iTeh Standards logo
EURUSD
Your shopping cart is empty.
IEC

IEC 60987:2021

(Main)

Nuclear power plants - Instrumentation and control important to safety - Hardware requirements

Nuclear power plants - Instrumentation and control important to safety - Hardware requirements

IEC 60987:2021 provides requirements and recommendations for the hardware aspects of I&C systems whatever the technology and applies for all safety classes in a graded manner (as defined by IEC 61513). The requirements defined within this document guide, in particular, the selection of pre-existing components, hardware aspects of system detailed design and implementation and equipment manufacturing.
This third edition cancels and replaces the second edition published in 2007. This edition includes the following significant technical changes with respect to the previous edition:
a) Title modified;
b) Take account of the fact that hardware requirements apply to all I&C technologies, including conventional hardwired equipment, programmable digital equipment or by using a combination of both types of equipment;
c) Align the standard with the new revisions of IAEA documents SSR-2/1, which include as far as possible an adaptation of the definitions;
d) Replace, as far as possible, the requirements associated with standards published since the edition 2.1, especially IEC 61513, IEC 60880, IEC 62138, IEC 62566 and IEC 62566‑2;
e) Review the existing requirements and update the terminology and definitions;
f) Extend the scope of the standard to all hardware (computerized and non-computerized) and to all safety classes 1, 2 and 3;
g) Complete, update the IEC and IAEA references and vocabulary;
h) Check possible impact of other IAEA requirements and recommendations considering extension of the scope of SC 45A;
i) Highlight the use of IEC 62566 and IEC 62566-2 for HPD development;
j) Introduce specific activities for pre-existing items (selection, acceptability and/or mitigation);
k) Introduce clearer requirements for electronic module-level design, manufacturing and control;
l) Complete reliability assessment methods;
m) Introduce requirements when using automated tests or control activities;
n) Complete description of manufacturing control activities (control process, assessment of manufactured equipment, preservation of products);
o) Define and ensure the inclusion of a graded approach for dealing with the 3 different classes of equipment and related requirements.

Centrales nucléaires de puissance - Systèmes d'instrumentation et de contrôle-commande importants pour la sûreté - Exigences applicables au matériel

IEC 60987:2021 fournit des exigences et des recommandations pour les aspects matériels des systèmes d'I&C, quelle que soit la technologie, et s'applique à toutes les classes de sûreté de manière graduelle (comme cela est défini par l’IEC 61513). Les exigences définies dans le présent document guident en particulier la sélection des composants préexistants, les aspects matériels de la conception détaillée et de la mise en œuvre du système et la fabrication des équipements.
Cette troisième édition annule et remplace la deuxième édition parue en 2007. Cette édition inclut les modifications techniques majeures suivantes par rapport à l'édition précédente:
a) Modification du titre;
b) Prise en compte du fait que les exigences en matière de matériel s'appliquent à toutes les technologies d'I&C, y compris des équipements câblés conventionnels, des équipements numériques programmables ou une combinaison de ces deux types d'équipements;
c) Alignement de la norme sur les nouvelles révisions des documents de l’AIEA SSR-2/1, incluant autant que possible une adaptation des définitions;
d) Remplacement, autant que possible, des exigences associées aux normes publiées depuis la parution de l’édition 2.1, plus particulièrement l’IEC 61513, l’IEC 60880, l’IEC 62138, l’IEC 62566 et l’IEC 62566-2;
e) Révision des exigences existantes et mise à jour des définitions et de la terminologie;
f) Élargissement du domaine d'application de la norme à tout le matériel (informatisé et non informatisé) et à toutes les classes de sûreté 1, 2 et 3;
g) Complément et mise à jour des références et du vocabulaire de l’IEC et de l'AIEA;
h) Vérification de l'impact éventuel d'autres exigences et recommandations de l'AIEA envisageant l'extension du domaine d'application du SC 45A;
i) Mise en évidence de l'utilisation de l’IEC 62566 et de l’IEC 62566-2 pour le développement du HPD;
j) Introduction d’activités spécifiques pour les constituants prédéveloppés (sélection, acceptabilité et/ou compensation);
k) Introduction d’exigences plus claires pour la conception, la fabrication et le contrôle au niveau des modules électroniques;
l) Méthodes complètes d'évaluation de la fiabilité;
m) Introduction d’exigences lors de l'utilisation d’essais automatisés ou d'activités de contrôle;
n) Complément concernant les activités de contrôle de la fabrication (processus de contrôle, évaluation des équipements fabriqués, préservation des produits);
o) Définition et incorporation d'une approche graduelle pour traiter les 3 différentes classes d'équipements et les exigences qui s'y rapportent.

