Академический Документы
Профессиональный Документы
Культура Документы
2/22
HAEA NSD
Referred publications (1/2)
• B. Wahlström and O. Glöckler: Challenges in implementing and
licensing digital I&C, IAEA TM, 13-16.09.2005
• Modernization of instrumentation and control in nuclear power plants,
TECDOC-1016, IAEA (1998)
• Specification of requirements for upgrades using digital instrument and
control systems, TECDOC-1066, IAEA (1999)
• Management of ageing of I&C in nuclear power plants, TECDOC-
1147, IAEA (2000)
• Verification and Validation of Software Related to Nuclear Power Plant
Instrumentation and Control, TRS-384. IAEA (1999)
• Modern Instrumentation and Control for Nuclear Power Plants: A
Guidebook, TRS-387, IAEA (1999)
• Quality assurance for software important to safety, TRS-397, IAEA
(2000)
3/22
HAEA NSD
Referred publications (2/2)
• Software for Computer Based Systems Important to Safety in Nuclear
Power Plants, NS-G-1.1, IAEA (2000)
• Modifications to Nuclear Power Plants, NS-G-2.3, IAEA (2001)
• Instrumentation and Control Systems Important to Safety in Nuclear
Power Plants, NS-G-1.3, IAEA (2002)
• Harmonization of the licensing process for digital instrumentation and
control systems in nuclear power plants, TECDOC-1327, IAEA (2002)
• Solutions for cost effective assessment of software based instrumentation
and control systems in nuclear power plants, TECDOC-1328, IAEA
(2002)
• Managing Modernization of Nuclear Power Plant Instrumentation and
Control Systems, TECDOC-138, IAEA (2004)
• Management of Life Cycle and Ageing at Nuclear Power Plants:
Improved I&C Maintenance TECDOC-1402, IAEA (2004)
4/22
HAEA NSD
Safety classification of I&C components
•Graded approach
•SCS: protection, actuation
•SRS: important but not SCS
•National variations of intntl.
standards
•Classification vs.
Categorization
•1: may affect on design basis
•2: change in SRS or operation
Hungary ABOS 2 ABOS 3 Unclassified
•3: minor modifications
Management of Life Cycle and Ageing at Nuclear Power Modifications to Nuclear Power Plants,
Plants: Improved I&C Maintenance TECDOC-1402, IAEA 5/22
NS-G-2.3, IAEA (2001)
(2004)
HAEA NSD
Breakdown of plant safety equipment
Paks NPP
RPS cntrl
panel
Management of Life Cycle and Ageing at Nuclear Power
Plants: Improved I&C Maintenance TECDOC-1402, IAEA
(2004)
6/22
HAEA NSD
I&C requirements for safety management
Managing Modernization of NPP I&C
Systems, TECDOC-138, IAEA (2004)
• Defense in depth
– Diversity
– Redundancy TRS-387
• CCF protection
• Single Failure Criterion
• Environmental conditions
• Self-checking&-testing
• HMI Barriers and levels of protection
• Simplicity in design ⇐ Conflicts with almost all other requirements
Software for Computer Based Systems Important to Safety in NPPs, NS-G-1.1, IAEA (2000)
„The technology has unfairly been blamed for problems that have arisen
from unsatisfactory specifications or flowed engineering processes”
9/22
HAEA NSD
Basic licensing conditions
Solutions for cost effective assessment of software based instrumentation and control
systems in nuclear power plants, TECDOC-1328, IAEA (2002):
•Regulatory requirements:
– Clearly defined standards
– Consistent approach and policy
– Sufficient competence and resources (NS-G-1.1)
•Licensee-regulator co-operation requirements:
– Confidence building
– Clear co-operation rules
– Early contacting and interactions
10/22
HAEA NSD
Licensing (1/5)
Harmonization of the licensing process for DI&C
systems in NPPs, TECDOC-1327, IAEA (2002)
• Advantages of DI&C:
– Improved accuracy
– No drift
– Correlation of data
possible
– Storage possibility
– Diagnostics, correction
Teleperm XS representative configuration at
– Improved HMI the Paks NPP
11/22
HAEA NSD
Licensing (2/5)
• Disadvantages of DI&C:
– More possible op. states
– Higher complexity higher
prob. of errors undetected
– Increased possibility of failed
or unintended functions
– Practically impossible to
demonstrate the absence of
sw errors
VERONA core monitoring system at the
– Not easy to use risk-informed Paks NPP
tools
„Difficult to agree upon adequate evidences of correct functioning”
12/22
HAEA NSD
