Integrated framework for safety control design of nuclear power plants

  • Published on

  • View

  • Download


  • Nuclear Engineering and Design 240 (2010) 35503558

    Contents lists available at ScienceDirect

    Nuclear Engineering and Design

    journa l homepage: www.e lsev ier .com/

    Integra o

    HossamFaculty of Ener orth,

    a r t i c l

    Article history:Received 11 NReceived in reAccepted 14 Ju

    mewject-oed htegraosed tmantemsuclea.

    1. Introdu

    Process ccedures ofor service iprocess conFrom the otsafety of the underlying system against any possible hazard sce-nario. In nuclear power plant (NPP), safety systems are representedin the form of independent layers of protections, or barriers. Theselayers could provide prevention or mitigation means to all pos-sible hazards. Elements of safety systems are represented withinprocess conrules/constof these conor dynamiclimiting temsafety margand safety dtroldesign.control desCurrently, cthe gaps beinterruptionor safety sy

    Traditionseparate froexplained b

    E-mail add

    d coclear. Innd imdricparacomm

    safety regulations and verications in all adopted safety systems.Control design is mainly based on specifying main processes andidentifying and analyzing control variables as manipulated, distur-bance, and output control variables (Prez et al., 1997). However,this should include possible deviations in each control variables

    0029-5493/$ doi:10.1016/j.trol systems such as alarms, process limits, or controlraints which are translated into control actions. Sometrol actions are dedicated for process control stabilitys, while other actions are for safety purposes, such asperature in a steam generator to be controlled withinins. From these two views, i.e. process control designesign, the overlap between them represents safety con-There is a lackof structured framework to support safetyign, which is important for nuclear power industries.ontrol and safety design practices are fragmented andtween them cause increased risks, cost, and productionin terms of frequent installation or upgrade of control, safety system design is implemented completelym control design (Davey, 2002). Control systems asy many control and simulation experts show dis-


    and possible propagation time, speed, and escalation factors aswellas the associated safety controls. In case of safety systems, suchas shutdown systems, it is required to identify safety limits andidentify adequate safety margins before activating the appropri-ate shutdown system. Simulation practices are used to adequatelycalculate safety margins such as steam level/pressure, moderatortemperature, etc. (Futao et al., 2000). In fact, effective safety controldesign can optimize operating cost, by optimizing safetymargins toreduce unnecessary shutdown cases (OHara, 1994). This includeshuman factors involved in plant operation to ensure that safetymargins are appropriately matched with required operator actions(Moray and Huey, 1988; Lee and Seong, 2004). From engineeringand operating companies views, it might not be the case whenadopting new safety system or upgrade existing system where sys-tematic safety control design framework is required to reduce timeand efforts in specifying the target safety system and to reduce thecost and improve the accuracy by developing appropriate integra-tion with existing safety and control systems.

    Safety design is usually performed during process design wheresafety limits are identied and appropriate safety protection sys-

    see front matter 2010 Elsevier B.V. All rights reserved.nucengdes.2010.07.024ted framework for safety control design

    A. Gabbargy and Nuclear Science, University of Ontario Institute of Technology, 2000 Simcoe St. N

    e i n f o

    ovember 2009vised form 30 June 2010ly 2010

    a b s t r a c t

    This paper presents an integrated fraplants. It shows the use of process obintegrate safety requirements, identiframework is proposed to show the inarchical control charts (HCC) are propassociated fault models in systematicthat are involved in safety control systhe control design and operation of nfacilities such as hydrogen production


    ontrollers are responsible for executing operating pro-the underlying system to produce the target productn steady, safe, and optimum manner. This means thattrol systems should include aspects of process safety.her hand, safety systems are designed to ensure overall

    tributefor nu2001a)ied aand Heed sesafetylocate /nucengdes

    f nuclear power plants

    Oshawa, Ontario, Canada L1H7K4

    ork for safety control analysis and design for nuclear powerriented modeling methodology (POOM) and fault models to

    azards, and fault propagation scenarios. Safety control designtion between control systems and safety control design. Hier-o integrate process, control, and safety models along with thener. Process and the associated process and control variables. The proposed safety control design framework will supportr power plants, as well as the integration with cogeneration

