IEC 60964:2018

IEC 60964 ®
Edition 3.0 2018-11
REDLINE VERSION
INTERNATIONAL
STANDARD
colour
inside
Nuclear power plants – Control rooms – Design

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 21 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.

IEC publications search - webstore.iec.ch/advsearchform IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 67 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
IEC 60964 ®
Edition 3.0 2018-11
REDLINE VERSION
INTERNATIONAL
STANDARD
colour
inside
Nuclear power plants – Control rooms – Design

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 27.120.10; 27.120.20 ISBN 978-2-8322-6299-3

– 2 – IEC 60964:2018 RLV © IEC 2018
CONTENTS
FOREWORD . 4
INTRODUCTION . 2
1 Scope and object . 9
2 Normative references . 9
3 Terms and definitions . 10
4 Abbreviated terms . 15
5 Standard use . 15
6 Design principles for the main control room . 19
6.1 Main objectives of the main control room . 19
6.2 Functional design objectives of the main control room . 19
6.3 Safety principles . 19
6.4 Availability principles . 20
6.5 Human factors engineering principles . 20
6.6 Utility operating principles . 20
6.7 Relationship with other control and management centres . 20
6.8 Operational experience . 21
7 Functional design of the main control room . 21
7.1 General . 21
7.2 Functional analysis . 21
7.2.1 General . 21
7.2.2 Identification of functions . 21
7.2.3 Information flow and processing requirements . 22
7.3 Assignment of functions . 22
7.3.1 General . 22
7.3.2 Operator capabilities . 23
7.3.3 I&C system processing capabilities . 23
7.4 Verification of function assignment . 24
7.4.1 General . 24
7.4.2 Process . 24
7.5 Validation of function assignment . 24
7.5.1 General . 24
7.5.2 Process . 24
7.5.3 General evaluation criteria for validation . 25
7.6 Job analysis . 25
8 Functional design specification . 25
8.1 General . 25
8.2 Provision of data base on human capabilities and characteristics . 26
8.3 Location, environment and protection . 26
8.3.1 Location . 26
8.3.2 Environment . 26
8.3.3 Protection . 27
8.4 Space and configuration . 27
8.4.1 Space . 27
8.4.2 Configuration . 28
8.5 Panel layout . 28

8.5.1 Priority . 28
8.5.2 Positioning on control desks and panels . 29
8.5.3 Mirror image layout . 29
8.6 Location aids . 29
8.6.1 Grouping of display information and controls . 29
8.6.2 Nomenclature . 30
8.6.3 Coding . 30
8.6.4 Labelling . 31
8.7 Information and control systems . 31
8.7.1 General . 31
8.7.2 Information functions . 31
8.7.3 Control functions . 35
8.8 Control-display integration . 36
8.9 Communication systems . 36
8.9.1 General . 36
8.9.2 Verbal communication systems . 37
8.9.3 Non-verbal communication systems . 38
8.10 Other requirements . 38
8.10.1 Power supplies . 38
8.10.2 Qualification . 38
8.10.3 Maintainability . 38
8.10.4 Repairs . 38
8.10.5 Testability . 39
9 Verification and validation of the integrated control room system . 39
9.1 General . 39
9.2 Control room system verification . 39
9.2.1 General . 39
9.2.2 Process . 39
9.2.3 General evaluation criteria for integrated system verification . 39
9.3 Control room system validation . 39
9.3.1 General . 39
9.3.2 Process . 39
9.3.3 General evaluation criteria for integrated system validation . 40
Annex A (informative) Explanation of concepts . 41
A.1 Control room system . 41
A.2 “Human” and “machine” . 41
Bibliography . 43

Figure 1 – Overview of control room system . 17
Figure 2 – Overall design process and the relationship to clauses and subclauses of
this document . 18

Table A.1 – Human and machine in functional domain and physical domain . 42

– 4 – IEC 60964:2018 RLV © IEC 2018
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
NUCLEAR POWER PLANTS – CONTROL ROOMS – DESIGN

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
This redline version of the official IEC Standard allows the user to identify the changes
made to the previous edition. A vertical bar appears in the margin wherever a change
has been made. Additions are in green text, deletions are in strikethrough red text.