Licensing (3/5)
• Licensing issues:
Harmonization of the licensing process for DI&C systems in NPPs, TECDOC-1327, IAEA (2002)
– Amount of V&V
– Life-cycle with well defined
phases, input, output
– Reuse of existing sw
– Use of existing proprietary sw
– Use of Commercial Off The
Shall sw
– Change of requirements since
the installation of the plant
14/22
HAEA NSD
Licensing (5/5)
Modernization of instrumentation and control in nuclear power plants, TECDOC-1016, IAEA (1998)
Regulatory requirements:
• Clearly defined standards
• Consistent approach and
•Licensing policy
–Multistep procedure: • Sufficient competence and
resources (NS-G-1.1)
•License in principle
•Import license A
WR Y
anal og
module
PR Y2
anal og
module
NFaY
PR Y1
anal og
module
Red Y
NFbY
B A
WR X
analog
mo dule
PR X2
anal og
module
NFaX
PR X1
anal og
module
Red X
NFbX
B A
WR W
analo g
module
PR W2
anal og
module
NFaW
PR W1
anal og
module
Red W
NFbW
B
ECR
ECR
panels
I/O
I/O
I/O
I/O
I/O
I/O
I/O
I/O
I/O
to Y
MSI-ECR to X manual 1)
to W
SVE1
SCP1
SVE1
SCP1
SVE1
SCP1
SVE1
SCP1
SVE1
SCP1
SVE1
SCP1
S451
SL21
SL21
SL21
SL21
SL21
SL21
Y (Es1) SLLM ( FES, SML)
X ( Es2) SLLM SL21
SVE1 S430 manual 2)
W (Es3) SLLM
SI NEC L2
SI NEC L2
(Y1) MSIY (Y2) MSIY ( X1) MSIX (X2) MSIX (W1) MSIW (W2) MSIW SL21 indicators
SIN EC H 1 S INEC H1 SIN EC H 1 SI NEC H1 ( E1) S470
S INEC H1 SI NEC H1
STC-
SINE C L2 (E2) SCP1
S INEC L2 SINE C L2 ECR
(E3)
SI NEC L2 SI NEC L2
SHS1
manual 1) manual 1) manual 1) manual 1) m anual 1) manual 1) SLLM
SLLM SLLM SLLM SLLM SLLM SLLM SLLM SLLM S LLM SLLM SLLM SLLM
fr om M CR/ECR from M CR/ECR fr om M CR/ECR fr om M CR/ECR from MCR/E CR fr om M CR/ECR
•Operating license
SINEC H1
SINE C H1 SHT1
TSaY TSbY TSaX TSbX TSaW TSbW Gateway
ECR
SVE1
SVE1
SVE1
SVE1
SVE1
SVE1
SL21
SL21
S430
SL21
SL21
S430
SL21
SL21
S430
SL21
SL21
S430
SL21
SL21
S430
SL21
SL21
S430
SHO1
SHT1
SINEC H1
SI NEC L2
conne ction to
pla nt cl ock
SCP1
SCP1
SCP1
SVE1
SCP1
S451
SVE1
SCP1
SVE1
S451
S451
SL21
SL21
SVE1
SL21
SL21
SVE1
SVE1
SCP1
S451
S451
SL21
SL21
S451
MCR
SI NEC H1 SI NEC H1 SIN EC H 1 SINE C H 1 SI NEC H1 SINE C H 1
SLLM SLLM SLLM SLLM SLLM SLLM
SI NEC H1
Gateway SHT1
EP1Ya EP1Yb EP1Xa EP1Xb EP1Wa EP1Wb SHO1 MCR
to Y
MSI-MCR-e to X m anual 1)
SVE1
SVE1
SVE1
MSIY ECR ( E1) MSIX ECR (E2) MSIW ECR ( E3) to W
SI NEC L2
SL21
SIN EC L2
SIN EC L2
STC SCP1 (X1) NF aX SCP1 SCP1 S451
( Y1) NFaY SHO1 STC SHO1 (W1) NFaW STC SHO1 SVE1
SCP1 SCP1 SCP1
-Y SI NEC H1
-X SIN EC H 1
-W S INEC H1
S430
of lifecycle
( Y2) NFbY SCP1 (X2) NFbX SCP1 (W2) NF bW SCP1
S430
S430
S430
SHS1 (M3) STC- SCP1
MCR (M1) SHS1 MCR ( M2) SHS1 MCR (M3)
S470 MCR
(M2) MCR panels
SHS1 MSI-MCR
SI NEC H1 SIN EC H 1 SI NEC H1 SCP1
(M1)
SIN EC H 1 RPS alarms
(X4) T SaX (W3)TSaW ( W4) TSaW (Y3) TSaY (Y4)TSaY (X3)T SaX S451
(F ES, SML)
( W5) TSbW Y (Ms1) SLLM
( X6) TSbX (W6) TSbW ( Y5) TSbY (Y6)TSbY (X5)T SbX SLLM SL21
X ( Ms2)
( Es1) ECR ( Es3) ECR S430 manual 2)
( Es2) ECR SVE1
SINE C L2 S INEC L2
(Ms1) MCR (Ms2) MCR S INEC L2 SLLM
(Ms3) MCR W (Ms3) SL21 S470 indicators
SLLM SLLM SLLM SLLM SLLM SLLM SLLM SLLM S LLM SLLM SLLM SLLM SLLM SLLM S LLM SLLM SLLM SLLM
SVE1
SVE1
SVE1
SVE1
SVE1
SVE1
Checker
Checker
Checker
SCP1
SVE1
SCP1
SCP1
Mast er
Mast er
Mast er
SVE1
SL21
SL21
SL21
SVE1
SL21
SVE1
SL21
SVE1
SVE1
SL21
SL21
SL21
SL21
SL21
SL21
SL21
MCR
S451
S451
S451
S451
S451
S451
VTY VTX VTW
SIN EC H 1
S HO1
17/22
HAEA NSD
The Paks NPP RPS story (3/5)
20/22
HAEA NSD
The Paks NPP RPS story (6/6)
Error/failure statistics for 1999-2001 (3 years, 4 units)
Specification error (DFD correction needed) 3
Random HW error (power supplier errors in this set: 4) 10
Recurrent HW error (first occurance random, DC power supplier error) 3
Systematic or CCF HW error 1
Application SW bug 2
High load on safety related (non safety) Ethernet bus 1
Measurement anomaly, no cause identified 1
Loss of telegram (due to asyncron behaviour) 1
Error log, but no cause identified 1
Non-recurrent phenomena, had no effect to log files 1
Sensor error 17
Human error , caused value lead to RPS actuation (Version change, testing) 2
Gateway and Service Unit (recurrent error is 1 error) 3
21/22
HAEA NSD
22/22