis, along with a universal fault tree template for the architecture modules of nuclear software. Various tools have been needed to make software V and V more convenient. We therefore developed four kinds of computer-aided software engineering tools that could be used in accordance with the software's life cycle to

Identification of protective actions to reduce the vulnerability of safety-critical systems to malevolent acts: A sensitivity-based decision-making approach

International Nuclear Information System (INIS)

Wang, Tai-Ran; Pedroni, Nicola; Zio, Enrico

2016-01-01

A classification model based on the Majority Rule Sorting method has been previously proposed by the authors to evaluate the vulnerability of safety-critical systems (e.g., nuclear power plants) with respect to malevolent intentional acts. In this paper, we consider a classification model previously proposed by the authors based on the Majority Rule Sorting method to evaluate the vulnerability of safety-critical systems (e.g., nuclear power plants) with respect to malevolent intentional acts. The model is here used as the basis for solving an inverse classification problem aimed at determining a set of protective actions to reduce the level of vulnerability of the safety-critical system under consideration. To guide the choice of the set of protective actions, sensitivity indicators are originally introduced as measures of the variation in the vulnerability class that a safety-critical system is expected to undergo after the application of a given set of protective actions. These indicators form the basis of an algorithm to rank different combinations of actions according to their effectiveness in reducing the safety-critical systems vulnerability. Results obtained using these indicators are presented with regard to the application of: (i) one identified action at a time, (ii) all identified actions at the same time or (iii) a random combination of identified actions. The results are presented with reference to a fictitious example considering nuclear power plants as the safety-critical systems object of the analysis. - Highlights: • We use a hierarchical framework to represent the vulnerability. • We use an empirical classification model to evaluate vulnerability. • Sensitivity indicators are introduced to rank protective actions. • Constraints (e.g., budget limitations) are accounted for. • Method is applied to fictitious Nuclear Power Plants.

Wireless Communications in Smart Rail Transportation Systems

Directory of Open Access Journals (Sweden)

César Briso-Rodríguez

2017-01-01

Full Text Available Railway, subway, airplane, and other transportation systems have drawn an increasing interest on the use of wireless communications for critical and noncritical services to improve performance, reliability, and passengers experience. Smart transportation systems require the use of critical communications for operation and control, and wideband services can be provided using noncritical communications. High speed train (HST is one of the best test cases for the analysis of communication links and specification of the general requirements for train control and supervision, passenger communications, and onboard and infrastructure wireless sensors. In this paper, we analyze in detail critical and noncritical networks mainly using the HST as a test case. First, the different types of links for smart rail transportation are described, specifying the main requirements of the transportation systems, communications, and their applications for different services. Then, we propose a network architecture and requirements of the communication technologies for critical and noncritical data. Finally, an analysis is made for the future technologies, including the fifth-generation (5G communications, millimeter wave (mmWave, terahertz (THz, and satellites for critical and high-capacity communications in transportation.

Elements of a nuclear criticality safety program

International Nuclear Information System (INIS)

Hopper, C.M.

1995-01-01

Nuclear criticality safety programs throughout the United States are quite successful, as compared with other safety disciplines, at protecting life and property, especially when regarded as a developing safety function with no historical perspective for the cause and effect of process nuclear criticality accidents before 1943. The programs evolved through self-imposed and regulatory-imposed incentives. They are the products of conscientious individuals, supportive corporations, obliged regulators, and intervenors (political, public, and private). The maturing of nuclear criticality safety programs throughout the United States has been spasmodic, with stability provided by the volunteer standards efforts within the American Nuclear Society. This presentation provides the status, relative to current needs, for nuclear criticality safety program elements that address organization of and assignments for nuclear criticality safety program responsibilities; personnel qualifications; and analytical capabilities for the technical definition of critical, subcritical, safety and operating limits, and program quality assurance

Handbook on criticality. Vol. 1. Criticality and nuclear safety; Handbuch zur Kritikalitaet. Bd. 1. Kritikalitaet und nukleare Sicherheit

Energy Technology Data Exchange (ETDEWEB)

NONE

2015-04-15

This handbook was prepared primarily with the aim to provide information to experts in industry, authorities or research facilities engaged in criticality-safety-related problems that will allow an adequate and rapid assessment of criticality safety issues already in the planning and preparation of nuclear facilities. However, it is not the intention of the authors of the handbook to offer ready solutions to complex problems of nuclear safety. Such questions have to remain subject to an in-depth analysis and assessment to be carried out by dedicated criticality safety experts. Compared with the previous edition dated December 1998, this handbook has been further revised and supplemented. The proven basic structure of the handbook remains unchanged. The handbook follows in some ways similar criticality handbooks or instructions published in the USA, UK, France, Japan and the former Soviet Union. The expedient use of the information given in this handbook requires a fundamental understanding of criticality and the terminology of nuclear safety. In Vol. 1, ''Criticality and Nuclear Safety'', therefore, first the most important terms and fundamentals are introduced and explained. Subsequently, experimental techniques and calculation methods for evaluating criticality problems are presented. The following chapters of Vol. 1 deal i. a. with the effect of neutron reflectors and absorbers, neutron interaction, measuring methods for criticality, and organisational safety measures and provide an overview of criticality-relevant operational experience and of criticality accidents and their potential hazardous impact. Vol. 2 parts 1 and 2 finally compile criticality parameters in graphical and tabular form. The individual graph sheets are provided with an initially explained set of identifiers, to allow the quick finding of the information of current interest. Part 1 includes criticality parameters for systems with {sup 235}U as fissile material, while part

Validation and Verification of Future Integrated Safety-Critical Systems Operating under Off-Nominal Conditions

Science.gov (United States)

Belcastro, Christine M.

2010-01-01

Loss of control remains one of the largest contributors to aircraft fatal accidents worldwide. Aircraft loss-of-control accidents are highly complex in that they can result from numerous causal and contributing factors acting alone or (more often) in combination. Hence, there is no single intervention strategy to prevent these accidents and reducing them will require a holistic integrated intervention capability. Future onboard integrated system technologies developed for preventing loss of vehicle control accidents must be able to assure safe operation under the associated off-nominal conditions. The transition of these technologies into the commercial fleet will require their extensive validation and verification (V and V) and ultimate certification. The V and V of complex integrated systems poses major nontrivial technical challenges particularly for safety-critical operation under highly off-nominal conditions associated with aircraft loss-of-control events. This paper summarizes the V and V problem and presents a proposed process that could be applied to complex integrated safety-critical systems developed for preventing aircraft loss-of-control accidents. A summary of recent research accomplishments in this effort is also provided.

Criticality safety evaluation in Tokai Reprocessing Plant

International Nuclear Information System (INIS)

Shirai, Nobutoshi; Nakajima, Masayoshi; Takaya, Akikazu; Ohnuma, Hideyuki; Shirouzu, Hidetomo; Hayashi, Shinichiro; Yoshikawa, Koji; Suto, Toshiyuki

2000-04-01

Criticality limits for equipments in Tokai Reprocessing Plant which handle fissile material solution and are under shape and dimension control were reevaluated based on the guideline No.10 'Criticality safety of single unit' in the regulatory guide for reprocessing plant safety. This report presents criticality safety evaluation of each equipment as single unit. Criticality safety of multiple units in a cell or a room was also evaluated. The evaluated equipments were ones in dissolution, separation, purification, denitration, Pu product storage, and Pu conversion processes. As a result, it was reconfirmed that the equipments were safe enough from a view point of criticality safety of single unit and multiple units. (author)

Engineering design guidelines for nuclear criticality safety

International Nuclear Information System (INIS)

Waltz, W.R.

1988-08-01

This document provides general engineering design guidelines specific to nuclear criticality safety for a facility where the potential for a criticality accident exists. The guide is applicable to the design of new SRP/SRL facilities and to major modifications Of existing facilities. The document is intended an: A guide for persons actively engaged in the design process. A resource document for persons charged with design review for adequacy relative to criticality safety. A resource document for facility operating personnel. The guide defines six basic criticality safety design objectives and provides information to assist in accomplishing each objective. The guide in intended to supplement the design requirements relating to criticality safety contained in applicable Department of Energy (DOE) documents. The scope of the guide is limited to engineering design guidelines associated with criticality safety and does not include other areas of the design process, such as: criticality safety analytical methods and modeling, nor requirements for control of the design process

Safety on a Rural Community College Campus via Integrated Communications

Science.gov (United States)

Gnage, Marie Foster; Dziagwa, Connie; White, Dave

2009-01-01

West Virginia University at Parkersburg uses a two-way emergency system as a baseline for emergency communications. The college has found that such a system, a key component of its safety and crisis management plan, can be integrated with other communication initiatives to provide focused security on the campus.

Modem Communications Systems Development Guidelines in Function of Air Traffic Safety ...

Directory of Open Access Journals (Sweden)

Petar Obradović

2007-05-01

Full Text Available The communications requirements in air traffic control areincreasing in complexity. From the middle 90s, huge progress inairport infrastructure, especially in air traffic control systems,has been made in Bosnia and Herzegovina in damage rehabilitation,caused by war conflicts, owing, first of all, to the EuropeanUnion aid that contributed to the re-establishment of regularinternational air traffic. The current air traffic control systemhas matured in its functionality. Therefore, the phase of advancementand preparation for the technological improvementis the next logical step. However, before establishing a new communicationsstrategy, the current application trends have to beanalyzed in details according to the existing communicationsenvironment interfaces. The goal of this work is to find theguidelines of technological development that will result in moreefficiency, safety and economic benefit in the near future, butthe air traffic safety must not be compromised by economicbenefit.

An abnormal situation modeling method to assist operators in safety-critical systems

International Nuclear Information System (INIS)

Naderpour, Mohsen; Lu, Jie; Zhang, Guangquan

2015-01-01

One of the main causes of accidents in safety-critical systems is human error. In order to reduce human errors in the process of handling abnormal situations that are highly complex and mentally taxing activities, operators need to be supported, from a cognitive perspective, in order to reduce their workload, stress, and the consequent error rate. Of the various cognitive activities, a correct understanding of the situation, i.e. situation awareness (SA), is a crucial factor in improving performance and reducing errors. Despite the importance of SA in decision-making in time- and safety-critical situations, the difficulty of SA modeling and assessment means that very few methods have as yet been developed. This study confronts this challenge, and develops an innovative abnormal situation modeling (ASM) method that exploits the capabilities of risk indicators, Bayesian networks and fuzzy logic systems. The risk indicators are used to identify abnormal situations, Bayesian networks are utilized to model them and a fuzzy logic system is developed to assess them. The ASM method can be used in the development of situation assessment decision support systems that underlie the achievement of SA. The performance of the ASM method is tested through a real case study at a chemical plant. - Highlights: • Bayesian networks are applied to represent operators’ mental models when confront with abnormal situations. • A fuzzy logic system is used to resemble operators’ generating assessment results for every abnormal situation. • A virtual plant user interface and a prototype based on proposed method are developed to simulate a real case

Safety regulation KTA 3901: Communication systems for nuclear power plants

International Nuclear Information System (INIS)

1981-01-01

The regulation applies to communication systems in stationary nuclear power plants with at least one power plant unit, i.e. alarm systems, staff locator systems, communicators, and systems for external communication. The regulation determines the type and extent of staff communication systems as well as the demands to be made on layout, installation, operating systems, and testing of communication systems for nuclear power plants. (orig./HP) [de

Criticality safety basics, a study guide

Energy Technology Data Exchange (ETDEWEB)

V. L. Putman

1999-09-01

This document is a self-study and classroom guide, for criticality safety of activities with fissile materials outside nuclear reactors. This guide provides a basic overview of criticality safety and criticality accident prevention methods divided into three parts: theory, application, and history. Except for topic emphasis, theory and history information is general, while application information is specific to the Idaho National Engineering and Environmental Laboratory (INEEL). Information presented here should be useful to personnel who must know criticality safety basics to perform their assignments safely or to design critically safe equipment or operations. However, the guide's primary target audience is fissile material handler candidates.

Criticality safety basics, a study guide

International Nuclear Information System (INIS)

Putman, V.L.

1999-01-01

This document is a self-study and classroom guide, for criticality safety of activities with fissile materials outside nuclear reactors. This guide provides a basic overview of criticality safety and criticality accident prevention methods divided into three parts: theory, application, and history. Except for topic emphasis, theory and history information is general, while application information is specific to the Idaho National Engineering and Environmental Laboratory (INEEL). Information presented here should be useful to personnel who must know criticality safety basics to perform their assignments safely or to design critically safe equipment or operations. However, the guide's primary target audience is fissile material handler candidates

Development of the switch requirements and architecture of a safety data communication system

International Nuclear Information System (INIS)

Jeong, K.I.; Lee, J.K.; Park, H.Y.; Koo, I.S.

2004-12-01

In accordance with digitalising the Instrumentation and Control(I and C) systems in the integral reactor, a communication network is required for effective information exchanges between the different equipment, an enhancement of the design flexibility, a simple installation and cost reduction. Generally, a communication network consists of a topology, the protocol, a communication medium, an interconnection device, etc. In this report, the development methods of switch and the architecture of a Safety Data Communication System(SDCS) are investigated and analyzed. In this report, the design requirements for switch are presented, which are the essential requirements to develop the switch in a SDCS of the SMART-P. To establish these requirements, the evaluation and analysis of the design and implementation method of the COTS switches, the architecture of SDCS and the design requirements of a SDCS were performed. At the detail design stage, these requirements will be used for the top-tier requirements, especially the design target and design basis. To develop the detail design requirements in the future, more quantitative and qualitative analyses are required. In the case of selecting the COTS switch and developing the switch, these requirements will also be used for the evaluation guide

Development of the switch requirements and architecture of a safety data communication system

Energy Technology Data Exchange (ETDEWEB)

Jeong, K.I.; Lee, J.K.; Park, H.Y.; Koo, I.S

2004-12-01

In accordance with digitalising the Instrumentation and Control(I and C) systems in the integral reactor, a communication network is required for effective information exchanges between the different equipment, an enhancement of the design flexibility, a simple installation and cost reduction. Generally, a communication network consists of a topology, the protocol, a communication medium, an interconnection device, etc. In this report, the development methods of switch and the architecture of a Safety Data Communication System(SDCS) are investigated and analyzed. In this report, the design requirements for switch are presented, which are the essential requirements to develop the switch in a SDCS of the SMART-P. To establish these requirements, the evaluation and analysis of the design and implementation method of the COTS switches, the architecture of SDCS and the design requirements of a SDCS were performed. At the detail design stage, these requirements will be used for the top-tier requirements, especially the design target and design basis. To develop the detail design requirements in the future, more quantitative and qualitative analyses are required. In the case of selecting the COTS switch and developing the switch, these requirements will also be used for the evaluation guide.

ACRR fuel storage racks criticality safety analysis

International Nuclear Information System (INIS)

Bodette, D.E.; Naegeli, R.E.

