EN IEC 62138:2019
(Main)Nuclear power plants - Instrumentation and control systems important to safety - Software aspects for computer-based systems performing category B or C functions
Nuclear power plants - Instrumentation and control systems important to safety - Software aspects for computer-based systems performing category B or C functions
This document specifies requirements for the software of computer-based instrumentation and control (I&C) systems performing functions of safety category B or C as defined by IEC 61226. It complements IEC 60880 which provides requirements for the software of computer-based I&C systems performing functions of safety category A. It is consistent with, and complementary to, IEC 61513. Activities that are mainly system level activities (for example, integration, validation and installation) are not addressed exhaustively by this document: requirements that are not specific to software are deferred to IEC 61513. The link between functions categories and system classes is given in IEC 61513. Since a given safety-classified I&C system may perform functions of different safety categories and even non safety-classified functions, the requirements of this document are attached to the safety class of the I&C system (class 2 or class 3). This document is not intended to be used as a general-purpose software engineering guide. It applies to the software of I&C systems of safety classes 2 or 3 for new nuclear power plants as well as to I&C upgrading or back-fitting of existing plants. For existing plants, only a subset of requirements is applicable and this subset has to be identified at the beginning of any project. The purpose of the guidance provided by this document is to reduce, as far as possible, the potential for latent software faults to cause system failures, either due to single software failures or multiple software failures (i.e. Common Cause Failures due to software). This document does not explicitly address how to protect software against those threats arising from malicious attacks, i.e. cybersecurity, for computer-based systems. IEC 62645 provides requirements for security programmes for computer-based systems.
Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung - Softwareaspekte für rechnerbasierte Systeme zur Realisierung von Funktionen der Kategorien B oder C
Centrales nucléaires de puissance - Systèmes d’instrumentation et de contrôle-commande importants pour la sûreté - Aspects logiciels des systèmes informatisés réalisant des fonctions de catégorie B ou C
This document specifies requirements for the software of computer-based instrumentation and control (I&C) systems performing functions of safety category B or C as defined by IEC 61226. It complements IEC 60880 which provides requirements for the software of computer-based I&C systems performing functions of safety category A. It is consistent with, and complementary to, IEC 61513. Activities that are mainly system level activities (for example, integration, validation and installation) are not addressed exhaustively by this document: requirements that are not specific to software are deferred to IEC 61513. The link between functions categories and system classes is given in IEC 61513. Since a given safety-classified I&C system may perform functions of different safety categories and even non safety-classified functions, the requirements of this document are attached to the safety class of the I&C system (class 2 or class 3). This document is not intended to be used as a general-purpose software engineering guide. It applies to the software of I&C systems of safety classes 2 or 3 for new nuclear power plants as well as to I&C upgrading or back-fitting of existing plants. For existing plants, only a subset of requirements is applicable and this subset has to be identified at the beginning of any project. The purpose of the guidance provided by this document is to reduce, as far as possible, the potential for latent software faults to cause system failures, either due to single software failures or multiple software failures (i.e. Common Cause Failures due to software). This document does not explicitly address how to protect software against those threats arising from malicious attacks, i.e. cybersecurity, for computer-based systems. IEC 62645 provides requirements for security programmes for computer-based systems.
