iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST EN IEC 62138:2019

(Main)

Nuclear power plants - Instrumentation and control systems important to safety - Software aspects for computer-based systems performing category B or C functions (IEC 62138:2018)

Nuclear power plants - Instrumentation and control systems important to safety - Software aspects for computer-based systems performing category B or C functions (IEC 62138:2018)

This document specifies requirements for the software of computer-based instrumentation and
control (I&C) systems performing functions of safety category B or C as defined by
IEC 61226. It complements IEC 60880 which provides requirements for the software of
computer-based I&C systems performing functions of safety category A.
It is consistent with, and complementary to, IEC 61513. Activities that are mainly system level
activities (for example, integration, validation and installation) are not addressed exhaustively
by this document: requirements that are not specific to software are deferred to IEC 61513.
The link between functions categories and system classes is given in IEC 61513. Since a
given safety-classified I&C system may perform functions of different safety categories and
even non safety-classified functions, the requirements of this document are attached to the
safety class of the I&C system (class 2 or class 3).
This document is not intended to be used as a general-purpose software engineering guide. It
applies to the software of I&C systems of safety classes 2 or 3 for new nuclear power plants
as well as to I&C upgrading or back-fitting of existing plants.
For existing plants, only a subset of requirements is applicable and this subset has to be
identified at the beginning of any project.
The purpose of the guidance provided by this document is to reduce, as far as possible, the
potential for latent software faults to cause system failures, either due to single software
failures or multiple software failures (i.e. Common Cause Failures due to software).
This document does not explicitly address how to protect software against those threats
arising from malicious attacks, i.e. cybersecurity, for computer-based systems. IEC 62645
provides requirements for security programmes for computer-based systems.

Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung - Softwareaspekte für rechnerbasierte Systeme zur Realisierung von Funktionen der Kategorien B oder C (IEC 62138:2018)

Centrales nucléaires de puissance - Systèmes d’instrumentation et de contrôle-commande importants pour la sûreté - Aspects logiciels des systèmes informatisés réalisant des fonctions de catégorie B ou C (IEC 62138:2018)

This document specifies requirements for the software of computer-based instrumentation and control (I&C) systems performing functions of safety category B or C as defined by IEC 61226. It complements IEC 60880 which provides requirements for the software of computer-based I&C systems performing functions of safety category A. It is consistent with, and complementary to, IEC 61513. Activities that are mainly system level activities (for example, integration, validation and installation) are not addressed exhaustively by this document: requirements that are not specific to software are deferred to IEC 61513. The link between functions categories and system classes is given in IEC 61513. Since a given safety-classified I&C system may perform functions of different safety categories and even non safety-classified functions, the requirements of this document are attached to the safety class of the I&C system (class 2 or class 3). This document is not intended to be used as a general-purpose software engineering guide. It applies to the software of I&C systems of safety classes 2 or 3 for new nuclear power plants as well as to I&C upgrading or back-fitting of existing plants. For existing plants, only a subset of requirements is applicable and this subset has to be identified at the beginning of any project. The purpose of the guidance provided by this document is to reduce, as far as possible, the potential for latent software faults to cause system failures, either due to single software failures or multiple software failures (i.e. Common Cause Failures due to software). This document does not explicitly address how to protect software against those threats arising from malicious attacks, i.e. cybersecurity, for computer-based systems. IEC 62645 provides requirements for security programmes for computer-based systems.

Nuklearne elektrarne - Instrumenti in nadzorni sistemi za zagotavljanje varnosti - Značilnosti programske opreme računalniških sistemov, ki izvajajo funkcije kategorij B ali C (IEC 62138:2018)

Ta dokument določa zahteve za programsko opremo računalniških instrumentov in nadzornih sistemov (I&C) za izvajanje funkcij varnostne kategorije B ali C, kot je definirana v standardu IEC 61226. Dopolnjuje standard IEC 60880, ki določa zahteve za programsko opremo računalniških instrumentov in nadzornih sistemov za izvajanje funkcij varnostne kategorije A. Skladen je s standardom IEC 61513, katerega tudi dopolnjuje. Dejavnosti, ki so predvsem dejavnosti na ravni sistema (na primer integracija, validacija in namestitev), v tem dokumentu niso izčrpno naslovljene: zahteve, ki se ne navezujejo na programsko opremo, so navedene v standardu IEC 61513. Povezava med funkcijskimi kategorijami in sistemskimi razredi je podana v standardu IEC 61513. Ker lahko dani sistem I&C z varnostno razvrstitvijo izvaja funkcije različnih varnostnih kategorij in celo funkcij, ki nimajo varnostne razvrstitve, so zahteve tega dokumenta dodane varnostnemu razredu sistema I&C (razred 2 ali razred 3). Namen tega dokumenta ni, da bi se uporabljal kot vodilo za inženiring programske opreme za splošni namen. Uporablja se za programsko opremo računalniških instrumentov in nadzornih sistemov varnostnega razreda 2 ali 3 za nove jedrske elektrarne in tudi za nadgradnjo ali posodobitev obstoječih elektrarn z računalniškimi instrumenti in nadzornimi sistemi. Za obstoječe elektrarne se uporablja samo podnabor zahtev in ta podnabor je treba identificirati na začetku posameznega projekta. Namen vodil, navedenih v tem dokumentu, je v največji možni meri zmanjšati potencial, da bi latentne okvare programske opreme povzročile odpovedi sistema, in sicer zaradi okvar posamezne programske opreme
ali okvar več programskih oprem (tj. okvare s skupnim vzrokom zaradi programske opreme). Ta dokument ne naslavlja izrecno zaščite programske opreme pred grožnjami, ki izhajajo iz zlonamernih napadov, tj. kibernetske varnosti, za računalniške sisteme. Zahteve za varnostne programe za računalniške sisteme določa standard IEC 62645.

General Information

Status
Published
Public Enquiry End Date
25-Apr-2019
Publication Date
20-Oct-2019
ICS
27.120.20 - Nuclear power plants. Safety
Technical Committee
I09 - Imaginarni 09
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
04-Oct-2019
Due Date
09-Dec-2019
Completion Date
21-Oct-2019
Ref Project
EN IEC 62138:2019 - Nuclear power plants - Instrumentation and control systems important to safety - Software aspects for computer-based systems performing category B or C functions

Relations

Revised
SIST EN 62138:2009 - Nuclear power plants - Instrumentation and control important for safety - Software aspects for computer-based systems performing category B or C functions
Effective Date
17-Sep-2018
Replaces
SIST EN 62138:2009 - Nuclear power plants - Instrumentation and control important for safety - Software aspects for computer-based systems performing category B or C functions
Effective Date
01-Oct-2019

