• In progress

    • GIS Overview

    Owned by Tim Williams
    Last updated: Aug 16, 2023
    4 min read

    Functional Safety

    The Global Interlock System (GIS) is designed as a stand-alone functional safety system for the observatory to protect personnel and equipment from hazards.

    Functional safety refers to the concept of ensuring that a system, process, or product operates in a safe manner, particularly when it comes to preventing or mitigating hazards that could lead to harm, injury, or damage. The goal of functional safety is to minimize the likelihood and severity of accidents and incidents caused by system failures, errors, or malfunctions.

    Functional safety can be simply defined as:

    • Protecting a user from technology.

    • Protecting technology from users.

    Components

    The GIS consists of a number of interconnected Allen-Bradley GuardLogix safety PLCs that monitor the various subsystems of the facility. The PLCs are connected to various distributed I/O modules in and around the various subsystems. The GIS uses it’s own private ethernet network.

    Most of the components of the GIS are designed around a redundant safety architecture. In this design, the redundancy is used to ensure safety not to allow continued operation in the event of failure. A component failure results in the system transitioning to a safe, albeit non-operational condition.

    The three most recognizable parts of the GIS are the emergency stop devices, the trapped key system and the HMI graphic interfaces.

    Emergency Stop System



    E-Stop Push Button

    The emergency stop devices, generally E-Stop Buttons, serve to provide a readily accessible means to shut down the observatory in case of an emergency.

    Activating the Emergency Stop System can be done by depressing any of the numerous emergency stop push buttons (inside the Coudé and telescope cable wraps are a rope pull device) located throughout the facility.

    Activating the Emergency Stop System will cause the Coudé Rotator, Enclosure (altitude and azimuth), Telescope (altitude and azimuth) motion to stop immediately. Because the concentrated light beam may still pose a hazard, the Emergency Stop System will close the M1 Cover and Aperture Cover in sequence to eliminate that hazard.

    It is important to note that Emergency Stop System does not necessarily stop all motion.

    Trapped Key System

    The Trapped Key System is designed to restrict access to hazardous areas within the observatory. Generally, these hazardous areas pose a serious pinch/crush hazard to personnel. Access to these Hazardous Zones are controlled.

    In the event of loss or power or system failure, egress from a hazardous may require the use of emergency mechanical releases on the guard lock.

    The Trapped Key System enforces that potential hazards be disabled prior to entering a hazardous area. The principle behind trapped keys is that any key can not be in two places at once. It is either in the cabinet enabling motion or it is used to unlock the door to the hazardous area.

    'A' trapped key

    This is accomplished by a system of specially designed unique keys. To enter a hazardous area, you must first disable hazardous motion by removing the key from the normal operation cabinet. This will halt all hazardous motion. Then this key, the primary key, must be taken to the door to enter the hazardous area. Inserting the key will unlock the door and release another key.

    This new key, called a personnel key must then be carried into the hazardous area. Without the personnel key, the primary key is ‘trapped’ in the door lock and cannot be removed. This prevents someone else from removing the key an restarting hazardous motion.

    Trapped keys can also be used in sequences and combinations to protect areas with multiple hazards.

    For more information on the various trapped key sequences and combinations used in the observatory, see Trapped Keys.

    Human Machine Interface (HMI)

    The GIS has two touch-screen computers that serve as an operator interface, mainly to provide status information of the various safety functions controlled by the GIS.

    One HMI is located at the GIS cabinet on the utility level. The second HMI, often referred to as the TIM, or Telescope Interlock Manager, is located in the main control room.

    These have a number of displays that provide information related to each system or subsystem. For more information on the displays and what they mean, see GIS HMI.

    Since most displays are read only, using or browsing the display will not affect safety.

    GIS Reset

    Each of the HMI also have a single blue button. This is the GIS Reset push button. When certain safety functions are tripped the GIS will prevent restarting without an acknowledgement to allow equipment to restart.

    Pressing the GIS Reset button will acknowledge all tripped functions and allow restarting.