1997-10-01

This document presents the criticality safety analysis for a new fuel storage rack to support modification of the Annular Core Research Reactor for production of molybdenum-99 at Sandia National Laboratories, Technical Area V facilities. Criticality calculations with the MCNP code investigated various contingencies for the criticality control parameters. Important contingencies included mix of fuel element types stored, water density due to air bubbles or water level for the over-moderated racks, interaction with existing fuel storage racks and fuel storage holsters in the fuel storage pool, neutron absorption of planned rack design and materials, and criticality changes due to manufacturing tolerances or damage. Some limitations or restrictions on use of the new fuel storage rack for storage operations were developed through the criticality analysis and are required to meet the double contingency requirements of criticality safety. As shown in the analysis, this system will remain subcritical under all credible upset conditions. Administrative controls are necessary for loading, moving, and handling the storage rack as well as for control of operations around it. 21 refs., 16 figs., 4 tabs

Formal model-based development for safety-critical embedded software

International Nuclear Information System (INIS)

Kim, Jin Hyun; Choi, Jin Young

2005-01-01

Safety-critical embedded software for nuclear I and C system is developed under the safety and reliability regulation. Programmable logic controller(PLC) is a computer system for instrumentation and control (I and C) system of nuclear power plants. PLC consists of various I and C logics in software, including real-time operating system (RTOS). Hence, errors related with RTOS should be detected and eliminated in development processes. Practically, the verification and validation for errors in RTOS is performed in test procedure, in which a lot of tasks for testing are embedded in RTOS and are running under a test environments. But the test process can not be enough to guarantee the safety and reliability of RTOS. Therefore, in this paper, we introduce to applying formal methods with the development of software for the PLC. We particularity apply formal methods to a development of RTOS for PLC, which is a safety critical level. In this development, we use the state charts of I-Logix to specify and verification and model checking to verify the specification

Formal model-based development for safety-critical embedded software

Energy Technology Data Exchange (ETDEWEB)

Kim, Jin Hyun; Choi, Jin Young [Korea University, seoul (Korea, Republic of)

2005-11-15

Safety-critical embedded software for nuclear I and C system is developed under the safety and reliability regulation. Programmable logic controller(PLC) is a computer system for instrumentation and control (I and C) system of nuclear power plants. PLC consists of various I and C logics in software, including real-time operating system (RTOS). Hence, errors related with RTOS should be detected and eliminated in development processes. Practically, the verification and validation for errors in RTOS is performed in test procedure, in which a lot of tasks for testing are embedded in RTOS and are running under a test environments. But the test process can not be enough to guarantee the safety and reliability of RTOS. Therefore, in this paper, we introduce to applying formal methods with the development of software for the PLC. We particularity apply formal methods to a development of RTOS for PLC, which is a safety critical level. In this development, we use the state charts of I-Logix to specify and verification and model checking to verify the specification.

Safety critical FPGA-based NPP instrumentation and control systems: assessment, development and implementation

Energy Technology Data Exchange (ETDEWEB)

Bakhmach, E. S.; Siora, A. A.; Tokarev, V. I. [Research and Production Corporation Radiy, 29 Geroev Stalingrada Str., Kirovograd 25006 (Ukraine); Kharchenko, V. S.; Sklyar, V. V.; Andrashov, A. A., E-mail: marketing@radiy.co [Center for Safety Infrastructure-Oriented Research and Analysis, 37 Astronomicheskaya Str., Kharkiv 61085 (Ukraine)

2010-10-15

The stages of development, production, verification, licensing and implementation methods and technologies of safety critical instrumentation and control systems for nuclear power plants (NPP) based on FPGA (Field Programmable Gates Arrays) technologies are described. A life cycle model and multi-version technologies of dependability and safety assurance of FPGA-based instrumentation and control systems are discussed. An analysis of NPP instrumentation and control systems construction principles developed by Research and Production Corporation Radiy using FPGA-technologies and results of these systems implementation and operation at Ukrainian and Bulgarian NPP are presented. The RADIY{sup TM} platform has been designed and developed by Research and Production Corporation Radiy, Ukraine. The main peculiarity of the RADIY{sup TM} platform is the use of FPGA as programmable components for logic control operation. The FPGA-based RADIY{sup TM} platform used for NPP instrumentation and control systems development ensures sca lability of system functions types, volume and peculiarities (by changing quantity and quality of sensors, actuators, input/output signals and control algorithms); sca lability of dependability (safety integrity) (by changing a number of redundant channel, tiers, diagnostic and reconfiguration procedures); sca lability of diversity (by changing types, depth and method of diversity selection). (Author)

Developing a strong safety culture - a safety management challenge

International Nuclear Information System (INIS)

Low, M.; Gipson, G. P.; Williams, M.

1995-01-01

The approach is presented adapted by Nuclear Electric to build a strong safety culture through the development of its safety management system. Two features regarded as critical to a strong safety culture are: provision of effective communications to promote an awareness and ownership of safety among craft, and commitment to continuous improvement with a genuine willingness to learn from own experiences and those from others. (N.T.) 5 refs., 4 figs., 1 tab

Nuclear data for criticality safety

International Nuclear Information System (INIS)

Westfall, R.M.

1994-01-01

A brief overview is presented on emerging requirements for new criticality safety analyses arising from applications involving nuclear waste management, facility remediation, and the storage of nuclear weapons components. A derivation of criticality analyses from the specifications of national consensus standards is given. These analyses, both static and dynamic, define the needs for nuclear data. Integral data, used primarily for analytical validation, and differential data, used in performing the analyses, are listed, along with desirable margins of uncertainty. Examples are given of needs for additional data to address systems having intermediate neutron energy spectra and/or containing nuclides of intermediate mass number

Critical experiments facility and criticality safety programs at JAERI

International Nuclear Information System (INIS)

Kobayashi, Iwao; Tachimori, Shoichi; Takeshita, Isao; Suzaki, Takenori; Miyoshi, Yoshinori; Nomura, Yasushi

1985-10-01

The nuclear criticality safety is becoming a key point in Japan in the safety considerations for nuclear installations outside reactors such as spent fuel reprocessing facilities, plutonium fuel fabrication facilities, large scale hot alboratories, and so on. Especially a large scale spent fuel reprocessing facility is being designed and would be constructed in near future, therefore extensive experimental studies are needed for compilation of our own technical standards and also for verification of safety in a potential criticality accident to obtain public acceptance. Japan Atomic Energy Research Institute is proceeding a construction program of a new criticality safety experimental facility where criticality data can be obtained for such solution fuels as mainly handled in a reprocessing facility and also chemical process experiments can be performed to investigate abnormal phenomena, e.g. plutonium behavior in solvent extraction process by using pulsed colums. In FY 1985 detail design of the facility will be completed and licensing review by the government would start in FY 1986. Experiments would start in FY 1990. Research subjects and main specifications of the facility are described. (author)

Module Testing Techniques for Nuclear Safety Critical Software Using LDRA Testing Tool

International Nuclear Information System (INIS)

Moon, Kwon-Ki; Kim, Do-Yeon; Chang, Hoon-Seon; Chang, Young-Woo; Yun, Jae-Hee; Park, Jee-Duck; Kim, Jae-Hack

2006-01-01

The safety critical software in the I and C systems of nuclear power plants requires high functional integrity and reliability. To achieve those requirement goals, the safety critical software should be verified and tested according to related codes and standards through verification and validation (V and V) activities. The safety critical software testing is performed at various stages during the development of the software, and is generally classified as three major activities: module testing, system integration testing, and system validation testing. Module testing involves the evaluation of module level functions of hardware and software. System integration testing investigates the characteristics of a collection of modules and aims at establishing their correct interactions. System validation testing demonstrates that the complete system satisfies its functional requirements. In order to generate reliable software and reduce high maintenance cost, it is important that software testing is carried out at module level. Module testing for the nuclear safety critical software has rarely been performed by formal and proven testing tools because of its various constraints. LDRA testing tool is a widely used and proven tool set that provides powerful source code testing and analysis facilities for the V and V of general purpose software and safety critical software. Use of the tool set is indispensable where software is required to be reliable and as error-free as possible, and its use brings in substantial time and cost savings, and efficiency

A software engineering process for safety-critical software application

International Nuclear Information System (INIS)

Kang, Byung Heon; Kim, Hang Bae; Chang, Hoon Seon; Jeon, Jong Sun

1995-01-01

Application of computer software to safety-critical systems in on the increase. To be successful, the software must be designed and constructed to meet the functional and performance requirements of the system. For safety reason, the software must be demonstrated not only to meet these requirements, but also to operate safely as a component within the system. For longer-term cost consideration, the software must be designed and structured to ease future maintenance and modifications. This paper presents a software engineering process for the production of safety-critical software for a nuclear power plant. The presentation is expository in nature of a viable high quality safety-critical software development. It is based on the ideas of a rational design process and on the experience of the adaptation of such process in the production of the safety-critical software for the shutdown system number two of Wolsung 2, 3 and 4 nuclear power generation plants. This process is significantly different from a conventional process in terms of rigorous software development phases and software design techniques, The process covers documentation, design, verification and testing using mathematically precise notations and highly reviewable tabular format to specify software requirements and software requirements and software requirements and code against software design using static analysis. The software engineering process described in this paper applies the principle of information-hiding decomposition in software design using a modular design technique so that when a change is required or an error is detected, the affected scope can be readily and confidently located. it also facilitates a sense of high degree of confidence in the 'correctness' of the software production, and provides a relatively simple and straightforward code implementation effort. 1 figs., 10 refs. (Author)

Improving construction site safety through leader-based verbal safety communication.

Science.gov (United States)

Kines, Pete; Andersen, Lars P S; Spangenberg, Soren; Mikkelsen, Kim L; Dyreborg, Johnny; Zohar, Dov

2010-10-01

The construction industry is one of the most injury-prone industries, in which production is usually prioritized over safety in daily on-site communication. Workers have an informal and oral culture of risk, in which safety is rarely openly expressed. This paper tests the effect of increasing leader-based on-site verbal safety communication on the level of safety and safety climate at construction sites. A pre-post intervention-control design with five construction work gangs is carried out. Foremen in two intervention groups are coached and given bi-weekly feedback about their daily verbal safety communications with their workers. Foremen-worker verbal safety exchanges (experience sampling method, n=1,693 interviews), construction site safety level (correct vs. incorrect, n=22,077 single observations), and safety climate (seven dimensions, n=105 questionnaires) are measured over a period of up to 42 weeks. Baseline measurements in the two intervention and three control groups reveal that foremen speak with their workers several times a day. Workers perceive safety as part of their verbal communication with their foremen in only 6-16% of exchanges, and the levels of safety at the sites range from 70-87% (correct observations). Measurements from baseline to follow-up in the two intervention groups reveal that safety communication between foremen and workers increases significantly in one of the groups (factor 7.1 increase), and a significant yet smaller increase is found when the two intervention groups are combined (factor 4.6). Significant increases in the level of safety are seen in both intervention groups (7% and 12% increases, respectively), particularly in regards to 'access ways' and 'railings and coverings' (39% and 84% increases, respectively). Increases in safety climate are seen in only one of the intervention groups with respect to their 'attention to safety.' No significant trend changes are seen in the three control groups on any of the three measures

Performance Testing Methodology for Safety-Critical Programmable Logic Controller

International Nuclear Information System (INIS)

Kim, Chang Ho; Oh, Do Young; Kim, Ji Hyeon; Kim, Sung Ho; Sohn, Se Do

2009-01-01

The Programmable Logic Controller (PLC) for use in Nuclear Power Plant safety-related applications is being developed and tested first time in Korea. This safety-related PLC is being developed with requirements of regulatory guideline and industry standards for safety system. To test that the quality of the developed PLC is sufficient to be used in safety critical system, document review and various product testings were performed over the development documents for S/W, H/W, and V/V. This paper provides the performance testing methodology and its effectiveness for PLC platform conducted by KOPEC

30 CFR 56.18013 - Emergency communications system.

Science.gov (United States)

2010-07-01

... 30 Mineral Resources 1 2010-07-01 2010-07-01 false Emergency communications system. 56.18013 Section 56.18013 Mineral Resources MINE SAFETY AND HEALTH ADMINISTRATION, DEPARTMENT OF LABOR METAL AND... Programs § 56.18013 Emergency communications system. A suitable communication system shall be provided at...

Development of Network Protocol for the Integrated Safety System

Energy Technology Data Exchange (ETDEWEB)

Park, S. W.; Baek, J. I.; Lee, S. H.; Park, C. S.; Park, K. H.; Shin, J. M. [Hannam Univ., Daejeon (Korea, Republic of)

2007-06-15

Communication devices in the safety system of nuclear power plants are distinguished from those developed for commercial purposes in terms of a strict requirement of safety. The concept of safety covers the determinability, the reliability, and the separation/isolation to prevent the undesirable interactions among devices. The safety also requires that these properties be never proof less. Most of the current commercialized communication products rarely have the safety properties. Moreover, they can be neither verified nor validated to satisfy the safety property of implementation process. This research proposes the novel architecture and protocol of a data communication network for the safety system in nuclear power plants.

Development of Network Protocol for the Integrated Safety System

International Nuclear Information System (INIS)

Park, S. W.; Baek, J. I.; Lee, S. H.; Park, C. S.; Park, K. H.; Shin, J. M.

2007-06-01

Communication devices in the safety system of nuclear power plants are distinguished from those developed for commercial purposes in terms of a strict requirement of safety. The concept of safety covers the determinability, the reliability, and the separation/isolation to prevent the undesirable interactions among devices. The safety also requires that these properties be never proof less. Most of the current commercialized communication products rarely have the safety properties. Moreover, they can be neither verified nor validated to satisfy the safety property of implementation process. This research proposes the novel architecture and protocol of a data communication network for the safety system in nuclear power plants

The Critical Care Communication project: improving fellows' communication skills.

Science.gov (United States)

Arnold, Robert M; Back, Anthony L; Barnato, Amber E; Prendergast, Thomas J; Emlet, Lillian L; Karpov, Irina; White, Patrick H; Nelson, Judith E

2015-04-01

The aim of this study was to develop an evidence-based communication skills training workshop to improve the communication skills of critical care fellows. Pulmonary and critical care fellows (N = 38) participated in a 3-day communication skills workshop between 2008 and 2010 involving brief didactic talks, faculty demonstration of skills, and faculty-supervised small group skills practice sessions with simulated families. Skills included the following: giving bad news, achieving consensus on goals of therapy, and discussing the limitations of life-sustaining treatment. Participants rated their skill levels in a pre-post survey in 11 core communication tasks using a 5-point Likert scale. Of 38 fellows, 36 (95%) completed all 3 days of the workshop. We compared pre and post scores using the Wilcoxon signed rank test. Overall, self-rated skills increased for all 11 tasks. In analyses by participant, 95% reported improvement in at least 1 skill; with improvement in a median of 10 of 11 skills. Ninety-two percent rated the course as either very good/excellent, and 80% recommended that it be mandatory for future fellows. This 3-day communication skills training program increased critical care fellows' self-reported family meeting communication skills. Copyright © 2014 Elsevier Inc. All rights reserved.

User acceptability--a critical success factor for picture archiving and communication system implementation.

Science.gov (United States)

Crivianu-Gaita, D; Babyn, P; Gilday, D; O'Brien, B; Charkot, E

2000-05-01

The Department of Diagnostic Imaging at the Hospital for Sick Children (HSC), Toronto, implemented a picture archiving and communication system (PACS) during the last year. This report describes our experience from the point of view of user acceptability. Based on objective data, the following key success factors were identified: user involvement in PACS planning, training, technical support, and rollout of pilot projects. Although technical factors are critical and must be addressed, the main conclusion of our study is that other nontechnical factors need to be recognized and resolved. Recognition of the importance of these factors to user acceptance and clear communication and consultation will help reduce negative user attitudes and increase the chance of a successful PACS implementation.

System-level planning, coordination, and communication: care of the critically ill and injured during pandemics and disasters: CHEST consensus statement.