Buy Standard

EN IEC 62138:2019EN IEC 62138:2019
PreviousNext
Standard
EN IEC 62138:2019
English language
55 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
prEN 62138:2019prEN 62138:2019
PreviousNext
Draft
prEN 62138:2019
English language
55 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN IEC 62138:2019
01-december-2019
Nadomešča:
SIST EN 62138:2009
Nuklearne elektrarne - Instrumenti in nadzorni sistemi za zagotavljanje varnosti -
Značilnosti programske opreme računalniških sistemov, ki izvajajo funkcije
kategorij B ali C (IEC 62138:2018)
Nuclear power plants - Instrumentation and control systems important to safety -
Software aspects for computer-based systems performing category B or C functions (IEC
62138:2018)
Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung -
Softwareaspekte für rechnerbasierte Systeme zur Realisierung von Funktionen der
Kategorien B oder C (IEC 62138:2018)
Centrales nucléaires de puissance - Systèmes d’instrumentation et de contrôle-
commande importants pour la sûreté - Aspects logiciels des systèmes informatisés
réalisant des fonctions de catégorie B ou C (IEC 62138:2018)
Ta slovenski standard je istoveten z: EN IEC 62138:2019
ICS:
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
SIST EN IEC 62138:2019 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN IEC 62138:2019

---------------------- Page: 2 ----------------------
SIST EN IEC 62138:2019


EUROPEAN STANDARD EN IEC 62138

NORME EUROPÉENNE

EUROPÄISCHE NORM
September 2019
ICS 27.120.20 Supersedes EN 62138:2009 and all of its amendments
and corrigenda (if any)
English Version
Nuclear power plants - Instrumentation and control systems
important to safety - Software aspects for computer-based
systems performing category B or C functions
(IEC 62138:2018)
Centrales nucléaires de puissance - Systèmes Kernkraftwerke - Leittechnische Systeme mit
d'instrumentation et de contrôle-commande importants pour sicherheitstechnischer Bedeutung - Softwareaspekte für
la sûreté - Aspects logiciels des systèmes informatisés rechnerbasierte Systeme zur Realisierung von Funktionen
réalisant des fonctions de catégorie B ou C der Kategorien B oder C
(IEC 62138:2018) (IEC 62138:2018)
This European Standard was approved by CENELEC on 2019-09-09. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.



European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
 Ref. No. EN IEC 62138:2019 E

---------------------- Page: 3 ----------------------
SIST EN IEC 62138:2019
EN IEC 62138:2019 (E)
European foreword
This document (EN IEC 62138:2019) consists of the text of IEC 62138:2018 prepared by SC 45A
"Instrumentation, control and electrical power systems of nuclear facilities" of IEC/TC 45 "Nuclear
instrumentation".
The following dates are fixed:
• latest date by which this document has to be (dop) 2020-09-09
implemented at national level by publication of an
identical national standard or by endorsement
• latest date by which the national standards (dow) 2022-09-09
conflicting with this document have to be
withdrawn
This document supersedes EN 62138:2009 and all of its amendments and corrigenda (if any).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member
States are not prevented from taking more stringent safety measures in the subject-matter covered by
the Directive, in compliance with Community law. In a similar manner, this European standard does
not prevent Member States from taking more stringent nuclear safety and/or security measures in the
subject-matter covered by this standard.
Endorsement notice
The text of the International Standard IEC 62138:2018 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
IEC 61508-3:2010 NOTE  Harmonized as EN 61508-3:2010 (not modified)
IEC 61508-4:2010 NOTE  Harmonized as EN 61508-3:2010 (not modified)
IEC 61511-1:2016
NOTE  Harmonized as EN 61511-1:2016 (not modified)
ISO 9001:2015
NOTE  Harmonized as EN ISO 9001:2015 (not modified)
2

---------------------- Page: 4 ----------------------
SIST EN IEC 62138:2019
EN IEC 62138:2019 (E)
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant

EN/HD applies.

NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.

Publication Year Title EN/HD Year
IEC 60880 2006 Nuclear power plants - Instrumentation EN 60880 2009
and control systems important to safety -
Software aspects for computer-based
systems performing category A functions
IEC 61226 -  Nuclear power plants - Instrumentation EN 61226 -
and control important to safety -
Classification of instrumentation and
control functions
IEC 61513 2011 Nuclear power plants - Instrumentation EN 61513 2013
and control important to safety - General
requirements for systems
IEC 62671 2013 Nuclear power plants - Instrumentation - -
and control important to safety - Selection
and use of industrial digital devices of
limited functionality

3

---------------------- Page: 5 ----------------------
SIST EN IEC 62138:2019

---------------------- Page: 6 ----------------------
SIST EN IEC 62138:2019



IEC 62138

®


Edition 2.0 2018-07




INTERNATIONAL



STANDARD




NORME


INTERNATIONALE












Nuclear power plants – Instrumentation and control systems important to

safety – Software aspects for computer-based systems performing category

B or C functions




Centrales nucléaires de puissance – Systèmes d’instrumentation et de contrôle-

commande importants pour la sûreté – Aspects logiciels des systèmes


informatisés réalisant des fonctions de catégorie B ou C












INTERNATIONAL

ELECTROTECHNICAL

COMMISSION


COMMISSION

ELECTROTECHNIQUE

INTERNATIONALE




ICS 27.120.20 ISBN 978-2-8322-5830-9




Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale

---------------------- Page: 7 ----------------------
SIST EN IEC 62138:2019
– 2 – IEC 62138:2018 © IEC 2018
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 8
2 Normative references. 8
3 Terms and definitions . 9
4 Symbols and abbreviated terms . 17
5 Key concepts and assumptions . 17
5.1 General . 17
5.2 Types of software . 17
5.3 Types of configuration data . 18
5.4 Software and system safety lifecycles . 19
5.5 Gradation principles . 21
6 Requirements for the software of class 2 and class 3 I&C systems . 22
6.1 Applicability of the requirements . 22
6.2 General requirements . 22
6.2.1 Software safety lifecycle – Software quality assurance . 22
6.2.2 Verification . 23
6.2.3 Configuration management . 24
6.2.4 Selection and use of software tools . 25
6.2.5 Selection of languages . 26
6.3 Selection of pre-developed software . 27
6.3.1 General . 27
6.3.2 Documentation for safety. 27
6.3.3 Evidence of correctness . 28
6.3.4 Functional suitability . 35
6.3.5 Selection and use of digital devices of limited functionality . 35
6.4 Software requirements specification . 35
6.4.1 General . 35
6.4.2 Objectives . 35
6.4.3 Inputs . 36
6.4.4 Contents . 36
6.4.5 Properties . 37
6.5 Software design . 38
6.5.1 Objectives . 38
6.5.2 Inputs . 38
6.5.3 Contents . 39
6.5.4 Properties . 40
6.6 Implementation of software . 40
6.6.1 General requirements . 40
6.6.2 Configuration of software and of devices containing software . 40
6.6.3 Implementation with application-oriented languages . 41
6.6.4 Implementation with general-purpose languages . 41
6.7 Software aspects of system integration . 43
6.7.1 General . 43
6.8 Software aspects of system validation . 43
6.8.1 General . 43

---------------------- Page: 8 ----------------------
SIST EN IEC 62138:2019
IEC 62138:2018 © IEC 2018 – 3 –
6.9 Installation of software on site . 45
6.9.1 General . 45
6.10 Anomaly reports . 45
6.11 Software modification . 46
6.11.1 General . 46
6.12 Defences against common cause failure due to software . 47
Annex A (informative) Typical list of software documentation . 48
Annex B (informative) Correspondence between IEC 61513:2011 and this document . 49
Annex C (informative) Relations of this document with IEC 61508 . 50
C.1 General . 50
C.2 Comparison of scope and concepts . 50
C.3 Correspondence between this document and IEC 61508-3:2010 . 51
Bibliography . 52