    2010 Elsevier B.V. All rights reserved.

    ntrol systems to deal with single output controllerspower plants, such as the case of CANDU (Bereznai,

    all nuclear power stations, control systems are spec-plemented separately from safety systems (Erickson

    k, 1999). In particular, CANDU control design is speci-tely from safety systems (Harber et al., 2010). Nuclearissioningagencies are requiring strict compliancewith

  • H.A. Gabbar / Nuclear Engineering and Design 240 (2010) 35503558 3551

    l system.

    tems are cooperation wamending sdesign as exconcepts. Iare mappedinstrumenttems (or nelements (s(actuators/vtem or safetsafety contrministic safare used tolimited effoand in parti

    One moformulate ssafety analmajor limitcation andIEC61511 adetailed de

    In view oneering growho implemrequiremenprocesses afor researchattention invalidation fand automavalidation aimplement

    This papdesign as aand safety cgrated contmodeling frcontrol andbased on saplant.

    ety control analysis

    oposed integrated system architecture

    ically, safety control systems are implemented as safety pro-able logic controller (or SPLC) or as shutdown systems (orhese systems run completely independent from other con-stems. The proposed approach is to develop set of smartcontrollers that are dynamic and adaptive to any possiblesituplanent

    on oFig. 1. Integrated safety contro

    nsidered. Also, safety design is considered during planthere plant modications or expansion might require

    afety design. Thiswill include different aspects of safetyplained by IEC-61508 as well typical defence-in-depth

    n case of safety control design, safety requirementsinto safety functions that are categorized into safety

    ed systems (or SIS) and non-safety instrumented sys-on-SIS). Safety instrumented systems include inputensors), logic solvers (controllers) and nal elementsalves). SIS is commonly referred to as shutdown sys-y control system. Current practices to design advancedol systemsare focusedon treatingquantitativeordeter-ety analysis data. In addition, probabilistic safety dataestimate risks for identied hazard scenarios. There arerts to integrate these two views in safety control design,cular to map safety control challenge in current practices is to systematicallyafety requirements, which are typically initiated fromysis of process safety margins. In addition, there areations to link safety requirement with safety speci-implementation of shutdown systems. IEC61508 andre widely used to specify safety protection layers and

    2. Saf

    2.1. Pr

    TypgrammSDS). Ttrol sysafetyhazardpowerequipmticatisign of shutdown systems (SIS).f current practices, safety design is conducted by engi-up who dictates the safety requirements to vendorsent the target safety systemwhile conrming all safetyts with nuclear safety commissioning agencies. Thesere not well described for operating companies anders. On the other hand, safety systems require highterms of verication and relatively long compliance

    romnuclear safety commissioning. The systematizationtion of safety control system design will support thend verication process which will optimize design andation costs and describes a practical framework for safety controlsmooth integration between process control design

    ontrol design. The following section describes the inte-rol and safety framework, followed by description ofamework that integrates process design models withsafetymodels. Section 4 describes control recipe designfety verication using a case study from nuclear poweration that might arise during the operation of nuclearts. This includes situations like degradation in plant, operator error, environmental hazards, etc. The iden-f risk scenario will trigger appropriate safety controlFig. 2. Integrated process control and safety.

  • 3552 H.A. Gabbar / Nuclear Engineering and Design 240 (2010) 35503558

    Fig. 3. Integrated safety control design framework.

    actions that will be executed in the form of safety control instruc-tions. In order to achieve the proposed target, an overview of theproposed safety control system is illustrated, as shown in Fig. 1.

    In the proposed system, real time and simulation data areused as inputs via distributed control systems (DCS), pro-grammableanalyze propredict posspossible sceprocess moare activate

    tially and/or to move the plant to a safe state. To facilitate themodeling of fault propagation scenarios, POOM or plant processobject-oriented modeling methodology is proposed to associatefault and safety models along with control and behavioral models.Fault semantic network or FSN is used to structure fault models

    ithriabact fndenr LOPsystelogic controller (PLC), or equipment controllers tocess/equipment/environment/human conditions andible hazard scenarios. Risk levels are estimated for eachnario based on fault/failure propagation models anddels. Accordingly, appropriate safety control programsd to optimally shutdown the power plant fully or par-

    along wcess vato extrIndepeysis (osafetyFig. 4. Mapping defence in depth to independent pthe associated process variables. Trends of related pro-les are analyzed using trend fusion algorithm or TFAeatures from all trends related to each fault scenario.t protection layers (or IPL) and layersofprotectionanal-A) are used to analyze safety requirements and map toms. And nally safety instructions are mapped to con-rotection layers.