Science.gov (United States)

Dichter, Jeffrey R; Kanter, Robert K; Dries, David; Luyckx, Valerie; Lim, Matthew L; Wilgis, John; Anderson, Michael R; Sarani, Babak; Hupert, Nathaniel; Mutter, Ryan; Devereaux, Asha V; Christian, Michael D; Kissoon, Niranjan

2014-10-01

System-level planning involves uniting hospitals and health systems, local/regional government agencies, emergency medical services, and other health-care entities involved in coordinating and enabling care in a major disaster. We reviewed the literature and sought expert opinions concerning system-level planning and engagement for mass critical care due to disasters or pandemics and offer suggestions for system-planning, coordination, communication, and response. The suggestions in this chapter are important for all of those involved in a pandemic or disaster with multiple critically ill or injured patients, including front-line clinicians, hospital administrators, and public health or government officials. The American College of Chest Physicians (CHEST) consensus statement development process was followed in developing suggestions. Task Force members met in person to develop nine key questions believed to be most relevant for system-planning, coordination, and communication. A systematic literature review was then performed for relevant articles and documents, reports, and other publications reported since 1993. No studies of sufficient quality were identified upon which to make evidence-based recommendations. Therefore, the panel developed expert opinion-based suggestions using a modified Delphi process. Suggestions were developed and grouped according to the following thematic elements: (1) national government support of health-care coalitions/regional health authorities (HC/RHAs), (2) teamwork within HC/RHAs, (3) system-level communication, (4) system-level surge capacity and capability, (5) pediatric patients and special populations, (6) HC/RHAs and networks, (7) models of advanced regional care systems, and (8) the use of simulation for preparedness and planning. System-level planning is essential to provide care for large numbers of critically ill patients because of disaster or pandemic. It also entails a departure from the routine, independent system and

A study on quantitative V and V of safety-critical software

International Nuclear Information System (INIS)

Eom, H. S.; Kang, H. G.; Chang, S. C.; Ha, J. J.; Son, H. S.

2004-03-01

Recently practical needs have required quantitative features for the software reliability for Probabilistic Safety Assessment which is one of the important methods being used in assessing the overall safety of nuclear power plant. But the conventional assessment methods of software reliability could not provide enough information for PSA of NPP, therefore current assessments of a digital system which includes safety-critical software usually exclude the software part or use arbitrary values. This paper describes a Bayesian Belief Networks based method that models the rule-based qualitative software assessment method for a practical use and can produce quantitative results for PSA. The framework was constructed by utilizing BBN that can combine the qualitative and quantitative evidence relevant to the reliability of safety-critical software and can infer a conclusion in a formal and a quantitative way. The case study was performed by applying the method for assessing the quality of software requirement specification of safety-critical software that will be embedded in reactor protection system

Tank farms criticality safety manual

International Nuclear Information System (INIS)

FORT, L.A.

2003-01-01

This document defines the Tank Farms Contractor (TFC) criticality safety program, as required by Title 10 Code of Federal Regulations (CFR-), Subpart 830.204(b)(6), ''Documented Safety Analysis'' (10 CFR- 830.204 (b)(6)), and US Department of Energy (DOE) 0 420.1A, Facility Safety, Section 4.3, ''Criticality Safety.'' In addition, this document contains certain best management practices, adopted by TFC management based on successful Hanford Site facility practices. Requirements in this manual are based on the contractor requirements document (CRD) found in Attachment 2 of DOE 0 420.1A, Section 4.3, ''Nuclear Criticality Safety,'' and the cited revisions of applicable standards published jointly by the American National Standards Institute (ANSI) and the American Nuclear Society (ANS) as listed in Appendix A. As an informational device, requirements directly imposed by the CRD or ANSI/ANS Standards are shown in boldface. Requirements developed as best management practices through experience and maintained consistent with Hanford Site practice are shown in italics. Recommendations and explanatory material are provided in plain type

Safety prediction for basic components of safety-critical software based on static testing

International Nuclear Information System (INIS)

Son, H.S.; Seong, P.H.

2000-01-01

The purpose of this work is to develop a safety prediction method, with which we can predict the risk of software components based on static testing results at the early development stage. The predictive model combines the major factor with the quality factor for the components, which are calculated based on the measures proposed in this work. The application to a safety-critical software system demonstrates the feasibility of the safety prediction method. (authors)

Technical considerations for the development of an engineering safety features control system with PLC

International Nuclear Information System (INIS)

Lee, C. K.; Kim, C. H.; Han, J. B.; Kim, H.; Lee, S. S.

2002-01-01

Technical considerations are summarized for the development of an ESFCS(Engineered Safety Features Control System) with PLC (Programmable Logic Controller). The ESFCS is required for the mitigation of plant accident conditions and therefore developed in conformance with the design requirements applied to the safety critical system. The design of ESFCS primarily considered its safety, and the system has an architecture that will be able to minimize spurious actuation. The PLC based functional distribution and redundant design features are adopted, and the fieldbus is applied in the communication of information and control signals between PLC processors. It is expected that the ESFCS will have several advanced design features compared with the conventional systems supplied by foreign vendors

[Communication on health and safety risk control in contemporary society: an interdisciplinary approach].

Science.gov (United States)

Rangel-S, Maria Ligia

2007-01-01

This paper discusses communication as a technology for risk control with health and safety protection and promotion, within the context of a "risk society". As a component of Risk Analysis, risk communication is a technology that appears in risk literature, with well defined objectives, principles and models. These aspects are described and the difficulties are stressed, taking into consideration the multiple rationales related to risks in the culture and the many different aspects of risk regulation and control in the so-called "late modernity". Consideration is also given to the complexity of the communications process, guided by theoretical and methodological discussions in the field. In order to understand the true value of the communications field for risk control with health and safety protection and promotion, this paper also offers an overview of communication theories that support discussions of this matter, proposing a critical approach to models that include the dimensions of power and culture in the context of a capitalist society.

Developing software for safety-critical applications

International Nuclear Information System (INIS)

Chudleigh, M.

1989-01-01

The effective implementation of many safety-critical systems involves microprocessors running software which needs to be of very high integrity. This article describes some of the problems of producing such software and the place of software within the total system. A development strategy is proposed based on three principles: the goal of defect-free development, the use of mathematical formalism, and the use of an independent team for testing. (author)

Definition and Means of Maintaining the Criticality Prevention Design Features Portion of the PFP Safety Envelope

International Nuclear Information System (INIS)

RAMBLE, A.L.

2000-01-01

The purpose of this document is to record the technical evaluation of the Operational Safety Requirements described in the Plutonium Finishing Plant Final (PFP) Operational Safety Requirements, WHC-SD-CP-OSR-010. Rev. 0-N , Section 3.1.1, ''Criticality Prevention System.'' This document, with its appendices, provides the following: (1) The results of a review of Criticality Safety Analysis Reports (CSAR), later called Criticality Safety Evaluation Reports (CSER), and Criticality Prevention Specifications (CPS) to determine which equipment or components analyzed in the CSER or CPS are considered as one of the two unlikely, independent, and concurrent changes before a criticality accident is possible. (2) Evaluations of equipment or components to determine the safety boundary for the system (Section 4). (3) A list of essential drawings that show the safety system or component (Appendix A). (4) A list of the safety envelope (SE) equipment (Appendix B). (5) Functional requirements for the individual safety envelope equipment (Sections 3 and 4). (6) A list of the operational and surveillance procedures necessary to maintain the system equipment within the safety envelope (Section 5)

Communication's Role in Safety Management and Performance for the Road Safety Practices

OpenAIRE

Salim Keffane (s)

2014-01-01

Communication among organizations could play an important role in increasing road safety. To get in-depth knowledge of its role, this study measured managers' and employees' perceptions of the communication's role on six safety management and performance criteria for road safety practices by conducting a survey using a questionnaire among 165 employees and 135 managers. Path analysis using AMOS-19 software shows that some of the safety management road safety practices have high correlation wi...

Reusable libraries for safety-critical Java

DEFF Research Database (Denmark)

Rios Rivas, Juan Ricardo; Schoeberl, Martin

2014-01-01

The large collection of Java class libraries is a main factor of the success of Java. However, these libraries assume that a garbage-collected heap is used. Safety-critical Java uses scope-based memory areas instead of a garbage-collected heap. Therefore, the Java class libraries are problematic...... to use in safety-critical Java. We have identified common programming patterns in the Java class libraries that make them unsuitable for safety-critical Java. We propose ways to improve the libraries to avoid the impact of the identified problematic patterns. We illustrate these changes by implementing...

Functional Safety Specification of Communication Profile PROFIsafe

Directory of Open Access Journals (Sweden)

Jan Rofar

2006-01-01

Full Text Available Paper maps the trends in area of safety-related communication within PROFIBUS and PROFINET industry networks. There are analyses safety measures and Fail-safe parameters of PROFIsafe profile in version V2 and their localisation in Safety Communication Layer SCL, which guarantees Safety Integrity Level SIL according to standard IEC 61508. The last chapter analyses the reaction in the event of fault during transmission of messages.

Critical Incident Stress Management (CISM) in complex systems: cultural adaptation and safety impacts in healthcare.

Science.gov (United States)

Müller-Leonhardt, Alice; Mitchell, Shannon G; Vogt, Joachim; Schürmann, Tim

2014-07-01

In complex systems, such as hospitals or air traffic control operations, critical incidents (CIs) are unavoidable. These incidents can not only become critical for victims but also for professionals working at the "sharp end" who may have to deal with critical incident stress (CIS) reactions that may be severe and impede emotional, physical, cognitive and social functioning. These CIS reactions may occur not only under exceptional conditions but also during every-day work and become an important safety issue. In contrast to air traffic management (ATM) operations in Europe, which have readily adopted critical incident stress management (CISM), most hospitals have not yet implemented comprehensive peer support programs. This survey was conducted in 2010 at the only European general hospital setting which implemented CISM program since 2004. The aim of the article is to describe possible contribution of CISM in hospital settings framed from the perspective of organizational safety and individual health for healthcare professionals. Findings affirm that daily work related incidents also can become critical for healthcare professionals. Program efficiency appears to be influenced by the professional culture, as well as organizational structure and policies. Overall, findings demonstrate that the adaptation of the CISM program in general hospitals takes time but, once established, it may serve as a mechanism for changing professional culture, thereby permitting the framing of even small incidents or near misses as an opportunity to provide valuable feedback to the system. Copyright © 2014 Elsevier Ltd. All rights reserved.

Plutonium Finishing Plant (PFP) Criticality Alarm System Commercial Grade Item (CGI) Critical Characteristics

International Nuclear Information System (INIS)

WHITE, W.F.

1999-01-01

This document specifies the critical characteristics for Commercial Grade Items (CGI) procured for PFP's criticality alarm system as required by HNF-PRO-268 and HNF-PRO-1819. These are the minimum specifications that the equipment must meet in order to properly perform its safety function. There may be several manufacturers or models that meet the critical characteristics for any one item. PFP's Criticality Alarm System includes the nine criticality alarm system panels and their associated hardware. This includes all parts up to the first breaker in the electrical distribution system. Specific system boundaries and justifications are contained in HNF-SD-CP-SDD-003, ''Definition and Means of Maintaining the Criticality Detectors and Alarms Portion of the PFP Safety Envelope.'' The procurement requirements associated with the system necessitates procurement of some system equipment as Commercial Grade Items in accordance with HNF-PRO-268, ''Control of Purchased Items and Services.''

75 FR 67807 - Pipeline Safety: Emergency Preparedness Communications

Science.gov (United States)

2010-11-03

... DEPARTMENT OF TRANSPORTATION Pipeline and Hazardous Materials Safety Administration [Docket No... is issuing an Advisory Bulletin to remind operators of gas and hazardous liquid pipeline facilities... Gas Pipeline Systems. Subject: Emergency Preparedness Communications. Advisory: To further enhance the...

Safety prediction for basic components of safety critical software based on static testing

International Nuclear Information System (INIS)

Son, H.S.; Seong, P.H.

2001-01-01

The purpose of this work is to develop a safety prediction method, with which we can predict the risk of software components based on static testing results at the early development stage. The predictive model combines the major factor with the quality factor for the components, both of which are calculated based on the measures proposed in this work. The application to a safety-critical software system demonstrates the feasibility of the safety prediction method. (authors)

Optimal task mapping in safety-critical real-time parallel systems; Placement optimal de taches pour les systemes paralleles temps-reel critiques

Energy Technology Data Exchange (ETDEWEB)

Aussagues, Ch

1998-12-11

This PhD thesis is dealing with the correct design of safety-critical real-time parallel systems. Such systems constitutes a fundamental part of high-performance systems for command and control that can be found in the nuclear domain or more generally in parallel embedded systems. The verification of their temporal correctness is the core of this thesis. our contribution is mainly in the following three points: the analysis and extension of a programming model for such real-time parallel systems; the proposal of an original method based on a new operator of synchronized product of state machines task-graphs; the validation of the approach by its implementation and evaluation. The work addresses particularly the main problem of optimal task mapping on a parallel architecture, such that the temporal constraints are globally guaranteed, i.e. the timeliness property is valid. The results incorporate also optimally criteria for the sizing and correct dimensioning of a parallel system, for instance in the number of processing elements. These criteria are connected with operational constraints of the application domain. Our approach is based on the off-line analysis of the feasibility of the deadline-driven dynamic scheduling that is used to schedule tasks inside one processor. This leads us to define the synchronized-product, a system of linear, constraints is automatically generated and then allows to calculate a maximum load of a group of tasks and then to verify their timeliness constraints. The communications, their timeliness verification and incorporation to the mapping problem is the second main contribution of this thesis. FInally, the global solving technique dealing with both task and communication aspects has been implemented and evaluated in the framework of the OASIS project in the LETI research center at the CEA/Saclay. (author) 96 refs.

A Profile for Safety Critical Java

DEFF Research Database (Denmark)

Schoeberl, Martin; Søndergaard, Hans; Thomsen, Bent

2007-01-01

We propose a new, minimal specification for real-time Java for safety critical applications. The intention is to provide a profile that supports programming of applications that can be validated against safety critical standards such as DO-178B [15]. The proposed profile is in line with the Java...... specification request JSR-302: Safety Critical Java Technology, which is still under discussion. In contrast to the current direction of the expert group for the JSR-302 we do not subset the rather complex Real-Time Specification for Java (RTSJ). Nevertheless, our profile can be implemented on top of an RTSJ...

Nuclear criticality safety practices in digestion systems of the large scale production facility of the Department of Energy at Fernald

International Nuclear Information System (INIS)

Dolan, L.C.

1982-01-01

Nuclear criticality safety practices used at the Feed Materials Production Center at Fernald, Ohio in conjunction with its metal dissolving and nonmetal, e.g., ash and ore concentrates, digesting operations are reviewed. Operating procedures with several different types of dissolver or digestor systems, i.e., metal dissolver, continuous, drum and safe geometry, are discussed. Calculations performed to verify the criticality safety of the operations are described

Communication & Society: A Critical Political Economy Perspective

Directory of Open Access Journals (Sweden)

Horst Holzer

2018-04-01

Full Text Available This paper presents the English translations of one of Horst Holzer’s works on communication and society. Holzer elaborates foundations of a critical sociology of communication(s that studies the relationship of communication and society based on the approach of critical political economy. He shows that such an approach relates communication and production, communication and capitalism; communication, ideology and fetishism; and situates communication in the context of social struggles for alternatives to capitalist social forms. The paper is followed by a postface in which Christian Fuchs contemplates why Holzer’s approach has been largely “forgotten” in the German social sciences and media and communication studies, in turn stressing the continued relevance of Holzer’s theory today.

Optimal Braking Patterns and Forces in Autonomous Safety-Critical Maneuvers

OpenAIRE

Fors, Victor

2018-01-01

The trend of more advanced driver-assistance features and the development toward autonomous vehicles enable new possibilities in the area of active safety. With more information available in the vehicle about the surrounding traffic and the road ahead, there is the possibility of improved active-safety systems that make use of this information for stability control in safety-critical maneuvers. Such a system could adaptively make a trade-off between controlling the longitudinal, lateral, and ...