Figure 1 – Typical software parts in a computer-based I&C system . 18
Figure 2 – Activities of the system safety lifecycle (as defined by IEC 61513:2011) . 19
Figure 3 – Software related activities in the system safety lifecycle . 20
Figure 4 – Development activities of the IEC 62138 software safety lifecycle . 21
Figure 5 – Overview of the typical qualification process for pre-developed complete
operational system software . 30
Figure 6 – Overview of the typical qualification process for pre-developed software

components . 31


Table A.1 – Typical list of software documentation . 48
Table B.1 – Correspondence between IEC 61513:2011 and this document . 49
Table C.1 – Correspondence between this document and IEC 61508-3:2010 . 51

---------------------- Page: 9 ----------------------
SIST EN IEC 62138:2019
– 4 – IEC 62138:2018 © IEC 2018
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________

NUCLEAR POWER PLANTS – INSTRUMENTATION
AND CONTROL SYSTEMS IMPORTANT TO SAFETY –
SOFTWARE ASPECTS FOR COMPUTER-BASED SYSTEMS
PERFORMING CATEGORY B OR C FUNCTIONS

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62138 has been prepared by subcommittee 45A: Instrumentation,
control and electrical power systems of nuclear facilities, of IEC technical committee 45:
Nuclear instrumentation.
This second edition cancels and replaces the first edition published in 2004. This edition
constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) align the standard with standards published or revised since the first edition, in particular
IEC 61513, IEC 60880, IEC 62645 and IEC 62671;
b) merge Clause 5 and Clause 6 of the first edition into a single clause in order to avoid the
repetition of the vast majority of the text which proves to be extremely difficult to maintain
in consistency;

---------------------- Page: 10 ----------------------
SIST EN IEC 62138:2019
IEC 62138:2018 © IEC 2018 – 5 –
c) revise clause on the selection of pre-developed software based on experiences from the
application of the first edition of the standard on industrial projects. More precise criteria
are proposed for the evidence of correctness of pre-developed software;
d) introduce requirements on traceability in consistency with IEC 61513;
e) introduce an Annex A that gives a typical list of software documentation;
f) introduce an Annex B that establishes relationship between IEC 61513 and this document;
g) introduce an Annex C that establishes relationship between IEC 61508 and this document.
The text of this standard is based on the following documents:
FDIS Report on voting
45A/1201/FDIS 45A/1209/RVD

Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
In this document, the following print types are used:
• Requirements and recommendations applicable specifically to class 2 or to class 3
systems appear in italics in Clause 6.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.

---------------------- Page: 11 ----------------------
SIST EN IEC 62138:2019
– 6 – IEC 62138:2018 © IEC 2018
INTRODUCTION
a) Technical background, main issues and organisation of this document
This International Standard provides requirements on the software aspects for computer-
based instrumentation and control (I&C) systems performing category B or C functions as
defined by IEC 61226. It complements IEC 60880 which provides requirements for the
software of computer-based I&C systems performing category A functions.
It is consistent with, and complementary to, IEC 61513:2011. Activities that are mainly
system level activities (for example, integration, validation and installation) are not
addressed exhaustively by this document: requirements that are not specific to software
are deferred to IEC 61513:2011.
This document takes into account the current practices for the development of software for
I&C systems, in particular:
– the use of pre-developed software, equipment and equipment families that were not
necessarily designed to nuclear industry sector standards;
– the use of application-oriented languages.
b) Situation of the current document in the structure of the IEC SC 45A standard series
IEC 61513 is a first level IEC SC 45A document and gives guidance applicable to I&C at
system level.
IEC 62138 is a second level IEC SC 45A document that supplements IEC 61513
concerning software development of computer-based I&C systems performing category B
or C functions.
For more details on the structure of the IEC SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of this document
This document is not intended to be used as a general-purpose software engineering
guide. It applies to the software of I&C systems performing category B or C functions for
new nuclear power plants as well as to I&C upgrading or back-fitting of existing plants.
For existing plants, only a subset of requirements is applicable and this subset has to be
identified at the beginning of any project.
The purpose of the guidance provided by this document is to reduce, as far as possible,
the potential for latent software faults to cause system failures, either due to single
software failures or multiple software failures (i.e. Common Cause Failures due to
software).
This document does not explicitly address how to protect software against those threats
arising from malicious attacks, i.e. cybersecurity, for computer-based systems. IEC 62645
provides requirements for security programmes for computer-based systems.
To ensure that this document will continue to be relevant in future years, the emphasis
has been placed on issues of principle, rather than specific technologies.
d) Description of the structure of the IEC SC 45A standard series and relationships
with other IEC documents and other bodies documents (IAEA, ISO)
The top-level documents of the IEC SC 45A standard series are IEC 61513 and
IEC 63046. IEC 61513 provides general requirements for I&C systems and equipment that
are used to perform functions important to safety in nuclear power plants (NPPs).
IEC 63046 provides general requirements for electrical power systems of NPPs; it covers
power supply systems including the supply systems of the I&C systems. IEC 61513 and
IEC 63046 are to be considered in conjunction and at the same level. IEC 61513 and
IEC 63046 structure the IEC SC 45A standard series and shape a complete framework
establishing general requirements for instrumentation, control and electrical systems for
nuclear power plants.
IEC 61513 and IEC 63046 refer directly to other IEC SC 45A standards for general topics
related to categorization of functions and classification of systems, qualification,
separation, defence against common cause failure, control room design, electromagnetic
compatibility, cybersecurity, software and hardware aspects for programmable digital

---------------------- Page: 12 ----------------------
SIST EN IEC 62138:2019
IEC 62138:2018 © IEC 2018 – 7 –
systems, coordination of safety and security requirements and management of ageing.
The standards referenced directly at this second level should be considered together with
IEC 61513 and IEC 63046 as a consistent document set.
At a third level, IEC SC 45A standards not directly referenced by IEC 61513 or by
IEC 63046 are standards related to specific equipment, technical methods, or specific
activities. Usually these documents, which make reference to second-level documents for
general topics, can be used on their own.
A fourth level extending the IEC SC 45A standard series, corresponds to the Technical
Reports which are not normative.
The IEC SC 45A standards series consistently implements and details the safety and
security principles and basic aspects provided in the relevant IAEA safety standards and
in the relevant documents of the IAEA nuclear security series (NSS). In particular this
includes the IAEA requirements SSR-2/1, establishing safety requirements related to the
design of nuclear power plants (NPPs), the IAEA safety guide SSG-30 dealing with the
safety classification of structures, systems and components in NPPs, the IAEA safety
guide SSG-39 dealing with the design of instrumentation and control systems for NPPs,
the IAEA safety guide SSG-34 dealing with the design of electrical power systems for
NPPs and the implementing guide NSS17 for computer security at nuclear facilities. The
safety and security terminology and definitions used by SC 45A standards are consistent
with those used by the IAEA.
IEC 61513 and IEC 63046 have adopted a presentation format similar to the basic safety
publication IEC 61508 with an overall life-cycle framework and a system life-cycle
framework. Regarding nuclear safety, IEC 61513 and IEC 63046 provide the interpretation
of the general requirements of IEC 61508-1, IEC 61508-2 and IEC 61508-4, for the
nuclear application sector. In this framework IEC 60880, IEC 62138 and IEC 62566
correspond to IEC 61508-3 for the nuclear application sector. IEC 61513 and IEC 63046
refer to ISO as well as to IAEA GS-R-3 and IAEA GS-G-3.1 and IAEA GS-G-3.5 for topics
related to quality assurance. At level 2, regarding nuclear security, IEC 62645 is the entry
document for the IEC SC 45A security standards. It builds upon the valid high level
principles and main concepts of the generic security standards, in particular ISO/IEC
27001 and ISO/IEC 27002; it adapts them and completes them to fit the nuclear context
and coordinates with the IEC 62443 series. At level 2, regarding control rooms, IEC 60964
is the entry document for the IEC SC 45A control rooms standards and IEC 62342 is the
entry document for the IEC SC 45A ageing management standards.
NOTE 1 It is assumed that for the design of I&C systems in NPPs that implement conventional safety functions
(e.g. to address worker safety, asset protection, chemical hazards, process energy hazards) international or
national standards would be applied.
NOTE 2 IEC SC 45A domain was extended in 2013 to cover electrical systems. In 2014 and 2015 discussions
were held in IEC SC 45A to decide how and where general requirement for the design of electrical systems were to
be considered. IEC SC 45A experts recommended that an
...