International Standard IEC 60964 has been prepared by subcommittee 45A: Instrumentation,
control and electrical power systems of nuclear facilities, of IEC technical committee 45:
Nuclear instrumentation.
This third edition cancels and replaces the second edition published in 2009. This edition
constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) to review the usage of the term “task” ensuring consistency between IEC 60964 and
IEC 61839;
b) to clarify the role, functional capability, robustness and integrity of supporting services for
the MCR to promote its continued use at the time of a severe accident or extreme external
hazard;
c) to review the relevance of the standard to the IAEA safety guides and IEC SC 45A
standards that have been published since IEC 60964:2009 was developed;
d) to clarify the role and meaning of “task analysis”,
e) to further delineate the relationships with derivative standards (i.e. IEC 61227, IEC 61771,
IEC 61772, IEC 61839, IEC 62241 and others of relevance to the control room design);
f) to consider its alignment with the Human Factors Engineering principles, specifically with
the ones of IAEA safety guide on Human Factors (DS-492) to be issued.
The text of this International Standard is based on the following documents:
FDIS Report on voting
45A/1214/FDIS 45A/1224/RVD
Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The “colour inside” logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct understanding
of its contents. Users should therefore print this publication using a colour printer.

– 6 – IEC 60964:2018 RLV © IEC 2018
INTRODUCTION
a) Technical background, main issues and organization of the standard
IEC 60964:1989 was developed to supply requirements relevant to the design of the main
control room of NPPs and reviewed in 2009. The first two editions of IEC 60964 has been
were used extensively within the nuclear industry. It was however recognized that recent
technical developments especially those which are based on software technology should be
incorporated. It was also recognized that the relationships with derivative standards (i.e.
IEC 61227, IEC 61771, IEC 61772, IEC 61839, and IEC 62241) should be clarified and
conditioned.
It was however recognized that there was a need to develop an amendment for the 2009
edition to address:
• The usage of the term "task" needed to be examined.
• The role, functional capability, integrity of supporting services and robustness for the MCR
should be clarified to promote its continued use at the time of a severe accident or
extreme external hazard.
• The relevance of the standard to the IAEA safety guides and SC 45A standards published
since 2009.
Given the size of the proposal amendment, it was decided that a new edition of IEC 60964
should be issued instead of an amendment. During the preparation of this third edition, it was
agreed that the following points have to be covered:
• to clarify the role and meaning of “task analysis”,
• to further delineate the relationships with derivative standards (i.e. IEC 61227, IEC 61771,
IEC 61772, IEC 61839, IEC 62241 and others of relevance to the control room design);
• to consider its alignment with the Human Factors Engineering principles, specifically with
the ones of IAEA safety guide on Human Factors (DS-492) to be issued.
This IEC standard specifically focuses on the functional designing of the main control room of
NPPs. It is intended that the Standard be used by NPP vendors, utilities, and by licensors.
b) Situation of the current standard in the structure of the IEC SC 45A standard series
IEC 60964 is the second level IEC SC 45A document tackling the generic issue of control
room design.
IEC 60964 is to be read in association with the derivative standards mentioned above which
are the appropriate IEC SC 45A documents which provide guidance on operator controls,
verification and validations of design, application of visual display units, functional analysis
and assignment, and alarm functions and presentation.
For more details on the structure of the IEC SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of the Standard
This standard is intended for application to new control rooms whose conceptual design is