General Information

Status
Published
Publication Date
02-Feb-2021
ICS
27.120.20 - Nuclear power plants. Safety
Technical Committee
SC 45A - Instrumentation, control and electrical power systems of nuclear facilities
Drafting Committee
WG 3 - TC 45/SC 45A/WG 3
Current Stage
PPUB - Publication issued
Start Date
03-Feb-2021
Completion Date
19-Feb-2021
Ref Project

Relations

Revises
IEC 60987:2007/AMD1:2013 - Amendment 1 - Nuclear power plants - Instrumentation and control important to safety - Hardware design requirements for computer-based systems
Effective Date
05-Sep-2023
Revises
IEC 60987:2007 - Nuclear power plants - Instrumentation and control important to safety - Hardware design requirements for computer-based systems
Effective Date
05-Sep-2023
IEC 60987:2021 - Nuclear power plants - Instrumentation and control important to safety - Hardware requirementsIEC 60987:2021 - Nuclear power plants - Instrumentation and control important to safety - Hardware requirements
PreviousNext
Standard
IEC 60987:2021 - Nuclear power plants - Instrumentation and control important to safety - Hardware requirements
English and French language
101 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


IEC 60987 ®
Edition 3.0 2021-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Nuclear power plants – Instrumentation and control important to safety –
Hardware requirements
Centrales nucléaires de puissance – Systèmes d’instrumentation et de contrôle-
commande importants pour la sûreté – Exigences applicables au matériel

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform IEC online collection - oc.iec.ch
The advanced search enables to find IEC publications by a Discover our powerful search engine and read freely all the
variety of criteria (reference number, text, technical publications previews. With a subscription you will always
committee, …). It also gives information on projects, replaced have access to up to date content tailored to your needs.
and withdrawn publications.
Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
The world's leading online dictionary on electrotechnology,
Stay up to date on all new IEC publications. Just Published
containing more than 22 000 terminological entries in English
details all new publications released. Available online and
and French, with equivalent terms in 18 additional languages.
once a month by email.
Also known as the International Electrotechnical Vocabulary

(IEV) online.
IEC Customer Service Centre - webstore.iec.ch/csc
If you wish to give us your feedback on this publication or
need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.

Recherche de publications IEC - IEC online collection - oc.iec.ch
webstore.iec.ch/advsearchform Découvrez notre puissant moteur de recherche et consultez
La recherche avancée permet de trouver des publications IEC gratuitement tous les aperçus des publications. Avec un
en utilisant différents critères (numéro de référence, texte, abonnement, vous aurez toujours accès à un contenu à jour
comité d’études, …). Elle donne aussi des informations sur adapté à vos besoins.
les projets et les publications remplacées ou retirées.

Electropedia - www.electropedia.org
IEC Just Published - webstore.iec.ch/justpublished
Le premier dictionnaire d'électrotechnologie en ligne au
Restez informé sur les nouvelles publications IEC. Just
monde, avec plus de 22 000 articles terminologiques en
Published détaille les nouvelles publications parues.
anglais et en français, ainsi que les termes équivalents dans
Disponible en ligne et une fois par mois par email.
16 langues additionnelles. Egalement appelé Vocabulaire

Electrotechnique International (IEV) en ligne.
Service Clients - webstore.iec.ch/csc

Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
IEC 60987 ®
Edition 3.0 2021-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Nuclear power plants – Instrumentation and control important to safety –

Hardware requirements
Centrales nucléaires de puissance – Systèmes d’instrumentation et de contrôle-

commande importants pour la sûreté – Exigences applicables au matériel

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 27.120.20 ISBN 978-2-8322-9319-5

– 2 – IEC 60987:2021 © IEC 2021
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 9
2 Normative references . 9
3 Terms and definitions . 10
4 Symbols and abbreviated terms . 17
5 Hardware safety lifecycle . 17
5.1 General . 17
5.2 Hardware safety lifecycle for class 1 and class 2 . 20
5.2.1 Project structure for class 1 and class 2 . 20
5.2.2 Quality management for class 1 and class 2 . 20
5.2.3 Verification of hardware for class 1 and class 2 . 21
5.3 Hardware safety lifecycle for class 3 . 23
5.3.1 Project structure and quality management for class 3 . 23
5.3.2 Verification of hardware for class 3 . 24
6 Hardware aspects of system requirements specification . 24
6.1 Hardware aspects of system requirements specification for class 1 and
class 2 . 24
6.1.1 General requirements for class 1 and class 2 . 24
6.1.2 Functional and performance requirements for class 1 and class 2 . 25
6.1.3 Reliability requirements for class 1 and class 2 . 26
6.1.4 Environmental conditions requirements for class 1 and class 2 . 27
6.1.5 Manufacturing requirements for class 1 and class 2 . 27
6.1.6 Documentation requirements for class 1 and class 2 . 27
6.2 Hardware aspects of system requirements specification for class 3. 27
6.2.1 General requirements for class 3 . 27
6.2.2 Reliability for class 3 . 27
6.2.3 Environmental conditions requirements for class 3 . 28
6.2.4 Documentation requirements for class 3 . 28
7 Selection of pre-existing components . 28
7.1 Selection of pre-existing components for class 1 and class 2 . 28
7.2 Selection of pre-existing components for class 3 . 29
8 Hardware aspects of system detailed design and implementation . 29
8.1 Hardware aspects of system detailed design and implementation for class 1
and class 2 . 29
8.1.1 General requirement for class 1 and class 2 . 29
8.1.2 Design activities for class 1 and class 2 . 30
8.1.3 Reliability for class 1 and class 2 . 30
8.1.4 Maintenance for class 1 and class 2 . 31
8.1.5 Power failure for class 1 and class 2 . 32
8.1.6 Design documentation for class 1 and class 2 . 32
8.2 Hardware aspects of system detailed design and implementation for class 3 . 33
8.2.1 General requirement for class 3 . 33
8.2.2 Reliability for class 3 . 33
8.2.3 Maintenance for class 3 . 33
9 Equipment (component) manufacturing . 33