Modelling of Security Principles Within Car-to-Car Communications in Modern Cooperative Intelligent Transportation Systems

Directory of Open Access Journals (Sweden)

Jan Durech

2016-01-01

Full Text Available Intelligent transportation systems (ITS bring advanced applications that provide innovative services for various transportation modes in the area of traffic control, and enable better awareness for different users. Communication connections between intelligent vehicles with the use of wireless communication standards, so called Vehicular Ad Hoc Networks (VANETs, require ensuring verification of validity of provided services as well as services related to transmission confidentiality and integrity. The goal of this paper is to analyze secure mechanisms utilised in VANET communication within Cooperative Intelligent Transportation Systems (C-ITS with a focus on safety critical applications. The practical part of the contribution is dedicated to modelling of security properties of VANET networks via OPNET Modeler tool extended by the implementation of the OpenSSL library for authentication protocol realisation based on digital signature schemes. The designed models simulate a transmission of authorised alert messages in Car-to-Car communication for several traffic scenarios with recommended Elliptic Curve Integrated Encryption Scheme (ECIES. The obtained results of the throughput and delay in the simulated network are compared for secured and no-secured communications in dependence on the selected digital signature schemes and the number of mobile nodes. The OpenSSL library has also been utilised for the comparison of time demandingness of digital signature schemes based on RSA (Rivest Shamir Adleman, DSA (Digital Signature Algorithm and ECDSA (Elliptic Curve Digital Signature Algorithm for different key-lengths suitable for real time VANET communications for safety-critical applications of C-ITS.

Communication System and Method

Science.gov (United States)

Sanders, Adam M. (Inventor); Strawser, Philip A. (Inventor)

2014-01-01

A communication system for communicating over high-latency, low bandwidth networks includes a communications processor configured to receive a collection of data from a local system, and a transceiver in communication with the communications processor. The transceiver is configured to transmit and receive data over a network according to a plurality of communication parameters. The communications processor is configured to divide the collection of data into a plurality of data streams; assign a priority level to each of the respective data streams, where the priority level reflects the criticality of the respective data stream; and modify a communication parameter of at least one of the plurality of data streams according to the priority of the at least one data stream.

Nuclear criticality safety in Canada

International Nuclear Information System (INIS)

Shultz, K.R.

1980-04-01

The approach taken to nuclear criticality safety in Canada has been influenced by the historical development of participants. The roles played by governmental agencies and private industry since the Atomic Energy Control Act was passed into Canadian Law in 1946 are outlined to set the scene for the current situation and directions that may be taken in the future. Nuclear criticality safety puts emphasis on the control of materials called special fissionable material in Canada. A brief account is given of the historical development and philosophy underlying the existing regulations governing special fissionable material. Subsequent events have led to a change in emphasis in the regulatory process that has not yet been fully integrated into Canadian legislation and regulations. Current efforts towards further development of regulations governing the practice of nuclear criticality safety are described. (auth)

Critical function monitoring system algorithm development

International Nuclear Information System (INIS)

Harmon, D.L.

1984-01-01

Accurate critical function status information is a key to operator decision-making during events threatening nuclear power plant safety. The Critical Function Monitoring System provides continuous critical function status monitoring by use of algorithms which mathematically represent the processes by which an operating staff would determine critical function status. This paper discusses in detail the systematic design methodology employed to develop adequate Critical Function Monitoring System algorithms

NMC and A and nuclear criticality safety systems integration: A prospective way for enhancement of the nuclear industry facilities safety

International Nuclear Information System (INIS)

Ryazanov, Boris G.; Sviridov, Victor I.; Frolov, Vladimir V.; Shvedov, Maxim O.; Mclaughlin, Thomas P.; Pruvost, Norman L.

2003-01-01

A considerable body of data has now been acquired about the principles, parameters and consequences of nuclear (criticality) accidents at facilities of the atomic industry in Russia, the United States, Great Britain and Japan. The total number of such accidents stands at 22. Russian and US specialists have prepared a rather extensive survey and analysis of these accidents. The final and important section of this survey is the lessons implied by the results of analysis of these 22 accidents. Among these lessons is the necessity of unconditional enforcement of control over the movement and transformations of special nuclear materials (SNM), and in particular fissile materials, (those SNMs with criticality accident concerns) during production and processing. Inadequacies in such control have been among the causes of most of the accidents that have occurred. Nuclear materials control and accounting (MC and A) for the purpose of ensuring storage reliability and nonproliferation safeguards is a major task of nuclear facilities in any nation. MC and A systems use the latest techniques and hardware for periodic control of SNM in specifically organized material balance areas. Immediate checking, periodic inventory of SNM, and measurements of the parameters of SNM at key points are the main sources of data for these systems. Data about the presence and sites of location of SNM in material balance areas that are acquired in inventories can be used for objective assessment of the status of nuclear safety. On the other hand, the inventory itself involves performance of operations that are unlike routine process engineering, and require special consideration of nuclear safety. Use of the techniques and hardware of MC and A systems not only for purposes of storage reliability, but also to ensure nuclear safety, will reduce the risk of nuclear accidents. This paper gives a concise overview of nuclear accidents that have occurred due to inadequacies in MC and A, and demonstrates

Nuclear Criticality Safety Organization training implementation. Revision 4

International Nuclear Information System (INIS)

Carroll, K.J.; Taylor, R.G.; Worley, C.A.

1997-01-01

The Nuclear Criticality Safety Organization (NCSO) is committed to developing and maintaining a staff of qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. This document provides a listing of the roles and responsibilities of NCSO personnel with respect to training and details of the Training Management System (TMS) programs, Mentoring Checklists and Checksheets, as well as other documentation utilized to implement the program. This Training Implementation document is applicable to all technical and managerial NCSO personnel, including temporary personnel, sub-contractors and/or LMES employees on loan to the NCSO, who are in a qualification program

Nuclear Criticality Safety Organization training implementation. Revision 4

Energy Technology Data Exchange (ETDEWEB)

Carroll, K.J.; Taylor, R.G.; Worley, C.A.

1997-05-19

The Nuclear Criticality Safety Organization (NCSO) is committed to developing and maintaining a staff of qualified personnel to meet the current and anticipated needs in Nuclear Criticality Safety (NCS) at the Oak Ridge Y-12 Plant. This document provides a listing of the roles and responsibilities of NCSO personnel with respect to training and details of the Training Management System (TMS) programs, Mentoring Checklists and Checksheets, as well as other documentation utilized to implement the program. This Training Implementation document is applicable to all technical and managerial NCSO personnel, including temporary personnel, sub-contractors and/or LMES employees on loan to the NCSO, who are in a qualification program.

Data rate based congestion control in V2V communication for traffic safety applications

NARCIS (Netherlands)

Belagal Math, C.; Özgür, A.; Heemstra de Groot, S.M.; Li, H.

2015-01-01

Vehicle-to-Vehicle (V2V) communication systems intend to increase safety and efficiency of the transportation networks. At high vehicle density, the communication channel may become congested, impairing the reliability of the safety applications. As a counter measure, the European Telecommunications

Critical incidents related to cardiac arrests reported to the Danish Patient Safety Database

DEFF Research Database (Denmark)

Andersen, Peter Oluf; Maaløe, Rikke; Andersen, Henning Boje

2010-01-01

Background Critical incident reports can identify areas for improvement in resuscitation practice. The Danish Patient Safety Database is a mandatory reporting system and receives critical incident reports submitted by hospital personnel. The aim of this study is to identify, analyse and categorize...... critical incidents related to cardiac arrests reported to the Danish Patient Safety Database. Methods The search terms “cardiac arrest” and “resuscitation” were used to identify reports in the Danish Patient Safety Database. Identified critical incidents were then classified into categories. Results One...

Criticality safety enhancements for SCALE 6.2 and beyond

International Nuclear Information System (INIS)

Rearden, Bradley T.; Bekar, Kursat B.; Celik, Cihangir; Clarno, Kevin T.; Dunn, Michael E.; Hart, Shane W.; Ibrahim, Ahmad M.; Johnson, Seth R.; Langley, Brandon R.; Lefebvre, Jordan P.; Lefebvre, Robert A.; Marshall, William J.; Mertyurek, Ugur; Mueller, Don; Peplow, Douglas E.; Perfetti, Christopher M.; Petrie Jr, Lester M.; Thompson, Adam B.; Wiarda, Dorothea; Wieselquist, William A.; Williams, Mark L.

2015-01-01

SCALE is a widely used suite of tools for nuclear systems modeling and simulation that provides comprehensive, verified and validated, user-friendly capabilities for criticality safety, reactor physics, radiation shielding, and sensitivity and uncertainty analysis. Since 1980, regulators, industry, and research institutions around the world have relied on SCALE for nuclear safety analysis and design. SCALE 6.2 provides several new capabilities and significant improvements in many existing features for criticality safety analysis. Enhancements are realized for nuclear data; multigroup resonance self-shielding; continuous-energy Monte Carlo analysis for sensitivity/uncertainty analysis, radiation shielding, and depletion; and graphical user interfaces. An overview of these capabilities is provided in this paper, and additional details are provided in several companion papers.

Nuclear criticality safety: 3-day training course

International Nuclear Information System (INIS)

Schlesser, J.A.

1993-06-01

The open-quotes 3-Day Training Courseclose quotes is an intensive course in criticality safety consisting of lectures and laboratory sessions, including active student participation in actual critical experiments, a visit to a plutonium processing facility, and in-depth discussions on safety philosophy. The program is directed toward personnel who currently have criticality safety responsibilities in the capacity of supervisory staff and/or line management. This compilation of notes is presented as a source reference for the criticality safety course. It represents the contributions of many people, particularly Tom McLaughlin, the course's primary instructor. It should be noted that when chapters were extracted, an attempt was made to maintain footnotes and references as originally written. Photographs and illustrations are numbered sequentially

Validation testing of safety-critical software

International Nuclear Information System (INIS)

Kim, Hang Bae; Han, Jae Bok

1995-01-01

A software engineering process has been developed for the design of safety critical software for Wolsung 2/3/4 project to satisfy the requirements of the regulatory body. Among the process, this paper described the detail process of validation testing performed to ensure that the software with its hardware, developed by the design group, satisfies the requirements of the functional specification prepared by the independent functional group. To perform the tests, test facility and test software were developed and actual safety system computer was connected. Three kinds of test cases, i.e., functional test, performance test and self-check test, were programmed and run to verify each functional specifications. Test failures were feedback to the design group to revise the software and test results were analyzed and documented in the report to submit to the regulatory body. The test methodology and procedure were very efficient and satisfactory to perform the systematic and automatic test. The test results were also acceptable and successful to verify the software acts as specified in the program functional specification. This methodology can be applied to the validation of other safety-critical software. 2 figs., 2 tabs., 14 refs. (Author)

Assessments of the kinetic and dynamic transient behavior of sub-critical systems (ADS) in comparison to critical reactor systems

International Nuclear Information System (INIS)

Schikorr, W.M.

2001-01-01

The neutron kinetic and the reactor dynamic behavior of Accelerator Driven Systems (ADS) is significantly different from those of conventional power reactor systems currently in use for the production of power. It is the objective of this study to examine and to demonstrate the intrinsic differences of the kinetic and dynamic behavior of accelerator driven systems to typical plant transient initiators in comparison to the known, kinetic and dynamic behavior of critical thermal and fast reactor systems. It will be shown that in sub-critical assemblies, changes in reactivity or in the external neutron source strength lead to an asymptotic power level essentially described by the instantaneous power change (i.e. prompt jump). Shutdown of ADS operating at high levels of sub-criticality, (i.e. k eff ∼0.99), without the support of reactivity control systems (such as control or safety rods), may be problematic in case the ability of cooling of the core should be impaired (i.e. loss of coolant flow). In addition, the dynamic behavior of sub-critical systems to typical plant transients such as protected or unprotected loss of flow (LOF) or heat sink (LOH) transients are not necessarily substantially different from the plant dynamic behavior of critical systems if the reactivity feedback coefficients of the ADS design are unfavorable. As expected, the state of sub-criticality and the temperature feedback coefficients, such as Doppler and coolant temperature coefficient, play dominant roles in determining the course and direction of plant transients. Should the combination of these safety coefficients be very unfavorable, not much additional margin in safety may be gained by making a critical system only sub-critical (i.e. k eff ∼0.95). A careful optimization procedure between the selected operating level of sub-criticality, the safety reactivity coefficients and the possible need for additional reactivity control systems seems, therefore, advisable during the early

Microbiological performance of Hazard Analysis Critical Control Point (HACCP)-based food safety management systems: A case of Nile perch processing company

NARCIS (Netherlands)

Kussaga, J.B.; Luning, P.A.; Tiisekwa, B.P.M.; Jacxsens, L.

2017-01-01

This study aimed at giving insight into microbiological safety output of a Hazard Analysis Critical Control Point (HACCP)-based Food Safety Management System (FSMS) of a Nile perch exporting company by using a combined assessment, This study aimed at giving insight into microbiological safety output

Status of criticality safety research at NUCEF

Energy Technology Data Exchange (ETDEWEB)

Nakajima, Ken [Japan Atomic Energy Research Inst., Tokai, Ibaraki (Japan). Tokai Research Establishment

1998-03-01

Two critical facilities, named STACY (Static Experiment Critical Facility) and TRACY (Transient Experiment Critical Facility), at the Nuclear Fuel Cycle Safety Engineering Research Facility (NUCEF) started their hot operations in 1995. Since then, basic experimental data for criticality safety research have been accumulated using STACY, and supercritical experiments for the study of criticality accident in a reprocessing plant have been performed using TRACY. In this paper, the outline of those critical facilities and the main results of TRACY experiments are presented. (author)

Critical headway estimation under uncertainty and non-ideal communication conditions

NARCIS (Netherlands)

Kester, L.J.H.M.; Willigen, W. van; Jongh, J.F.C.M de

2014-01-01

This article proposes a safety check extension to Adaptive Cruise Control systems where the critical headway time is estimated in real-time. This critical headway time estimate enables automated reaction to crisis circumstances such as when a preceding vehicle performs an emergency brake. We discuss

Communicating Process Achitectures 2005

NARCIS (Netherlands)

Groothuis, M.A.; Broenink, Johannes F.; Roebbers, Herman W.; Sunters, Johan P.E.; Welch, Peter H.; Wood, David C.

The awareness of the ideas characterized by Communicating Processes Architecture and their adoption by industry beyond their traditional base in safety-critical systems and security is growing. The complexity of modern computing systems has become so great that no one person – maybe not even a small

Dynamic modeling of the tradeoff between productivity and safety in critical engineering systems

International Nuclear Information System (INIS)

Cowing, Michelle M.; Elisabeth Pate-Cornell, M.; Glynn, Peter W.

2004-01-01

Short-term tradeoffs between productivity and safety often exist in the operation of critical facilities such as nuclear power plants, offshore oil platforms, or simply individual cars. For example, interruption of operations for maintenance on demand can decrease short-term productivity but may be needed to ensure safety. Operations are interrupted for several reasons: scheduled maintenance, maintenance on demand, response to warnings, subsystem failure, or a catastrophic accident. The choice of operational procedures (e.g. timing and extent of scheduled maintenance) generally affects the probabilities of both production interruptions and catastrophic failures. In this paper, we present and illustrate a dynamic probabilistic model designed to describe the long-term evolution of such a system through the different phases of operation, shutdown, and possibly accident. The model's parameters represent explicitly the effects of different components' performance on the system's safety and reliability through an engineering probabilistic risk assessment (PRA). In addition to PRA, a Markov model is used to track the evolution of the system and its components through different performance phases. The model parameters are then linked to different operations strategies, to allow computation of the effects of each management strategy on the system's long-term productivity and safety. Decision analysis is then used to support the management of the short-term trade-offs between productivity and safety in order to maximize long-term performance. The value function is that of plant managers, within the constraints set by local utility commissions and national (e.g. energy) agencies. This model is illustrated by the case of outages (planned and unplanned) in nuclear power plants to show how it can be used to guide policy decisions regarding outage frequency and plant lifetime, and more specifically, the choice of a reactor tripping policy as a function of the state of the

Proceedings of the Nuclear Criticality Technology Safety Workshop

Energy Technology Data Exchange (ETDEWEB)

Rene G. Sanchez

1998-04-01

This document contains summaries of most of the papers presented at the 1995 Nuclear Criticality Technology Safety Project (NCTSP) meeting, which was held May 16 and 17 at San Diego, Ca. The meeting was broken up into seven sessions, which covered the following topics: (1) Criticality Safety of Project Sapphire; (2) Relevant Experiments For Criticality Safety; (3) Interactions with the Former Soviet Union; (4) Misapplications and Limitations of Monte Carlo Methods Directed Toward Criticality Safety Analyses; (5) Monte Carlo Vulnerabilities of Execution and Interpretation; (6) Monte Carlo Vulnerabilities of Representation; and (7) Benchmark Comparisons.