SLOVENSKI STANDARD
oSIST prEN 62138:2019
01-april-2019
1XNOHDUQHHOHNWUDUQH,QVWUXPHQWLLQQDG]RUQLVLVWHPL]D]DJRWDYOMDQMHYDUQRVWL
=QDþLOQRVWLSURJUDPVNHRSUHPHUDþXQDOQLãNLKVLVWHPRYNLL]YDMDMRIXQNFLMH
NDWHJRULM%DOL& ,(&
Nuclear power plants - Instrumentation and control systems important to safety -
Software aspects for computer-based systems performing category B or C functions (IEC
62138:2018)
Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung -
Softwareaspekte für rechnerbasierte Systeme zur Realisierung von Funktionen der
Kategorien B oder C (IEC 62138:2018)
Centrales nucléaires de puissance - Systèmes d’instrumentation et de contrôle-
commande importants pour la sûreté - Aspects logiciels des systèmes informatisés
réalisant des fonctions de catégorie B ou C (IEC 62138:2018)
Ta slovenski standard je istoveten z: prEN 62138:2019
ICS:
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
oSIST prEN 62138:2019 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN 62138:2019

---------------------- Page: 2 ----------------------
oSIST prEN 62138:2019


EUROPEAN STANDARD DRAFT
prEN IEC 62138
NORME EUROPÉENNE

EUROPÄISCHE NORM

February 2019
ICS 27.120.20 Will supersede EN 62138:2009
English Version
Nuclear power plants - Instrumentation and control systems
important to safety - Software aspects for computer-based
systems performing category B or C functions
(IEC 62138:2018)
Centrales nucléaires de puissance - Systèmes Kernkraftwerke - Leittechnische Systeme mit
d'instrumentation et de contrôle-commande importants pour sicherheitstechnischer Bedeutung - Softwareaspekte für
la sûreté - Aspects logiciels des systèmes informatisés rechnerbasierte Systeme zur Realisierung von Funktionen
réalisant des fonctions de catégorie B ou C der Kategorien B oder C
(IEC 62138:2018) (IEC 62138:2018)
This draft European Standard is submitted to CENELEC members for enquiry.
Deadline for CENELEC: 2019-04-26.

The text of this draft consists of the text of IEC 62138:2018.

If this draft becomes a European Standard, CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which
stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

This draft European Standard was established by CENELEC in three official versions (English, French, German).
A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to
the CEN-CENELEC Management Centre has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and the United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to
provide supporting documentation.

Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without notice and
shall not be referred to as a European Standard.


European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Project: 68128 Ref. No. prEN IEC 62138 E

---------------------- Page: 3 ----------------------
oSIST prEN 62138:2019
prEN IEC 62138:2019 (E)
European foreword
This document (prEN IEC 62138:2019) consists of the text of IEC 62138:2018 prepared by
IEC/SC 45A "Instrumentation, control and electrical power systems of nuclear facilities", of
IEC/TC 45 "Nuclear instrumentation".
This document is currently submitted to the Enquiry.
The following dates are proposed:
• latest date by which the existence of (doa) dor + 6 months
this document has to be announced at
national level
• latest date by which this document has to be (dop) dor + 12 months
implemented at national level by publication
of an identical national standard or by
endorsement
• latest date by which the national standards (dow) dor + 36 months
conflicting with this document have to be (to be confirmed or
withdrawn modified when voting)
This document will supersede EN 62138:2009.
As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2,
Member States are not prevented from taking more stringent safety measures in the subject-
matter covered by the Directive, in compliance with Community law. In a similar manner, this
European standard does not prevent Member States from taking more stringent nuclear
safety and/or security measures in the subject-matter covered by this standard.
2

---------------------- Page: 4 ----------------------
oSIST prEN 62138:2019
prEN IEC 62138:2019 (E)
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document
(including any amendments) applies.
NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant

EN/HD applies.

NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.

Publication Year Title EN/HD Year
IEC 60880 2006 Nuclear power plants - Instrumentation EN 60880 2009
and control systems important to safety -
Software aspects for computer-based
systems performing category A functions
IEC 61226 -  Nuclear power plants - Instrumentation EN 61226 -
and control important to safety -
Classification of instrumentation and
control functions
IEC 61513 2011 Nuclear power plants - Instrumentation EN 61513 2013
and control important to safety - General
requirements for systems
IEC 62671 2013 Nuclear power plants - Instrumentation - -
and control important to safety - Selection
and use of industrial digital devices of
limited functionality