9.1 Equipment (component) manufacturing for class 1 and class 2 . 33
9.1.1 Manufacturing quality management for class 1 and class 2 . 33
9.1.2 Training of personnel for class 1 and class 2 . 34
9.1.3 Planning and organisation of the manufacturing activities for class 1
and class 2 . 35
9.1.4 Input data for class 1 and class 2 . 35
9.1.5 Purchasing and procurement for class 1 and class 2 . 35
9.1.6 Manufacturing for class 1 and class 2 . 36
9.2 Equipment (component) manufacturing for class 3 . 41
9.2.1 Manufacturing quality management for class 3 . 41
9.2.2 Training of personnel for class 3 . 41
9.2.3 Input data for class 3 . 41
9.2.4 Purchasing and procurement for class 3 . 42
9.2.5 Assessment of electronic modules for class 3 . 42
9.2.6 Identification and traceability for class 3 . 43
9.2.7 Protection and storage of product for class 3 . 43
9.2.8 Manufacturing of electronic modules for class 3 . 44
10 Hardware aspects of system installation . 44
10.1 General . 44
11 Hardware aspects of system modification . 45
11.1 General . 45
12 Operation and maintenance . 45
12.1 General . 45
12.2 Operation and maintenance requirements . 46
12.3 Failure data . 46
12.3.1 Failure data acquired during equipment operation constitutes a major
source of information which can be used to improve: . 46
12.4 Operation and maintenance documentation . 47
Annex A (informative) Typical documentation. 48
Bibliography . 49

Figure 1 – System safety lifecycle (informative, as defined by IEC 61513) . 18
Figure 2 – Hardware related activities in the system safety lifecycle . 19

Table A.1 – Typical documentation . 48

– 4 – IEC 60987:2021 © IEC 2021
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
NUCLEAR POWER PLANTS – INSTRUMENTATION AND CONTROL
IMPORTANT TO SAFETY – HARDWARE REQUIREMENTS

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 60987 has been prepared by subcommittee 45A: Instrumentation,
control and electrical power systems of nuclear facilities, of IEC technical committee 45:
Nuclear instrumentation.
This third edition cancels and replaces the second edition published in 2007, and its
Amendment 1, published in 2013. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) Title modified;
b) Take account of the fact that hardware requirements apply to all I&C technologies,
including conventional hardwired equipment, programmable digital equipment or by using
a combination of both types of equipment;
c) Align the standard with the new revisions of IAEA documents SSR-2/1, which include as
far as possible an adaptation of the definitions;

d) Replace, as far as possible, the requirements associated with standards published since
the edition 2.1, especially IEC 61513, IEC 60880, IEC 62138, IEC 62566 and
IEC 62566‑2;
e) Review the existing requirements and update the terminology and definitions;
f) Extend the scope of the standard to all hardware (computerized and non-computerized)
and to all safety classes 1, 2 and 3;
g) Complete, update the IEC and IAEA references and vocabulary;
h) Check possible impact of other IAEA requirements and recommendations considering
extension of the scope of SC 45A;
i) Highlight the use of IEC 62566 and IEC 62566-2 for HPD development;
j) Introduce specific activities for pre-existing items (selection, acceptability and/or
mitigation);
k) Introduce clearer requirements for electronic module-level design, manufacturing and
control;
l) Complete reliability assessment methods;
m) Introduce requirements when using automated tests or control activities;
n) Complete description of manufacturing control activities (control process, assessment of
manufactured equipment, preservation of products);
o) Define and ensure the inclusion of a graded approach for dealing with the 3 different
classes of equipment and related requirements.
The text of this International Standard is based on the following documents:
FDIS Report on voting
45A/1365/FDIS 45A/1372/RVD
Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
– 6 – IEC 60987:2021 © IEC 2021
INTRODUCTION
a) Technical background, main issues and organization of the standard
This International Standard provides requirements on the hardware aspects of E/E/PE items
used in instrumentation and control (I&C) systems performing safety functions as defined by
IEC 61226.
It is consistent with, and complementary to, IEC 61513. Activities that are mainly system level
activities (for example, integration, validation and installation) are not addressed exhaustively
by this document: requirements that are not specific to hardware are deferred to IEC 61513.
The basic principles for the design of nuclear instrumentation, as specifically applied to the
systems important to safety of nuclear power plants, were first interpreted in nuclear
standards with reference to hardwired systems in IAEA Safety Guide 50 SG D3 which has
been superseded by IAEA Guide SSG-39.
IEC 60987 was first issued in 1989 to cover the hardware aspects of digital systems design
for systems important to safety.
Although many of the requirements within the original issue continue to be relevant, there
were significant factors which justified the development of this revised edition of IEC 60987, in
particular:
– the use of different technologies that may include conventional hardwired equipment,
programmable digital equipment or by using a combination of both types of equipment;
– IEC 61226 and IEC 61513 cover I&C systems performing 3 different categories of
functions (A, B and C) and 3 classes of systems (class 1, 2 and 3);
– the use of pre-existing components, rather than bespoke developments, has increased
significantly.
b) Situation of the current standard in the structure of the IEC SC 45A standard series
The first-level IEC SC 45A standard for I&C systems important to safety in nuclear power
plants (NPPs) is IEC 61513. IEC 60987 is a second-level IEC SC 45A standard which
addresses the generic issue of I&C systems hardware requirements.
IEC 60880 and IEC 62138 are second-level standards which together cover the software
aspects of computer-based systems used to perform functions important to safety in NPPs.
IEC 60880 and IEC 62138 make direct reference to IEC 60987 for I&C systems hardware
requirements.
IEC 62566 and IEC 62566-2 are second-level standards which together cover the
development of HPDs used to perform functions important to safety in NPPs. IEC 62566 and
IEC 62566-2 make direct reference to IEC 60987 for I&C systems hardware requirements.
The requirements of IEC/IEEE 60780-323 for equipment qualification are referenced within
IEC 60987.
For more details on the structure of the IEC SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of the standard
It is important to note that this standard establishes no additional functional requirements for
classified systems (see IEC 61226 for system classification requirements).