Program of nuclear criticality safety experiment at JAERI

International Nuclear Information System (INIS)

Kobayashi, Iwao; Tachimori, Shoichi; Takeshita, Isao; Suzaki, Takenori; Ohnishi, Nobuaki

1983-11-01

JAERI is promoting the nuclear criticality safety research program, in which a new facility for criticality safety experiments (Criticality Safety Experimental Facility : CSEF) is to be built for the experiments with solution fuel. One of the experimental researches is to measure, collect and evaluate the experimental data needed for evaluation of criticality safety of the nuclear fuel cycle facilities. Another research area is a study of the phenomena themselves which are incidental to postulated critical accidents. Investigation of the scale and characteristics of the influences caused by the accident is also included in this research. The result of the conceptual design of CSEF is summarized in this report. (author)

Towards the certification of non-deterministic control systems for safety-critical applications: analysing aviation analogies for possible certification strategies

CSIR Research Space (South Africa)

Burger, CR

2011-11-01

Full Text Available Current certification criteria for safety-critical systems exclude non-deterministic control systems. This paper investigates the feasibility of using human-like monitoring strategies to achieve safe non-deterministic control using multiple...

Classification for Safety-Critical Car-Cyclist Scenarios Using Machine Learning

NARCIS (Netherlands)

Cara, I.; Gelder, E.D.

2015-01-01

The number of fatal car-cyclist accidents is increasing. Advanced Driver Assistance Systems (ADAS) can improve the safety of cyclists, but they need to be tested with realistic safety-critical car-cyclist scenarios. In order to store only relevant scenarios, an online classification algorithm is

Ontario Hydro experience in the identification and mitigation of potential failures in safety critical software systems

International Nuclear Information System (INIS)

Huget, R.G.; Viola, M.; Froebel, P.A.

1995-01-01

Ontario Hydro has had experience in designing and qualifying safety critical software used in the reactor shutdown systems of its nuclear generating stations. During software design, an analysis of system level hazards and potential hardware failure effects provide input to determining what safeguards will be needed. One form of safeguard, called software self checks, continually monitor the health of the computer on line. The design of self checks usually is a trade off between the amount of computing resources required, the software complexity, and the level of safeguarding provided. As part of the software verification activity, a software hazards analysis is performed, which identifiers any failure modes that could lead to the software causing an unsafe state, and which recommends changes to mitigate that potential. These recommendations may involve a re-structuring of the software to be more resistant to failure, or the introduction of other safeguarding measures. This paper discusses how Ontario Hydro has implemented these aspects of software design and verification into safety critical software used in reactor shutdown systems

Towards Future Broadband Public Safety Systems: Current Issues and Future Directions

DEFF Research Database (Denmark)

Popovska Avramova, Andrijana; Ruepp, Sarah Renée; Dittmann, Lars

2015-01-01

The vision of the Fifth generation (5G) of mobile communication is that it will be an umbrella for communications for various vertical industries that have different requirements for delay, data rates, reliability, availability, and security. 5G will not be a single technology - rather a converge......The vision of the Fifth generation (5G) of mobile communication is that it will be an umbrella for communications for various vertical industries that have different requirements for delay, data rates, reliability, availability, and security. 5G will not be a single technology - rather...... a convergence of not just new revolutionary technologies, but of the already existing, and evolving technologies as well. This paper analyses the impact of convergence and its importance to the evolution of critical communication systems, both with respect to the fundamental features of the public safety...

Regenerative braking strategies, vehicle safety and stability control systems: critical use-case proposals

Science.gov (United States)

Oleksowicz, Selim A.; Burnham, Keith J.; Southgate, Adam; McCoy, Chris; Waite, Gary; Hardwick, Graham; Harrington, Cian; McMurran, Ross

2013-05-01

The sustainable development of vehicle propulsion systems that have mainly focused on reduction of fuel consumption (i.e. CO2 emission) has led, not only to the development of systems connected with combustion processes but also to legislation and testing procedures. In recent years, the low carbon policy has made hybrid vehicles and fully electric vehicles (H/EVs) popular. The main virtue of these propulsion systems is their ability to restore some of the expended energy from kinetic movement, e.g. the braking process. Consequently new research and testing methods for H/EVs are currently being developed. This especially concerns the critical 'use-cases' for functionality tests within dynamic events for both virtual simulations, as well as real-time road tests. The use-case for conventional vehicles for numerical simulations and road tests are well established. However, the wide variety of tests and their great number (close to a thousand) creates a need for selection, in the first place, and the creation of critical use-cases suitable for testing H/EVs in both virtual and real-world environments. It is known that a marginal improvement in the regenerative braking ratio can significantly improve the vehicle range and, therefore, the economic cost of its operation. In modern vehicles, vehicle dynamics control systems play the principal role in safety, comfort and economic operation. Unfortunately, however, the existing standard road test scenarios are insufficient for H/EVs. Sector knowledge suggests that there are currently no agreed tests scenarios to fully investigate the effects of brake blending between conventional and regenerative braking as well as the regenerative braking interaction with active driving safety systems (ADSS). The paper presents seven manoeuvres, which are considered to be suitable and highly informative for the development and examination of H/EVs with regenerative braking capability. The critical manoeuvres presented are considered to be

The International Criticality Safety Benchmark Evaluation Project

International Nuclear Information System (INIS)

Briggs, B. J.; Dean, V. F.; Pesic, M. P.

2001-01-01

In order to properly manage the risk of a nuclear criticality accident, it is important to establish the conditions for which such an accident becomes possible for any activity involving fissile material. Only when this information is known is it possible to establish the likelihood of actually achieving such conditions. It is therefore important that criticality safety analysts have confidence in the accuracy of their calculations. Confidence in analytical results can only be gained through comparison of those results with experimental data. The Criticality Safety Benchmark Evaluation Project (CSBEP) was initiated in October of 1992 by the US Department of Energy. The project was managed through the Idaho National Engineering and Environmental Laboratory (INEEL), but involved nationally known criticality safety experts from Los Alamos National Laboratory, Lawrence Livermore National Laboratory, Savannah River Technology Center, Oak Ridge National Laboratory and the Y-12 Plant, Hanford, Argonne National Laboratory, and the Rocky Flats Plant. An International Criticality Safety Data Exchange component was added to the project during 1994 and the project became what is currently known as the International Criticality Safety Benchmark Evaluation Project (ICSBEP). Representatives from the United Kingdom, France, Japan, the Russian Federation, Hungary, Kazakhstan, Korea, Slovenia, Yugoslavia, Spain, and Israel are now participating on the project In December of 1994, the ICSBEP became an official activity of the Organization for Economic Cooperation and Development - Nuclear Energy Agency's (OECD-NEA) Nuclear Science Committee. The United States currently remains the lead country, providing most of the administrative support. The purpose of the ICSBEP is to: (1) identify and evaluate a comprehensive set of critical benchmark data; (2) verify the data, to the extent possible, by reviewing original and subsequently revised documentation, and by talking with the

Resilience Engineering in Critical Long Term Aerospace Software Systems: A New Approach to Spacecraft Software Safety

Science.gov (United States)

Dulo, D. A.

Safety critical software systems permeate spacecraft, and in a long term venture like a starship would be pervasive in every system of the spacecraft. Yet software failure today continues to plague both the systems and the organizations that develop them resulting in the loss of life, time, money, and valuable system platforms. A starship cannot afford this type of software failure in long journeys away from home. A single software failure could have catastrophic results for the spaceship and the crew onboard. This paper will offer a new approach to developing safe reliable software systems through focusing not on the traditional safety/reliability engineering paradigms but rather by focusing on a new paradigm: Resilience and Failure Obviation Engineering. The foremost objective of this approach is the obviation of failure, coupled with the ability of a software system to prevent or adapt to complex changing conditions in real time as a safety valve should failure occur to ensure safe system continuity. Through this approach, safety is ensured through foresight to anticipate failure and to adapt to risk in real time before failure occurs. In a starship, this type of software engineering is vital. Through software developed in a resilient manner, a starship would have reduced or eliminated software failure, and would have the ability to rapidly adapt should a software system become unstable or unsafe. As a result, long term software safety, reliability, and resilience would be present for a successful long term starship mission.

Criticality safety validation of MCNP5 using continuous energy libraries

International Nuclear Information System (INIS)

Salome, Jean A.D.; Pereira, Claubia; Assuncao, Jonathan B.A.; Veloso, Maria Auxiliadora F.; Costa, Antonella L.; Silva, Clarysson A.M. da

2013-01-01

The study of subcritical systems is very important in the design, installation and operation of various devices, mainly nuclear reactors and power plants. The information generated by these systems guide the decisions to be taken in the executive project, the economic viability and the safety measures to be employed in a nuclear facility. Simulating some experiments from the International Handbook of Evaluated Criticality Safety Benchmark Experiments, the code MCNP5 was validated to nuclear criticality analysis. Its continuous libraries were used. The average values and standard deviation (SD) were evaluated. The results obtained with the code are very similar to the values obtained by the benchmark experiments. (author)

A Critical Organizational Communication Framework for Communication and Instruction Scholarship: Narrative Explorations of Resistance, Racism, and Pedagogy

Science.gov (United States)

Rudick, C. Kyle

2017-01-01

This study utilized a critical organizational communication framework to understand how student resistance is performed in relation to hegemonic systems that are (re)constituted through communication within and beyond the classroom (i.e., an institutional culture). I conducted multiple semistructured interviews with 14 self-identified students of…

Realism in nuclear criticality safety

International Nuclear Information System (INIS)

McLaughlin, T. P.

2009-01-01

Commercial nuclear power plant operation and regulation have made remarkable progress since the Three Mile Island Accident. This is attributed largely to a heavy dose of introspection and self-regulation by the industry and to a significant infusion of risk-informed and performance-based regulation by the Nuclear Regulatory Commission. This truly represents reality in action both by the plant operators and the regulators. On the other hand, the implementation of nuclear criticality safety in ex-reactor operations involving significant quantities of fissile material has not progressed, but, tragically, it has regressed. Not only is the practice of the discipline in excess of a factor of ten more expensive than decades ago; the trend continues. This unfortunate reality is attributed to a lack of coordination within the industry (as contrasted to what occurred in the reactor operations sector), and to a lack of implementation of risk-informed and performance-based regulation by the NRC While the criticality safety discipline is orders of magnitude smaller than the reactor safety discipline, both operators and regulators must learn from the progress made in reactor safety and apply it to the former to reduce the waste, inefficiency and potentially increased accident risks associated with current practices. Only when these changes are made will there be progress made toward putting realism back into nuclear criticality safety. (authors)

Safety and communication, a winning combination

CERN Multimedia

HSE Unit

2014-01-01

Since 2013, in line with its mission to support CERN’s proactive communication policy in matters of safety, the HSE unit has been following an annual plan for disseminating information on occupational health and safety and environmental protection.   Safety information designed to underline the importance of prevention is published through a variety of channels: Announcements in the CERN Bulletin, Safety bulletins, notably outlining lessons to be learned in the wake of accidents/incidents occuring at CERN, Safety alerts calling for immediate action, sent by e-mail to the services concerned, Prevention campaigns on the CERN site, Poster campaigns in well frequented public areas. Photo: Christoph Balle. Please heed all prevention messages and apply them in your everyday life. Also, we will be pleased to receive any information or suggestions you may have on safety matters. If you have questions about the HSE unit’s communication activities, please send us an e...

Introduction to 'International Handbook of Criticality Safety Benchmark Experiments'

International Nuclear Information System (INIS)

Komuro, Yuichi

1998-01-01

The Criticality Safety Benchmark Evaluation Project (CSBEP) was initiated in 1992 by the United States Department of Energy. The project quickly became an international effort as scientists from other interested countries became involved. The International Criticality Safety Benchmark Evaluation Project (ICSBEP) is now an official activity of the Organization for Economic Cooperation and Development-Nuclear Energy Agency (OECD-NEA). 'International Handbook of Criticality Safety Benchmark Experiments' was prepared and is updated year by year by the working group of the project. This handbook contains criticality safety benchmark specifications that have been derived from experiments that were performed at various nuclear critical facilities around the world. The benchmark specifications are intended for use by criticality safety engineers to validate calculation techniques used. The author briefly introduces the informative handbook and would like to encourage Japanese engineers who are in charge of nuclear criticality safety to use the handbook. (author)

High-Intensity Radiated Field Fault-Injection Experiment for a Fault-Tolerant Distributed Communication System

Science.gov (United States)

Yates, Amy M.; Torres-Pomales, Wilfredo; Malekpour, Mahyar R.; Gonzalez, Oscar R.; Gray, W. Steven

2010-01-01

Safety-critical distributed flight control systems require robustness in the presence of faults. In general, these systems consist of a number of input/output (I/O) and computation nodes interacting through a fault-tolerant data communication system. The communication system transfers sensor data and control commands and can handle most faults under typical operating conditions. However, the performance of the closed-loop system can be adversely affected as a result of operating in harsh environments. In particular, High-Intensity Radiated Field (HIRF) environments have the potential to cause random fault manifestations in individual avionic components and to generate simultaneous system-wide communication faults that overwhelm existing fault management mechanisms. This paper presents the design of an experiment conducted at the NASA Langley Research Center's HIRF Laboratory to statistically characterize the faults that a HIRF environment can trigger on a single node of a distributed flight control system.

Minimum qualifications for nuclear criticality safety professionals

International Nuclear Information System (INIS)

Ketzlach, N.

1990-01-01

A Nuclear Criticality Technology and Safety Training Committee has been established within the U.S. Department of Energy (DOE) Nuclear Criticality Safety and Technology Project to review and, if necessary, develop standards for the training of personnel involved in nuclear criticality safety (NCS). The committee is exploring the need for developing a standard or other mechanism for establishing minimum qualifications for NCS professionals. The development of standards and regulatory guides for nuclear power plant personnel may serve as a guide in developing the minimum qualifications for NCS professionals

ICSBEP-2007, International Criticality Safety Benchmark Experiment Handbook

International Nuclear Information System (INIS)

Blair Briggs, J.

2007-01-01

1 - Description: The Critically Safety Benchmark Evaluation Project (CSBEP) was initiated in October of 1992 by the United Sates Department of Energy. The project quickly became an international effort as scientist from other interested countries became involved. The International Criticality Safety Benchmark Evaluation Project (ICSBEP) is now an official activity of the Organization of Economic Cooperation and Development - Nuclear Energy Agency (OECD-NEA). This handbook contains criticality safety benchmark specifications that have been derived from experiments that were performed at various nuclear critical facilities around the world. The benchmark specifications are intended for use by criticality safety engineers to validate calculational techniques used to establish minimum subcritical margins for operations with fissile material. The example calculations presented do not constitute a validation of the codes or cross section data. The work of the ICSBEP is documented as an International Handbook of Evaluated Criticality Safety Benchmark Experiments. Currently, the handbook spans over 42,000 pages and contains 464 evaluations representing 4,092 critical, near-critical, or subcritical configurations and 21 criticality alarm placement/shielding configurations with multiple dose points for each and 46 configurations that have been categorized as fundamental physics measurements that are relevant to criticality safety applications. The handbook is intended for use by criticality safety analysts to perform necessary validations of their calculational techniques and is expected to be a valuable tool for decades to come. The ICSBEP Handbook is available on DVD. You may request a DVD by completing the DVD Request Form on the internet. Access to the Handbook on the Internet requires a password. You may request a password by completing the Password Request Form. The Web address is: http://icsbep.inel.gov/handbook.shtml 2 - Method of solution: Experiments that are found

SRTC criticality safety technical review: Nuclear Criticality Safety Evaluation 93-04 enriched uranium receipt

International Nuclear Information System (INIS)

Rathbun, R.