initiated after the publication of this standard. The recommendations of the standard may be
used for refits, upgrades and modifications.
The primary purpose of this standard is to provide functional design requirements to be used
in the design of the main control room of a nuclear power plant to meet operational and safety
requirements.
This standard also provides functional interface requirements which relate to control room
staffing, operating procedures and the training programme which are, together with the
human-machine interface, constituents of the control room system.
To ensure that the Standard will continue to be relevant in future years, the emphasis has
been placed on issues of principle, rather than specific technologies.
d) Description of the structure of the IEC SC 45A standard series and relationships
with other IEC documents and other bodies documents (IAEA, ISO)
The top-level documents of the IEC SC 45A standard series is are IEC 61513 and IEC 63046.
IEC 61513 provides general requirements for I&C systems and equipment that are used to
perform functions important to safety in NPPs. IEC 61513 structures the IEC SC 45A standard
series. IEC 63046 provides general requirements for electrical power systems of NPPs; it
covers power supply systems including the supply systems of the I&C systems. IEC 61513
and IEC 63046 are to be considered in conjunction and at the same level. IEC 61513 and
IEC 63046 structure the IEC SC 45A standard series and shape a complete framework
establishing general requirements for instrumentation, control and electrical systems for
nuclear power plants.
IEC 61513 and IEC 63046 refers directly to other IEC SC 45A standards for general topics
related to categorization of functions and classification of systems, qualification, separation of
systems, defence against common cause failure, software aspects of computer-based
systems, hardware aspects of computer-based systems, and control room design,
electromagnetic compatibility, cybersecurity, software and hardware aspects for
programmable digital systems, coordination of safety and security requirements and
management of ageing. The standards referenced directly at this second level should be
considered together with IEC 61513 and IEC 63046 as a consistent document set.
At a third level, IEC SC 45A standards not directly referenced by IEC 61513 or by IEC 63046
are standards related to specific equipment, technical methods, or specific activities. Usually
these documents, which make reference to second-level documents for general topics, can be
used on their own.
A fourth level extending the IEC SC 45A standard series, corresponds to the Technical
Reports which are not normative.
IEC 61513 has adopted a presentation format similar to the basic safety publication
IEC 61508 with an overall safety life-cycle framework and a system life-cycle framework and
provides an interpretation of the general requirements of IEC 61508-1, IEC 61508-2 and
IEC 61508-4, for the nuclear application sector. Compliance with IEC 61513 will facilitate
consistency with the requirements of IEC 61508 as they have been interpreted for the nuclear
industry. In this framework IEC 60880 and IEC 62138 correspond to IEC 61508-3 for the
nuclear application sector.
IEC 61513 refers to ISO as well as to IAEA 50-C-QA (now replaced by IAEA GS-R-3) for
topics related to quality assurance (QA).
The IEC SC 45A standards series consistently implements and details the principles and
basic safety aspects provided in the IAEA code on the safety of NPPs and in the IAEA safety
series, in particular the Requirements NS-R-1, establishing safety requirements related to the
design of Nuclear Power Plants, and the Safety Guide NS-G-1.3 dealing with instrumentation
and control systems important to safety in Nuclear Power Plants. The terminology and
definitions used by SC 45A standards are consistent with those used by the IAEA.
The IEC SC 45A standards series consistently implements and details the safety and security
principles and basic aspects provided in the relevant IAEA safety standards and in the
relevant documents of the IAEA nuclear security series (NSS). In particular this includes the
IAEA requirements SSR-2/1, establishing safety requirements related to the design of nuclear