Aspects for which special recommendations have been produced (so as to assure the
production of highly reliable systems), are:
– a general approach to the hardware safety lifecycle;
– an approach from the requirements specifications down to on-site operation and
maintenance activities.
It is recognized that I&C technology is continuing to evolve and that it is not possible for a
standard such as this to include references to all modern design technologies and techniques.
To ensure that the standard will continue to be relevant in future years the emphasis has been
placed on issues of principle, rather than specific hardware design technologies. If new
design techniques are developed then it is possible to assess the suitability of such
techniques by adapting and applying the design principles contained within this standard.
The scope of this document covers I&C systems hardware for all classes of systems important
to safety. This includes conventional hardwired equipment, programmable digital equipment
or by using a combination of both types of equipment; it covers the assessment and use of
pre-existing items, for example, commercial off-the-shelf items (COTS), and the development
of new hardware.
This document does not explicitly address how to protect systems against those threats
arising from malicious attacks, i.e. cybersecurity, for programmable digital item. IEC 62645
provides requirements for security programmes for programmable digital item for all their
development phases and on-site operation.
d) Description of the structure of the IEC SC 45A standard series and relationships
with other IEC documents and other bodies documents (IAEA, ISO)
The top-level documents of the IEC SC 45A standard series are IEC 61513 and IEC 63046.
IEC 61513 provides general requirements for I&C systems and equipment that are used to
perform functions important to safety in NPPs. IEC 63046 provides general requirements for
electrical power systems of NPPs; it covers power supply systems including the supply
systems of the I&C systems. IEC 61513 and IEC 63046 are to be considered in conjunction
and at the same level. IEC 61513 and IEC 63046 structure the IEC SC 45A standard series
and shape a complete framework establishing general requirements for instrumentation,
control and electrical systems for nuclear power plants.
IEC 61513 and IEC 63046 refer directly to other IEC SC 45A standards for general topics
related to categorization of functions and classification of systems, qualification, separation,
defence against common cause failure, control room design, electromagnetic compatibility,
cybersecurity, software and hardware aspects for programmable digital systems, coordination
of safety and security requirements and management of ageing. The standards referenced
directly at this second level should be considered together with IEC 61513 and IEC 63046 as
a consistent document set.
At a third level, IEC SC 45A standards not directly referenced by IEC 61513 or by IEC 63046
are standards related to specific equipment, technical methods, or specific activities. Usually
these documents, which make reference to second-level documents for general topics, can be
used on their own.
A fourth level extending the IEC SC 45 standard series, corresponds to the Technical Reports
which are not normative.
– 8 – IEC 60987:2021 © IEC 2021
The IEC SC 45A standards series consistently implements and details the safety and security
principles and basic aspects provided in the relevant IAEA safety standards and in the
relevant documents of the IAEA nuclear security series (NSS). In particular this includes the
IAEA requirements SSR-2/1, establishing safety requirements related to the design of nuclear
power plants (NPPs), the IAEA safety guide SSG-30 dealing with the safety classification of
structures, systems and components in NPPs, the IAEA safety guide SSG-39 dealing with the
design of instrumentation and control systems for NPPs, the IAEA safety guide SSG-34
dealing with the design of electrical power systems for NPPs and the implementing guide
NSS17 for computer security at nuclear facilities. The safety and security terminology and
definitions used by SC 45A standards are consistent with those used by the IAEA.
IEC 61513 and IEC 63046 have adopted a presentation format similar to the basic safety
publication IEC 61508 with an overall life-cycle framework and a system life-cycle framework.
Regarding nuclear safety, IEC 61513 and IEC 63046 provide the interpretation of the general
requirements of IEC 61508-1, IEC 61508-2 and IEC 61508-4, for the nuclear application
sector. In this framework IEC 60880, IEC 62138 and IEC 62566 correspond to IEC 61508-3
for the nuclear application sector. IEC 61513 and IEC 63046 refer to ISO as well as to IAEA
GS-R part 2 and IAEA GS-G-3.1 and IAEA GS-G-3.5 for topics related to quality assurance
(QA). At level 2, regarding nuclear security, IEC 62645 is the entry document for the
IEC/SC 45A security standards. It builds upon the valid high level principles and main
concepts of the generic security standards, in particular ISO/IEC 27001 and ISO/IEC 27002; it
adapts them and completes them to fit the nuclear context and coordinates with the
IEC 62443 series. At level 2, IEC 60964 is the entry document for the IEC/SC 45A control
rooms standards and IEC 62342 is the entry document for the ageing management standards.
NOTE It is assumed that for the design of I&C systems in NPPs that implement conventional safety functions (e.g.
to address worker safety, asset protection, chemical hazards, process energy hazards) international or national
standards would be applied.
NUCLEAR POWER PLANTS – INSTRUMENTATION AND CONTROL
IMPORTANT TO SAFETY – HARDWARE REQUIREMENTS