  • H.A. Gabbar / Nuclear Engineering and Design 240 (2010) 35503558 3553

    Table 1Defence-in-depth levels.

    Level 1 Prevention of abnormal operation and of malfunctionsLevel 2 Control of abnormal operation and detection of malfunctionsLevel 3 Control of accidents included in the design basisLevel 4 Control of severe accident conditions of the plant, including the

    prevention of accident progression and mitigation ofconsequences

    Level 5 Mitigation of the environmental/radiological consequences ofsignicant releases of harmful products

    trol programs that are implemented using international standardsof control programming like IEC61131. To facilitate the systematicmapping from safety requirements into control programs, engi-neering formal language or EFL is proposed (Gabbar, 2007).

    2.2. Integrated safety and control design

    Basedon theproposedsystemarchitecture for typical integratedsafety control system, it is required to explain practical frameworkto integrate safety and control design. Typically, process controldesign goes through different stages starting from process design.Based on control block diagram, control functions are dened. Con-trol recipes are dened that are mapped to control systems (ISAS-88 Standard, 1995; ISA, 1995, 1996; Lamb et al., 2000). On theother hand, safety design starts with hazard identication that isfollowed by risk assessment and treatment. This is followed bysafety requirement specications. First layer of safety systems isthe inherent safety where opportunities are considered to changeprocessdesign for safetypurposes.Other safety functionsaredevel-oped basedfollows thelowed in nuor non-SIS ation design

    IEC6150frameworkactivities. Tquantitatividentify set

    case scenarios. Risk acceptance and treatment/mitigation analysiswill be performed to suggest ways to reduce or mitigate risks forcases where risks are unacceptable.

    2.3. Proposed safety control design framework

    Safety control design framework shows the mapping betweenprocessdesign, control, andsafetydesign. Fig. 3 shows theproposedframework where safety requirements are mapped to processdesign and linked with fault models. On the other side, safetyrequirements are mapped to control system design to identify thespecic needs for shutdown systems.

    2.4. Safety control design and protection layers

    The safety control design process is performed in iterativemanner via risk assessment and reduction practices using quali-tative and quantitative risk assessment techniques. Some of thesafety requirements are implemented as set of safety design e.g.inherent safety. Safety specications will be examined in viewof independent protection layers (IPL) that include: IPL1: safetydesign; IPL2: basic process control/alarm; IPL3: critical alarm; IPL4:safety instrumented systems (SIS); IPL5: relief devices; IPL6: phys-ical protection; IPL7: plant/site emergency procedures; and IPL8:community protection. These are developed based on the generalframework of defence in depth, which is described in Table 1. Theproposed mapping between IPL and defence in depth is shown inFig. 4.

    Fig. 4 shows the mapping between defence-in depth and safetytion layers. It shows thatdefence-in-depth levels aremappedfety



    his ses objl conon IPL or independent protection layers. This is usuallyconcept of defence in depth, which is typically fol-clear power plants. Safety instrumented systems (SIS)re designed accordingly, and linked with control func-stage. The proposed framework is illustrated in Fig. 2.8 proposed high level process safety managementthat describes basic steps to perform safety life cyclehe rst step is to identify hazards using qualitative andemethods, such asHAZOP, FTA, and FMEA. This stepwillof possible hazard scenarios along with risks of worst

    protecto all sadepth

    3. POO

    In tprocesarchicaFig. 5. POOM-based process design, control design,protection layers,which is logicwhere eachdefence-in-should be covered by more than one protection layer.

    ased safety control design

    ction, safety control recipedesign is presentedbasedonect-oriented modeling methodology (POOM) and hier-trol chart (HCC) support tool.

    and safety design.

