design of digital safety systems in npp

Westinghouse Atom Atom- 1

Design of Digital Safety Systems in NPP

Improvements regarding:

System Requirements, Engineering, Argumentation for a Safety Case


Projects on W Atom Nuclear Automation General

Modernizations of NPP

Claes Design of a new Reactor Protection System 2,5 years

Why Modernization? Meet new reqirements Advantages with the new technology


Reactor Protection System

Main Task Supervise the plant during normal operation and

automatically initiate safety functions.

Functional Requirements

Reactivity Isolation Cooling

Reactor Safety SystemsI&C

RPS

and acting uponevents

Logic for detecting


The I&C System - Characteristics I&C = Instrumentation and Control

Includes I/O, controllers, operator stations, etc... (Advant platform)

Based upon Industrial Products New in the nuclear business for safety critical systems Advantages with conventional technology Useful reference for ABB

Safety Review Customer uses results from the qualification and the

design in their argumentation to the authorities (SKi)

One part of the I&C system

RPS


Logic for detecting


Qualification of the Category A I&C Category A FSE

Safety critical according to IEC 1226 Designed according to IEC 880

Qualification Issues (”Safety Case”) Design Bases and Design Descriptions Codes and Standards (Compliance) Product Software Qualification (Static analyses) Product Hardware Qualification Analysis (FMEA, PSA, SIL) V&V (Design Process) QA/QC

Category A I&C system

RPS


Logic for detecting


Design Issues for a Category A I&C System

Results from the Qualification Restrictions, safety concepts

DinD&D (Defence in Depth and Diversity) The classic design principle for safety systems

Single Fault Criterion Redundancy

Experience – Process Knowledge The I&C system must fit with the process interface

RPS


Logic for detecting


Conceptual Design

Non-Functional Requirements Structure

Four functionally and physically separated divisions Logic and voting in two levels Category A logic separated from other logic

Testability and Maintainability Performance Behaviour upon errors Separation according to the process (safety systems)


Category A Topology Four redundancies,

(divisions) Physical and functional

separation Diversification (functions

and equipment)

The Category A I&C Architecture

RPS


Logic for detecting

Inputs in level 2

PMA 24

Level 2 ESF Configuration Logic and Voting with software

P I

Components

Fail Safe Configuration* Logic and Voting with relays or pneumatic valves

PMA 13

PMA 12

PMA 11

P I P

I

PMA 01

B C D B

Level 1 Signal voting

D C

PMA 02

P I Inputs in level 1

PMA 21

PMA 22

PMA 23

Voting

Prio Prio

M

E O B

C D

E O

E O

E O B

C D

E O E

O

From B, C & D

To B, C & D

E O E

O E O

E O E

O E O

PMA 14

P I

Prio Diesel related components


Entire Network Topology


Life Cycle Model Sequential

The Design Process for Category A I&C

System Validation

Implementation

SystemVerification

IntegrationIntegration

TestInstructions

Detailed Design

System Design

SystemRequirements

Approved OutputDocumentationReview Process

OutputDocumentation


OutputDocumentation


OutputDocumentation

OutputDocumentationReview ProcessApproved OutputDocumentation



InputDocumentation


OutputDocumentation

TestMethodology

Report

ValidationTest

Instruction

VerificationTest

Instructions


Research Areas

”Optimization of the Design Process”

Requirements Interactions between product requirements and system

requirements Verification of requirements (testable, reviewable) Traceability from plant level requirement to

implemented application software

Category A Design Process Distinguish the design process for category A


Research Areas cont.

”Optimization of the Design Process”

Qualification Make the qualification more cost efficent. More focus on

technology...


Seminal Papers IEC 880 European Commission Nuclear Science and

Technology. Draft Report Revision 8. ”Licensing of safety critical software for NPP”, 1999.

IAEA-TECDOC-1066 ”Specification of Requirements...”, 1999.

Nancy G. Leveson ”System Safety and Computers”,1995.

design of digital safety systems in npp

Documents