CERN Safety Alarm System Supervisory Board from 15.09.2003

	CERN Safety Alarm System Supervisory Board 15.09.2003
Subjects:	1 - Comments on the minutes of the 7th meeting 2 - CSAM status report 3 - Factory acceptance test (FAT) 4 - Perspective 5 - AOB
Author:	Uwe Epting
Participants:	Roberto BARTOLOME (ST), Alain CHOUVELON (TIS), Paolo CIRIANI (ST), Antonio CUENCA (TIS), Uwe EPTING (ST) (Secretary), Andre FAUGIER (AC), Silvia GRAU (ST), Pierre NININ (ST), Keith POTTER (EST Board member), Luigi SCIBILE (ST), Fritz SZONCSO (TIS), Vincent VUILLEMIN (EP, replacing R. VOSS), Wolfgang WEINGARTEN (TIS) (Chairman)
Distribution:	Participants, Wolfgang von RUEDEN (IT), Lyn EVANS (DG), Philippe LEBRUN (LHC), Jurgen MAY (DG), Steve MYERS (SL), Rui NUNES (ST), Paul PROUDLOCK (AC), Alberto SCARAMELLI (ST), Dieter SCHLATTER (EP), Rudiger VOSS (EP Board member), Carlo WYSS (DG)

1 - Comments on the minutes of the 7th meeting

Review of the action items:
Network design: is it SIL-2 compliant? Luigi: after calculations with estimated numbers defined together with TIS, it fits the requirements.

AOB: Review of "Recommendations for the Safety Alarm System". No comments have been received until now. This point should be discussed in the next Safety Alarm System Supervisory Board Meeting.

AOB: The document EDMS 346512 "Systèmes Généraux de Sécurité du LHC" is now approved and available in EDMS

2 - CSAM status report

Luigi gave the CSAM status report. The project is currently in the "Integration and Installation" phase, i.e. the end of work package 1. The first installation is ongoing. The whole project is included in the EVM and "LHC cost to completion".

What is the most critical influence to assure SIL-2 for the network? This is mainly power supplies and maintenance work on the network. The analysis was done by taking into account the "most undesired events" known presently. New phenomena are the lately problematic virus attacks that risk to shutdown the network in case of a serious attack.

The project has five months delay in respect to the latest planning, but does not have extra cost. The project is not on the LHC critical path and is still on budget. The payment plan has been reviewed and does not cause any problem. The final factory acceptance test is planned for September 2003, the onsite acceptance testing is planned by November 2003, and if these tests are successful CSAM will be operational, both in SCR and TCR.

From that moment onwards two systems run in parallel, the fire brigade is aware of that and can manage both systems running. It is planned that the transition period is as short as possible; this can be minimum 2 months, maximum 1 year. In any cases all data will be available in both systems. As soon as the fire brigade feels comfortable with the new system and the "real" tests have been successful, CSAM can be used in operation.

After today's calculations CSAM meets SIL-2 with the foreseen configuration and no technical problems are expected.

The installation follows the LHC installation plan and takes in account that the installations done by other groups. It is planned that the CSAM infrastructure is already installed before new connections are required. In any case the current (TDS-based) system is present and can be used at any time. If CSAM comes later, these connections will be migrated as any other already installed systems.

3 - Factory acceptance test (FAT)

Roberto reminded that the purpose of the factory acceptance test is to proof that CSAM fulfils the requirements as defined in the project specification.

A first FAT was already done at 15 July 2003 but without satisfactory result. Corrective actions have been taken by the project team in order to assure that the second FAT will not fail. The second FAT is planned for 16.09.2003. One of the difficulties was the distributed development in France and the Netherlands and the communication between the development teams.

The question of false alarms came up. In general the system does not reduce the number of false alarms as alarms are generated by the sensors and only fed through CSAM. Test alarms will be flagged "TEST" and thus will not be treated as false alarms but test alarms.

CSAM is also ready for the on-site installation after the FAT have been successful. These installations will be done in SCR, TCR, Salle de Relayage (212-1) and SM18.

The system has been reviewed to be sure that it follows the specifications. Critical points are the interfaces to other systems, e.g. red telephones and the configuration data of external systems. A cleanup of configuration data is done in parallel to the CSAM installation. Another problem is that nobody knew three years ago how the interfaces would be today, e.g. CAS changed to LASER. Problems of this kind will always exist, until now they could all be solved without big trouble. Maintenance issues have been addressed, the know-how of the technology (PLC and SCADA) is already in CERN and can be handled by CERN staff. The handling of alarm avalanches after massive power cuts is not part of the CSAM project as they are generated by detection systems outside CSAM. But CSAM is designed to handle all kind of expected alarm avalanches and should not fail.

Roberto showed a video of the factory visit giving a complete overview of the CSAM system.

4 - Perspective

Pierre gives an outlook on the CSAM perspective. A proposal will be done to revise the existing safety zones in order to make some financial savings and to raise the reliability of the overall system.

The short-term challenges are the CSAM acceptance by the fire brigade, the deployment in the CERN environment with a careful look to the network performance and computer security issues.

The network will be monitored by the CSAM modules. In case of network problems negotiations with IT will be necessary. If a budget could be found a dedicated network could solve this problem.
CSAM was calculated for SIL-2. Performance measurements are integrated in CSAM in order to be able to calculate the "real" performance and SIL level after the system is in operation. The project team is in very close collaboration with IT/CS in order to solve upcoming network problems.
Training is already planned for the fire brigade, it is foreseen to have two sessions of two hours per team. If more training is required this can be organised in short term.
After successful training and testing of the system a statement must be given that the new CSAM is fully operational.

5 - AOB

The presentations of Luigi, Roberto and Pierre can be found on the Safety Alarm System Supervisory Board web page.

Next meeting: Monday, 24.11.2003, 14:30h

Agenda:

Installation planning for the 33 safety zones
Feedback from the first installation
News on revision of safety zones
Review of "Recommendations for the Safety Alarm System".

created at Wed Sep 24 17:50:53 METDST 2003 with the ST/MA/IN - Minutes Maker