3

---------------------- Page: 5 ----------------------
oSIST prEN 62138:2019

---------------------- Page: 6 ----------------------
oSIST prEN 62138:2019



IEC 62138

®


Edition 2.0 2018-07




INTERNATIONAL



STANDARD




NORME


INTERNATIONALE












Nuclear power plants – Instrumentation and control systems important to

safety – Software aspects for computer-based systems performing category

B or C functions




Centrales nucléaires de puissance – Systèmes d’instrumentation et de contrôle-

commande importants pour la sûreté – Aspects logiciels des systèmes


informatisés réalisant des fonctions de catégorie B ou C












INTERNATIONAL

ELECTROTECHNICAL

COMMISSION


COMMISSION

ELECTROTECHNIQUE

INTERNATIONALE




ICS 27.120.20 ISBN 978-2-8322-5830-9




Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale

---------------------- Page: 7 ----------------------
oSIST prEN 62138:2019
– 2 – IEC 62138:2018 © IEC 2018
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 8
2 Normative references. 8
3 Terms and definitions . 9
4 Symbols and abbreviated terms . 17
5 Key concepts and assumptions . 17
5.1 General . 17
5.2 Types of software . 17
5.3 Types of configuration data . 18
5.4 Software and system safety lifecycles . 19
5.5 Gradation principles . 21
6 Requirements for the software of class 2 and class 3 I&C systems . 22
6.1 Applicability of the requirements . 22
6.2 General requirements . 22
6.2.1 Software safety lifecycle – Software quality assurance . 22
6.2.2 Verification . 23
6.2.3 Configuration management . 24
6.2.4 Selection and use of software tools . 25
6.2.5 Selection of languages . 26
6.3 Selection of pre-developed software . 27
6.3.1 General . 27
6.3.2 Documentation for safety. 27
6.3.3 Evidence of correctness . 28
6.3.4 Functional suitability . 35
6.3.5 Selection and use of digital devices of limited functionality . 35
6.4 Software requirements specification . 35
6.4.1 General . 35
6.4.2 Objectives . 35
6.4.3 Inputs . 36
6.4.4 Contents . 36
6.4.5 Properties . 37
6.5 Software design . 38
6.5.1 Objectives . 38
6.5.2 Inputs . 38
6.5.3 Contents . 39
6.5.4 Properties . 40
6.6 Implementation of software . 40
6.6.1 General requirements . 40
6.6.2 Configuration of software and of devices containing software . 40
6.6.3 Implementation with application-oriented languages . 41
6.6.4 Implementation with general-purpose languages . 41
6.7 Software aspects of system integration . 43
6.7.1 General . 43
6.8 Software aspects of system validation . 43
6.8.1 General . 43

---------------------- Page: 8 ----------------------
oSIST prEN 62138:2019
IEC 62138:2018 © IEC 2018 – 3 –
6.9 Installation of software on site . 45
6.9.1 General . 45
6.10 Anomaly reports . 45
6.11 Software modification . 46
6.11.1 General . 46
6.12 Defences against common cause failure due to software . 47
Annex A (informative) Typical list of software documentation . 48
Annex B (informative) Correspondence between IEC 61513:2011 and this document . 49
Annex C (informative) Relations of this document with IEC 61508 . 50
C.1 General . 50
C.2 Comparison of scope and concepts . 50
C.3 Correspondence between this document and IEC 61508-3:2010 . 51
Bibliography . 52

Figure 1 – Typical software parts in a computer-based I&C system . 18
Figure 2 – Activities of the system safety lifecycle (as defined by IEC 61513:2011) . 19
Figure 3 – Software related activities in the system safety lifecycle . 20
Figure 4 – Development activities of the IEC 62138 software safety lifecycle . 21
Figure 5 – Overview of the typical qualification process for pre-developed complete
operational system software . 30
Figure 6 – Overview of the typical qualification process for pre-developed software

components . 31


Table A.1 – Typical list of software documentation . 48
Table B.1 – Correspondence between IEC 61513:2011 and this document . 49
Table C.1 – Correspondence between this document and IEC 61508-3:2010 . 51

---------------------- Page: 9 ----------------------
oSIST prEN 62138:2019
– 4 – IEC 62138:2018 © IEC 2018
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________

NUCLEAR POWER PLANTS – INSTRUMENTATION
AND CONTROL SYSTEMS IMPORTANT TO SAFETY –
SOFTWARE ASPECTS FOR COMPUTER-BASED SYSTEMS
PERFORMING CATEGORY B OR C FUNCTIONS

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62138 has been prepared by subcommittee 45A: Instrumentation,
control and electrical power systems of nuclear facilities, of IEC technical committee 45:
Nuclear instrumentation.
This second edition cancels and replaces the first edition published in 2004. This edition
constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) align the standard with standards published or revised since the first edition, in particular
IEC 61513, IEC 60880, IEC 62645 and IEC 62671;
b) merge Clause 5 and Clause 6 of the first edition into a single clause in order to avoid the
repetition of the vast majority of the text which proves to be extremely difficult to maintain
in consistency;

---------------------- Page: 10 ----------------------
oSIST prEN 62138:2019
IEC 62138:2018 © IEC 2018 – 5 –
c) revise clause on the selection of pre-developed software based on experiences from the
application of the first edition of the standard on industrial projects. More precise criteria
are proposed for the evidence of correctness of pre-developed software;
d) introduce requirements on traceability in consistency with IEC 61513;
e) introduce an Annex A that gives a typical list of software documentation;
f) introduce an Annex B that establishes relationship between IEC 61513 and this document;
g) introduce an Annex C that establishes relationship between IEC 61508 and this document.
The text of this standard is based on the following documents:
FDIS Report on voting
45A/1201/FDIS 45A/1209/RVD

Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
In this document, the following print types are used:
• Requirements and recommendations applicable specifically to class 2 or to class 3
systems appear in italics in Clause 6.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.

---------------------- Page: 11 ----------------------
oSIST prEN 62138:2019
– 6 – IEC 62138:2018 © IEC 2018
INTRODUCTION
a) Technical background, main issues and organisation of this document
This International Standard provides requirements on the software aspects for computer-
based instrumentation and control (I&C) systems performing category B or C functions as
defined by IEC 61226. It complements IEC 60880 which provides requirements for the
software of computer-based I&C systems performing category A functions.
It is consistent with, and complementary to, IEC 61513:2011. Activities that are mainly
system level activities (for example, integration, validation and installation) are not
addressed exhaustively by this document: requirements that are not specific to software
are deferred to IEC 61513:2011.
This document takes into account the current practices for the development of software for
I&C systems, in particular:
– the use of pre-developed software, equipment and equipment families that were not
necessarily designed to nuclear industry sector standards;
– the use of application-oriented languages.
b) Situation of the current document in the structure of the IEC SC 45A standard series
IEC 61513 is a first level IEC SC 45A document and gives guidance applicable to I&C at
system level.
IEC 62138 is a second level IEC SC 45A document that supplements IEC 61513
concerning software development of computer-based I&C systems performing category B
or C functions.
For more details on the structure of the IEC SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of this document
This document is not intended to be used as a general-purpose software engineering
guide. It applies to the software of I&C systems performing category B or C functions for
new nuclear power plants as well as to I&C upgrading or back-fitting of existing plants.
For existing plants, only a subset of requirements is applicable and this subset has to be
identified at the beginning of any project.
The purpose of the guidance provided by this document is to reduce, as far as possible,
the potential for latent software faults to cause system failures, either due to single
software failures or multiple software failures (i.e. Common Cause Failures due to
software).
This document does not explicitly address how to protect software against those threats
arising from malicious attacks, i.e. cybersecurity, for computer-based systems. IEC 62645
provides requirements for security programmes for computer-based systems.
To ensure that this document will continue to be relevant in future years, the emphasis
has been placed on issues of principle, rather than specific technologies.
d) Description of the structure of the IEC SC 45A standard series and relationships
with other IEC documents and other bodies documents (IAEA, ISO)
The top-level documents of the IEC SC 45A standard series are IEC 61513 and
IEC 63046. IEC 61513 provides general requirements for I&C systems and equipment that
are used to perform functions important to safety in nuclear power plants (NPPs).
IEC 63046 provides general requirements for electrical power systems of NPPs; it covers
power supply systems including the supply systems of the I&C systems. IEC 61513 and
IEC 63046 are to be considered in conjunction and at the same level. IEC 61513 and
IEC 63046 structure the IEC SC 45A standard series and shape a complete framework
establishing general requirements for instrumentation, control and electrical systems for
nuclear power plants.
IEC 61513 and IEC 63046 refer directly to other IEC SC 45A standards for general topics
related to categorization of functions and classification of systems, qualification,
separation, defence against common cause failure, control room design, electromagnetic
compatibility, cybersecurity, software and hardware aspects for programmable digital

