Engineering consultancy for Electrical, Instrumentation and Control systems.


Client brief

Analyse the reliability characteristics of the control and protection system of SPIDER, a negative ion source within the experimental complex under construction in Padua, a prototype of the Neutral Beam Test Facility that will be used in the ITER project.

In particular, the assessments refer to the protection functions implemented by the Ion Source and Extraction Power Supplies – Protection system (ISEPS-PS) and SPIDER’s Fast Interlock.


Project challenge

  • To define a methodology for the functional analysis of the control system that can be used in subsequent and/or different developments, right from the system’s initial design.
  • To define a functional model of the control system currently operating in SPIDER, and support the definition of protection functions, the understanding of how the system works and the discussion between designers and plant operators.
  • To complete the available data with appropriate assumptions about the available data and information, the technologies used and the way the plant is operated.
  • To estimate the reliability performance of SPIDER’s control system in the implementation of protection functions, highlighting current vulnerabilities (e.g. functions involving numerous components for a widespread implementation of the required reaction).
  • To provide indications for a future implementation of the control system in accordance with the indications of the IEC 61508 standard (Functional Safety).


    • The functional model of the electronic control system was defined by characterising the interfaces (physical and functional, external and internal) of the system and classifying the alarm conditions, using an IDEFØ representation.
    • The system’s functional failure modes (i.e. deviations from the expected operation) were identified and analysed in terms of their ultimate effects on the required protection functions.
    • The components and assemblies involved in the acquisition of alerts and/or the development of the necessary reaction and/or its implementation were identified for each protection function.
    • The reliability of individual electronic assemblies and components was assessed by processing return failure data from the field, applying prediction models, using reliability databases and using structured “expert judgement” methods.
    • The reliability of the system in the implementation of each protection function was assessed in terms of Probability of Failure on Demand (PFD) and Probability of Failure per Hour (PFH) parameters.


Execution phases

  • Development of the functional model of the system and identification of the protection functions.






  • Analysis of system failure conditions (Functional FMEA).




  • Assessment of the reliability of electronic components and assemblies.




  • Quantitative estimate of the reliability of the protection functions (using RBD).




Achieved results



Quantitative assessments were performed using ReliaSoft-BlockSim.



Subscribe our Newsletter .