IEC 60964:2009

IEC 60964 ®
Edition 2.0 2009-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Nuclear power plants – Control rooms – Design

Centrales nucléaires de puissance – Salles de commande – Conception

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by

any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or

IEC's member National Committee in the country of the requester.
If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this publication,
please contact the address below or your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de la CEI ou du Comité national de la CEI du pays du demandeur.

Si vous avez des questions sur le copyright de la CEI ou si vous désirez obtenir des droits supplémentaires sur cette

publication, utilisez les coordonnées ci-après ou contactez le Comité national de la CEI de votre pays de résidence.

IEC Central Office
3, rue de Varembé
CH-1211 Geneva 20
Switzerland
Email: inmail@iec.ch
Web: www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
ƒ Catalogue of IEC publications: www.iec.ch/searchpub
The IEC on-line Catalogue enables you to search by a variety of criteria (reference number, text, technical committee,…).
It also gives information on projects, withdrawn and replaced publications.
ƒ IEC Just Published: www.iec.ch/online_news/justpub
Stay up to date on all new IEC publications. Just Published details twice a month all new publications released. Available
on-line and also by email.
ƒ Electropedia: www.electropedia.org
The world's leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions
in English and French, with equivalent terms in additional languages. Also known as the International Electrotechnical
Vocabulary online.
ƒ Customer Service Centre: www.iec.ch/webstore/custserv
If you wish to give us your feedback on this publication or need further assistance, please visit the Customer Service
Centre FAQ or contact us:
Email: csc@iec.ch
Tel.: +41 22 919 02 11
Fax: +41 22 919 03 00
A propos de la CEI
La Commission Electrotechnique Internationale (CEI) est la première organisation mondiale qui élabore et publie des
normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications CEI
Le contenu technique des publications de la CEI est constamment revu. Veuillez vous assurer que vous possédez
l’édition la plus récente, un corrigendum ou amendement peut avoir été publié.
ƒ Catalogue des publications de la CEI: www.iec.ch/searchpub/cur_fut-f.htm
Le Catalogue en-ligne de la CEI vous permet d’effectuer des recherches en utilisant différents critères (numéro de référence,
texte, comité d’études,…). Il donne aussi des informations sur les projets et les publications retirées ou remplacées.
ƒ Just Published CEI: www.iec.ch/online_news/justpub
Restez informé sur les nouvelles publications de la CEI. Just Published détaille deux fois par mois les nouvelles
publications parues. Disponible en-ligne et aussi par email.
ƒ Electropedia: www.electropedia.org
Le premier dictionnaire en ligne au monde de termes électroniques et électriques. Il contient plus de 20 000 termes et
définitions en anglais et en français, ainsi que les termes équivalents dans les langues additionnelles. Egalement appelé
Vocabulaire Electrotechnique International en ligne.
ƒ Service Clients: www.iec.ch/webstore/custserv/custserv_entry-f.htm
Si vous désirez nous donner des commentaires sur cette publication ou si vous avez des questions, visitez le FAQ du
Service clients ou contactez-nous:
Email: csc@iec.ch
Tél.: +41 22 919 02 11
Fax: +41 22 919 03 00
IEC 60964 ®
Edition 2.0 2009-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Nuclear power plants – Control rooms – Design

Centrales nucléaires de puissance – Salles de commande – Conception

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
W
CODE PRIX
ICS 27.120.20 ISBN 978-2-88910-353-9
– 2 – 60964 © IEC:2009
CONTENTS
FOREWORD.4

INTRODUCTION.6

1 Scope and object.8

2 Normative references .8

3 Terms and definitions .9

4 Standard use.12

5 Design principles for the main control room .16

5.1 Main objectives of the main control room.16
5.2 Functional design objectives of the main control room.16
5.3 Safety principles.16
5.4 Availability principles.16
5.5 Human factors engineering principles.17
5.6 Utility operating principles .17
5.7 Relationship with other control and management centres .17
5.8 Operational experience .18
6 Functional design of the main control room .18
6.1 General .18
6.2 Functional analysis.18
6.2.1 General .18
6.2.2 Identification of functions.18
6.2.3 Information flow and processing requirements .18
6.3 Assignment of functions .19
6.3.1 General .19
6.3.2 Operator capabilities .19
6.3.3 I&C system processing capabilities.20
6.4 Verification of function assignment .20
6.4.1 General .20
6.4.2 Process .20
6.5 Validation of function assignment .21
6.5.1 General .21
6.5.2 Process .21
6.5.3 General evaluation criteria for validation.21