Nuklearne elektrarne - Instrumenti in nadzorni sistemi za zagotavljanje varnosti - Značilnosti programske opreme računalniških sistemov, ki izvajajo funkcije kategorij B ali C (IEC 62138:2018)
Ta dokument določa zahteve za programsko opremo računalniških instrumentov in nadzornih sistemov (I&C) za izvajanje funkcij varnostne kategorije B ali C, kot je definirana v standardu IEC 61226. Dopolnjuje standard IEC 60880, ki določa zahteve za programsko opremo računalniških instrumentov in nadzornih sistemov za izvajanje funkcij varnostne kategorije A. Skladen je s standardom IEC 61513, katerega tudi dopolnjuje. Dejavnosti, ki so predvsem dejavnosti na ravni sistema (na primer integracija, validacija in namestitev), v tem dokumentu niso izčrpno naslovljene: zahteve, ki se ne navezujejo na programsko opremo, so navedene v standardu IEC 61513. Povezava med funkcijskimi kategorijami in sistemskimi razredi je podana v standardu IEC 61513. Ker lahko dani sistem I&C z varnostno razvrstitvijo izvaja funkcije različnih varnostnih kategorij in celo funkcij, ki nimajo varnostne razvrstitve, so zahteve tega dokumenta dodane varnostnemu razredu sistema I&C (razred 2 ali razred 3). Namen tega dokumenta ni, da bi se uporabljal kot vodilo za inženiring programske opreme za splošni namen. Uporablja se za programsko opremo računalniških instrumentov in nadzornih sistemov varnostnega razreda 2 ali 3 za nove jedrske elektrarne in tudi za nadgradnjo ali posodobitev obstoječih elektrarn z računalniškimi instrumenti in nadzornimi sistemi. Za obstoječe elektrarne se uporablja samo podnabor zahtev in ta podnabor je treba identificirati na začetku posameznega projekta. Namen vodil, navedenih v tem dokumentu, je v največji možni meri zmanjšati potencial, da bi latentne okvare programske opreme povzročile odpovedi sistema, in sicer zaradi okvar posamezne programske opreme
ali okvar več programskih oprem (tj. okvare s skupnim vzrokom zaradi programske opreme). Ta dokument ne naslavlja izrecno zaščite programske opreme pred grožnjami, ki izhajajo iz zlonamernih napadov, tj. kibernetske varnosti, za računalniške sisteme. Zahteve za varnostne programe za računalniške sisteme določa standard IEC 62645.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-december-2019
Nadomešča:
SIST EN 62138:2009
Nuklearne elektrarne - Instrumenti in nadzorni sistemi za zagotavljanje varnosti -
Značilnosti programske opreme računalniških sistemov, ki izvajajo funkcije
kategorij B ali C (IEC 62138:2018)
Nuclear power plants - Instrumentation and control systems important to safety -
Software aspects for computer-based systems performing category B or C functions (IEC
62138:2018)
Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung -
Softwareaspekte für rechnerbasierte Systeme zur Realisierung von Funktionen der
Kategorien B oder C (IEC 62138:2018)
Centrales nucléaires de puissance - Systèmes d’instrumentation et de contrôle-
commande importants pour la sûreté - Aspects logiciels des systèmes informatisés
réalisant des fonctions de catégorie B ou C (IEC 62138:2018)
Ta slovenski standard je istoveten z: EN IEC 62138:2019
ICS:
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD EN IEC 62138
NORME EUROPÉENNE
EUROPÄISCHE NORM
September 2019
ICS 27.120.20 Supersedes EN 62138:2009 and all of its amendments
and corrigenda (if any)
English Version
Nuclear power plants - Instrumentation and control systems
important to safety - Software aspects for computer-based
systems performing category B or C functions
(IEC 62138:2018)
Centrales nucléaires de puissance - Systèmes Kernkraftwerke - Leittechnische Systeme mit
d'instrumentation et de contrôle-commande importants pour sicherheitstechnischer Bedeutung - Softwareaspekte für
la sûreté - Aspects logiciels des systèmes informatisés rechnerbasierte Systeme zur Realisierung von Funktionen
réalisant des fonctions de catégorie B ou C der Kategorien B oder C
(IEC 62138:2018) (IEC 62138:2018)
This European Standard was approved by CENELEC on 2019-09-09. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 62138:2019 E
European foreword
This document (EN IEC 62138:2019) consists of the text of IEC 62138:2018 prepared by SC 45A
"Instrumentation, control and electrical power systems of nuclear facilities" of IEC/TC 45 "Nuclear
instrumentation".
