Research Papers

A Functional Protection Method for Availability and Cost Risk Management of Complex Research Facilities

[+] Author and Article Information
R. Andersson

Protection Systems Group,
European Spallation Source ERIC,
Lund 22100, Sweden;
Department of Physics,
University of Oslo,
Oslo 0316, Norway
e-mail: riccard.andersson@esss.se

E. Bargalló, A. Nordt

Protection Systems Group,
European Spallation Source ERIC,
Lund 22100, Sweden

Manuscript received May 28, 2017; final manuscript received March 26, 2019; published online June 10, 2019. Assoc. Editor: James Lambert.

ASME J. Risk Uncertainty Part B 5(3), 031002 (Jun 10, 2019) (9 pages) Paper No: RISK-17-1067; doi: 10.1115/1.4043409 History: Received May 28, 2017; Revised March 26, 2019

While the area of functional safety for industry has evolved over the years by developing well-renowned standards and methods proven in use, such standards are not present in the field of equipment protection for complex research facilities. Research facilities in particular do typically not apply global, systematic approaches for functional equipment protection, but rather rely on system expert judgment for the individual systems, often leaving out the emergent properties of complex systems of systems. With the increasing demands on research facilities to be highly reliable and available, comparable to industrial facilities, a holistic and systematic method for equipment protection is, if not necessary, highly beneficial. This paper describes the development of a risk management method named functional protection, and benchmarks its lifecycle steps toward the IEC 61508 functional safety standard as well as the ISO 31000 risk management standard. The functional protection method is currently applied for the design and construction of the European Spallation Source in Lund, Sweden.

Copyright © 2019 by ASME
Your Session has timed out. Please sign back in to continue.


ISO, 2009, “ Risk Management—Principles and Guidelines,” International Organization for Standardization, Geneva, Switzerland, Standard No. ISO 31000.
IEC, 2010, “ Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems,” International Electrotechnical Committee, Brussels, Belgium, Standard No. IEC 61508:2010.
IEC, 2004, “ Functional Safety—Safety Instrumented Systems for the Process Industry Sector,” International Electrotechnical Committee, Brussels, Belgium, Standard No. IEC 61511:2004.
ISO/IEC/IEEE, 2008, “ Systems and Software Engineering—System Life Cycle Processes,” International Organization for Standardization, Geneva, Switzerland, Standard No. ISO/IEC/IEEE 15288.
International Electrotechnical Committee, 2016, “International Electrotechnical Committee Website,” International Electrotechnical Committee, Geneva, Switzerland, accessed Apr. 22, 2019, http://www.iec.ch/
International Standardization Organization, 2017, “International Organization for Standardization Website,” International Organization for Standardization, Geneva, Switzerland, accessed Apr. 22, 2019, http://www.iso.org/iso/home.html
Occupational Health and Safety Advisory Services, 2016, “Occupational Health and Safety Advisory Services Website,” BSI Group, London, accessed Apr. 22, 2019, https://www.bsigroup.com/en-GB/ohsas-18001-occupational-health-and-safety
Kwiatkowski, M. , 2013, “ Methods for the Application of Programmable Logic Devices in Electronic Protection Systems for High Energy Particle Accelerators,” Ph.D. thesis, Warsaw University of Technology, Warsaw, Poland.
Sibley, C. , 2003, “ Machine Protection Strategies for High Power Accelerators,” Bipolar/BiCMOS Circuits and Technology Meeting, Toulouse, France, Sept. 28–30, pp. 607–611.
Schmidt, R. , 2013, “ Machine Protection,” CAS Update, e-print arXiv:1601.05207.
Leveson, N. G. , 2012, Engineering a Safer (and More Secure) World, MIT Press, Cambridge, MA.
Rasmussen, J. , 1997, “ Risk Management in a Dynamic Society: A Modeling Problem,” Saf. Sci., 27(2–3), pp. 183–213. [CrossRef]
Hollnagel, E. , 2014, “ FRAM—The Functional Resonance Analysis Method Centre for Quality,” Centre for Quality, Region of Southern Denmark, Middelfart, Denmark.
Sage, A. P. , and Cuppan, C. D. , 2001, “ On the Systems Engineering and Management of Systems of Systems and Federations of Systems,” Inf. Knowl. Syst. Manag., 2(4), pp. 607–611.
European Spallation Source, 2017, “European Spallation Source Website,” European Spallation Source ERIC, Lund, Sweden, accessed Apr. 22, 2019, www.esss.se
Hilbes, C. , Nordt, A. , and Friedrich, T. , 2015, “ Machine Protection—Systems Engineering Management Plan,” European Spallation Source, Lund, Sweden, Document No. ESS-0057245, pp. 1–30.
Maier, M. W. , 1998, “ Architecting Principles for Systems-of-Systems,” Syst. Eng., 1(4), pp. 267–84. [CrossRef]
Leveson, N. , 2013, “ An STPA Primer,” MIT Document, Cambridge, MA, accessed Apr. 22, 2019, http://fliphtml5.com/sgqs/syzv/basic
Friedrich, T. , Hilbes, C. , and Nordt, A. , 2017, “ Systems of Systems Engineering for Particle Accelerator Based Research Facilities—A Case Study on Engineering Machine Protection,” 11th Annual IEEE International Systems Conference, Montreal, QC, Canada, Apr. 24–27, pp. 696–703.
ISO, 2016, “ Risk Management—Risk Assessment Techniques,” International Organization for Standardization,” Brussels, Belgium, Standard No. ISO 31010.
ISO, 2006, “ Systems and Software Engineering—Life Cycle Processes—Risk Management,” International Organization for Standardization, Geneva, Switzerland, Standard No. 16085.
DeLaurentis, D. , and Callaway, R. K. , 2004, “ A System-of-Systems Perspective for Public Policy Decisions,” Rev. Policy Res., 21(6), pp. 829–37. [CrossRef]
Andersson, R. , 2017, “ Machine Protection Risk Management Procedure,” ESS Internal Document (ESS-0095000), European Spallation Source, Lund, Sweden, Document No. ESS-0095000.
IEC, 2011, “ Systems and Software Engineering—Software Life Cycle Processes,” Institute of Electrical and Electronics Engineers, Piscataway, NJ, Standard No. ISO/IEC 12207.


Grahic Jump Location
Fig. 2

The three constituent teams involved in the functional protection lifecycle, where the color of the bubble matches the color of the column in Fig. 1

Grahic Jump Location
Fig. 3

Development of PFs from abductive and inductive analyses

Grahic Jump Location
Fig. 4

The functional protection abductive risk management process, starting at the system level and ending at the definition of PFs

Grahic Jump Location
Fig. 1

The functional protection lifecycle

Grahic Jump Location
Fig. 5

Example of the signal path for a PF, going from the sensors that detect the event, through the logic element, and finishing at the actuators that carry out the end behavior of the function



Some tools below are only available to our subscribers or users with an online account.

Related Content

Customize your page view by dragging and repositioning the boxes below.

Related Journal Articles
Articles from Part A: Civil Engineering
Related eBook Content
Topic Collections

Sorry! You do not have access to this content. For assistance or to subscribe, please contact us:

  • TELEPHONE: 1-800-843-2763 (Toll-free in the USA)
  • EMAIL: asmedigitalcollection@asme.org
Sign In