  • 3554 H.A. Gabbar / Nuclear Engineering and Design 240 (2010) 35503558

    and co

    3.1. POOM

    POOM ois developecess designto cover prables are lineach structuments and pdynamic, fusion includ(Bereznai, 2the underlymodels, whTheoperaticuted and eand Hedrickthe base ofcan be usesystem (i.ecan be formments; eacsafety mode


    partry acing ISd Seol rech safeloproceM orto e



    to syFig. 6. Activity modeling for safety verication

    and process design

    r plant/process object-oriented modeling methodologyd to facilitate the formulation and verication of pro-(Gabbar, 2007). In this research, POOM is enhancedocess control and safety design where process vari-kedwithmanipulated anddisturbance variableswithinral model element and associated with safety require-rocedures. POOMcovers all process dimensions: static,nctional / operation, safety, and control. Static dimen-es facility, materials/products, topology, and human001a). In other word it includes static elements ofing process. The dynamic dimension includes behaviorich are represented as states, transitions, andmessages.ondimension includespurposes andmethods tobe exe-valuated as a response to incoming message (Erickson, 1999; Futao et al., 2000). These three main views arethe traditional object-oriented modeling approach andd to model both process (i.e. controlled) and control. controller), as shown in Fig. 5. The complete model

    3.2. Acdesign

    Asrecoveed usLee angenerafor eacare devFig. 6. Pof POOis usedin hierequipminformical prinforming behorderalized as building blocks of structural static model ele-h is associated with operation, behavior, control, andl elements.

    Fig. 7. Safety requirement hierarchy of NPP.

    tems fault mand controand quantitsimulationThis is tuneused to eststep and wscenarios.

    3.3. Safety

    The funddian Nuclefollowing Gfrom the coheat from toccur in thethe coolantthe core.

    The coofuel, and control recipe design.

    modeling for safety verication and control recipe

    of control design, safety recovery actions, shutdowntions and process control recovery actions are speci-A S88 standards (Davey, 2002; Moray and Huey, 1988;ng, 2004; ISA S-88 Standard, 1995; ISA, 1995) where

    ipe, master recipe, and control recipe are synthesizedety and control action (OHara, 1994). Activity modelsed for the proposed safety control practice, as shown inss designmodeling activities are developed on the basisprocess object-oriented modeling methodology, whichxpress nuclear power plant process as building blockscal manner on the basis of ISA-S88: site, cell, unit, and(Davey, 2002). Each process block includes structuralsuch as input/output ports, materials, and other phys-

    ties. In addition, each process block includes dynamicsuch as process variables, states and the correspond-

    ral equations, and function and operational models. Instematically design the target control and safety sys-

    odels are structured and specied within each process

    l block. Such fault models are expressed in qualitativeative forms and tuned using real time operational data,data, as well as human experience (Bereznai, 2001a).d using computational intelligence algorithms that areimate risks at all levels dynamically with each designith the considerations of all possible fault propagation

    requirements analysis

    amental safety requirements are governedby theCana-ar Safety Commission (CNSC) and are based on theolden Rules: control of the reactivity; removal of heatre; and containment of the radioactivity. Removal ofhe core function is correlated with the processes thatPrimary Heat Transport System (PHT). In such system,is theworkingmedium for the removal of the heat form

    lant travels from the inlet of the reactor, through themes out with higher energy from the reactor outlet.

  • H.A. Gabbar / Nuclear Engineering and Design 240 (2010) 35503558 3555

    Fig. 8. Simulation based safety control recipe synthesis framework.

    The coolant is cooled by the working medium in the steam genera-tor called the feedwater. The coolant comes out with lower energyfrom the steam generator outlet, and the cycle begins again. In allthese stages, safety requirements are concerned with the moni-toring of coolant inventory, ensuring the removal of residual heatform the core,maintaining acceptable temperatures in the contain-ing structures, and lastly to ensure that a heat sink is provided athigh reliability. This safety requirement has been translated intocontrol steps of maintaining a steam generator level at appropri-

    ate levels, as shown in Fig. 7. The maintenance of steam generatorlevel, among others factors, will ensure that a heat sink is pro-vided at high reliability. The case study will model the exampleof steam generator level maintenance throughout the rest of theseprocesses.

    4. Safety control recipe design framework

    Safety procedures are synthesized in the form of safety controlrecipe, which are converted into control programs. The proposedFig. 9. HCC for nuclear power plant.