6.6 Job analysis .21
7 Functional design specification.22
7.1 General .22
7.2 Provision of data base on human capabilities and characteristics .22
7.3 Location, environment and protection .22
7.3.1 Location .22
7.3.2 Environment .22
7.3.3 Protection.23
7.4 Space and configuration.24
7.4.1 Space.24
7.4.2 Configuration.24
7.5 Panel layout .25
7.5.1 Priority.25
7.5.2 Positioning on control desks and panels .25

60964 © IEC:2009 – 3 –
7.5.3 Mirror image layout.25

7.6 Location aids.25

7.6.1 Grouping of display information and controls .25

7.6.2 Nomenclature .26

7.6.3 Coding.26

7.6.4 Labelling.27

7.7 Information and control systems .27

7.7.1 General .27

7.7.2 Information functions .28

7.7.3 Control functions .31

7.8 Control-display integration.32
7.9 Communication systems.32
7.9.1 General .32
7.9.2 Verbal communication systems.33
7.9.3 Non-verbal communication systems.34
7.10 Other requirements .34
7.10.1 Power supplies .34
7.10.2 Qualification .34
7.10.3 Maintainability .34
7.10.4 Repairs.35
7.10.5 Testability.35
8 Verification and validation of the integrated control room system.35
8.1 General .35
8.2 Control room system verification .35
8.2.1 General .35
8.2.2 Process .35
8.2.3 General evaluation criteria for integrated system verification .35
8.3 Control room system validation .35
8.3.1 General .35
8.3.2 Process .35
8.3.3 General evaluation criteria for integrated system validation .36
Annex A (informative) Explanation of concepts .37

Figure 1 – Overview of control room system .14
Figure 2 – Overall design process and the relationship to clauses and subclauses of
this standard.15

Table A.1 – Human and machine in functional domain and physical domain .38

– 4 – 60964 © IEC:2009
INTERNATIONAL ELECTROTECHNICAL COMMISSION

____________
NUCLEAR POWER PLANTS –
CONTROL ROOMS –
DESIGN
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 60964 has been prepared by subcommittee 45A: Instrumentation
and control of nuclear facilities, of IEC technical committee 45: Nuclear instrumentation.

This second edition cancels and replaces the first edition published in 1989.
The revision of the standard is intended to accomplish the following:
– to take into account the fact that software engineering techniques advanced significantly in
the intervening years;
– to align the Standard with the new revisions of IAEA documents NS-R-1 and NS-G-1.3,
which includes as far as possible adaptation of the definitions;
– to replace, where relevant, the previous requirements in the standard, where these are
now given by references to Standards published since the first edition, especially
IEC 60709, IEC 60780, IEC 60980, IEC 61225, IEC 61226, IEC 61227, IEC 61513,
IEC 61771, IEC 61772, IEC 61839, IEC 62241 and ISO 11064;
– to review the existing requirements and to update the terminology and definitions.

60964 © IEC:2009 – 5 –
The text of this standard is based on the following documents:

FDIS Report on voting
45A/724/FDIS 45A/731/RVD
Full information on the voting for the approval of this standard can be found in the report on

voting indicated in the above table.

This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
– 6 – 60964 © IEC:2009
INTRODUCTION
a) Technical background, main issues and organization of the standard

IEC 60964:1989 was developed to supply requirements relevant to the design of the main
control room of NPPs. The first edition of IEC 60964 has been used extensively within the

nuclear industry. It was however recognized that recent technical developments especially

those which are based on software technology should be incorporated. It was also recognized

that the relationships with derivative standards (i.e. IEC 61227, IEC 61771, IEC 61772,

IEC 61839, and IEC 62241) should be clarified and conditioned.

