Nuclear power plants – Instrumentation and control important to safety – Development of HDL-programmed integrated circuits for systems performing category A functions
|Publication Date:||1 January 2012|
|ICS Code (Nuclear power plants. Safety):||27.120.20|
Scope and object
This International Standard provides requirements for achieving highly reliable "HDL-Programmed Devices" (HPD), for use in I&C systems of nuclear power plants performing functions of safety category A as defined by IEC 61226.
The programming of HPDs relies on Hardware Description Languages (HDL) and related software tools. They are typically based on blank FPGAs or similar micro-electronic technologies. General purpose integrated circuits such as microprocessors are not HPDs.
This Standard provides requirements on:
a) a dedicated development life-cycle addressing each phase of the development of HPDs, including specification of requirements, design, implementation, verification, integration and validation,
b) planning and complementary activities such as modification and production,
c) selection of pre-developed components. This includes micro-electronic resources (such as a blank FPGA or CPLD) and HDL statements representing Pre-Developed Blocks (PDB),
d) use of simplicity and deterministic principles, recognized to be of primary importance to achieve "fault free" implementation of category A functions,
e) tools used to design, implement and verify HPDs.
This Standard does not put requirements on the development of the micro-electronic resources, which are usually available as "commercial off-the-shelf" items and are not developed under nuclear quality assurance Standards. It addresses the developments made with these micro-electronic resources in an I&C project with HDLs and related tools.
This Standard provides guidance to avoid as far as possible latent faults remaining in HPDs, and to reduce the susceptibility to single failures as well as to potential Common Cause Failures (CCF). The requirements within this Standard for clear and comprehensive documentation should facilitate the effective application of IEC 62340.
Reliability aspects related to environmental qualification and failures due to ageing or physical degradation are not handled in this Standard. Other Standards, especially IEC 60987, IEC 60780 and IEC 62342, address these topics.
Subclause 5.7 of IEC 60880:2006 provides security requirements that apply to the development of HPDs as applicable.
Use of this Standard
This Standard provides guidance and requirements to produce verifiable designs and implementations where justification is necessary due for example to the function performed or to the importance to safety of its behaviour. Class 1 I&C systems may use HPDs for which full demonstration of compliance with the requirements of this Standard is not mandatory, e.g.when they do not implement the logic of a safety function.
However, deviations from this Standard should be justified. This Standard describes the activities to develop HPDs, organized in the framework of a dedicated life-cycle. It also describes activities and guidelines to be used in addition to the requirements of IEC 61513 for system integration and validation when HPDs are included.
Those requirements of IEC 60987 that relate to programmable logic device development are applicable, in addition to those of this Standard, where HPDs are part of class 1 I&C systems.
NOTE In case of conflicting requirements, this Standard supersedes those in IEC 60987 about class 1 HPDs.