Nuclear power plants – Instrumentation and control important to safety – Selection and use of industrial digital devices of limited functionality
|Publication Date:||1 February 2013|
|ICS Code (Nuclear power plants. Safety):||27.120.20|
This International Standard addresses certain devices that
contain embedded software or electronically-confi
In accordance with IEC 61513, I&C systems important to safety of classes 1, 2 and 3 may be implemented using conventional hard-wired equipment, digital technology equipment (computer based or programmed hardware) or by using a combination of both types of equipment. This International Standard provides the acceptance criteria for the selection, evaluation and use of certain digital devices that have not been developed specifically for use in these nuclear I&C systems. Such devices are very often developed to meet IEC 61508, and this standard acknowledges that compliance with IEC 61508 can be a key positive factor when qualifying non-nuclear components for nuclear sector use.
Devices addressed by this Standard are dedicated devices of limited, specific functionality, that contain or may contain components driven by software or digital circuits designed using software-based tools. Examples are smart sensors, valve positioners, electrical protective devices or inverters that contain or may contain components driven by software or digital circuits designed using software-based tools. This standard does not address the software aspects of complex general-purpose devices that are addressed by other standards, such as IEC 60880 and IEC 62138 for software. This standard addresses the issues that should be considered when evaluating the suitability of these dedicated devices of limited, specific functionality for use in a nuclear power plant. The intent is to apply a graded approach to these issues, with more demanding requirements applied for higher classes.
These issues include:
• functional suitability (does the device perform the functions required, and are these functions suitably secure from interference from any other functions),
• the evidence required to demonstrate this suitability (such as the development process followed, and the operational experience and maturity of the device),
• aspects affecting integration of the device in existing systems (e.g. functional compatibility and impact on maintenance and operation), and
• requirements related to ensuring the device will retain its suitability for its required lifetime (such as the lifetime of the plant).
This Standard relies on other standards, especially IEC 60780, to address hardware qualification issues not related to the complexities of software, namely reliability aspects related to environmental qualification and failures due to aging or physical degradation. Other standards such as IEC 61508 can be used as complementary guidance for the evaluation and assessment of components, but it is recognized that certification to non-nuclear standards alone is insufficient.
2 "Dedicated" in the sense in which it is used in this standard refers to design for one specific function that cannot be changed in the field. Refer to 3.7.