  • 3556 H.A. Gabbar / Nuclear Engineering and Design 240 (2010) 35503558

    Fig. 10. Shutdown systems SDS1 and SDS2 (Bereznai, 2001b).

    framework for safety control program development is shown inFig. 8. The process starts with safety requirements specicationin generic and plant specic form where safety requirements arestructured within knowledgebase. Safety requirement validationprocess will provide possible symptoms of failure and correspond-ing general recipe for recovery. Control recipe will be generatedbased on failure analysis and general recipe. Control recipe willbe validated and accumulated to the knowledgebase. Based onIEC61131-3grams will

    4.1. Safety control design within HCC

    The design of modern control systems starts with the analysisof control goals and control hierarchy, which requires knowledgeof all measured and control variables as well as determinationof all of the components, processes and their relation. Controldesign is systematizedusinghierarchical control chart (HCC)whichsupports control designers to build control functions and block dia-grams in hierarchical manner as integrated with process design.HCC links process design models with the corresponding con-trol models in hierarchical manner using POOM and in view ofISA-S88 standards. The proposed automated hierarchical controlchart is integrated with an interactive knowledge database thatenables the access to processes and parameters across the under-lying process domain. Process and control information are storedin database and captures at different levels of process and controlhierarchy.

    Standard legend for HCC is presented where blocks are markedwith P for process blocks and C for control blocks. Num-bering mechanism is proposed where hierarchical numbering isused as P1.1, C1.2, etc. HCC enables control designer to con-struct the target control system as integrated with the underlyingprocess so that lines between control and process blocks willidentify the processprocess; processcontrol; controlprocess;and controlcontrol integration. This is essential to specify andvalidate the relationships between process variables, control vari-ables,manipulatedvariables, anddisturbancevariableswithineachprocess and control block. The control blockswill be expandedhier-archically till it reaches the lowest levelwhere control programsarespecied in the form of function block diagrams or FBD on the basisof IEC61131 standards (Morris, 2000; Toon, 2002). Fig. 9 showsexample of HCC to represent nuclear power plant connectedwithinelectricity grid. HCC will provide detailed mapping between pro-

    riables, control variables and their relationships with safetyments.standard languages, the corresponding control pro-be developed and translated into DCS/SIS systems.

    cess varequireFig. 11. HCC for steam generator process and control.

  • H.A. Gabbar / Nuclear Engineering and Design 240 (2010) 35503558 3557


    The loweFor safetybasedonhaigation scencontrol reciulation.

    5. Case stu

    Safety costudy. Safetsafety actioSafety Comsafety procwith this apossible fausafety contsis is basedpropagationcontrol reci

    5.1. CANDU

    To undeCANDU reautilizes neucally into threlease of anThere are mwithin 2 s tdesign. Shuside of themoderator.gadoliniuminto moderhelium tankand 2 as con

    Trip paraneutron popressure, logenerator lture, low cshutdown care exceededently for e



    s upp

    ls w2 shocontrol programs.

    eveloped safety control programs

    61131-3 is the international standard for control program-Control programs should be structured on the basis of31-3 so that it can be easily implemented within safety andl systems. IEC61131-3 offered set of standard programmingges: Ladder Diagram (LD); Sequential Function Charts (SFC);on Block Diagram (FBD); Structured Text (ST); and Instruc-st (IL). Safety control programs can be implemented using31-3 for both recovery and shutdown scenarios. One safetyry operation scenario is selected from steam generator.11 shows the high level process and control diagram for theFig. 12. Safety control program repres

    st-level control programsaremainly the control recipe.control design, safety control programs are designedzard scenario andpossible prevention, control, andmit-arios. The next section describes the process of safety

    pesynthesisusing safety requirementsandprocess sim-


    ntrol design of shutdown system is selected as a casey control recipe is the procedures required to executens, such as shutdown operation. The Canadian Nationalmissioning (CNSC) requires well dened and veriededures that are known and documented. The difcultypproach is the limitations to completely identify alllt propagation scenarios and design the correspondingrol recipe. The proposed safety control recipe synthe-on automatic and real time identication of new faultscenarios that are simulated and corresponding safety

    pe is synthesized.

    shutdown systems

    rstand the proposed system, shutdown systems forctors are considered. Shutdown system-1, or SDS1,tron absorbing cadmium rods, which are inserted verti-e reactor core. The rods are dropped by gravity after theelectro-magnetic clutch to trigger the shutdown state.

