Podrobnosti návrhu

I&C systems important to safety may be implemented using hardwired equipment, programmable digital equip­ment such as processor-based or HDL-programmed devices, or by using a combination of several types of technologies. This International Standard provides requirements and recommendations for the overall I&C which may contain one or several of these technologies.

This document highlights also the need for complete and precise requirements, derived from the plant safety goals, as a pre-requisite for generating the comprehensive requirements for the overall I&C, and hence for the individual I&C systems important to safety.

This document introduces the concept of a safety lifecycle for the overall I&C including the I&C architecture, and a safety lifecycle for the individual systems. By this, it highlights the relations between the safety objectives of the NPP and the requirements for the architecture of the I&C systems important to safety, and the relations between the I&C architecture and the requirements of the individual systems important to safety.

Standards such as ISO/IEC/IEEE 15288 provide an overarching concept of system life cycle provisions covering product-related processes as well business development. The scope of IEC 61513 refers to safety aspects and their demonstration, and significantly deepens the considerations of ISO/IEC/IEEE 15288 in this field.

The lifecycles illustrated in, and followed by this document are not the only ones possible; other lifecycles may be followed, provided that the requirements stated in this document are satisfied.

NOTE The standard addresses the safety lifecycle of the overall I&C and of the individual systems. Although systems not important to safety are not in the scope of the standard, they have to be considered in the overall I&C safety lifecycle, as they may constitute constraints for the safety system design and qualification (e.g. installation in common rooms, interfaces, sizing of support systems, coordination of installation and commissioning works).

Furthermore, the standard does not describe the handling of interfaces between organisations (owner, architect engineering organisation, engineering organisations, commissioning organisations). In practice, responsibilities for plans, activities and documents will be allocated according to the contractual arrangements.

Application: new and pre-existing plants

This document applies to the I&C of new nuclear power plants as well as to I&C upgrading or back-fitting of existing plants.

For existing plants, only a subset of requirements is applicable depending on the scope of the project, and this subset has to be identified at the beginning of any project.

Framework

The document comprises four normative clauses (an overview is provided in Figure 1):

Clause 5 addresses the overall I&C safety lifecycle:

–   defining requirements for the I&C functions, and associated systems and equipment derived from the safety analysis of the NPP, the defence-in-depth and diversity concept of the NPP, the categorisation of I&C functions, and the plant lay-out and operational context;

–   structuring the I&C architecture, dividing it into a number of systems and assigning the I&C functions to systems. Design criteria are identified, including those to give defence in depth and to minimize the potential for common cause failure (CCF);

–   planning the I&C architecture.

Clause 6 addresses the requirements for the individual I&C systems important to safety, particularly the requirements for systems built from programmable digital equipment. A differentiation of requirements is made according to the safety category of the I&C functions (A, B or C) or according to the safety class of the systems (1, 2 or 3) is made when relevant;

Clauses 7 and 8 address the overall integration, commissioning, operation and maintenance of the I&C systems.

Figure 1 outlines the structure of the standard. It does not necessarily present the timely order of activities which may be in reality partially executed in parallel, or include iterations.

Additionally, the standard provides informative annexes:

Annex A highlights the relations between IAEA and basic safety concepts that are used throughout this document;

Annex B provides guidance to support comparison of this document with parts 1, 2 and 4 of IEC 61508. This annex surveys the main requirements of IEC 61508 to verify that the issues relevant to safety are adequately addressed, considers the use of common terms and explains the reason for adopting different or complementary techniques or terms;

Annex C provides a proposal for the documentation structure for overall I&C planning and I&C system design;

Annex D indicates the main changes to be considered during the next update cycles of several SC45A standards to align them to this revision of IEC 61513.

5 Overall I&C safety lifecycle: Requirements specification for the overall I&C

5.2    Deriving the I&C requirements from the plant safety design base

Output documentation

5.2.2 Functional, performance and      independence requirements

5.2.3 Categorisation

5.2.4 Plant constraints

5.2.5 Overall requirements specification for the I&C functions important to safety

5 Overall safety lifecycle: Derivation of requirements for the overall I&C and design of the I&C architecture

5.3     Design of the I&C architecture

5.4     Overall I&C (O) planning

5.5    Output documentation

5.3.2  Definition of the systems

5.3.3  Human machine interfaces and HFE

5.3.4  Data communication

5.3.5  Engineering tools

5.3.6  Defence against CCF

5.3.7  Assignment of the functions to systems

5.3.8  Required analysis

5.4.2  O QA programs

5.4.3  O cybersecurity planning

5.4.4  O configuration management plan

5.4.5  O requirements management plan

5.4.6  O integration and commissioning plan

5.4.7  O operation plan

5.4.8  O maintenance plan

5.4.9  Planning of training

5.5.2  Architectural design

5.5.3  Functional assignment

5.5.4  Overarching design concepts

6 System safety lifecycle: Realisation and planning of the individual I&C systems

6.1   System lifecycle phases

6.9   System (S) planning

6.10  Output documentation

6.2  S requirements specification

6.3  S specification

6.4  S detailed design & implementation

6.5  S integration

6.6  S validation testing

6.7  S installation and commissioning

6.8  S modifications

6.9.2   S quality plan

6.9.3   S verification plan

6.9.4   S configuration management plan

6.9.5   Fault resolution procedures

6.9.6   S integration plan

6.9.7   S validation plan

6.9.8   S installation and commissioning plan

6.9.9   S operation plan

6.9.10 S maintenance plan

6.10.2  S requirements
  specification

6.10.3  S specification

6.10.4  S detailed design

6.10.5  S integration

6.10.6  S validation testing

6.10.7  S modification

6.11   System qualification

6.11.2 Generic / application-
          specific qualification

6.11.3 S qualification plan

6.11.6 Maintaining
          qualification

6.11.7 Qualification
          documentations

7 Overall integration and commissioning

7.2 Requirements on the objectives

7.3 Requirements on output documentation

8 Overall operation and maintenance

8.2 Requirements on the objectives

8.3 Requirements on output documentation

Key QA: Quality Assurance; O: Overall I&C; S: System

Figure 1 – Overall framework of this document