After designing or managing the design of safety critical system for over 15 year, it is an opportunity to retrospectivly look at how the industry has evolved.

The first project I was involved in was the shutdown system for a power station, just outside of Toronto. The challenge was how to ensure such systems are secure, dependable and meet the design intent. One of the greatest concerns was ensuring that there is no ambiguity between the hazard analysis, requirements, design and implementation. Using a Parnassian style tabular specification one our specify all of these mathematically in a human readable form. Formal methods underpin the technique. That was a point in time that formal methods were gaining wider adoption. Others were using techniques such as Z, we used a tabular specificaiton method. An excellent approach, however the cost was justifiable in the nuclear industry but would simply not be viable in most other industries. Fast forward a few years, and I had the opportunity to manage a team doing accelerator safety systems over nearly a decade as well as advise several other teams. An industry where traditionally there was a reliance on relay based interlock systems. As safety-rated Programmable Logic Controller (PLC) equipment became available in the market, it has been widely used for industrial safety systems. In 2000 we were one of the first team in the industry to adopt IEC 61508 certified equipment and methods. Not necessarily using formal methods but trying to find a balance that corresponds to best industry practice. After ten years the What can we learn from this? However, until very recently, the use of safety rated PLC equipment in accelerator safety systems has been rare. Accelerators built over the past five years have started to adopt safety rated PLC equipment primarily intended for the process control industry. we were an early adopter of such equipment.  One critical aspect in the application of these techniques is the need to perform structure hazard and risk analysis

http://accelconf.web.cern.ch/AccelConf/ICALEPCS2013/papers/moppc040.pdf

Currently unrated