1 Scope
I&C systems important to safety may be implemented using conventional hardwired
equipment, programmable digital equipment or by using a combination of both types of
equipment.
This document provides requirements and recommendations for the hardware aspects of I&C
systems whatever the technology and applies for all safety classes in a graded manner (as
defined by IEC 61513).
The requirements defined within this document guide, in particular, the selection of pre-
existing components, hardware aspects of system detailed design and implementation and
equipment manufacturing.
This document does not explicitly address how to protect systems against those threats
arising from malicious attacks, i.e. cybersecurity, for programmable digital item. IEC 62645
provides requirements for security programmes for programmable digital item for all their
development phases and on-site operation.
Pre-existing items may include microcontrollers or HPDs and, where firmware or programming
files are deeply-embedded, be effectively "transparent" to the user. In such cases, this
document can be used to guide the assessment process for such components. An example of
where this approach is considered appropriate is in the assessment of modern processors
which contain a microcode. Such code is generally an integral part of the "hardware", and it is
therefore appropriate for the processor (including the microcode) to be assessed as an
integrated hardware component using this document.
Software which is not deeply-embedded, as described above, is developed or assessed
according to the requirements of the relevant software standard (for example, IEC 60880 for
class 1 systems and IEC 62138 for class 2 and 3 systems).
In the same manner, HPDs which are not deeply-embedded, as described above, are
developed or assessed according to the requirements of the relevant HPD standard (for
example, IEC 62566 for class 1 systems and IEC 62566-2 for class 2 and 3 systems).
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC/IEEE 60780-323, Nuclear facilities – Electrical equipment important to safety –
Qualification
IEC 60812, Failure modes and effects analysis (FMEA and FMECA)
IEC 60880, Nuclear power plants – Instrumentation and control systems important to safety –
Software aspects for computer-based systems performing category A functions

– 10 – IEC 60987:2021 © IEC 2021
IEC/IEEE 60980-344, Nuclear facilities – Equipment important to safety – Seismic
qualification
IEC 61000 (all parts), Electromagnetic compatibility (EMC)
IEC 61025, Fault tree analysis (FTA)
IEC 61513:2011, Nuclear power plants – Instrumentation and control important to safety –
General requirements for systems
IEC 61709, Electrical components – Reliability – Reference conditions for failure rates and
stress models for conversion
IEC 62003, Nuclear power plants – Instrumentation, control and electrical power systems –
Requirements for electromagnetic compatibility testing
IEC 62138:2018, Nuclear power plants – Instrumentation and control systems important to
safety – Software aspects for computer-based systems performing category B or C functions
IEC 62566:2012, Nuclear power plants – Instrumentation and control important to safety –
Development of HDL-programmed integrated circuits for systems performing category A
functions
IEC 62566-2, Nuclear power plants – Instrumentation and control systems important to safety
– Development of HDL-programmed integrated circuits – Part 2: HDL-programmed integrated
circuits for systems performing category B or C functions
ISO 28590, Sampling procedures for inspection by attributes — Introduction to the ISO 2859
series of standards for sampling for inspection by attributes
IPC-A-610, Acceptability of Electronic Assemblies
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
class of an I&C system
one of three possible assignments (1, 2, 3) of I&C systems important to safety resulting from
consideration of their requirement to implement I&C functions of different safety importance
Note 1 to entry: An unclassified assignment is made if the I&C system does not implement functions important to
safety.
Note 2 to entry: See also "category of an I&C function", "items important to safety", "safety systems".
[SOURCE: IEC 61513:2011, 3.6, modified – last sentence of definition turned into Note 1 to
entry.]
3.2
common cause failure, CCF
failure of two or more structures, systems or components due to a single specific event or
cause
Note 1 to entry: Common causes can be internal or external to an I&C system.
[SOURCE: IAEA Safety Glossary: 2018, modified – Note 1 to entry has been added.]
3.3
component
one of the parts that make up a system
Note 1 to entry: A component can be hardware, software or HPD and can be subdivided into other components.
Note 2 to entry: See also "I&C system", "equipment".
Note 3 to entry: The terms "equipment", "component", and "module" are often used interchangeably. The
relationship of these terms is not yet standardised.
Note 4 to entry: This IEC SC 45A definition is in principle compatible with the sub-definition of "Component" given
in the frame of the 2018 edition of the IAEA Safety Glossary definition of "Structures Systems and Components
(SSC)". Nevertheless, as only examples of hardware components are given, this can mislead the reader and IEC
SC 45A prefer to use a definition which explicitly covers software components.
[SOURCE: IEC 61513:2011, 3.10, modified – last sentence of definition turned into Note 1 to
entry and edition 2007 of IAEA Safety Glossary has been updated to edition 2018.]
3.4
computer-based item
item that relies on software instructions running on microprocessors or microcontrollers
Note 1 to entry: In this term and its definition, the term item can be replaced by the terms: system, or equipment,
or device.
Note 2 to entry: A computer-based item is a kind of programmable digital item.
Note 3 to entry: This term is equivalent to software-based item.
Note 4 to entry: The definitions for the following terms: E/E/PE item, Electrical item, I&C systems, Programmable
digital item, Computer-based item, Hardwired item, Programmable Logic Device, HPDs have to be considered in
conjunction and are totally consistent and coherent. They are totally consistent and coherent with the general
requirements established by IEC 61513 and IEC 63046 for instrumentation, control and electrical systems for
nuclear power plants.
[SOURCE: IEC 62138:2018, 3.8, modified – Note 4 to entry has been added.]
3.5
electrical / electronic / programmable electronic item
E/E/PE item
item based on electrical (E) and/or electronic (E) and/or programmable electronic (PE)
technology
Note 1 to entry: In this term and its definition, the word "item" can be replaced by the words: system, or
equipment, or device.
Note 2 to entry: The definitions for the following terms: E/E/PE item, Electrical item, I&C systems, Programmable
digital item, Computer-based item, Hardwired item, Programmable Logic Device, HDL Programmed Device (HDL
Hardware Description Language), have to be considered in conjunction and are totally consistent and coherent.
They are totally consistent and coherent with the general requirements established by IEC 61513 and IEC 63046
for instrumentation, control and electrical systems for nuclear power plants.
[SOURCE: IEC 62138:2018, 3.15, modified – Note 2 to entry has been added.]

