EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  <20082009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  <20082009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>
Subject: RE: Process 'bo' on write?
From: "Elder Matias" <[email protected]>
To: <[email protected]>
Date: Wed, 8 Oct 2008 11:31:10 -0600 
I would echo Ron's comments.  Like SLAC, the CLS and I would even assume
the majority of EPICS sites there is a very clear dividing line between
safety critical and non-safety critical systems.  We all end up having
slightly different regulations we work under but the principles are very
similar.

If you want an example of what others do, we follow IEC 61508.  This
standard has been adopted or mandated by several countries and
industries.  The full standard can be purchased from the IEC, however
there is an overview at:

http://www.safetyusersgroup.com/documents/SR050003/EN/SR050003.pdf

That said, all I can say is it is an example, since your
industry/location will fall under different regulatory requirements than
what would be required in Canada. 

Elder  


-----Original Message-----
To: "J. Lewis Muir" <[email protected]>, "David Dudley"
<[email protected]> 
Subject: RE: Process 'bo' on write? 
From: "Chestnut, Ronald P." <[email protected]> 
Date: Tue, 7 Oct 2008 10:44:30 -0700 
Cc: [email protected] 
In-reply-to: <[email protected]> 
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]> <[email protected]> 
I'd like to chime in on this important point ....

At SLAC any system which protects people (or provides the fail-safe for
machine operations) -- known as PPS and BCS here (Personnel Protection
Systems and Beam Containment Systems) -- must be truly fail-safe. We
have special teams trained to think in a fairly paranoid fashion who
have just received permission to use special Safety-rated PLCs, after
other labs proved the technology and we could convince even more
paranoid (and rightly so!) committees that these new PLCs were redundant
and unimpeachable.

So using any non-safety-rated system to protect people at a site (and
even more so for the general public!) is a really bad idea, and most
probably violates several laws.

I would strongly suggest that you raise alarms to your employers about
the extreme concerns a seat-of-the-pants solution raises. I can put you
in touch with our safety people if that is helpful.

EPICS is a really fine toolkit, which solves a huge array of control
system problems well. It is NOT to be thought of as a crucial safety
system toolkit, as all other general controls solutions are also NOT to
be though of as such.

Please do take some action.

Ron Chestnut
Deputy Head of Controls/SLAC
Off.:                650 926 2450        
Cell:                650 520 6186        


-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of J. Lewis Muir
Sent: Tuesday, October 07, 2008 10:20 AM
To: David Dudley
Cc: [email protected]
Subject: Re: Process 'bo' on write?

On 10/7/08 1:00 PM, David Dudley wrote:
> Unfortunately, all my sites are not connected together over the 
> network, some are handled using 1200 baud radios.
> 
> This is one of our remote facilities, where we handle Hydrofluoric 
> acid (probably misspelled that one), Gaseous and Liquid Chlorine, and 
> Liquid Ammonium Sulfate.  The alarm is to notify residents in the area

> in case of a chemical mishap or leak.  I'm lucky to have a PLC and a 
> IOC available at this site, and I don't think there's enough space on 
> the IOC's ram disk for me to run the alarm handler as well.
> 
> The site's pretty much dictated to me, and I'm using the IOC to 
> communicate with all the gas detectors, make decisions about what's 
> dangerous, and set off alarms.

Hi, David.

Just a heads-up: my understanding is that EPICS has not been designed to
be used in a role that provides human safety.  See this tech-talk post
from Andrew:

  http://www.aps.anl.gov/epics/tech-talk/2008/msg00797.php

If you're using EPICS to provide some extra software alarms or something
in addition to existing human safety alarms, that's one thing.  But if
you're actually using EPICS to determine whether an alarm horn or strobe
should go off when some environment condition could be dangerous for a
human to warn them of a danger, I don't think EPICS was designed for
that.

But this is just my understanding; I could be wrong.

Lewis
Replies:
Re: Process 'bo' on write? Maren Purves
Navigate by Date:
Prev: IRMIS session at EPICS Meeting - please respond if you plan to attend. Count needed!!! (no body to message) Dalesio, Leo
Next: Re: Process 'bo' on write? Maren Purves
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  <20082009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: Re: Process 'bo' on write? Dirk Zimoch
Next: Re: Process 'bo' on write? Maren Purves
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  <20082009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 02 Sep 2010 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·