Pasadena, CA – TMT recently achieved another significant milestone, with the successful preliminary design review of the Observatory Safety System (OSS). The review material was presented by TMT engineers Jimmy Johnson and Kayla Hardie from the project office. The review panel was composed of external experts from the Daniel K. Inouye Solar Telescope, the Giant Magellan Telescope, the National Research Council of Canada, and the W.M. Keck Observatory, in addition to TMT staff from the Safety, Controls and Software groups.
“Passing this review is a significant achievement for the project and establishes the technical, management and process foundation that will form the bases for the final design of the Observatory Safety System,” said Jimmy Johnson, TMT Lead Software Engineer and OSS Work Package Manager.
TMT has a rigorous Environmental, Safety, and Health policy to ensure a safe working environment for everyone. In a large, complex facility such as TMT, safety is critical for personnel as well as equipment. There are a variety of safety measures in place for TMT, which include but are not limited to: (a) a management culture, supported by the TMT safety group, promoting safety throughout the project, (b) the project adherence to various local and federal standards such as OSHA, ANSI, NFPA, (c) an independent fire system, (d) an emergency lighting system, (e) procedures and Personnel Protection Systems, (f) OSHA compliant lockout/tagout combined with a trapped-key system for accessing hazardous areas, and (g) the OSS for functional safety.
The OSS is a functional safety solution; it provides safety solutions to reduce the risk of hazards occurring. For TMT, this means protecting personnel, equipment and the environment at the observatory. The design of the OSS is guided by the international IEC 62061 standard, and OSS has produced a TMT Functional Safety Management Plan that describes how TMT manages functional safety throughout the life of the observatory.
The OSS is a collection of Safety-Related Electrical Control Systems that implement safety related control functions. At the application level, safety functions are needed when there are hazards inherent in a system that can cause injury, death, environmental damage or damage to equipment. Safety functions have been identified from a Hazard Analysis and Risk Assessment process identifying all potential hazards and their severity. The TMT Safety team, systems engineering, the OSS developers and the various subsystem developers put a lot of time and effort into hazard analysis, making sure that safety requirements are properly determined.
“A thorough and well-documented hazard analysis and risk assessment process is fundamental to developing a safety system that acts reliably and effectively in the event of hazards occurring,” added Kayla Hardie, TMT Associate System Engineer.
Operationally, when a system is confronted with a specific hazard, the safety function takes an action to move the system into a safe state where the effect of the potential hazard is likely to be avoided. If each safety function is executed according to its risk assessment, the situation can be considered safe, and functional safety is achieved. Safety integrity (as defined by the Safety Integrity Level) is the probability that the safety related system will satisfactorily perform the required safety function. Safety Integrity Level is a measure of performance required from a safety instrumented system to maintain, or achieve, the safe state. The TMT OSS is designed to achieve the maximum safety levels available in current international industrial norms, which is a safety integrity of SIL3.
Overall the purpose of TMT OSS is to provide a safety system that has a very low rate of failure, is highly reliable, and operates independently of the control systems. In addition, the OSS provides hazardous access control, situational awareness and various user interfaces (developed in accordance with the Abnormal Situation Management Consortium Guidelines) to provide visibility on the safety system.
After an overview of the TMT safety framework, the OSS team dived into technical design of the software, hardware, and interfaces. Technical aspects, including the safety functions, emergency stop system, seismic monitoring, and more, were assessed in detail during the review.
The Rockwell Allen-Bradley GuardLogix Programmable Automation Controller and associated safety rated input/output modules were chosen by TMT for the OSS design. These products provide a distributed programmable solution, which is a good fit for TMT, and utilize a separate safety network, over which the AB Rockwell CIP Safety network protocols are used.
TMT’s goal is to maximize the scientific use of the TMT Observatory while operating safely on a remote mountain site. “The OSS is an integral part of ensuring that TMT provides a safe operating environment throughout the life of the observatory,” said Hardie.