CENELEC - EN IEC 62646
Nuclear power plants - Control rooms - Computer-based procedures
|Publication Date:||1 June 2019|
|ICS Code (Nuclear power plants. Safety):||27.120.20|
Object of this standard
This standard establishes requirements for the whole life cycle of operating procedures that the designer wishes to computerise. It also provides guidance for making decisions about which types of procedures should be computerised and to what extent. Once computerised, procedures are designated as "computer-based procedures" (CBP).
Context leading to development and use of CPB
Enhancing safety, easing operation and increasing NPP availability have always been greatly valued aims which, during NPP operation, rely to a large extent on the operating staff and on operating procedures. Digital technology contributes not only by providing efficient ways of automating key functions but also enhances instrumentation, control and the plant's HMI.
In addition, the use of computer technology to provide formats of operating procedures to the plant operators1, on-line and in real time, is increasing and becoming current practice. This can be done both for normal operating situations and also as advisory formats for use in abnormal situations. When properly implemented and kept up-to-date, such operating procedures can provide enhanced support for greater safety and operator effectiveness compared to paper-based procedures. Their preparation demands great care and close interaction with operators and plant designers, and will also need close co-operation with I&C designers.
CBP have many common points with paper-based procedures. This standard focuses only on what is specific to CBP.
Procedures provide the operators with two types of high level elements:
• information, i.e. explanations or data displayed in order to enable the operator to control the process, assess the plant situation, understand operating strategies and make appropriate decisions,
• guidance, i.e. a set of ordered steps that prompt and help the operator to monitor and control the plant processes, systems and equipment.
Information and guidance are combined to minimise operator errors and to optimise the efficiency of plant operation.
Information and guidance can be of a varying level of detail depending on the procedure policy, which aims to benefit from operator experience and existing guidelines.
Computerisation of procedures can provide, according to the specified design policy:
- enhanced process and plant equipment information,
- enhanced operator guidance,
- additional functions to initiate and control automation sequences.
This standard provides guidance on and an overview of policy, philosophy and conceptual requirements for CBP implementation, including design objectives, assumptions, approaches, inputs, scope, CBP family types, key CBP features, and output documentation.
Use of this standard with related standards
This standard intends to deal with aspects that are:
• specific to computer-based procedures, i.e. that are not common with paper-based procedures. For example, establishing functional scenarios to validate procedures is not specific to CBP,
• not already dealt with in existing standards, i.e. HFE, life cycle of safety classified systems, allocation of tasks to human or machines.
In order to design CBP efficiently and properly, some important considerations at the conceptual design stage of CBPs are addressed in the following related standards:
a) functional analysis and assignment
IEC 61839 specifies functional analysis and assignment procedures and gives rules for developing criteria for the assignment of functions either to operators or to systems,
b) human factors design guidelines
IEC 61772:2009, especially Clauses 4 and 5, provides guidance on physical implementation of VDUs (see 4.1), display formats (see 4.4), and implementation into the MCR (see Clause 5). The ISO 11064 series of standards provides guidance on human-centered design activities throughout the life cycle of a computer-based interactive system.
In addition, IEC 60964 and IEC 60965, which provide requirements and recommendations for the main control room and supplementary control room arrangements, and IEC 61772, providing requirements and recommendations for implementing VDUs in control rooms, apply to the implementation of CBP in new nuclear power plants. Complementary advice for implementing CBP in case of main control room retrofitting is given in 6.2.3.
This standard assumes the simultaneous consideration of the requirements for:
1) computer security, which is necessary to protect the whole life cycle of CBP, but is not restricted to computerisation of procedures. Nevertheless, this topic should be considered when computerising operating means (IEC 62645 deals with cyber-security),
2) requirements on the implementation for CBP functions of software and hardware of computer systems for CBP which should be implemented in line with their safety class in compliance with IEC 60880, IEC 61226, IEC 62138 and IEC 61513,
3) the design of plant scenarios (including anticipated operating occurrences such as plant transients, plant upset conditions and/or initiating events) for validating CBPs,
4) the organisation for functional maintenance of procedures.
Organisation of this standard
Clause 2 lists the reference documents.
Clause 3 gives definitions relevant to this standard.
Clause 4 lists the abbreviations used in this standard.
Clause 5 provides an overview of CBP. It presents recommendations for the development of a policy for computerisation of procedures, based on the type of procedure to be implemented. Three generic types (termed "families") are described, for which general and specific guidance is provided. Guidance related to the safety requirements of CBP systems is also provided.
Clause 6 gives requirements for use in different contexts, including main control room (MCR) upgrading, and different environments, inside and outside of the MCR and possibly in conjunction with paper-based procedures. It then considers assistance to and coordination of operator activities.
Clause 7 deals with the digital system which processes CBP. It first considers safety and non safety requirements, then gives requirements for handling failures of this system.
Clause 8 focuses on the detailed requirements and recommendations related to the functional features of CBP, from the basic ones to the most sophisticated ones, i.e. information, navigation, guidance and plant control. Miscellaneous options that could ease CBP use are also given.
Clause 9 considers the CBP life cycle, from the set-up of the project to the CBP maintenance and the operator training via design and implementation.
1 Operators may be male or female, so that in this standard, "he" is a shortcut for "he / she" and "his" is a shortcut for "his / her".