This IEC standard specifically focuses on the functional designing of the main control room of
NPPs. It is intended that the Standard be used by NPP vendors, utilities, and by licensors.
b) Situation of the current standard in the structure of the IEC SC 45A standard series
IEC 60964 is the second level IEC SC 45A document tackling the generic issue of control
room design.
IEC 60964 is to be read in association with the derivative standards mentioned above which
are the appropriate IEC SC 45A documents which provide guidance on operator controls,
verification and validations of design, application of visual display units, functional analysis
and assignment, and alarm functions and presentation.
For more details on the structure of the IEC SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of the Standard
This standard is intended for application to new control rooms whose conceptual design is
initiated after the publication of this standard. The recommendations of the standard may be
used for refits, upgrades and modifications.
The primary purpose of this standard is to provide functional design requirements to be used
in the design of the main control room of a nuclear power plant to meet operational and safety
requirements.
This standard also provides functional interface requirements which relate to control room
staffing, operating procedures and the training programme which are, together with the
human-machine interface, constituents of the control room system.

To ensure that the Standard will continue to be relevant in future years, the emphasis has
been placed on issues of principle, rather than specific technologies.
d) Description of the structure of the IEC SC 45A standard series and relationships with
other IEC documents and other bodies documents (IAEA, ISO)
The top-level document of the IEC SC 45A standard series is IEC 61513. It provides general
requirements for I&C systems and equipment that are used to perform functions important to
safety in NPPs. IEC 61513 structures the IEC SC 45A standard series.
IEC 61513 refers directly to other IEC SC 45A standards for general topics related to
categorization of functions and classification of systems, qualification, separation of systems,
defence against common cause failure, software aspects of computer-based systems,
hardware aspects of computer-based systems, and control room design. The standards
referenced directly at this second level should be considered together with IEC 61513 as a
consistent document set.
60964 © IEC:2009 – 7 –
At a third level, IEC SC 45A standards not directly referenced by IEC 61513 are standards

related to specific equipment, technical methods, or specific activities. Usually these

documents, which make reference to second-level documents for general topics, can be used

on their own.
A fourth level extending the IEC SC 45 standard series corresponds to the Technical Reports

which are not normative.
IEC 61513 has adopted a presentation format similar to the basic safety publication

IEC 61508 with an overall safety life-cycle framework and a system life-cycle framework and

provides an interpretation of the general requirements of IEC 61508-1, IEC 61508-2 and

IEC 61508-4, for the nuclear application sector. Compliance with IEC 61513 will facilitate
consistency with the requirements of IEC 61508 as they have been interpreted for the nuclear
industry. In this framework IEC 60880 and IEC 62138 correspond to IEC 61508-3 for the
nuclear application sector.
IEC 61513 refers to ISO as well as to IAEA 50-C-QA (now replaced by IAEA GS-R-3) for
topics related to quality assurance (QA).
The IEC SC 45A standards series consistently implements and details the principles and
basic safety aspects provided in the IAEA code on the safety of NPPs and in the IAEA safety
series, in particular the Requirements NS-R-1, establishing safety requirements related to the
design of Nuclear Power Plants, and the Safety Guide NS-G-1.3 dealing with instrumentation
and control systems important to safety in Nuclear Power Plants. The terminology and
definitions used by SC 45A standards are consistent with those used by the IAEA.

– 8 – 60964 © IEC:2009
NUCLEAR POWER PLANTS –
CONTROL ROOMS –
DESIGN
1 Scope and object
This International Standard establishes requirements for the human-machine interface in the

main control rooms of nuclear power plants. The standard also establishes requirements for
the selection of functions, design consideration and organization of the human-machine
interface and procedures which shall be used systematically to verify and validate the
functional design. These requirements reflect the application of human factors engineering
principles as they apply to the human-machine interface during normal and abnormal plant
conditions. This standard does not cover special purpose or normally unattended control
points, such as those provided for shutdown operations from outside the main control room or
for radioactive waste handling, or emergency response facilities. Detailed equipment design is
outside the scope of this standard.
The primary purpose of this standard is to provide functional design requirements to be used
in the design of the main control room of a nuclear power plant to meet operational and safety
requirements. This standard also provides functional interface requirements which relate to
control room staffing, operating procedures, and the training programmes which, together with
the human-machine interface, constitute the control room system.
This standard is intended for application to new control rooms whose conceptual design is
initiated after the publication of this standard. If it is desired to apply it to an existing control
room, special caution must be exercised so that the design basis is kept consistent.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
IEC 60709, Nuclear power plants – Instrumentation and control systems important to safety –
Separation
IEC 60780, Nuclear power plants – Electrical equipment of the safety system – Qualification