– 8 – IEC 60964:2018 RLV © IEC 2018
power plants (NPPs), the IAEA safety guide SSG-30 dealing with the safety classification of
structures, systems and components in NPPs, the IAEA safety guide SSG-39 dealing with the
design of instrumentation and control systems for NPPs, the IAEA safety guide SSG-34
dealing with the design of electrical power systems for NPPs and the implementing guide
NSS17 for computer security at nuclear facilities. The safety and security terminology and
definitions used by SC 45A standards are consistent with those used by the IAEA.
IEC 61513 and IEC 63046 have adopted a presentation format similar to the basic safety
publication IEC 61508 with an overall life-cycle framework and a system life-cycle framework.
Regarding nuclear safety, IEC 61513 and IEC 63046 provide the interpretation of the general
requirements of IEC 61508-1, IEC 61508-2 and IEC 61508-4, for the nuclear application
sector. In this framework IEC 60880, IEC 62138 and IEC 62566 correspond to IEC 61508-3
for the nuclear application sector. IEC 61513 and IEC 63046 refer to ISO as well as to
IAEA GS-R part 2 and IAEA GS-G-3.1 and IAEA GS-G-3.5 for topics related to quality
assurance (QA). At level 2, regarding nuclear security, IEC 62645 is the entry document for
the IEC SC 45A security standards. It builds upon the valid high level principles and main
concepts of the generic security standards, in particular ISO/IEC 27001 and ISO/IEC 27002; it
adapts them and completes them to fit the nuclear context and coordinates with the
IEC 62443 series. At level 2, IEC 60964 is the entry document for the IEC SC 45A control
rooms standards and IEC 62342 is the entry document for the ageing management standards.
NOTE 1 It is assumed that for the design of I&C systems in NPPs that implement conventional safety functions
(e.g. to address worker safety, asset protection, chemical hazards, process energy hazards) international or
national standards would be applied.
NOTE 2 IEC SC 45A domain was extended in 2013 to cover electrical systems. In 2014 and 2015 discussions
were held in IEC SC 45A to decide how and where general requirements for the design of electrical systems were
to be considered. IEC SC 45A experts recommended that an independent standard be developed at the same level
as IEC 61513 to establish general requirements for electrical systems. Project IEC 63046 is now launched to cover
this objective. When IEC 63046 is published this NOTE 2 of the introduction of IEC SC 45A standards will be
suppressed.
NUCLEAR POWER PLANTS – CONTROL ROOMS – DESIGN

1 Scope and object
This document establishes requirements for the human-machine interface in the main control
rooms of nuclear power plants. The document also establishes requirements for the selection
of functions, design consideration and organization of the human-machine interface and
procedures which shall be are used systematically to verify and validate the functional design.
These requirements reflect the application of human factors engineering principles as they
apply to the human-machine interface during normal and abnormal plant operational states
and accident conditions (including design basis and design extension conditions), as defined
in IAEA SSR-2/1 and IAEA NP-T-3.16. This document does not cover special purpose or
normally unattended control points, such as those provided for shutdown operations from
outside the main control room or for radioactive waste handling, or emergency response
facilities. Detailed equipment design is outside the scope of this document.
The primary purpose of this document is to provide functional design requirements to be used
in the design of the main control room of a nuclear power plant to meet operational and safety
requirements. This document also provides functional interface requirements which relate to
control room staffing, operating procedures, and the training programmes which, together with
the human-machine interface, constitute the control room system.
This document is intended for application to new control rooms whose conceptual design is
initiated after the publication of this document. If it is desired to apply it to an existing control
room, special caution must be exercised so that the design basis is kept consistent.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 60671, Nuclear power plants – Instrumentation and control systems important to safety –
Surveillance testing
IEC 60709, Nuclear power plants – Instrumentation and control systems important to safety –
Separation
IEC/IEEE 60780-323, Nuclear power plants – Electrical equipment of the safety system –
Qualification
IEC 60960, Functional design criteria for a safety parameter display system for nuclear power
stations
IEC 60965, Nuclear power plants – Control rooms – Supplementary control points room for
reactor shutdown without access to the main control room
IEC 60980, Recommended practices for seismic qualification of electrical equipment of the
safety system for nuclear generating stations
IEC 61225, Nuclear power plants – Instrumentation and control systems important for safety –
Requirements for electrical supplies