1993-01-01

Review of NMP-NCS-930087, open-quotes Nuclear Criticality Safety Evaluation 93-04 Enriched Uranium Receipt (U), July 30, 1993, close quotes was requested of SRTC (Savannah River Technology Center) Applied Physics Group. The NCSE is a criticality assessment to determine the mass limit for Engineered Low Level Trench (ELLT) waste uranium burial. The intent is to bury uranium in pits that would be separated by a specified amount of undisturbed soil. The scope of the technical review, documented in this report, consisted of (1) an independent check of the methods and models employed, (2) independent HRXN/KENO-V.a calculations of alternate configurations, (3) application of ANSI/ANS 8.1, and (4) verification of WSRC Nuclear Criticality Safety Manual procedures. The NCSE under review concludes that a 500 gram limit per burial position is acceptable to ensure the burial site remains in a critically safe configuration for all normal and single credible abnormal conditions. This reviewer agrees with that conclusion

International handbook of evaluated criticality safety benchmark experiments

International Nuclear Information System (INIS)

2010-01-01

The Criticality Safety Benchmark Evaluation Project (CSBEP) was initiated in October of 1992 by the United States Department of Energy. The project quickly became an international effort as scientists from other interested countries became involved. The International Criticality Safety Benchmark Evaluation Project (ICSBEP) became an official activity of the Organization for Economic Cooperation and Development - Nuclear Energy Agency (OECD-NEA) in 1995. This handbook contains criticality safety benchmark specifications that have been derived from experiments performed at various nuclear critical facilities around the world. The benchmark specifications are intended for use by criticality safety engineers to validate calculational techniques used to establish minimum subcritical margins for operations with fissile material and to determine criticality alarm requirement and placement. Many of the specifications are also useful for nuclear data testing. Example calculations are presented; however, these calculations do not constitute a validation of the codes or cross section data. The evaluated criticality safety benchmark data are given in nine volumes. These volumes span over 55,000 pages and contain 516 evaluations with benchmark specifications for 4,405 critical, near critical, or subcritical configurations, 24 criticality alarm placement / shielding configurations with multiple dose points for each, and 200 configurations that have been categorized as fundamental physics measurements that are relevant to criticality safety applications. Experiments that are found unacceptable for use as criticality safety benchmark experiments are discussed in these evaluations; however, benchmark specifications are not derived for such experiments (in some cases models are provided in an appendix). Approximately 770 experimental configurations are categorized as unacceptable for use as criticality safety benchmark experiments. Additional evaluations are in progress and will be

Reliability Analysis Techniques for Communication Networks in Nuclear Power Plant

International Nuclear Information System (INIS)

Lim, T. J.; Jang, S. C.; Kang, H. G.; Kim, M. C.; Eom, H. S.; Lee, H. J.

2006-09-01

The objectives of this project is to investigate and study existing reliability analysis techniques for communication networks in order to develop reliability analysis models for nuclear power plant's safety-critical networks. It is necessary to make a comprehensive survey of current methodologies for communication network reliability. Major outputs of this study are design characteristics of safety-critical communication networks, efficient algorithms for quantifying reliability of communication networks, and preliminary models for assessing reliability of safety-critical communication networks

Nuclear Criticality Safety Data Book

Energy Technology Data Exchange (ETDEWEB)

Hollenbach, D. F. [Y-12 National Security Complex, Oak Ridge, TN (United States)

2016-11-14

The objective of this document is to support the revision of criticality safety process studies (CSPSs) for the Uranium Processing Facility (UPF) at the Y-12 National Security Complex (Y-12). This design analysis and calculation (DAC) document contains development and justification for generic inputs typically used in Nuclear Criticality Safety (NCS) DACs to model both normal and abnormal conditions of processes at UPF to support CSPSs. This will provide consistency between NCS DACs and efficiency in preparation and review of DACs, as frequently used data are provided in one reference source.

Nuclear Criticality Safety Data Book

International Nuclear Information System (INIS)

Hollenbach, D. F.

2016-01-01

The objective of this document is to support the revision of criticality safety process studies (CSPSs) for the Uranium Processing Facility (UPF) at the Y-12 National Security Complex (Y-12). This design analysis and calculation (DAC) document contains development and justification for generic inputs typically used in Nuclear Criticality Safety (NCS) DACs to model both normal and abnormal conditions of processes at UPF to support CSPSs. This will provide consistency between NCS DACs and efficiency in preparation and review of DACs, as frequently used data are provided in one reference source.

Quantitative Safety and Security Analysis from a Communication Perspective

DEFF Research Database (Denmark)

Malinowsky, Boris; Schwefel, Hans-Peter; Jung, Oliver

2014-01-01

This paper introduces and exemplifies a trade-off analysis of safety and security properties in distributed systems. The aim is to support analysis for real-time communication and authentication building blocks in a wireless communication scenario. By embedding an authentication scheme into a real...... at handover situations in a IEEE 802.11 wireless setup between mobile nodes and access points. The trade-offs involve application-layer data goodput, probability of completed handovers, and effect on usable protocol slots, to quantify the impact of security from a lower-layer communication perspective...

Researches on nuclear criticality safety evaluation

Energy Technology Data Exchange (ETDEWEB)

Okuno, Hiroshi; Suyama, Kenya; Nomura, Yasushi [Japan Atomic Energy Research Inst., Tokai, Ibaraki (Japan). Tokai Research Establishment

2003-10-01

For criticality safety evaluation of burnup fuel, the general-purpose burnup calculation code, SWAT, was revised, and its precision was confirmed through comparison with other results from OECD/NEA's burnup credit benchmarks. Effect by replacing the evaluated nuclear data from JENDL-3.2 to ENDF/B-VI and JEF-2.2 was also studied. Correction factors were derived for conservative evaluation of nuclide concentrations obtained with the simplified burnup code ORIGEN2.1. The critical masses of curium were calculated and evaluated for nuclear criticality safety management of minor actinides. (author)

Researches on nuclear criticality safety evaluation

International Nuclear Information System (INIS)

Okuno, Hiroshi; Suyama, Kenya; Nomura, Yasushi

2003-01-01

For criticality safety evaluation of burnup fuel, the general-purpose burnup calculation code, SWAT, was revised, and its precision was confirmed through comparison with other results from OECD/NEA's burnup credit benchmarks. Effect by replacing the evaluated nuclear data from JENDL-3.2 to ENDF/B-VI and JEF-2.2 was also studied. Correction factors were derived for conservative evaluation of nuclide concentrations obtained with the simplified burnup code ORIGEN2.1. The critical masses of curium were calculated and evaluated for nuclear criticality safety management of minor actinides. (author)

Implementing augmentative and alternative communication in critical care settings: Perspectives of healthcare professionals.

Science.gov (United States)

Handberg, Charlotte; Voss, Anna Katarina

2018-01-01

To describe the perspectives of healthcare professionals caring for intubated patients on implementing augmentative and alternative communication (AAC) in critical care settings. Patients in critical care settings subjected to endotracheal intubation suffer from a temporary functional speech disorder and can also experience anxiety, stress and delirium, leading to longer and more complicated hospitalisation and rehabilitation. Little is known about the use of AAC in critical care settings. The design was informed by interpretive descriptive methodology along with the theoretical framework symbolic interactionism, which guided the study of healthcare professionals (n = 48) in five different intensive care units. Data were generated through participant observations and 10 focus group interviews. The findings represent an understanding of the healthcare professionals' perspectives on implementing AAC in critical care settings and revealed three themes. Caring Ontology was the foundation of the healthcare professionals' profession. Cultural Belief represented the actual premise in the interactions during the healthcare professionals' work, saving lives in a biomedical setting whilst appearing competent and efficient, leading to Triggered Conduct and giving low priority to psychosocial issues like communication. Lack of the ability to communicate puts patients at greater risk of receiving poorer treatment, which supports the pressuring need to implement and use AAC in critical care. It is documented that culture in biomedical paradigms can have consequences that are the opposite of the staffs' ideals. The findings may guide staff in implementing AAC strategies in their communication with patients and at the same time preserve their caring ontology and professional pride. Improving communication strategies may improve patient safety and make a difference in patient outcomes. Increased knowledge of and familiarity with AAC strategies may provide healthcare professionals

High level issues in reliability quantification of safety-critical software

International Nuclear Information System (INIS)

Kim, Man Cheol

2012-01-01

For the purpose of developing a consensus method for the reliability assessment of safety-critical digital instrumentation and control systems in nuclear power plants, several high level issues in reliability assessment of the safety-critical software based on Bayesian belief network modeling and statistical testing are discussed. Related to the Bayesian belief network modeling, the relation between the assessment approach and the sources of evidence, the relation between qualitative evidence and quantitative evidence, how to consider qualitative evidence, and the cause-consequence relation are discussed. Related to the statistical testing, the need of the consideration of context-specific software failure probabilities and the inability to perform a huge number of tests in the real world are discussed. The discussions in this paper are expected to provide a common basis for future discussions on the reliability assessment of safety-critical software. (author)

Introduction of the system of hazard analysis critical control point to ensure the safety of irradiated food

International Nuclear Information System (INIS)

Sajet, A.S.

2014-01-01

Hazard Analysis Critical Control Point (HACCP) is a preventive system for food safety. It identifies safety risks faced by food. Identified points are controlled ensuring product safety. Because of presence of many of the pathogenic microorganisms and parasites in food which caused cases of food poisoning and many diseases transmitted through food, the current methods of food production could not prevent food contamination or prevent the growth of these pathogens completely because of being a part of the normal flora in the environment. Irradiation technology helped to control diseases transmitted through food, caused by pathological microorganisms and parasites present in food. The application of a system based on risk analysis as a means of risk management in food chain, demonstrated the importance of food irradiation. (author)

CTMCONTROL: Addressing the MC/DC Objective for Safety-Critical Automotive Software

OpenAIRE

Mjeda , Anila; Hinchey , Mike

2013-01-01

International audience; We propose a method tailored to the requirements of safety-critical embedded automotive software, named CTMCONTROL. CTMCONTROL has a par-ticular focus on the specification-based control logic of the system under test and offers improvements in testing coverage metrics over a classic method which is routinely used in industry. The proposed method targets the Modified Condition/ Decision Coverage (MC/DC) objective for automotive safety-critical software. CTMCONTROL is va...

Criticality Safety Evaluation of Hanford Tank Farms Facility

Energy Technology Data Exchange (ETDEWEB)

WEISS, E.V.

2000-12-15

Data and calculations from previous criticality safety evaluations and analyses were used to evaluate criticality safety for the entire Tank Farms facility to support the continued waste storage mission. This criticality safety evaluation concludes that a criticality accident at the Tank Farms facility is an incredible event due to the existing form (chemistry) and distribution (neutron absorbers) of tank waste. Limits and controls for receipt of waste from other facilities and maintenance of tank waste condition are set forth to maintain the margin subcriticality in tank waste.

Criticality Safety Evaluation of Hanford Tank Farms Facility

International Nuclear Information System (INIS)

WEISS, E.V.

2000-01-01

Data and calculations from previous criticality safety evaluations and analyses were used to evaluate criticality safety for the entire Tank Farms facility to support the continued waste storage mission. This criticality safety evaluation concludes that a criticality accident at the Tank Farms facility is an incredible event due to the existing form (chemistry) and distribution (neutron absorbers) of tank waste. Limits and controls for receipt of waste from other facilities and maintenance of tank waste condition are set forth to maintain the margin subcriticality in tank waste

DRY TRANSFER FACILITY CRITICALITY SAFETY CALCULATIONS

International Nuclear Information System (INIS)

C.E. Sanders

2005-01-01

This design calculation updates the previous criticality evaluation for the fuel handling, transfer, and staging operations to be performed in the Dry Transfer Facility (DTF) including the remediation area. The purpose of the calculation is to demonstrate that operations performed in the DTF and RF meet the nuclear criticality safety design criteria specified in the ''Project Design Criteria (PDC) Document'' (BSC 2004 [DIRS 171599], Section 4.9.2.2), the nuclear facility safety requirement in ''Project Requirements Document'' (Canori and Leitner 2003 [DIRS 166275], p. 4-206), the functional/operational nuclear safety requirement in the ''Project Functional and Operational Requirements'' document (Curry 2004 [DIRS 170557], p. 75), and the functional nuclear criticality safety requirements described in the ''Dry Transfer Facility Description Document'' (BSC 2005 [DIRS 173737], p. 3-8). A description of the changes is as follows: (1) Update the supporting calculations for the various Category 1 and 2 event sequences as identified in the ''Categorization of Event Sequences for License Application'' (BSC 2005 [DIRS 171429], Section 7). (2) Update the criticality safety calculations for the DTF staging racks and the remediation pool to reflect the current design. This design calculation focuses on commercial spent nuclear fuel (SNF) assemblies, i.e., pressurized water reactor (PWR) and boiling water reactor (BWR) SNF. U.S. Department of Energy (DOE) Environmental Management (EM) owned SNF is evaluated in depth in the ''Canister Handling Facility Criticality Safety Calculations'' (BSC 2005 [DIRS 173284]) and is also applicable to DTF operations. Further, the design and safety analyses of the naval SNF canisters are the responsibility of the U.S. Department of the Navy (Naval Nuclear Propulsion Program) and will not be included in this document. Also, note that the results for the Monitored Geologic Repository (MGR) Site specific Cask (MSC) calculations are limited to the

Critical safety issues in the design of fusion machines

International Nuclear Information System (INIS)

Kramer, W.

1991-01-01

In the course of developing fusion machines both general safety considerations and safety assessments for the various components and systems of actual machines increase in number and become more and more coherent. This is particularly true for the NET/ITER projects where safety analysis plays an increasing role for the design of the machine. Since in a D/T tokamak the radiological hazards will be dominant basic radiological safety objectives are discussed. Critical safety issues as identified in particular by the NET/ITER community are reviewed. Subsequently, issues of major concern are considered both for normal operation and for conceivable accidents. The following accidents are considered to be crucial: Loss of cooling in plasma facing components, loss of vacuum, tritium system failure, and magnet system failure. To mitigate accident consequences a confinement concept based on passive features and multiple barriers including detritiation and filtering has to be applied. The reactor building as final barrier needs special attention to cope with both internal and external hazards. (orig.)

Technical Excellence and Communication: The Cornerstones for Successful Safety and Mission Assurance Programs

Science.gov (United States)

Malone, Roy W.; Livingston, John M.

2010-01-01

The paper describes the role of technical excellence and communication in the development and maintenance of safety and mission assurance programs. The Marshall Space Flight Center (MSFC) Safety and Mission Assurance (S&MA) organization is used to illustrate philosophies and techniques that strengthen safety and mission assurance efforts and that contribute to healthy and effective organizational cultures. The events and conditions leading to the development of the MSFC S&MA organization are reviewed. Historic issues and concerns are identified. The adverse effects of resource limitations and risk assessment roles are discussed. The structure and functions of the core safety, reliability, and quality assurance functions are presented. The current organization s mission and vision commitments serve as the starting points for the description of the current organization. The goals and objectives are presented that address the criticisms of the predecessor organizations. Additional improvements are presented that address the development of technical excellence and the steps taken to improve communication within the Center, with program customers, and with other Agency S&MA organizations.

Technical Excellence and Communication, the Cornerstones for Successful Safety and Mission Assurance Programs

Science.gov (United States)

Malone, Roy W.; Livingston, John M.