IEC 60960, Functional design criteria for a safety parameter display system for nuclear power
stations
IEC 60965, Supplementary control points for reactor shutdown without access to the main
control room
IEC 60980, Recommended practices for seismic qualification of electrical equipment of the
safety system for nuclear generating stations
IEC 61225, Nuclear power plants – Instrumentation and control systems important for safety –
Requirements for electrical supplies
IEC 61226, Nuclear power plants – Instrumentation and control important to safety –
Classification of instrumentation and control functions

60964 © IEC:2009 – 9 –
IEC 61227, Nuclear power plants – Control rooms – Operator controls

IEC 61513, Nuclear power plants – Instrumentation and control for systems important to

safety – General requirements for systems

IEC 61771, Nuclear power plants – Main control room – Verification and validation of design

IEC 61772, Nuclear power plants – Main control room – Application of visual display units

(VDU)
IEC 61839, Nuclear power plants – Design of control rooms – Functional analysis and

assignments
IEC 62241, Nuclear power plants – Main control room – Alarm functions and presentation
ISO 11064 (all parts), Ergonomic design of control centres
IAEA NS-G-1.3, Instrumentation and control systems important to safety in Nuclear Power
Plants, 2002
IAEA NS-G-1.9, Design of the reactor coolant system and associated systems in nuclear
power plants
IAEA, NS-G-1.11, Protection against internal hazards other than fires and explosions in the
design of nuclear power plants
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply. For other terms,
refer to the general terminology defined in IEC 61513 and in the IAEA NUSS programme,
such as Safety Guide NS-G-1.3.
3.1
alarms
an item of diagnostic, prognostic, or guidance information, which is used to alert the operator
and to draw his or her attention to a process or system deviation.
NOTE Specific information provided by alarms includes the existence of an anomaly for which corrective action
might be needed, the cause and potential consequences of the anomaly, the overall plant status, corrective action
to the anomaly, and feedback of corrective actions.

Two types of deviation may be recognised:
– Unplanned - Undesirable process deviations and equipment faults;
– Planned - Deviations in process conditions or equipment status that are the expected response to but could be
indicative of undesirable plant conditions.
[IEC 62241]
3.2
auxiliary control (operating) systems
operating systems that are installed outside the control room such as local-to-plant control
points and local-to-plant shutdown systems
3.3
control room staff
a group of plant personnel stationed in the control room, who are responsible for achieving
the plant operational goals by controlling the plant through the human-machine interface.

– 10 – 60964 © IEC:2009
Typically, the control room staff consists of supervisory operators, and operators who actually

manipulate controls but may also include those staff members and experts who are authorized

to be present in the control room, e.g. during long lasting event sequences

3.4
control room system
an integration of the human-machine interface, the control room staff, operating procedures,

training programme, and associated facilities or equipment which together sustain the proper

functioning of the control room

3.5
controls
devices which the operator uses to send demand signals to control systems and plant items
NOTE Controls as defined in this standard (i.e. devices used for control actions) hold a different meaning from the
one defined in the IAEA safety Glossary and are not replaceable.
3.6
displays
devices used for monitoring plant conditions and status, e.g. process status, equipment status
3.7
format (display format)
a pictorial display of information on a visual display unit (VDU) such as message text, digital
presentation, symbols, mimics, bar-charts, trend graphs, pointers, multi-angular presentation
3.8
function
specific purpose or objective to be accomplished, that can be specified or described without
reference to the physical means of achieving it
[IEC 61226]
3.9
functional analysis
the examination of the functional goals of a system with respect to available manpower,
technology, and other resources, to provide the basis for determining how the function may be
assigned and executed
3.10
functional goal
the performance objectives that shall be satisfied to achieve the corresponding function

3.11
hierarchical goal structure
relationship between a functional goal and sub-functional goals structured in a hierarchical
order
3.12
high-level mental processing
human act to process and/or interpret information to obtain reduced abstract information
3.13
human-machine interface
the interface between operating staff and I&C system and computer systems linked with the
plant. The interface includes displays, controls, and the Operator Support System interface

60964 © IEC:2009 – 11 –
3.14
I&C system
system, based on electrical and/or electronic and/or programmable electronic technology,

performing I&C functions as well as service and monitoring functions related to the operation

of the system itself.
The term is used as a general term which encompasses all elements of the system such as

internal power supplies, sensors and other input devices, data highways and other

communication paths, interfaces to actuators and other output devices. The different functions

within a system may use dedicated or shared resources.