    echanical requirements such as full insertion should be

    Table 2Safety co

    If NeuIf NeuIf NeuIf NeuIf HEXIf HEXIf two

    actioIf Drop


    UL mean


    5.2. D

    IECming.IEC611controlanguaFunctition LiIEC611recove


    o be able to control the excess reactivity as a fail-safetdown system-2, or SDS2, has six nozzles placed at theCalandria, which are horizontally mounted across theEach nozzle is connected to a liquid tank lled withnitrate (GdNO3), which acts as poison that is injectedator by opening the valve between the high pressureand the poison tanks. Fig. 10 shows both shutdown 1nected to the Calandria.meters that trigger the shutdown actions include: highwer, high rate of rise of neutron power, high coolantw coolant pressure, high building pressure, low steamevel, low pressurizer level, high moderator tempera-oolant ow, low, and steam generator pressure. Theontrol system is triggered once parameter thresholdsd. Typically, independent channels are used indepen-ach shutdown systemwhere any trip to two of the three

    case studyEach line iswith the de

    Fig. 12 shboiler contrBlockDiagrmaintain stgenerator lstandby valclosed. In agenerator l

    5.3. Case st

    In this eation of nuusing FBD.


    ower Is High (>SDS1-UL) Then Trigger SDS1ower Is High (>SDS2-UL) Then Trigger SDS2ise-Rate Is High (>SDS1-UL) Then Trigger SDS1ise-Rate Is High (>SDS2-UL) Then Trigger SDS2Is Low (

  • 3558 H.A. Gabbar / Nuclear Engineering and Design 240 (2010) 35503558


    Deuterium(Rosen et alposed CAND

    Thepracsafe cogenemight be inscenario. Suhydrogen cprocess forwill be modangle of theprocess.

    6. Conclus

    Nuclearindustries aensure safemanner. Thwith procesproposed tomodels, dynmodels arecontrol systautomate scontrol andproposed acposed usingis integrateare synthessmoothandSafety requand mappedown scenafrom CANDfacilities.


    Thanksregarding nto students


    Bereznai, G., 2001a. Nuclear Power Plant Operations. UOIT.Davey, E., 2002. Design principles for CANDU control centres in response to evolving

    utility business needs. In: Proceedings of Canadian Nuclear Society Conference,Toronto, Ontario, pp. 17.

    Erickson, K.T., Hedrick, J.L., 1999. Plant Process Control.Zhao, F., Ou, J., Du, W., 2000. Simulation modeling of nuclear steam generator water

    level process: a case study. ISA Transactions 39, 143151.Gabbar, H., 2007. Formal representation of meta-operation of chemical plants. In:

    IEEE Transactions on Systems, Man, and Cybernetics Part C: Applications andews, vi, G., 2ual. Ftute oJ., Bortionated, M5. Batc1-1996. PosStan

    , 1995matio, et al.a of MSeongg fuzzlear EnN.P., Heedinarch, Cnces. N., 200

    lear InK., 1viourng Sys., Strietrical E.A., Nd hydrcriticonal Jo, 2002rnatio Instrol an, oil. 13. Control design for nuclearhydrogen cogeneration.

    Uranium) power stations as integrated with hydrogen., 2008). Fig. 13 shows the control hierarchy of the pro-U hydrogen power station.

    tice to design safety control design is essential to ensureration. For example, one hazard of high steam pressureterpreted within CANDU power station into shutdownch scenario can be eliminatedwith the integrationwithogeneration by supplying more steam to the hydrogenmore hydrogen production. The safety control programied within CANDU to ensure increasing the openingsteam valve V1 to allow more steam to the hydrogen


    power plants and other production and manufacturingre seeking practical integrated safety control design toty across all control activities in automatic and accurateis can be achieved by integrating process design modelss control and safety models. In this research, POOM isprovide such modeling framework where plant staticamic behaviors, operationalmodels, control, and safetyintegrated to enable the systematic design of safetyems. HCC or hierarchical control chart is proposed touch integration where it enabled the identication ofsafety models as integrated with process design. Thetivity models to conduct safety control design are pro-IDEF0. The proposed safety control design framework

    d within control design and safety control programsized on the basis of IEC61131-3 standards to ensureunied implementation indifferentplant technologies.irements are identied from different hazard scenarios




    ISA, 19988.0

    ISA, 199ISA S-88


    Lamb, L.pedi

    Lee, S.J.,usinNuc


    Morris, ANuc


    Prez, AElec

    Rosen, Mbasesupenati

    Toon, K.Inte

    he estabtion sysInnovaticess conoperatiod to safety control recipe recovery operations and shut-rios. Examples are selected for safety control designU power station and CANDU-hydrogen cogeneration


    to IEEE NPSS and CNSC for the valuable informationuclear reactor safety and control design. Also, thankswho helped in this research work.