2010-09-01

The paper describes the role of technical excellence and communication in the development and maintenance of safety and mission assurance programs. The Marshall Space Flight Center(MSFC) Safety and Mission Assurance(S&MA) organization is used to illustrate philosophies and techniques that strengthen safety and mission assurance efforts and that contribute to healthy and effective organizational cultures. The events and conditions leading to the development of the MSFC S&MA organization are reviewed. Historic issues and concerns are identified. The adverse effects of resource limitations and risk assessment roles are discussed. The structure and functions of the core safety, reliability, and quality assurance functions are presented. The current organization’s mission and vision commitments serve as the starting points for the description of the current organization. The goals and objectives are presented that address the criticisms of the predecessor organizations. Additional improvements are presented that address the development of technical excellence and the steps taken to improve communication within the Center, with program customers, and with other Agency S&MA organizations.

Real-time software use in nuclear materials handling criticality safety control

International Nuclear Information System (INIS)

Huang, S.; Lappa, D.; Chiao, T.; Parrish, C.; Carlson, R.; Lewis, J.; Shikany, D.; Woo, H.

1997-01-01

This paper addresses the use of real-time software to assist handlers of fissionable nuclear material. We focus specifically on the issue of workstation mass limits, and the need for handlers to be aware of, and check against, those mass limits during material transfers. Here ''mass limits'' generally refer to criticality safety mass limits; however, in some instances, workstation mass limits for some materials may be governed by considerations other than criticality, e.g., fire or release consequence limitation. As a case study, we provide a simplified reliability comparison of the use of a manual two handler system with a software-assisted two handler system. We identify the interface points between software and handlers that are relevant to criticality safety

A Comparison of Bus Architectures for Safety-Critical Embedded Systems

Science.gov (United States)

Rushby, John; Miner, Paul S. (Technical Monitor)

2003-01-01

We describe and compare the architectures of four fault-tolerant, safety-critical buses with a view to deducing principles common to all of them, the main differences in their design choices, and the tradeoffs made. Two of the buses come from an avionics heritage, and two from automobiles, though all four strive for similar levels of reliability and assurance. The avionics buses considered are the Honeywell SAFEbus (the backplane data bus used in the Boeing 777 Airplane Information Management System) and the NASA SPIDER (an architecture being developed as a demonstrator for certification under the new DO-254 guidelines); the automobile buses considered are the TTTech Time-Triggered Architecture (TTA), recently adopted by Audi for automobile applications, and by Honeywell for avionics and aircraft control functions, and FlexRay, which is being developed by a consortium of BMW, DaimlerChrysler, Motorola, and Philips.

Spent fuel storage criticality safety

Energy Technology Data Exchange (ETDEWEB)

Amin, E M; Elmessiry, A M [National center of nuclear safety and radiation control atomic energy authority, (Egypt)

1995-10-01

The safety aspects of the spent fuel storage pool of the Egyptian test and research reactor one (ET-R R-1) has to be assessed as part of a general overall safety evaluation to be included in a safety analysis report (SAR) for this reactor. The present work treats the criticality safety of the spent fuel storage pool. Conservative calculations based on using fresh fuel has been performed, as well as less conservative using burned fuel. The calculations include cross library generation for burned and fresh fuel for the ET-R R-1 fuel type. The WIMS-D 4 code has been used in library generation and burn up calculation the critically calculations are performed using the one dimensional transport code (ANISN) and the two dimensional diffusion code (DIXY2). The possibility of increasing the storage efficiency either by insertion of absorber sheets of soluble boron salts or by reduction of fuel rod separation has been studied. 8 figs., 2 tabs.

Spent fuel storage criticality safety

International Nuclear Information System (INIS)

Amin, E.M.; Elmessiry, A.M.

1995-01-01

The safety aspects of the spent fuel storage pool of the Egyptian test and research reactor one (ET-R R-1) has to be assessed as part of a general overall safety evaluation to be included in a safety analysis report (SAR) for this reactor. The present work treats the criticality safety of the spent fuel storage pool. Conservative calculations based on using fresh fuel has been performed, as well as less conservative using burned fuel. The calculations include cross library generation for burned and fresh fuel for the ET-R R-1 fuel type. The WIMS-D 4 code has been used in library generation and burn up calculation the critically calculations are performed using the one dimensional transport code (ANISN) and the two dimensional diffusion code (DIXY2). The possibility of increasing the storage efficiency either by insertion of absorber sheets of soluble boron salts or by reduction of fuel rod separation has been studied. 8 figs., 2 tabs

METHODS OF MANAGING TRAFFIC DISTRIBUTION IN INFORMATION AND COMMUNICATION NETWORKS OF CRITICAL INFRASTRUCTURE SYSTEMS

OpenAIRE

Kosenko, Viktor; Persiyanova, Elena; Belotskyy, Oleksiy; Malyeyeva, Olga

2017-01-01

The subject matter of the article is information and communication networks (ICN) of critical infrastructure systems (CIS). The goal of the work is to create methods for managing the data flows and resources of the ICN of CIS to improve the efficiency of information processing. The following tasks were solved in the article: the data flow model of multi-level ICN structure was developed, the method of adaptive distribution of data flows was developed, the method of network resource assignment...

A Web-Based Nuclear Criticality Safety Bibliographic Database

International Nuclear Information System (INIS)

Koponen, B L; Huang, S

2007-01-01

A bibliographic criticality safety database of over 13,000 records is available on the Internet as part of the U.S. Department of Energy's (DOE) Nuclear Criticality Safety Program (NCSP) website. This database is easy to access via the Internet and gets substantial daily usage. This database and other criticality safety resources are available at ncsp.llnl.gov. The web database has evolved from more than thirty years of effort at Lawrence Livermore National Laboratory (LLNL), beginning with compilations of critical experiment reports and American Nuclear Society Transactions

Sensitivity and uncertainty analyses applied to criticality safety validation. Volume 2

International Nuclear Information System (INIS)

Broadhead, B.L.; Hopper, C.M.; Parks, C.V.

1999-01-01

This report presents the application of sensitivity and uncertainty (S/U) analysis methodologies developed in Volume 1 to the code/data validation tasks of a criticality safety computational study. Sensitivity and uncertainty analysis methods were first developed for application to fast reactor studies in the 1970s. This work has revitalized and updated the existing S/U computational capabilities such that they can be used as prototypic modules of the SCALE code system, which contains criticality analysis tools currently in use by criticality safety practitioners. After complete development, simplified tools are expected to be released for general use. The methods for application of S/U and generalized linear-least-square methodology (GLLSM) tools to the criticality safety validation procedures were described in Volume 1 of this report. Volume 2 of this report presents the application of these procedures to the validation of criticality safety analyses supporting uranium operations where enrichments are greater than 5 wt %. Specifically, the traditional k eff trending analyses are compared with newly developed k eff trending procedures, utilizing the D and c k coefficients described in Volume 1. These newly developed procedures are applied to a family of postulated systems involving U(11)O 2 fuel, with H/X values ranging from 0--1,000. These analyses produced a series of guidance and recommendations for the general usage of these various techniques. Recommendations for future work are also detailed

Development of a safety parameter supervision system for Angra-1

International Nuclear Information System (INIS)

Silva, R.A. da; Thome Filho, Z.D.; Schirru, R.; Martinez, A.S.; Oliveira, L.F.S. de

1986-01-01

The Safety Parameter Supervision System (SSPS) which is a computerized system for monitoring essential parameters in real time, determining the safety status and emergency procedures for returning normal reactor operation, in case of an anomaly occurrence, is presented. The SSPS consists of three sub-systems: Integrated parameter monitoring system which gives to operators an integrated vision of values of a parameter set, able to detect any deviation of normal reactor operation; safety critical function system which evaluates safety status in terms of a safety critical function set appointed in advance, and in case of violation of any critical function, it initiates the adequate emergency procedure to return normal operation; and safety parameter computer system which carries out the arquirement of analogic and digital control signals of nuclear power plant. (M.C.K.) [pt

NCIS - a Nuclear Criticality Information System (overview)

International Nuclear Information System (INIS)

Koponen, B.L.; Hampel, V.E.

1983-07-01

A Nuclear Criticality Information System (NCIS) is being established at the Lawrence Livermore National Laboratory (LLNL) in order to serve personnel responsible for safe storage, transport, and handling of fissile materials and those concerned with the evaluation and analysis of nuclear, critical experiments. Public concern for nuclear safety provides the incentive for improved access to nuclear safety information

Proceedings of the nuclear criticality technology safety project

Energy Technology Data Exchange (ETDEWEB)

Sanchez, R.G. [comp.

1997-06-01

This document contains summaries of the most of the papers presented at the 1994 Nuclear Criticality Technology Safety Project (NCTSP) meeting, which was held May 10 and 11 at Williamsburg, Va. The meeting was broken up into seven sessions, which covered the following topics: (1) Validation and Application of Calculations; (2) Relevant Experiments for Criticality Safety; (3) Experimental Facilities and Capabilities; (4) Rad-Waste and Weapons Disassembly; (5) Criticality Safety Software and Development; (6) Criticality Safety Studies at Universities; and (7) Training. The minutes and list of participants of the Critical Experiment Needs Identification Workgroup meeting, which was held on May 9 at the same venue, has been included as an appendix. A second appendix contains the names and addresses of all NCTSP meeting participants. Separate abstracts have been indexed to the database for contributions to this proceedings.

Proceedings of the nuclear criticality technology safety project

International Nuclear Information System (INIS)

Sanchez, R.G.

1997-06-01

This document contains summaries of the most of the papers presented at the 1994 Nuclear Criticality Technology Safety Project (NCTSP) meeting, which was held May 10 and 11 at Williamsburg, Va. The meeting was broken up into seven sessions, which covered the following topics: (1) Validation and Application of Calculations; (2) Relevant Experiments for Criticality Safety; (3) Experimental Facilities and Capabilities; (4) Rad-Waste and Weapons Disassembly; (5) Criticality Safety Software and Development; (6) Criticality Safety Studies at Universities; and (7) Training. The minutes and list of participants of the Critical Experiment Needs Identification Workgroup meeting, which was held on May 9 at the same venue, has been included as an appendix. A second appendix contains the names and addresses of all NCTSP meeting participants. Separate abstracts have been indexed to the database for contributions to this proceedings

HSE's safety assessment principles for criticality safety

International Nuclear Information System (INIS)

Simister, D N; Finnerty, M D; Warburton, S J; Thomas, E A; Macphail, M R

2008-01-01

The Health and Safety Executive (HSE) published its revised Safety Assessment Principles for Nuclear Facilities (SAPs) in December 2006. The SAPs are primarily intended for use by HSE's inspectors when judging the adequacy of safety cases for nuclear facilities. The revised SAPs relate to all aspects of safety in nuclear facilities including the technical discipline of criticality safety. The purpose of this paper is to set out for the benefit of a wider audience some of the thinking behind the final published words and to provide an insight into the development of UK regulatory guidance. The paper notes that it is HSE's intention that the Safety Assessment Principles should be viewed as a reflection of good practice in the context of interpreting primary legislation such as the requirements under site licence conditions for arrangements for producing an adequate safety case and for producing a suitable and sufficient risk assessment under the Ionising Radiations Regulations 1999 (SI1999/3232 www.opsi.gov.uk/si/si1999/uksi_19993232_en.pdf). (memorandum)

Mission-Critical Systems Design Framework

Directory of Open Access Journals (Sweden)

Kyriakos Houliotis

2018-03-01

Full Text Available Safety-critical systems are well documented and standardized (e.g. IEC 61508, RTCA DO-178B within system design cycles. However in Defence and Security, systems that are critical to the success of a Mission are not defined within the literature nor are there any guidelines in defining criticality in their design or operational capabilities. When it comes to Vetronics (Vehicle Electronics, a mission-critical system, is a system with much complexity and mixed criticality levels that is a part of the overall platform (military vehicle offering integrated system capabilities. In this paper, a framework is presented, providing guidelines in designing efficiently and effectively mission-critical systems considering principles of Interoperable Open Architectures (IOA, mission-critical integrity levels and following new standardization activities such as NATO Generic Vehicle Architecture (NGVA. A Defensive Aid Suite (DAS system is used as a case study to illustrate how this framework can be exploited. The indention of this extension is to provide an approach to precisely estimate threats in order to de-risk missions in the very early stages.

Development of Network Devices Supporting Communication Independence In NPP I and C Systems

International Nuclear Information System (INIS)

Jeong, K.-I.; Suh, Y.S.; Park, G.-O.; Park, J.-Y.

2013-06-01

As advanced digital I and C systems of nuclear power plants or research reactors are being introduced to replace analog systems, a data communication network is necessary for data exchanges between I and C systems of nuclear power plants or research reactors. Data communication network technology may have significant impact on I and C systems. As the safety I and C system is composed of redundant channels to enhance the performance of the safety functions and data communication system is used to transmit the data generated by the digital I and C systems, communication independence is required to mitigate the risk of safety I and C system failure. Therefore this paper mainly discusses the issues related to the communication independence and the current status of network devices we designed, developed, and validated to satisfy the requirements of function, performance, and communication independence. (authors)

Criticality Safety Basics for INL FMHs and CSOs

Energy Technology Data Exchange (ETDEWEB)

V. L. Putman

2012-04-01

Nuclear power is a valuable and efficient energy alternative in our energy-intensive society. However, material that can generate nuclear power has properties that require this material be handled with caution. If improperly handled, a criticality accident could result, which could severely harm workers. This document is a modular self-study guide about Criticality Safety Principles. This guide's purpose it to help you work safely in areas where fissionable nuclear materials may be present, avoiding the severe radiological and programmatic impacts of a criticality accident. It is designed to stress the fundamental physical concepts behind criticality controls and the importance of criticality safety when handling fissionable materials outside nuclear reactors. This study guide was developed for fissionable-material-handler and criticality-safety-officer candidates to use with related web-based course 00INL189, BEA Criticality Safety Principles, and to help prepare for the course exams. These individuals must understand basic information presented here. This guide may also be useful to other Idaho National Laboratory personnel who must know criticality safety basics to perform their assignments safely or to design critically safe equipment or operations. This guide also includes additional information that will not be included in 00INL189 tests. The additional information is in appendices and paragraphs with headings that begin with 'Did you know,' or with, 'Been there Done that'. Fissionable-material-handler and criticality-safety-officer candidates may review additional information at their own discretion. This guide is revised as needed to reflect program changes, user requests, and better information. Issued in 2006, Revision 0 established the basic text and integrated various programs from former contractors. Revision 1 incorporates operation and program changes implemented since 2006. It also incorporates suggestions, clarifications

Nuclear criticality safety program at the Fuel Cycle Facility

International Nuclear Information System (INIS)

Lell, R.M.; Fujita, E.K.; Tracy, D.B.; Klann, R.T.; Imel, G.R.; Benedict, R.W.; Rigg, R.H.