NOTE 1 The elements included in a specific I&C system are defined in the specification of the boundaries of the

system.
NOTE 2 According to their typical functionality, IAEA distinguishes between automation and control systems, HMI
systems, interlock systems and protection systems.
[IEC 61513]
3.15
job
a set of tasks which are operationally related. The tasks within a job should be coherent with
regard to required skill, knowledge and responsibility
3.16
job analysis
an analysis identifying basic requirements which a job imposes on the control room staff
structure, the operating procedures and training programme
3.17
local control points (or facilities)
points (or facilities) located outside the control room where local operators perform control
activities
3.18
local operators
the operating staff that perform tasks outside the control room
3.19
operating procedures
a set of documents specifying operational tasks it is necessary to perform to achieve
functional goals
3.20
operating staff
plant personnel working on shift to operate the plant. The operating staff includes the control
room staff, maintenance engineers, etc.
3.21
operator interaction
interrelation between operator and the I&C system. Specifically, display of plant status by the
I&C system and corresponding operator action
3.22
Operator Support System (OSS)
a system or systems supporting the high-level mental information processing tasks assigned
to the control room staff
– 12 – 60964 © IEC:2009
3.23
performance requirements
quantitative requirements specifying performance of tasks which ensure the achievement of

functional goals
3.24
plant operational goals
ultimate purposes of plant design, i.e. controlled generation of electricity and limitation of

release of radioactivity to the environment

3.25
population stereotype
the tendency for most persons in a group or population to give the same response to a
particular stimulus, even when there are alternative responses. The population stereotype
depends on the customs and habits of the population sampled
3.26
task analysis
a detailed description of an operator’s task, in terms of its components, to specify the detailed
human activities involved, and their functional and temporal relationships
3.27
tasks
actions performed by either human or machine for the accomplishment of a functional goal
3.28
training programme
a programme which is designed to train the control room staff so that they can acquire the
skills and knowledge necessary for operational activities
3.29
validation
the process of determining whether a product or service is adequate to perform its intended
function satisfactorily.
Validation is broader in scope, and may involve a greater element of judgement, than
verification.
[IAEA Safety Glossary, 2007 edition]
3.30
verification
the process of determining whether the quality or performance of a product or service is as
stated, as intended or as required
[IAEA Safety Glossary, 2007 edition]
3.31
Visual Display Unit (VDU)
a type of display incorporating a screen for presenting computer-driven images
4 Standard use
This clause is provided to orient the user to the organization and focus of this standard.
Figure 1 shows an overview of a control room system. The goal of a control room design team
is the successful completion of an integrated control room system. The control system is an
integration of the human-machine interface, control room staff, operating procedures, training

60964 © IEC:2009 – 13 –
programme and the associated equipment and facilities. Annex A provides a supplemental

explanation concerning the concept of the control room system.

The focus of this standard is the establishment of the human-machine interface in the control

room design. The standard also establishes a means for developing staffing requirements,

operating procedures and a training programme but does not provide detailed methodology

for such development. The various clauses and subclauses of this standard are developed.

After the scope, statements and specifications of design principles, the design process is

shown in Figure 2 to include functional analysis, function assignment, function assignment

verification, function assignment validation and job analysis. Then, the functional design

specifications are developed as shown in Figure 2.
From these specifications, the detailed design, operating procedures and training programme
are developed. Finally, the resultant system constituents are verified and the integrated
control room system validated.
This standard is addressed to the control room designer. This refers not necessarily to a
single person; typically it is implemented by a design team which comprises a variety of
competencies and disciplines. This includes at least the following areas:
• nuclear engineering;
• architectural design and civil engineering;
• systems engineering;
• I&C systems;
• information and computer systems;
• human factors engineering;
• plant operations;
• training.
These competencies may be provided by permanent or temporary team members, or even by
consultants.
– 14 – 60964 © IEC:2009
Abbreviations
VDU: Visual Display Unit
OSS: Operator Support System
Plant
operational
HMI: Human-machine interface
goals
Functional
goals
Functions Functions
assigned to assigned to
human machine
Functions assigned
to local operators
Functions requiring high-
level mental processing
Control room system
Operating
procedures
Verbal
Facilities
Control room
com.
outside
staff
interfaces
control room
Training
programme
Monitoring
Manual
control
HMI (VDU, alarms, controls)
Non-verbal
Computers for HMI and OSS
com. system
Local
Facilities
operators
outside
control room
Controls
Automatic
Instrumentation equipment Control and protection
decision-making
(sensors, instruments, etc.) equipment (actuators, etc.)
equipment
References
Plant
(process and
mechanical
machines)
IEC  297/09
Figure 1 – Overview of control room system