– 10 – IEC 60964:2018 RLV © IEC 2018
IEC 61226, Nuclear power plants – Instrumentation and control important to safety –
Classification of instrumentation and control functions
IEC 61227, Nuclear power plants – Control rooms – Operator controls
IEC 61513, Nuclear power plants – Instrumentation and control for systems important to
safety – General requirements for systems
IEC 61771, Nuclear power plants – Main control room – Verification and validation of design
IEC 61772, Nuclear power plants – Main control room – Application of visual display units
(VDUs)
IEC 61839, Nuclear power plants – Design of control rooms – Functional analysis and
assignments
IEC 62003, Nuclear power plants – Instrumentation and control important to safety –
Requirements for electromagnetic compatibility testing
IEC 62241, Nuclear power plants – Main control room – Alarm functions and presentation
IEC 62645, Nuclear power plants – Instrumentation and control systems – Requirements for
security programmes for computer-based systems
IEC 62646, Nuclear power plants – Control rooms – Computer based procedures
IEC 62859, Nuclear power plants – Instrumentation and control systems – Requirements for
coordinating safety and cybersecurity
ISO 11064 (all parts), Ergonomic design of control centres
IAEA NS-G-1.3, Instrumentation and control systems important to safety in Nuclear Power
Plants, 2002
IAEA NS-G-1.9, Design of the reactor coolant system and associated systems in nuclear
power plants
IAEA, NS-G-1.11, Protection against internal hazards other than fires and explosions in the
design of nuclear power plants
IAEA NP-T-3.16, Accident Monitoring Systems for Nuclear Power Plants
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply. For other terms,
refer to the general terminology defined in IEC 61513 and in the IAEA NUSS programme,
such as Safety Guide NS-G-1.3 Safety Glossary.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp

3.1
accident conditions
deviations from normal operation that are less frequent and more severe than anticipated
operational occurrences
Note 1 to entry: Accident conditions comprise design basis accidents and design extension conditions.
[SOURCE: IAEA Safety Glossary, 2016]
3.2
alarm
item of diagnostic, prognostic, or guidance information, which is used to alert the operator and
to draw his or her attention to a process or system deviation
Note 1 to entry: Specific information provided by alarms includes the existence of an anomaly for which corrective
action might be needed, the cause and potential consequences of the anomaly, the overall plant status, corrective
action to the anomaly, and feedback of corrective actions.
Two types of deviation may be recognised:
– Unplanned – Undesirable process deviations and equipment faults;
– Planned – Deviations in process conditions or equipment status that are the expected response to but could be
indicative of undesirable plant conditions.
[SOURCE: IEC 62241:2004, 3.21]
3.3
auxiliary control systems
operating systems that are installed outside the control room such as local-to-plant control
points and local-to-plant shutdown systems
3.4
control room staff
group of plant personnel stationed in the control room, which is responsible for achieving the
plant operational goals by controlling plant through human machine interfaces
Note 1 to entry: Typically, the control room staff consists of supervisory operators, and operators who actually
monitor plant and plant conditions and manipulate controls but also may include those staff members and experts
who are authorized to be present in the control room, e.g. during long lasting event sequences.
3.5
control room system
integration of the human-machine interface, the control room staff, operating procedures,
training programme, and associated facilities or equipment which together sustain the proper
functioning of the control room
3.6
controls
devices which the operator uses to send demand signals to control systems and plant items
Note 1 to entry: Controls as defined in this document (i.e. devices used for control actions) hold a different
meaning from the one defined in the IAEA safety Glossary and are not replaceable.
3.7
design basis accident
postulated accident leading to accident conditions for which a facility is designed in
accordance with established design criteria and conservative methodology, and for which
releases of radioactive material are kept within acceptable limits
[SOURCE: IAEA Safety Glossary, 2016]

– 12 – IEC 60964:2018 RLV © IEC 2018
3.8
design extension conditions
postulated accident conditions that are not considered for design basis accidents, but that are
considered in the design process of the facility in accordance with best estimate methodology,
and for which releases of radioactive material are kept within acceptable limits. Design
extension conditions include conditions in events without significant fuel degradation and
conditions with core melting
[SOURCE: IAEA Safety Glossary, 2016]
3.9
displays
devices used for monitoring plant conditions and status, e.g. process status, equipment status
3.10
format
display format
pictorial display of information on a visual display unit (VDU) such as message text, digital
presentation, symbols, mimics, bar-charts, trend graphs, pointers, multi-angular presentation
3.11
function
specific purpose or objective to be accomplished, that can be specified or described without
reference to the physical means of achieving it
[SOURCE: IEC 61226:2009, 3.97]
3.12
functional analysis
examination of the functional goals of a system with respect to available manpower,
technology, and other resources, to provide the basis for determining how the function may be
assigned and executed
3.13
functional goal
performance objectives that shall be satisfied to achieve the corresponding function
3.14
hierarchical goal structure
relationship between a functional goal and sub-functional goals structured in a hierarchical
order
3.15
high-level mental processing
human act to process and/or interpret information to obtain reduced abstract information
3.16
human-machine interface
interface between operating staff and I&C system and computer systems linked with the plant.
The interface includes displays, controls, and the Operator Support System interface
3.17
I&C system
system, based on electrical and/or electronic and/or programmable electronic technology
E/E/PE items, performing plant I&C functions as well as service and monitoring functions
related to the operation of the system itself