The following dates are fixed:
• latest date by which this document has to be (dop) 2020-09-09
implemented at national level by publication of an
identical national standard or by endorsement
• latest date by which the national standards (dow) 2022-09-09
conflicting with this document have to be
withdrawn
This document supersedes EN 62138:2009 and all of its amendments and corrigenda (if any).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member
States are not prevented from taking more stringent safety measures in the subject-matter covered by
the Directive, in compliance with Community law. In a similar manner, this European standard does
not prevent Member States from taking more stringent nuclear safety and/or security measures in the
subject-matter covered by this standard.
Endorsement notice
The text of the International Standard IEC 62138:2018 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
IEC 61508-3:2010 NOTE Harmonized as EN 61508-3:2010 (not modified)
IEC 61508-4:2010 NOTE Harmonized as EN 61508-3:2010 (not modified)
IEC 61511-1:2016
NOTE Harmonized as EN 61511-1:2016 (not modified)
ISO 9001:2015
NOTE Harmonized as EN ISO 9001:2015 (not modified)
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60880 2006 Nuclear power plants - Instrumentation EN 60880 2009
and control systems important to safety -
Software aspects for computer-based
systems performing category A functions
IEC 61226 - Nuclear power plants - Instrumentation EN 61226 -
and control important to safety -
Classification of instrumentation and
control functions
IEC 61513 2011 Nuclear power plants - Instrumentation EN 61513 2013
and control important to safety - General
requirements for systems
IEC 62671 2013 Nuclear power plants - Instrumentation - -
and control important to safety - Selection
and use of industrial digital devices of
limited functionality
IEC 62138 ®
Edition 2.0 2018-07
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Nuclear power plants – Instrumentation and control systems important to
safety – Software aspects for computer-based systems performing category
B or C functions
Centrales nucléaires de puissance – Systèmes d’instrumentation et de contrôle-
commande importants pour la sûreté – Aspects logiciels des systèmes
informatisés réalisant des fonctions de catégorie B ou C
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 27.120.20 ISBN 978-2-8322-5830-9
– 2 – IEC 62138:2018 © IEC 2018
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 8
2 Normative references. 8
3 Terms and definitions . 9
4 Symbols and abbreviated terms . 17
5 Key concepts and assumptions . 17
5.1 General . 17
5.2 Types of software . 17
5.3 Types of configuration data . 18
5.4 Software and system safety lifecycles . 19
5.5 Gradation principles . 21
6 Requirements for the software of class 2 and class 3 I&C systems . 22
6.1 Applicability of the requirements . 22
6.2 General requirements . 22
6.2.1 Software safety lifecycle – Software quality assurance . 22
6.2.2 Verification . 23
6.2.3 Configuration management . 24
6.2.4 Selection and use of software tools . 25
6.2.5 Selection of languages . 26
6.3 Selection of pre-developed software . 27
6.3.1 General . 27
6.3.2 Documentation for safety. 27
6.3.3 Evidence of correctness . 28
6.3.4 Functional suitability . 35
6.3.5 Selection and use of digital devices of limited functionality . 35
6.4 Software requirements specification . 35
6.4.1 General . 35
6.4.2 Objectives . 35
6.4.3 Inputs . 36
6.4.4 Contents . 36
6.4.5 Properties . 37
6.5 Software design . 38
6.5.1 Objectives . 38
6.5.2 Inputs . 38
6.5.3 Contents . 39
6.5.4 Properties . 40
6.6 Implementation of software . 40
6.6.1 General requirements . 40
6.6.2 Configuration of software and of devices containing software . 40
6.6.3 Implementation with application-oriented languages . 41
6.6.4 Implementation with general-purpose languages . 41
6.7 Software aspects of system integration . 43
6.7.1 General . 43
6.8 Software aspects of system validation . 43
6.8.1 General . 43
IEC 62138:2018 © IEC 2018 – 3 –
6.9 Installation of software on site . 45
6.9.1 General . 45
6.10 Anomaly reports . 45
6.11 Software modification . 46
6.11.1 General . 46
6.12 Defences against common cause failure due to software . 47
Annex A (informative) Typical list of software documentation . 48
Annex B (informative) Correspondence between IEC 61513:2011 and this document . 49
Annex C (informative) Relations of this document with IEC 61508 .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.