BS EN 62340:2010 Nuclear power plants. Instrumentation and control systems important to safety. Requirements for coping with common cause failure (CCF)
I&C systems important to safety may be designed using conventional hard-wired equipment, computer-based equipment or by using a combination of both types of equipment. BS EN 62340 is an International Standard which provides requirements and recommendations1 for the overall architecture of I&C systems, which may contain either or both technologies.
The scope of this standard is:
a) To give requirements related to the avoidance of CCF of I&C systems that perform category A functions;
b) To additionally require the implementation of independent I&C systems to overcome CCF, while the likelihood of CCF is reduced by strictly applying the overall safety principles of
IEC SC 45A (notably IEC 61226, IEC 61513, IEC 60880 and IEC 60709);
c) to give an overview of the complete scope of requirements relevant to CCF, but not to overlap with fields already addressed in other standards. These are referenced.
This standard emphasises the need for the complete and precise specification of the safety functions, based on the analysis of design basis accidents and consideration of the main plant safety goals. This specification is the pre-requisite for generating a comprehensive set of detailed requirements for the design of I&C systems to overcome CCF.
Contents of BS EN 62340:
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Conditions and strategy to cope with CCF
5.1 General
5.2 Characteristics of CCF
5.3 Principal mechanisms for CCF of digital I&C systems
5.4 Conditions to defend against CCF of individual I&C systems
5.5 Design strategy to overcome CCF
6 Requirements to overcome faults in the requirements specification
6.1 Deriving the requirements specification for the I&C from the plant safety design base
6.2 Application of the defence-in-depth principle and functional diversity
6.3 CCF related issues at existing plants
7 Design measures to prevent coincidental failure of I&C systems
7.1 The principle of independence
7.2 Design of independent I&C systems
7.3 Application of functional diversity
7.4 Avoidance of failure propagation via communications paths
7.5 Design measures against system failure due to maintenance activities
7.6 Integrity of I&C system hardware
7.7 Precaution against dependencies from external dates or messages
7.8 Assurance of physical separation and environmental robustness
8 Tolerance against postulated latent software faults
9 Requirements to avoid system failure due to maintenance during operation
Annex A (informative) Relation between IEC 60880 and this standard
Annex ZA (normative) Normative references to international publications with their corresponding European publications