– 12 – IEC 60987:2021 © IEC 2021
3.6
electrical power system
EPS
system performing electrical power generation, transmission and distribution; performing
supply functions to operate plant equipment (pumps, valves, heaters, etc.)
Note 1 to entry: An electrical system can integrate E/E/PE items to perform its internal electrical control and
protection.
[SOURCE: IEC 63046:2020, 3.12]
3.7
equipment
one or more parts of a system
Note 1 to entry: An item of equipment is a single definable (and usually removable) element or part of a system.
Note 2 to entry: See also "component", "I&C system".
Note 3 to entry: Equipment may include software.
Note 4 to entry: The terms "equipment", "component", and "module" are often used interchangeably. The
relationship of these terms is not yet standardised.
[SOURCE: IEC 61513:2011, 3.16, modified – last sentence of definition turned into Note 1 to
entry and Note 4 to entry of IEC 61513 has been removed.]
3.8
firmware
software which is closely coupled to the hardware characteristics on which it is installed
Note 1 to entry: The presence of firmware is generally "transparent" to the user of the hardware component and,
as such, can be considered to be effectively an integral part of the hardware design (a good example of such
software being processor microcode).
Note 2 to entry: Generally, firmware can only be modified by a user by replacing the hardware components (for
example, processor chip, card, EPROM) which contain this software with components which contain modified
software (firmware). Where this is the case, configuration control of the hardware components by the users of the
equipment effectively provides configuration control of the firmware. Firmware, as considered by this document, is
effectively software that is built into the hardware
3.9
function
specific purpose or objective to be accomplished, that can be specified or described without
reference to the physical means of achieving it
[SOURCE: IAEA Safety Glossary, 2018]
3.10
hardwired item
item that relies on relays, on analogue electronic or on discrete digital logic
Note 1 to entry: In this term and its definition, the term item can be replaced by the terms: system, or equipment,
or device.
Note 2 to entry: This term used by IEC SC 45A is roughly equivalent to electronic item used by IEC 61508. Relays
are electro-mechanical items, not electronic items, but they are included in the term hardwired-based item.
Note 3 to entry: Hardwired item are also usually called conventional items.
Note 4 to entry: The definitions for the following terms: E/E/PE item, Electrical item, I&C systems, Programmable
digital item, Computer-based item, Hardwired item, Programmable Logic Device, HDL Programmed Device (HDL
Hardware Description Language), have to be considered in conjunction and are totally consistent and coherent.
They are totally consistent and coherent with the general requirements established by IEC 61513 and IEC 63046
for instrumentation, control and electrical systems for nuclear power plants.