---------------------- Page: 12 ----------------------
oSIST prEN 62138:2019
IEC 62138:2018 © IEC 2018 – 7 –
systems, coordination of safety and security requirements and management of ageing.
The standards referenced directly at this second level should be considered together with
IEC 61513 and IEC 63046 as a consistent document set.
At a third level, IEC SC 45A standards not directly referenced by IEC 61513 or by
IEC 63046 are standards related to specific equipment, technical methods, or specific
activities. Usually these documents, which make reference to second-level documents for
general topics, can be used on their own.
A fourth level extending the IEC SC 45A standard series, corresponds to the Technical
Reports which are not normative.
The IEC SC 45A standards series consistently implements and details the safety and
security principles and basic aspects provided in the relevant IAEA safety standards and
in the relevant documents of the IAEA nuclear security series (NSS). In particular this
includes the IAEA requirements SSR-2/1, establishing safety requirements related to the
design of nuclear power plants (NPPs), the IAEA safety guide SSG-30 dealing with the
safety classification of structures, systems and components in NPPs, the IAEA safety
guide SSG-39 dealing with the design of instrumentation and control systems for NPPs,
the IAEA safety guide SSG-34 dealing with the design of electrical power systems for
NPPs and the implementing guide NSS17 for computer security at nuclear facilities. The
safety and security terminology and definitions used by SC 45A standards are consistent
with those used by the IAEA.
IEC 61513 and IEC 63046 have adopted a presentation format similar to the basic safety
publication IEC 61508 with an overall life-cycle framework and a system life-cycle
framework. Regarding nuclear safety, IEC 61513 and IEC 63046 provide the interpretation
of the general requirements of IEC 61508-1, IEC 61508-2 and IEC 61508-4, for the
nuclear application sector. In this framework IEC 60880, IEC 62138 and IEC 62566
correspond to IEC 61508-3 for the nuclear application sector. IEC 61513 and IEC 63046
refer to ISO as well as to IAEA GS-R-3 and IAEA GS-G-3.1 and IAEA GS-G-3.5 for topics
related to quality assurance. At level 2, regarding nuclear security, IEC 62645 is the entry
document for the IEC SC 45A security standards. It builds upon the valid high level
principles and main concepts of the generic security standards, in particular ISO/IEC
27001 and ISO/IEC 27002; it adapts them and completes them to fit the nuclear context
and coordinates with the IEC 62443 series. At level 2, regarding control rooms, IEC 60964
is the entry document for the IEC SC 45A control rooms standards and IEC 62342 is the
entry document for the IEC SC 45A ageing management standards.
NOTE 1 It is assumed that for the design of I&C systems in NPPs that implement conventional safety functions
(e.g. to address worker safety, asset protection, chemical hazards, process energy hazards) international or
national standards would be applied.
NOTE 2 IEC SC 45A domain was extended in 2013 to cover electrical systems. In 2014 and 2015 discussions
were held in IEC SC 45A to decide how and where general requirement for the design of electrical systems were to
be considered. IEC SC 45A experts recommended that an independent standard be developed at the same level as
IEC 61513 to establish general requirements for electrical systems. Project IEC 63046 is now launched to cover
this objective. When IEC 63046 is published, this NOTE 2 of the introducti
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN IEC 62988:2022(Main)
Nuclear power plants - Instrumentation and control systems important to safety - Selection and use of wireless devices (IEC 62988:2018)
EN IEC 62988:2022

This document establishes requirements relevant to the selection and use of wireless devices
in instrumentation and control (I&C) systems important to safety used in nuclear power plants
(NPPs). Those I&C systems may fully consist of wireless devices.
NOTE The word “use” refers to the integration of the device, its qualification, administrative control, and every
other activity that may be necessary to use the device in an important to safety application.
This document applies to the I&C of new NPPs and to backfit of I&C in existing NPPs. Every
wireless device or wireless system that is important to safety is in the scope of this document.
Both fixed and mobile devices and all data types (voice, process data, etc.) are included
within the scope if they provide a safety classified function.
This document restricts the use of wireless devices to systems supporting category C
functions according to IEC 61226, excluding explicitly their use for categories A and B.
Non-safety devices and systems may use this document as guidelines, for example to ensure
that important to safety devices are not disturbed.
– Clause 5 describes the fundamental requirements regarding safety and cybersecurity.
– Clause 6 gives wireless-specific requirements that have to be included in the system
design.
– Clause 7 describes the requirements for the selection and integration of wireless devices.
– Clause 8 deals with electromagnetic compatibility and spectrum management.
– Clause 9 gives wireless-specific requirements regarding cybersecurity.
– Clause 10 describes the requirements for the qualification of wireless devices and their
environment.

  • Standard
    21 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    21 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 60987:2021(Main)
Nuclear power plants - Instrumentation and control important to safety - Hardware requirements (IEC 60987:2021)
EN IEC 60987:2021

IEC 60987:2021 provides requirements and recommendations for the hardware aspects of I&C systems whatever the technology and applies for all safety classes in a graded manner (as defined by IEC 61513). The requirements defined within this document guide, in particular, the selection of pre-existing components, hardware aspects of system detailed design and implementation and equipment manufacturing.
This third edition cancels and replaces the second edition published in 2007. This edition includes the following significant technical changes with respect to the previous edition:
a) Title modified;
b) Take account of the fact that hardware requirements apply to all I&C technologies, including conventional hardwired equipment, programmable digital equipment or by using a combination of both types of equipment;
c) Align the standard with the new revisions of IAEA documents SSR-2/1, which include as far as possible an adaptation of the definitions;
d) Replace, as far as possible, the requirements associated with standards published since the edition 2.1, especially IEC 61513, IEC 60880, IEC 62138, IEC 62566 and IEC 62566‑2;
e) Review the existing requirements and update the terminology and definitions;
f) Extend the scope of the standard to all hardware (computerized and non-computerized) and to all safety classes 1, 2 and 3;
g) Complete, update the IEC and IAEA references and vocabulary;
h) Check possible impact of other IAEA requirements and recommendations considering extension of the scope of SC 45A;
i) Highlight the use of IEC 62566 and IEC 62566-2 for HPD development;
j) Introduce specific activities for pre-existing items (selection, acceptability and/or mitigation);
k) Introduce clearer requirements for electronic module-level design, manufacturing and control;
l) Complete reliability assessment methods;
m) Introduce requirements when using automated tests or control activities;
n) Complete description of manufacturing control activities (control process, assessment of manufactured equipment, preservation of products);
o) Define and ensure the inclusion of a graded approach for dealing with the 3 different classes of equipment and related requirements.