60964 © IEC:2009 – 15 –
Start
Scope and object (Clause 1)
Functional analysis (6.2)
Design principles (Clause 5)
Assignment of functions (6.3)
To human To machine
Verification of function assignment

(6.4)
No
No
Verified?
Verified?
Yes Yes
Validation of function assignment
(6.5)
No
Valid?
Yes
Validated functional control
room system integration
Job analysis (6.6)
Functional design specification
of HMI (Clause 7)
Functional design
specification of operating Verification of control room

procedures, staffing, and integration (Clause 8.2)
training programme
No
(Outside the scope of this standard)

Verified?
Yes
Validation of control room integration
(8.3)
No
Valid?
Yes
Validated control room system
integration
End
Symbols
Design activity
Outcome or input information
IEC  298/09
Figure 2 – Overall design process and the relationship
to clauses and subclauses of this standard

– 16 – 60964 © IEC:2009
5 Design principles for the main control room

5.1 Main objectives of the main control room

The nuclear power plant objective is that it can be operated safely and efficiently from the

main control room in all plant operational states and accident conditions. The main control

room provides the control room staff with the human-machine interface and related
information and equipment, e.g. the communication interface, which are necessary for the
achievement of the plant operational goals. In addition, it provides an environment under

which the control room staff are able to perform their tasks without discomfort, excessive

stress, or physical hazard.
5.2 Functional design objectives of the main control room
The principal objectives of the control room design are to provide the operator with accurate,
complete, operationally relevant and timely information regarding the functional status of plant
equipment and systems.
The design shall allow for all operational states, including refuelling and accident conditions,
optimise the tasks and reduce to an appropriate level the workload required to monitor and
control the plant safely, and provide necessary information to other facilities outside the
control room.
The control room design shall provide an optimal assignment of functions which achieves
maximum utilization of operator and system capabilities.
An additional objective of the control room design is to permit station commissioning to take
place effectively and to permit modifications and maintenance.
5.3 Safety principles
A control room shall be designed to enable the nuclear power plant to be operated safely in
all operational states and to bring it back to a safe state after the onset of accident conditions.
Such events shall be considered in the design of the control room.
Equipment controlled from the control room shall be designed, as far as practicable, so that
an unsafe manual command cannot be carried out, e.g. by using a logical interlock depending
on the plant status.
Account shall also be taken of the need for functional isolation and physical separation where
redundant safety systems or safety and non-safety systems are brought into close proximity.

IEC 60709 gives requirements for this. Account shall be taken of the need to ensure safety if
the control room and its systems are affected by fire, and to reduce the possibility of fire to a
practicable minimum, as outlined in IEC 60709.
Appropriate measures shall be taken to safeguard the occupants of the control room against
potential hazards such as unauthorized access, undue radiation resulting from an accident
condition, toxic gases, and all consequences of fire, which could jeopardize necessary
operator actions.
There shall be adequate routes through which the control room staff can leave or reach the
control room, or gain access to other control points, under emergency conditions.
5.4 Availability principles
With a view to maximizing the plant capacity factor, consideration shall be given in the control
room design to:
60964 © IEC:2009 – 17 –
– facilitating planned operations for load changing, start-up and shut-down;

– minimizing the occurrence of any undesired power reduction or plant trip caused by

operators’ erroneous decision-making and actions, or by local disturbances associated

with malfunction or failure of I&C systems;

– achieving the design output and performance of the plant.

The availability-related design specifications shall not violate the adopted safety principles.

5.5 Human factors engineering principles

In order to provide an optimal assignment of functions which ensures maximum utilization of

the capabilities of human and machine and aims to achieve the
...