3.11
Hardware Description Language
HDL
language used to formally describe the functions and/or the structure of an electronic
component for documentation, simulation or synthesis
Note 1 to entry: The most widely used HDLs are VHDL (IEEE 1076) and Verilog (IEEE 1364).
[SOURCE: IEC 62566:2012, 3.6]
3.12
HDL-Programmed Device
HPD
integrated circuit configured with Hardware Description Languages and related software tools
Note 1 to entry: HDLs and related tools (e.g. simulator, synthesizer) are used to implement the requirements in a
proper assembly of pre-developed micro-electronic resources.
Note 2 to entry: The development of HPDs can use Pre-Developed Blocks.
Note 3 to entry: HPDs are typically based on blank FPGAs, PLDs or similar micro-electronic technologies.
Note 4 to entry: HPD is a kind of programmable digital item.
Note 5 to entry: The definitions for the following terms: E/E/PE item, Electrical item, I&C systems, Programmable
digital item, Computer-based item, Hardwired item, Programmable Logic Device, HDL Programmed Device (HDL
Hardware Description Language), have to be considered in conjunction and are totally consistent and coherent.
They are totally consistent and coherent with the general requirements established by IEC 61513 and IEC 63046
for instrumentation, control and electrical systems for nuclear power plants.
[SOURCE: IEC 62566:2012, 3.7, modified – Note 4 to entry and Note 5 to entry added.]
3.13
I&C system
system, based on electrical and/or electronic and/or programmable electronic technology,
performing I&C functions as well as service and monitoring functions related to the operation
of the system itself
Note 1 to entry: The term is used as a general term which encompasses all elements of the system such as
internal power supplies, sensors and other input devices, data highways and other communication paths, interfaces
to actuators and other output devices. The different functions within a system may use dedicated or shared
resources.
Note 2 to entry: See also "system, I&C function".
Note 3 to entry: The elements included in a specific I&C system are defined in the specification of the boundaries
of the system.
Note 4 to entry: According to their typical functionality, IAEA distinguishes between automation / control systems,
HMI systems, interlock systems and protection systems.
[SOURCE: IEC 61513:2011, 3.29, modified – last sentence of definition turned into Note 1 to
entry.]
3.14
integration
progressive aggregation and verification of components into a complete system
[SOURCE: IEC 62138:2018, 3.27]

– 14 – IEC 60987:2021 © IEC 2021
3.15
periodic testing
performance of tests at predetermined time points to demonstrate that the functional
capabilities of I&C systems and equipment important to safety are retained and that the
characteristics relevant to the claims of the safety analysis are satisfied
[SOURCE: IEC 60671:200
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

This May Also Interest You

IEC
IEC TR 63400:2025(Main)
Nuclear facilities - Instrumentation, control and electrical power systems important to safety - Structure of the IEC SC 45A standards series

IEC TR 63400:2025 augments that description to enable users of individual IEC SC 45A standards to obtain a more comprehensive understanding of the overall structure of the series and its relationship with other standards bodies and standards. The publication of this document and its subsequent editions should also enable minor changes in the structure to be described without the need for amending the common description that is included in the Introduction, item d), of all IEC SC 45A documents.

  • Technical report
    69 pages
    English language
    sale 15% off
IEC
IEC 63374:2025(Main)
Nuclear power plants - Instrumentation systems important to safety - Characteristics and test methods of nuclear reactor reactivity meters

IEC 63374:2025 specifies the characteristics and test methods for reactivity meters. Other methods for measuring reactivity are not addressed in this document. This document provides guidance for the design, production and operation of reactivity meters. This document is applicable to various types of nuclear reactors that can be described by the neutron kinetic point reactor model, such as pressurized water reactors (PWRs), boiling-water reactors (BWRs) or fast breeder reactors (FBRs). This document is applicable to all on-line measuring instruments that directly obtain reactivity values by measuring the neutron flux. The subject relates to the reactor nuclear parameter measurement domain.

  • Standard
    18 pages
    English language
    sale 15% off
  • Standard
    19 pages
    French language
    sale 15% off
  • Standard
    37 pages
    English and French language
    sale 15% off
IEC
IEC 63435:2025(Main)
Nuclear facilities - Human machine interfaces - Operator support systems

IEC 63435:2025 specifies the characteristics of operator support systems (OSS) used by the control room staff, maintenance engineers and emergency response staff, establishes general principles for OSS lifecycle and requirements for OSS design following the human factors engineering (HFE) programme. This document also gives the human factors guidelines and the verification and validation (V&V) requirements for OSS design.
This document is applicable to new nuclear facilities whose conceptual design is initiated after the publication of this document but it can also be used for designing OSS in existing nuclear facilities.

  • Standard
    33 pages
    English language
    sale 15% off
IEC
IEC 61225:2025(Main)
Nuclear power plants - Instrumentation, control and electrical power systems - Requirements for static uninterruptible DC and AC power supply systems

IEC 61225:2025 specifies the performance and the functional characteristics of the low voltage static uninterruptible power supply (SUPS) systems in a nuclear power plant (NPP) and, when applicable, in nuclear facilities in general. An uninterruptible power supply (UPS) is an electrical equipment which draws electrical energy from a source, stores it, and maintains the supply in a specified form by means inside the equipment to output terminals. A SUPS has no rotating parts to perform its functions. The specific design requirements for the components of the power supply system are covered by IEC standards and other standards listed in the normative references. Otherwise, specific component-level design requirements are outside the scope of this document.

  • Standard
    75 pages
    English language
    sale 15% off
IEC
IEC 60911:2025(Main)
Nuclear power plants - Instrumentation systems - Measurements for monitoring adequate cooling within the core of pressurized light water reactors

IEC 60911:2025 applies to pressurized water reactors (PWRs) and presents requirements for the monitoring of adequate cooling within the core in all operations, including normal and abnormal operations. Requirements for core cooling monitoring during conditions beyond a design basis accident, i.e. a design extension condition of type A or type B, are also covered in this document.
This document defines requirements for instrumentation to measure coolant parameters, which are of interest when abnormal conditions arise with either one or two phases of coolant or with gas included in the reactor pressure vessel (RPV).
This second edition cancels and replaces the first edition published in 1987. This edition includes the following significant technical changes with respect to the previous edition:
a) Modification of the title.
b) Integration and merging with the content of IEC 62117:1999 relative to the monitoring of core cooling during cold shutdown.
c) Integration of feedback following the 2011 Fukushima accident.