  • Standard
    53 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62855:2021(Main)
Nuclear power plants - Electrical power systems - Electrical power systems analysis (IEC 62855:2016)
EN IEC 62855:2021

IEC 62855 provides the electrotechnical engineering guidelines for analysis of AC and DC
electrical power systems in nuclear power plants (NPPs) in order to demonstrate that the
power sources and the distribution systems have the capability for safe operation and shut
down of the NPP, bringing it to a controlled state after an anticipated operational occurrence
or accident conditions and finally reaching a safe state.
The analytical studies discussed in this document provide assurance that the design bases
are satisfied to meet their functional requirements under the conditions produced by the
applicable design basis events. The studies provide assurance that the electrical power
system is capable of supporting safety functions during all required plant conditions.
NOTE The safety functions are described in IAEA Specific Safety Requirements SSR-2/1 related to the design of
the nuclear power plants..
Analytical studies validate the robustness and adequacy of design margins and demonstrate
the capability of electrical power systems to support plant operation for normal, abnormal,
degraded and accident conditions.
The analyses are used to verify that the electrical power system can withstand minor
disturbances and that the consequences of major disturbances or failures do not degrade the
capability of the electrical power systems to support safe shutdown of the plant and maintain
the plant in shutdown condition.
The analyses are performed with one or more of
• simulation tools (software and hardware) that have been verified and validated,
• hand calculations, and
• tests.
This document provides guidance on the types of analyses required to demonstrate that the
plant's auxiliary power system can perform the required safety functions. This document does
not provide specific details on how the analysis should be conducted.
This document does not cover digital controllers (such as controllers for rectifiers, inverters,
sequencers and electrical protection devices) used in electrical power systems. IEC 61513
gives recommendations that apply to the electronic controls and protective elements of the
electrical power systems.
This document does not include environmental conditions (i.e. temperature, humidity, etc.) or
external events (seismic, flooding, fire, high energy electromagnetic pulse, etc.) that may
impact equipment sizing or protection requirements. The external events lightning and
geomagnetic storms are included.
This document does not cover additional or unique requirements for stand-alone power
system, such as power supplies for security measures in NPPs. Pertinent clauses of this
document may be used as a guideline for such systems.
Redundancy in the power system design can increase the availability of electrical power to
critical plant equipment. Performing a probabilistic risk assessment (PRA) is a method of
assessing system availability and optimizing design for high reliability. This document does
not cover improving the reliability of NPP electrical power systems using statistical or diverse
and redundant schemes.
Requirements for safeguards of personnel involved with installation, maintenance and
operation of electrical systems and general personal safety are outside the scope of this
document. General guidance for lightning protection of equipment is provided in relevant
clauses of this document.
This document is intended to be used:
• for verification of the design of new nuclear power plants,
• for demonstrating the adequacy and impact of major modifications of electrical power
systems in operating nuclear power plants, and
• where there is a requirement to assess and establish operating limits and constraints for
existing plants.
Pertinent parts of this document can be used as guidance for decommissioning stages.

  • Standard
    60 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    60 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC/IEEE 62582-6:2021(Main)
Nuclear power plants - Instrumentation and control important to safety - Electrical equipment condition monitoring methods - Part 6: Insulation resistance (IEC/IEEE 62582-6:2019)
EN IEC/IEEE 62582-6:2021

This part of IEC/IEEE 62582 contains methods for condition monitoring of organic and
polymeric materials in instrumentation and control cables using insulation resistance
measurements in the detail necessary to produce accurate and reproducible results during
simulated accident conditions. It includes the requirements for the measurement system and
measurement procedure, and the reporting of the measurement results.
NOTE Measurement of insulation resistance during simulated accident conditions with the aim of determining the
lowest value during the accident in order to assess cable performance involves special requirements given in this
document. Methods for measurement under stable (non-accident) conditions are available in other international
standards, e.g. IEC 62631-3-3.
The different parts of the IEC/IEEE 62582 series are measurement standards, primarily for
use in the management of ageing in initial qualification and after installation. IEC/IEEE 62582-
1 includes requirements for the application of the other parts of the IEC/IEEE 62582 series
and some elements which are common to all methods. Information on the role of condition
monitoring in qualification of equipment important to safety is found in IEC/IEEE 60780-323.

  • Standard
    27 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    27 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62954:2021(Main)
Nuclear power plants - Control rooms - Requirements for emergency response facilities (IEC 62954:2019)
EN IEC 62954:2021

This document presents the requirements for the on-site emergency response facilities
(referred to hereinafter as the “ERF”) which are to be used in case of incidents or accidents
occurring on the associated Nuclear Power Plant (NPP). The ERF consists of the Emergency
Response Centre (ERC), the Technical Support Centre (TSC) and the Operational Support
Centre (OSC), as shown in Figure 1.
It establishes requirements for the ERF features and ERF I&C equipment to:
• coordinate on-site operational efforts with respect to safety and radioprotection;
• optimize the design in terms of environment control, lighting, power supplies and access
control of the ERF;
• enhance the identification and resolution of potential conflicts between the traditional
operational means and emergency means (MCR/SCR and ERF, operating staff and
emergency teams, operational procedures and emergency procedures);
• aid the identification and the enhancement of the potential synergies between the
traditional operational means and emergency means.
This document is intended for application to new nuclear power plants whose conceptual
design is initiated after the publication of this document, but it may also be used for designing
and implementing ERF in existing nuclear power plants or in any other nuclear facility.
Detailed equipment design is outside the scope of this document.
This document does not define the situations (reactor plant conditions, hazards and
magnitudes of hazards) leading to mobilisation of emergency response teams and activation /
use of the ERF. These aspects are usually addressed in the NPP Emergency Plan. However,
the need for consistency of the ERF design and operation with the NPP Emergency Plan is
within scope.

  • Standard
    29 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    29 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 61226:2021(Main)
Nuclear power plants - Instrumentation, control and electrical power systems important to safety - Categorization of functions and classification of systems (IEC 61226:2020)
EN IEC 61226:2021

This document establishes, for nuclear power plants2, a method of assignment of the
functions specified for the plant into categories according to their importance to safety.
Subsequent classification of the I&C and electrical power systems performing or supporting
these functions, based on the assigned category, then determines relevant design criteria.
The design criteria, when applied, ensure the achievement of each function in accordance to
its importance to safety. In this document, the criteria are those of functionality, reliability,
performance, environmental qualification (e.g. seismic) and quality assurance (QA).
This document is applicable to:
- the functions important to safety that are performed by I&C systems and supported by
electrical power systems (categorization of I&C functions),
- the I&C systems that enable those functions to be implemented (classification of I&C
systems),
- the electrical power systems that support those functions (classification of electrical power
systems).
The systems under consideration provide automated protection, closed or open loop control,
information to the operating staff, and electrical power supply to systems. These systems
keep the NPP conditions inside the safe operating envelope and provide automatic actions, or
enable manual actions, that prevent or mitigate accidents, or that prevent or minimize
radioactive releases to the site or wider environment. The I&C and electrical power systems
that fulfil these roles safeguard the health and safety of the NPP operators and the public.
This document follows the general principles given in IAEA Safety Requirement SSR-2/1 and
Safety Guides SSG-30, SSG-34 and SSG-39, and it defines a structured method of applying
the guidance contained in those codes and standards to the I&C and electrical power systems
that perform functions important to safety in a NPP. This document is read in association with
the IAEA guides together with IEC 61513 and IEC 63046 in implementing the requirements of
the IEC 61508 series. The overall classification scheme of structures, systems and
components for NPPs can be summarized as follows by Figure 1.