    and plastic prtrol recipe synfault diagnosistechniques fofacilitate the stechnologies. Hter HiroshimGreen Producttem of SystemUniversities anconferences. Hchapters, pateand green hybol. 37, 4, July 2007.001b. Nuclear power plant systems and operation, simulator user

    aculty of Energy Systems and Nuclear Science, University of Ontariof Technology (UOIT), Oshawa, Ontario.airi, M., Tikku, S., Josefowicz, A., 2010. Documenting Control Systemlity for Digital Control Implementations. Atomic Energy of Canadaississauga, Ontario.h Control: Batch Control Part 1: Models and Terminology. ANSI/ISA-5.sible Recipe Procedure Presentation Formats. ISA-TR88.0.03-1996.dard, 1995. ISA-88 Batch Standards and User Resources, 2nd Edi-(R2006), Copyright 2007 by ISA-The Instrumentation, Systems andn Society., 2000. Basic Concepts of ISA-S88.01-1995 Batch Control. ISA Encyclo-easurement and Control., P.H., 2004. Development of automated operating procedure systemy colored petri nets for nuclear power plants. Journal of Annals ofergy 31 (8), 849869.uey, B.M., 1988. Human factors research and human safety. In:

    gs of Panel on human factors research needs in nuclear regulatoryommittee on Human Factors, Commission on Behavioral and Socialational Research Council, Washington, DC, pp. 1319.0. IEC 61131 A Users Perspective From Innogy. INIS: Internationalformation System.994. Cost of Operations Affects Planfulness of Problem-Solving. In: Proceedings of CHI94, Conference on Human Factors in Com-tems, Boston, MA, USA, pp. 105106.tzel, R., Mort, N., 1997. Control Engineering Solutions. Institution ofngineers.aterer, G.F., Chukwu, C.C., Sadhankar, R., Suppiah, S., 2008. Nuclear-rogen production with a thermochemical copperchlorine cycle andal water reactor: equipment scale-up and process simulation. Inter-urnal of Energy Research.. Open Automation and Control IEC 61131 in Safety Applications. INIS:nal Nuclear.

    Hossam A. Gabbar is Associate Professor and Directorof Energy Safety & Control Lab, in the Faculty of EnergySystems and Nuclear Science, University of Ontario Insti-tute of Technology (UOIT). He obtained his Ph.D. degree(Safety Engineering) from Okayama University (Japan).He obtained his BSc (First Class of Honors) in the area ofComputer and Automatic Control, Alexandria University.He is specialized in process control and safety engineer-ing where he initiated several research and industrialprojects,which are applied ondifferent disciplines such asoil & gas, energy, nuclear power, and manufacturing andproduction systems. Prior to moving to Canada, he wasAssociate Professor in Okayama University (Japan) where

    his research lab in the area of safety and green energy and produc-He worked with Tokyo Institute of Technology and Japan Chemicaltitute (JCII) where he participated in national projects related to pro-nd safety engineering for green production systems, batch process& gas operation design & verication, biomass production systems,oduction chain with recycling. He developed new methods for con-thesis and verication, safety design, and quantitative and qualitativeand simulation. He proposed new process modeling and simulation

    r green hybrid energy supply chain planning and operation, whichmooth and optimum implementation of renewable and clean energye is a Senior Member of SMCS IEEE, the founding chair of SMC Chap-

    a Section, the founding chair of the technical committee on Intelligention Systems (IGPS), and member of the technical committee on Sys-s and Soft Computing (IEEE SMCS). He is invited speaker in severald international events, and PC/chair/co-chair of several internationale is the author of more than 90 publications including books, booknt, and papers in the area of process control and safety engineeringrid energy systems.

    Integrated framework for safety control design of nuclear power plantsIntroductionSafety control analysisProposed integrated system architectureIntegrated safety and control designProposed safety control design frameworkSafety control design and protection layers

    POOM-based safety control designPOOM and process designActivity modeling for safety verification and control recipe designSafety requirements analysis

    Safety control recipe design frameworkSafety control design within HCC

    Case studyCANDU shutdown systemsDeveloped safety control programsCase study-2, nuclearhydrogen cogeneration



View more >