  • Standard
    45 pages
    English language
    sale 15% off
IEC
IEC/IEEE 62582-1:2024(Main)
Nuclear power plants - Instrumentation and control important to safety - Electrical equipment condition monitoring methods - Part 1: General

IEC/IEEE 62582-1:2024 contains requirements for application of the other parts of IEC/IEEE 62582 related to specific methods for condition monitoring in electrical equipment important to safety of nuclear power plants. It also includes requirements which are common to all methods. The procedures defined in IEC/IEEE 62582 are intended for detailed condition monitoring.
IEC/IEEE 62582 specifies condition monitoring methods in sufficient detail to enhance the accuracy and repeatability, and provide standard formats for reporting the results. The methods specified are applicable to electrical equipment containing polymeric materials. Some methods are especially designed for the measurement of condition of a limited range of equipment whilst others can be applied to all types of equipment for which the polymeric parts are accessible.

  • Standard
    21 pages
    English language
    sale 15% off
  • Standard
    21 pages
    English language
    sale 15% off
IEC
IEC/IEEE 63332-387:2024(Main)
Nuclear facilities - Electrical power systems - Diesel generator units applied as standby power sources

IEC/IEEE 63332-387:2024 defines the criteria for the application and testing of diesel generator (DG) units used as safety class standby power supplies in nuclear facilities. In general, the standard applies to new nuclear facilities as well as for upgrading or back-fitting of existing facilities. Existing facilities can voluntarily adopt the requirements to enhance the performance capabilities and reliability of the installed DG units. The standard can be used in applications where highly reliable onsite alternating current (AC) power source is required to maintain plant safety following an event with potential loss of offsite power for an extended duration.
This document provides the principal design criteria, the design features, testing, and qualification requirements for the individual DG units that enable them to meet their functional requirements as a part of the standby power supply under the conditions produced by the design basis events catalogued in the plant safety analysis.

  • Standard
    139 pages
    English and French language
    sale 15% off
IEC
IEC 63351:2024(Main)
Nuclear facilities - Human factors engineering - Application to the design of human-machine interfaces

IEC 63351:2024 specifies the basic principles and requirements for the application of a human factors engineering (HFE) programme to the design of the human-machine interfaces (HMI) throughout the lifetime of a nuclear facility. The focus of this document is on control rooms and control functions as discussed in the text.
This document focuses on the application of a human factors engineering (HFE) programme to the design of the human-machine interfaces throughout the lifetime of a nuclear facility, including consideration of plant modifications.
This document is applicable to nuclear facilities such as: nuclear power plants (NPPs), research reactors, uranium enrichment and nuclear fuel fabrication facilities, spent fuel storage and reprocessing facilities.

  • Standard
    140 pages
    English and French language
    sale 15% off
IEC
IEC TR 63486:2024(Main)
Nuclear facilities - Instrumentation, control and electrical power systems - Cybersecurity risk management approaches

IEC TR 63486:2024 provides a cybersecurity framework for digital I&C programmable systems [2]. IEC 62645 [1] aligns strongly with the information security management system (ISMS) elements detailed within ISO/IEC 27001:2013 [2]. The ISO/IEC ISMS structure corresponds to the “I&C digital programmable system cybersecurity program” in the context (as defined in 5.2.1 of IEC 62645:2019 [1]).
The scope of this document is to capture the national and international cyber-risk approaches employed to manage cybersecurity risks associated with Instrumentation and Control (I&C) and Electrical Power Systems (EPS) at a Nuclear Power Plant (NPP).
This document summarizes an evaluation of cyber-risk approaches that are in use by nuclear facility operators to manage cybersecurity risks.
The scope of this document generally follows the exclusions of IEC 62645 which are:
- Non-malevolent actions and events such as accidental failures, human errors (except those stated above, such as impacting the performance of cybersecurity controls), and natural events. In particular, good practices for managing applications and data, including backup and restoration related to accidental failure, are out of scope.
This document summarizes key insights of the international and cyber-risk approaches used at NPPs regarding the application of ISO/IEC 27005:2018 [5]. The evaluation is based on 11 challenges to cybersecurity risk management and their applicability to NPP risk management. The challenges are detailed in Clause 7. This document also relates the risk management elements of IEC 62645 and IEC 63096.

  • Technical report
    160 pages
    English language
    sale 15% off
IEC
IEC 63272:2024(Main)
Nuclear facilities - Electrical power systems - AC interruptible power supply systems

IEC 63272:2024 specifies the performance and functional characteristics of the on-site AC interruptible power supply systems and applies to new nuclear facilities and newly installed or upgraded on-site AC interruptible power supply systems.
The specific design requirements for the components of the power supply system are defined by the IEC standards listed in the normative references and are outside the scope of this document.
The purpose of this document is to provide high level requirements for the design of on-site AC interruptible power supply systems as part of the overall electrical distribution system in a nuclear facility. This document defines the requirements for an electrical designer to establish the design of the AC interruptible electrical power supply for nuclear facilities. It is used in conjunction with Level 1 standard IEC 63046.

  • Standard
    116 pages
    English and French language
    sale 15% off