SIST EN IEC 60987:2021
(Main)Nuclear power plants - Instrumentation and control important to safety - Hardware requirements (IEC 60987:2021)
Nuclear power plants - Instrumentation and control important to safety - Hardware requirements (IEC 60987:2021)
IEC 60987:2021 provides requirements and recommendations for the hardware aspects of I&C systems whatever the technology and applies for all safety classes in a graded manner (as defined by IEC 61513). The requirements defined within this document guide, in particular, the selection of pre-existing components, hardware aspects of system detailed design and implementation and equipment manufacturing.
This third edition cancels and replaces the second edition published in 2007. This edition includes the following significant technical changes with respect to the previous edition:
a) Title modified;
b) Take account of the fact that hardware requirements apply to all I&C technologies, including conventional hardwired equipment, programmable digital equipment or by using a combination of both types of equipment;
c) Align the standard with the new revisions of IAEA documents SSR-2/1, which include as far as possible an adaptation of the definitions;
d) Replace, as far as possible, the requirements associated with standards published since the edition 2.1, especially IEC 61513, IEC 60880, IEC 62138, IEC 62566 and IEC 62566‑2;
e) Review the existing requirements and update the terminology and definitions;
f) Extend the scope of the standard to all hardware (computerized and non-computerized) and to all safety classes 1, 2 and 3;
g) Complete, update the IEC and IAEA references and vocabulary;
h) Check possible impact of other IAEA requirements and recommendations considering extension of the scope of SC 45A;
i) Highlight the use of IEC 62566 and IEC 62566-2 for HPD development;
j) Introduce specific activities for pre-existing items (selection, acceptability and/or mitigation);
k) Introduce clearer requirements for electronic module-level design, manufacturing and control;
l) Complete reliability assessment methods;
m) Introduce requirements when using automated tests or control activities;
n) Complete description of manufacturing control activities (control process, assessment of manufactured equipment, preservation of products);
o) Define and ensure the inclusion of a graded approach for dealing with the 3 different classes of equipment and related requirements.
Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung - Hardware-Anforderungen (IEC 60987:2021)
Centrales nucléaires de puissance - Systèmes d'instrumentation et de contrôle-commande importants pour la sûreté - Exigences applicables au matériel (IEC 60987:2021)
See the scope of IEC 60987:2021. Adoption of IEC 60987:2021 is to be done without modification.
Jedrske elektrarne - Merilna in nadzorna oprema za zagotavljanje varnosti - Zahteve za strojno opremo (IEC 60987:2021)
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
SIST EN IEC 60987:2021
01-november-2021
Nadomešča:
SIST EN 60987:2015
Jedrske elektrarne - Merilna in nadzorna oprema za zagotavljanje varnosti -
Zahteve za strojno opremo (IEC 60987:2021)
Nuclear power plants - Instrumentation and control important to safety - Hardware
requirements (IEC 60987:2021)
Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung -
Hardware-Anforderungen (IEC 60987:2021)
Centrales nucléaires de puissance - Systèmes d'instrumentation et de contrôle-
commande importants pour la sûreté - Exigences applicables au matériel (IEC
60987:2021)
Ta slovenski standard je istoveten z: EN IEC 60987:2021
ICS:
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
SIST EN IEC 60987:2021 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST EN IEC 60987:2021
---------------------- Page: 2 ----------------------
SIST EN IEC 60987:2021
EUROPEAN STANDARD EN IEC 60987
NORME EUROPÉENNE
EUROPÄISCHE NORM
September 2021
ICS 27.120.20 Supersedes EN 60987:2015 and all of its amendments
and corrigenda (if any)
English Version
Nuclear power plants - Instrumentation and control important to
safety - Hardware design requirements for computer-based
systems
(IEC 60987:2021)
Centrales nucléaires de puissance - Systèmes Kernkraftwerke - Leittechnische Systeme mit
d'instrumentation et de contrôle-commande importants pour sicherheitstechnischer Bedeutung - Hardware-
la sûreté - Exigences applicables au matériel Anforderungen
(IEC 60987:2021) (IEC 60987:2021)
This European Standard was approved by CENELEC on 2021-08-16. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2021 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 60987:2021 E
---------------------- Page: 3 ----------------------
SIST EN IEC 60987:2021
EN IEC 60987:2021 (E)
European foreword
This document (EN IEC 60987:2021) consists of the text of IEC 60987:2021 prepared by IEC/TC 45
"Nuclear instrumentation".
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2022-08-16
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2024-08-16
document have to be withdrawn
This document supersedes EN 60987:2015 and all of its amendments and corrigenda (if any).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member
States are not prevented from taking more stringent safety measures in the subject-matter covered by
the Directive, in compliance with Community law.