1994-01-01

The Fuel Cycle Facility (FCF) is designed to demonstrate the feasibility of a novel commercial-scale remote pyrometallurgical process for metallic fuels from liquid metal-cooled reactors and to show closure of the Integral Fast Reactor (IFR) fuel cycle. Requirements for nuclear criticality safety impose the most restrictive of the various constraints on the operation of FCF. The upper limits on batch sizes and other important process parameters are determined principally by criticality safety considerations. To maintain an efficient operation within appropriate safety limits, it is necessary to formulate a nuclear criticality safety program that integrates equipment design, process development, process modeling, conduct of operations, a measurement program, adequate material control procedures, and nuclear criticality analysis. The nuclear criticality safety program for FCF reflects this integration, ensuring that the facility can be operated efficiently without compromising safety. The experience gained from the conduct of this program in the Fuel cycle Facility will be used to design and safely operate IFR facilities on a commercial scale. The key features of the nuclear criticality safety program are described. The relationship of these features to normal facility operation is also described

Safety considerations of new critical assembly for the Research Reactor Institute, Kyoto University

International Nuclear Information System (INIS)

Umeda, Iwao; Matsuoka, Naomi; Harada, Yoshihiko; Miyamoto, Keiji; Kanazawa, Takashi

1975-01-01

The new critical assembly type of nuclear reactor having three cores for the first time in the world was completed successfully at the Research Reactor Institute of Kyoto University in autumn of 1974. It is called KUCA (Kyoto University Critical Assembly). Safety of the critical assembly was considered sufficiently in consequence of discussions between the researchers of the institute and the design group of our company, and then many bright ideas were created through the discussions. This paper is described the new safety design of main equipments - oil pressure type center core drive mechanism, removable water overflow mechanism, core division mechanism, control rod drive mechansim, protection instrumentation system and interlock key system - for the critical assembly. (author)

Performance and Reliability of DSRC Vehicular Safety Communication: A Formal Analysis

Directory of Open Access Journals (Sweden)

2009-02-01

Full Text Available IEEE- and ASTM-adopted dedicated short range communications (DSRC standard toward 802.11p is a key enabling technology for the next generation of vehicular safety communication. Broadcasting of safety messages is one of the fundamental services in DSRC. There have been numerous publications addressing design and analysis of such broadcast ad hoc system based on the simulations. For the first time, an analytical model is proposed in this paper to evaluate performance and reliability of IEEE 802.11a-based vehicle-to-vehicle (V2V safety-related broadcast services in DSRC system on highway. The proposed model takes two safety services with different priorities, nonsaturated message arrival, hidden terminal problem, fading transmission channel, transmission range, IEEE 802.11 backoff counter process, and highly mobile vehicles on highway into account. Based on the solutions to the proposed analytic model, closed-form expressions of channel throughput, transmission delay, and packet reception rates are derived. From the obtained numerical results under various offered traffic and network parameters, new insights and enhancement suggestions are given.

ICNC2003: Proceedings of the seventh international conference on nuclear criticality safety. Challenges in the pursuit of global nuclear criticality safety

International Nuclear Information System (INIS)

2003-10-01

This proceedings contain (technical, oral and poster papers) presented papers at the Seventh International Conference on Nuclear Criticality Safety ICNC2003 held on 20-24 October 2003, in Tokai, Ibaraki, Japan, following ICNC'99 in Versailles, France. The theme of this conference is 'Challenges in the Pursuit of Global Nuclear Criticality Safety'. This proceedings represent the current status of nuclear criticality safety research throughout the world. The 81 of the presented papers are indexed individually. (J.P.N.)

ICNC2003: Proceedings of the seventh international conference on nuclear criticality safety. Challenges in the pursuit of global nuclear criticality safety

International Nuclear Information System (INIS)

2003-10-01

This proceedings contain (technical, oral and poster papers) presented papers at the Seventh International Conference on Nuclear Criticality Safety ICNC2003 held on 20-24 October 2003, in Tokai, Ibaraki, Japan, following ICNC'99 in Versailles, France. The theme of this conference is 'Challenges in the Pursuit of Global Nuclear Criticality Safety'. This proceedings represent the current status of nuclear criticality safety research throughout the world. The 79 of the presented papers are indexed individually. (J.P.N.)

Enhancing Safety through Generic Competencies

Directory of Open Access Journals (Sweden)

S. Mockel

2014-03-01

Full Text Available This article provides insights into proactive safety management and mitigation. An analysis of accident reports reveals categories of supervening causes of accidents which can be directly linked to the concept of generic competencies (information management, communication and coordination, problem solving, and effect control. These findings strongly suggest adding the human element as another safety-constituting pillar to the concept of ship safety next to technology and regulation. We argue that the human element has unique abilities in dealing with critical and highly dynamic situations which can contribute to the system's recovery from non-routine or critical situations. By educating seafarers in generic competencies we claim to enable the people onboard to successfully deal with critical situations.

Sensitivity and uncertainty analyses applied to criticality safety validation, methods development. Volume 1

International Nuclear Information System (INIS)

Broadhead, B.L.; Hopper, C.M.; Childs, R.L.; Parks, C.V.

1999-01-01

This report presents the application of sensitivity and uncertainty (S/U) analysis methodologies to the code/data validation tasks of a criticality safety computational study. Sensitivity and uncertainty analysis methods were first developed for application to fast reactor studies in the 1970s. This work has revitalized and updated the available S/U computational capabilities such that they can be used as prototypic modules of the SCALE code system, which contains criticality analysis tools currently used by criticality safety practitioners. After complete development, simplified tools are expected to be released for general use. The S/U methods that are presented in this volume are designed to provide a formal means of establishing the range (or area) of applicability for criticality safety data validation studies. The development of parameters that are analogous to the standard trending parameters forms the key to the technique. These parameters are the D parameters, which represent the differences by group of sensitivity profiles, and the ck parameters, which are the correlation coefficients for the calculational uncertainties between systems; each set of parameters gives information relative to the similarity between pairs of selected systems, e.g., a critical experiment and a specific real-world system (the application)

General principles of the nuclear criticality safety for handling, processing and transportation fissile materials in the USSR

International Nuclear Information System (INIS)

Vnukov, V.S.; Rjazanov, B.G.; Sviridov, V.I.; Frolov, V.V.; Zubkov, Y.N.

1991-01-01

The paper describes the general principles of nuclear criticality safety for handling, processing, transportation and fissile materials storing. Measures to limit the consequences of critical accidents are discussed for the fuel processing plants and fissile materials storage. The system of scientific and technical measures on nuclear criticality safety as well as the system of control and state supervision based on the rules, limits and requirements are described. The criticality safety aspects for various stages of handling nuclear materials are considered. The paper gives descriptions of the methods and approaches for critical risk assessments for the processing facilities, plants and storages. (Author)

CRITICALITY SAFETY LIMIT EVALUATION PROGRAM (CSLEP's) AND QUICK SCREENS: ANSWERS TO EXPEDITED PROCESSING LEGACY CRITICALITY SAFETY LIMITS AND EVALUATIONS

International Nuclear Information System (INIS)

TOFFER, H.

2006-01-01

Since the end of the cold war, the need for operating weapons production facilities has faded. Criticality Safety Limits and controls supporting production modes in these facilities became outdated and furthermore lacked the procedure based rigor dictated by present day requirements. In the past, in many instances, the formalism of present day criticality safety evaluations was not applied. Some of the safety evaluations amounted to a paragraph in a notebook with no safety basis and questionable arguments with respect to double contingency criteria. When material stabilization, clean out, and deactivation activities commenced, large numbers of these older criticality safety evaluations were uncovered with limits and controls backed up by tenuous arguments. A dilemma developed: on the one hand, cleanup activities were placed on very aggressive schedules; on the other hand, a highly structured approach to limits development was required and applied to the cleanup operations. Some creative approaches were needed to cope with the limits development process

Verification of criticality safety in on-site spent fuel storage systems

International Nuclear Information System (INIS)

Rasmussen, R.W.

1989-01-01

On February 15, 1984, Duke Power Company received approval for a two-region, burnup credit, spent fuel storage rack design at both Units 1 and 2 of the McGuire Nuclear Station. Duke also hopes to obtain approval by January of 1990 for a dry spent fuel storage system at the Oconee Nuclear Station, which will incorporate the use of burnup credit in the criticality analysis governing the design of the individual storage units. While experiences in burnup verification for criticality safety for their dry storage system at Oconee are in the future, the methods proposed for burnup verification will be similar to those currently used at the McGuire Nuclear Station in the two-region storage racks installed in both pools. In conclusion, the primary benefit of the McGuire rerack effort has obviously been the amount of storage expansion it provided. A total increase of about 2,000 storage cells was realized, 1,000 of which were the result of pursuing the two-region rather than the conventional poison rack design. Less impacting, but equally as important, however, has been the experience gained during the planning, installation, and operation of these storage racks. This experience should prove useful for future rerack efforts likely to occur at Duke's Catawba Nuclear Station as well as for the current dry storage effort underway for the Oconee Nuclear Station

Communication elements supporting patient safety in psychiatric inpatient care.

Science.gov (United States)

Kanerva, A; Kivinen, T; Lammintakanen, J

2015-06-01

Communication is important for safe and quality health care. The study provides needed insight on the communication elements that support patient safety from the psychiatric care view. Fluent information transfer between the health care professionals and care units is important for care planning and maintaining practices. Information should be documented and implemented accordingly. Communication should happen in an open communication culture that enables discussion, the opportunity to have debriefing discussions and the entire staff can feel they are heard. For effective communication, it is also important that staff are active themselves in information collecting about the essential information needed in patient care. In mental health nursing, it is important to pay attention to all elements of communication and to develop processes concerning communication in multidisciplinary teams and across unit boundaries. The study aims to describe which communication elements support patient safety in psychiatric inpatient care from the viewpoint of the nursing staff. Communication is an essential part of care and one of the core competencies of the psychiatric care. It enables safe and quality patient care. Errors in health care are often connected with poor communication. The study brings needed insight from the psychiatric care view to the topic. The data were gathered from semi-structured interviews in which 26 nurses were asked to describe the elements that constitute patient safety in psychiatric inpatient care. The data were analysed inductively from the viewpoint of communication. The descriptions connected with communication formed a main category of communication elements that support patient safety; this main category was made up of three subcategories: fluent information transfer, open communication culture and being active in information collecting. Fluent information transfer consists of the practical implementation of communication; open communication

CSER 94-012: Criticality safety evaluation report for 340 Facility

International Nuclear Information System (INIS)

Altschuler, S.J.

1995-01-01

This Criticality Safety Evaluation Report (CSER) covers the 340 Facility which acts as a collecting point for liquid and solid waste from various facilities in the 300 Area. Criticality safety is achieved by controlling the amount and concentration of the fissionable material sent to the 340 Facility from the originating facilities in the 300 Area, a method similar to that used elsewhere at Hanford for the waste tank farms. Unlike those, however, the waste received at the 340 Facility will be far less radioactive. It is concluded that present operations meet the two contingency criterion. The facility will still be safely subcritical even after two independent and concurrent failures (either of equipment or administrative controls). The solid waste storage and liquid waste will be managed separately. The solid waste storage area is classified as exempt because it contains less than 15 grams of fissionable materials. The Radioactive Liquid Waste System is classified as isolated because it contains less than one third of a minimum critical mass. The criticality safety of the 340 Facility devoted to the Radioactive Liquid Waste System (RLWS) is assured by the form and concentration of the fissile material and could also be classified as a limited control facility. However, the 340 Facility has been operated as an isolated facility which results in a more conservative limit

Meta-analysis of surgical safety checklist effects on teamwork, communication, morbidity, mortality, and safety.

Science.gov (United States)

Lyons, Vanessa E; Popejoy, Lori L

2014-02-01

The purpose of this study is to examine the effectiveness of surgical safety checklists on teamwork, communication, morbidity, mortality, and compliance with safety measures through meta-analysis. Four meta-analyses were conducted on 19 studies that met the inclusion criteria. The effect size of checklists on teamwork and communication was 1.180 (p = .003), on morbidity and mortality was 0.123 (p = .003) and 0.088 (p = .001), respectively, and on compliance with safety measures was 0.268 (p teamwork and communication, reduce morbidity and mortality, and improve compliance with safety measures. This meta-analysis is limited in its generalizability based on the limited number of studies and the inclusion of only published research. Future research is needed to examine possible moderating variables for the effects of surgical safety checklists.

Communication of geo-scientific safety arguments

International Nuclear Information System (INIS)

Flavelle, P.; Goodwin, B.; Jensen, M.; Linden, R.; Mazurek, M.; Srivastave, M.; Strom, A.; Sudicky, E.; Voinis, S.

2007-01-01

Working Group B addressed the communication of geo-scientific safety arguments through a discussion of practical experience as it related to the methods, types of information and specific arguments found to best communicate geo-scientific concepts and notions of safety with broad audiences including, colleagues, authorities and regulators, political decision makers, academics, and the general public. The following questions were suggested by the programme committee of the AMIGO-2 workshop for discussion by Working Group B with respect to the communication of geo-scientific information and safety arguments: - What is the place of geo-scientific arguments in relation to quantitative and qualitative topics like scenario and FEPs (features, events, processes) assessment, simulated repository evolution, calculated dose or risk impacts, engineering tests of materials, etc., when presenting a safety case to different audiences and with respect to the various stages of the repository programme? (see section 3). - Would we be better off focusing messages to the public on time scales of a few hundred years or a few generations? (see section 4). - How do you handle the fact that geoscience interpretations seldom are unique and data often are open to various interpretations? (see section 5). - How do you handle expert controversy on a specific topic? (see section 6). (authors)

An empirical classification-based framework for the safety criticality assessment of energy production systems, in presence of inconsistent data

International Nuclear Information System (INIS)

Wang, Tai-Ran; Mousseau, Vincent; Pedroni, Nicola; Zio, Enrico

2017-01-01

The technical problem addressed in the present paper is the assessment of the safety criticality of energy production systems. An empirical classification model is developed, based on the Majority Rule Sorting method, to evaluate the class of criticallity of the plant/system of interest, with respect to safety. The model is built on the basis of a (limited-size) set of data representing the characteristics of a number of plants and their corresponding criticality classes, as assigned by experts. The construction of the classification model may raise two issues. First, the classification examples provided by the experts may contain contradictions: a validation of the consistency of the considered dataset is, thus, required. Second, uncertainty affects the process: a quantitative assessment of the performance of the classification model is, thus, in order, in terms of accuracy and confidence in the class assignments. In this paper, two approaches are proposed to tackle the first issue: the inconsistencies in the data examples are “resolved” by deleting or relaxing, respectively, some constraints in the model construction process. Three methods are proposed to address the second issue: (i) a model retrieval-based approach, (ii) the Bootstrap method and (iii) the cross-validation technique. Numerical analyses are presented with reference to an artificial case study regarding the classification of Nuclear Power Plants. - Highlights: • We use a hierarchical framework to represent safety criticality. • We use an empirical classification model to evaluate safety criticality. • Inconsistencies in data examples are “resolved” by deleting/relaxing constraints. • Accuracy and confidence in the class assignments are computed by three methods. • Method is applied to fictitious Nuclear Power Plants.

Development of Non-safety System Architecture and Evaluation of Components/Systems

International Nuclear Information System (INIS)

Oh, I. S.; Lee, C. K.; Kim, D. H.; Lee, J. W.; Lee, D. Y.; Park, W. M.; Hwang, I. K.; Hur, S.; Kim, J. T.; Park, J. C.; Lee, J. W.

2007-10-01

We describe in this report the works performed for a technical evaluation of the non-safety digital control system of the KNICS, the non-safety process control system of the KNICS, a communication load analysis for the MMIS (including both the non-safety and the safety systems) of the KNICS, the development of MMI and an implementation of the logic for the CVCS, and the works performed to support writing a proposal needed for bidding an I and C system based on the KNICS. The technical evaluation results were aimed to be used by the designers to detect parts needed to be corrected or to be newly inserted, and also by the developers during the development phase. The requirement specifications and the data requirement characteristics have been identified for each subsystem of the determined KNICS structure. For each communication node, the specifications related to the data transfer including the data capacity for interfaces, delay time for the data transfer, and the marginal availability of its performance capabilities have been analyzed to identify the amount of data transfer and hence to verify that both of the designed structures for the safety related communications network and for the digital communications network are appropriate. The results of the supporting work performed for writing the technical specifications related to each subsystem of the KNICS structure, are expected to be useful in writing a proposal for the expected Uljin new units 1 and 2, and in the I and C upgrade for any of the existing nuclear power plants under operation. Also included in this report are the descriptions on a design of the chemical volume control system (CVCS), on the supporting work performed to draw the logic diagrams for CVCS using the tool ISaGRAF, and on the generation of a set of system displays to be used as references