Note 1 to entry: The term is used as a general term which encompasses all elements of the system such as
internal power supplies, sensors and other input devices, data highways and other communication paths, interfaces
to actuators and other output devices. The different functions within a system may use dedicated or shared
resources.
Note 2 to entry: The elements included in a specific I&C system are defined in the specification of the boundaries
of the system.
Note 3 to entry: According to their typical functionality, IAEA distinguishes between automation and control
systems, HMI systems, interlock systems and protection systems.
[SOURCE: IEC 61513 IEC 62138:2018, 3.26]
3.18
job
set of tasks which are operationally related. The tasks within a job should be coherent with
regard to required skill, knowledge and responsibility
3.19
job analysis
analysis identifying basic requirements which a job imposes on the control room staff
structure, the operating procedures and training programme
3.20
local control points
local control facilities
points (or facilities) located outside the control room where local operators perform control
activities
3.21
local operators
operating staff that perform tasks outside the control room
3.22
operating procedures
set of documents specifying operational tasks it is necessary to perform to achieve functional
goals
3.23
operating staff
plant personnel working on shift to operate the plant
Note 1 to entry: The operating staff includes the control room staff, maintenance engineers, etc.
3.24
operator interaction
interrelation between operator and the I&C system. Specifically, display of plant status by the
I&C system and corresponding operator action
3.25
Operator Support System
OSS
system or systems supporting the high-level mental information processing tasks assigned to
the control room staff
3.26
performance requirements
quantitative requirements specifying performance of tasks which ensure the achievement of
functional goals
– 14 – IEC 60964:2018 RLV © IEC 2018
3.27
plant operational goals
ultimate purposes of plant design, i.e. controlled generation of electricity and limitation of
release of radioactivity to the environment
3.28
population stereotype
tendency for most persons in a group or population to give the same response to a particular
stimulus, even when there are alternative responses. The population stereotype depends on
the customs and habits of the population sampled
3.29
supplementary control room
location from which limited plant control and/or monitoring can be carried out to accomplish
the safety functions identified by the safety analysis as required in the event of a loss of
ability to perform those functions from the Main Control Room
Note 1 to entry: For existing plants, the Supplementary Control Room may be a special control room, but in many
cases comprises sets of control panels and displays in switchgear rooms or similar areas. In the latter case, the
term ‘supplementary control point’ is used in this document.
[SOURCE: IEC 60965:2016, 3.6]
3.30
severe accident
accident conditions more severe than a design basis accident and involving significant core
degradation
[SOURCE: IAEA Safety Glossary, 2016]
3.31
task analysis
a detailed identification and description of an operator’s task, in terms of its components, to
specify the detailed human activities involved, and their functional and temporal relationships
Note 1 to entry: Frequently, task analysis in understood to also include the evaluation of the operator’s tasks. In
the frame of IEC 60964, this evaluation is described in terms of V&V of function assignment and V&V of the
integrated control room system (which also covers the operator tasks).
3.32
tasks
actions performed by either human or machine humans for the accomplishment of a functional
goal
3.33
training programme
programme which is designed to train the control room staff so that they can acquire the skills
and knowledge necessary for operational activities
3.34
validation
process of determining whether a product or service is adequate to perform its intended
function satisfactorily. Validation is broader in scope, and may involve a greater element of
judgement, than verification.
[SOURCE: IAEA Safety Glossary, 2007 2016]

3.35
verification
the process of determining whether the quality or performance of a product or service is as
stated, as intended or as required
confirmation by examinatio
...