  • Standard
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 63046:2021(Main)
Nuclear power plants - Electrical power system - General requirements (IEC 63046:2020)
EN IEC 63046:2021

This document:
• provides requirements and recommendations for the overall Electrical Power System. In
particular, it covers interruptible and uninterruptible Electrical Power Systems including
the systems supplying the I&C systems;
• is consistent and coherent with IEC 61513. Like IEC 61513, this document also highlights
the need for complete and precise requirements, derived from the plant safety goals.
Those requirements are prerequisites for generating the comprehensive requirements for
the overall Electrical Power System architecture, and for the electrical power supply subsystems;
• has to be considered in conjunction with and at the same level as IEC 61513. These two
standards provide a complete framework establishing general requirements for
instrumentation, control, and Electrical Power System for Nuclear Power Plants.
This document establishes:
• the high level specification and requirement to implement a suitable Electrical Power
System in a NPP that supports reactor systems important to safety. It also enables
electrical energy production providing the transmission grid with active and reactive power
and electro-mechanical inertia;
• the relationships between:
– the plant safety requirements and the architecture of the overall Electrical Power
System and its sub-systems (see Figure 1) including:
a) the contribution to the plant Defence in Depth;
b) the independency and redundancy provisions;
– the electrical requirements and the architecture of the Electrical Power System and its
sub-systems;
– the functional requirements and the architecture of the Electrical Power System and its
sub-systems;
– the requirements associated with the maintenance strategy and the architecture of the
Electrical Power System and its sub-systems;
• the design of Electrical power sub-systems (e.g. interruptible and uninterruptible);
• the requirements for supporting systems of Electrical Power System (HVAC, I&C, etc.);
• the Electrical Power System life-cycle framework.
This document does not cover the specification of:
• I&C systems;
• the transmission lines connecting to substations outside the NPP;
• electrical equipment requirements already defined in the industrial IEC standards;
• electrical power for security systems (e.g., fences, surveillance systems, entrance
control);
• lighting and socket facility.
This document does not consider power production requirements.

  • Standard
    91 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    91 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC/IEEE 60980-344:2021(Main)
Nuclear facilities - Equipment important to safety - Seismic qualification (IEC/IEEE 60980-344:2020)
EN IEC/IEEE 60980-344:2021

This International Standard describes methods for establishing seismic qualification procedures
that will yield quantitative data to demonstrate that the equipment can meet its performance
requirements. This document is applicable to electrical, mechanical, instrumentation and control
equipment/components that are used in nuclear facilities. This document provides methods and
documentation requirements for seismic qualification of equipment to verify the equipment’s
ability to perform its specified performance requirements during and/or after specified seismic
demands. This document does not specify seismic demand or performance requirements. Other
aspects, relating to quality assurance, selection of equipment, and design and modification of
systems, are not part of this document. As seismic qualification is only a part of equipment
qualification, this document is used in conjunction with IEC/IEEE 60780-323.
The seismic qualification demonstrates equipment’s ability to perform its safety function(s)
during and/or after the time it is subjected to the forces resulting from at least one safe shutdown
earthquake (SSE/S2). This ability is demonstrated by taking into account, prior to the SSE/S2,
the ageing of equipment and the postulated occurrences of a given number of lower intensity
operating basis earthquake (OBE/S1). Ageing phenomena to be considered, if specified in the
design specification, are those which could increase the vulnerability of equipment to vibrations
caused by an SSE/S2.

  • Standard
    85 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    85 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62566-2:2021(Main)
Nuclear power plants - Instrumentation and control systems important to safety - Development of HDL-programmed integrated circuits - Part 2: HDL-programmed integrated circuits for systems performing category B or C functions (IEC 62566-2:2020)
EN IEC 62566-2:2020

This part of IEC 62566 provides requirements for achieving highly reliable HDL-Programmed
Devices (HPDs), for use in I&C systems of nuclear power plants performing functions of safety
category B or C as defined by IEC 61226.
The programming of HPDs relies on Hardware Description Languages (HDL) and related
software tools. They are typically based on blank Field Programmable Gate Arrays (FPGAs) or
similar micro-electronic technologies such as Programmable Logic Devices (PLD), Complex
Programmable Logic Devices (CPLDs), etc. General purpose integrated circuits such as
microprocessors are not HPDs. Annex B.8 provides descriptions of a number of different types
of integrated circuits.
This document provides requirements on:
a) a dedicated HPD life-cycle addressing each phase of the development of HPDs, including
specification of requirements, design, implementation, integration and validation, as well as
verification activities associated with each phase,
b) planning and complementary activities such as modification and production,
c) selection of pre-developed components. This includes micro-electronic technologies and
Pre-Developed Blocks (PDBs),
d) tools used to design, implement and verify HPDs.
This document does not put requirements on the development of the micro-electronic
technologies, which are usually available as "commercial off-the-shelf" items and are not
developed under nuclear quality assurance standards. It addresses the developments made
with these micro-electronic technologies in an I&C project with HDLs and related tools.
This document provides guidance to avoid as far as possible latent faults remaining in HPDs,
and to reduce the susceptibility to single failures as well as to potential Common Cause Failures
(CCFs).
Reliability aspects related to environmental qualification and failures due to ageing or physical
degradation are not handled in this document. Other standards, especially IEC 60987,
IEC/IEEE 60780-323 and IEC 62342, address these topics.
This document does not cover cybersecurity for HDL aspects of I&C systems. IEC 62645
provides requirements for security programmes for I&C programmable digital systems.
This document provides guidance and requirements to produce verifiable HPD designs and
implementations requiring justification due for their role in carrying out category B or C safety
functions. This document describes the activities to develop HPDs, organized in the framework
of a dedicated life-cycle. It also describes activities and guidelines to be used in addition to the
requirements of IEC 61226 for system classification and IEC 61513 for system integration and
validation when HPDs are included.

  • Standard
    61 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    61 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62003:2020(Main)
Nuclear power plants - Instrumentation, control and electrical power systems - Requirements for electromagnetic compatibility testing (IEC 62003:2020)
EN IEC 62003:2020

IEC 62003:2020 establishes requirements for electromagnetic compatibility testing of instrumentation, control, and electrical equipment supplied for use in systems important to safety at nuclear power plants and other nuclear facilities. The document lists the applicable IEC standards (principally the IEC 61000 series) which define the general test methods, and provides the necessary application-specific parameters and criteria to ensure that nuclear safety requirements are met.
This second edition cancels and replaces the first edition published in 2009. This edition includes the following significant technical changes with respect to the previous edition:
a) title modified.
b) expand the scope to encompass Electromagnetic Magnetic Compatibility (EMC) considerations for electrical equipment.
c) provide guidance for addressing the use of wireless technology.
d) enhance the description of the electromagnetic environment to provide clarification when selecting custom test levels or for test exemptions.
e) include example information to be contained within an EMC test plan.
f) provide guidance for characterization of the electromagnetic environment at the point of installation within a nuclear facility.

  • Standard
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day