In a similar manner, this European standard does not prevent Member States from taking more
stringent nuclear safety and/or security measures in the subject-matter covered by this standard.”
Any feedback and questions on this document should be directed to the users’ national committee. A
complete listing of these bodies can be found on the CENELEC website.
Endorsement notice
The text of the International Standard IEC 60987:2021 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
IEC 60671:2007 NOTE Harmonized as EN 60671:2011 (not modified)
IEC 61226 NOTE Harmonized as EN IEC 61226
IEC 62340:2007 NOTE Harmonized as EN 62340:2010 (not modified)
IEC 62645 NOTE Harmonized as EN IEC 62645
IEC 63046:2020 NOTE Harmonized as EN IEC 63046:2021 (not modified)
ISO 9001 NOTE Harmonized as EN ISO 9001
2
---------------------- Page: 4 ----------------------
SIST EN IEC 60987:2021
EN IEC 60987:2021 (E)
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1 Where an International Publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60812 - Failure modes and effects analysis (FMEA EN IEC 60812 -
and FMECA)
IEC 60880 - Nuclear power plants - Instrumentation and EN 60880 -
control systems important to safety -
Software aspects for computer-based
systems performing category A functions
IEC 61000-1 series Electromagnetic compatibility (EMC) - PartE N 61000-1 series
1-2: General - Methodology for the
achievement of functional safety of
electrical and electronic systems including
equipment with regard to electromagnetic
phenomena
IEC 61025 - Fault tree analysis (FTA) EN 61025 -
IEC 61513 2011 Nuclear power plants - Instrumentation and EN 61513 2013
control important to safety - General
requirements for systems
IEC 61709 - Electric components - Reliability - EN 61709 -
Reference conditions for failure rates and
stress models for conversion
IEC 62003 - Nuclear power plants - Instrumentation, EN IEC 62003 -
control and electrical power systems -
Requirements for electromagnetic
compatibility testing
IEC 62138 2018 Nuclear power plants - Instrumentation and EN IEC 62138 2019
control systems important to safety -
Software aspects for computer-based
systems performing category B or C
functions
IEC 62566 2012 Nuclear power plants - Instrumentation and EN 62566 2014
control important to safety - Development
of HDL-programmed integrated circuits for
systems performing category A functions
3
---------------------- Page: 5 ----------------------
SIST EN IEC 60987:2021
EN IEC 60987:2021 (E)
Publication Year Title EN/HD Year
IEC 62566-2 - Nuclear power plants - Instrumentation and EN IEC 62566-2 -
control systems important to safety -
Development of HDL-programmed
integrated circuits - Part 2: HDL-
programmed integrated circuits for systems
performing category B or C functions
ISO 2859-0 - Sampling procedures for inspection by - -
attributes_- Part_0: Introduction to the
ISO_2859 attribute sampling system
IEC/IEEE 60780-- Nuclear facilities - Electrical equipment EN 60780-323 -
323 important to safety - Qualification
IEC/IEEE 60980-- Nuclear facilities - Equipment important to EN IEC/IEEE-
344 safety - Seismic qualification 60980-344
4
---------------------- Page: 6 ----------------------
SIST EN IEC 60987:2021
IEC 60987
®
Edition 3.0 2021-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Nuclear power plants – Instrumentation and control important to safety –
Hardware requirements
Centrales nucléaires de puissance – Systèmes d’instrumentation et de contrôle-
commande importants pour la sûreté – Exigences applicables au matériel
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 27.120.20 ISBN 978-2-8322-9319-5
Warning! Make sure that you obtained this publication from an authorized distributor.
Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.
® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale
---------------------- Page: 7 ----------------------
SIST EN IEC 60987:2021
– 2 – IEC 60987:2021 © IEC 2021
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 9
2 Normative references . 9
3 Terms and definitions . 10
4 Symbols and abbreviated terms . 17
5 Hardware safety lifecycle . 17
5.1 General . 17
5.2 Hardware safety lifecycle for class 1 and class 2 . 20
5.2.1 Project structure for class 1 and class 2 . 20
5.2.2 Quality management for class 1 and class 2 . 20
5.2.3 Verification of hardware for class 1 and class 2 . 21
5.3 Hardware safety lifecycle for class 3 . 23
5.3.1 Project structure and quality management for class 3 . 23
5.3.2 Verification of hardware for class 3 . 24
6 Hardware aspects of system requirements specification . 24
6.1 Hardware aspects of system requirements specification for class 1 and
class 2 . 24
6.1.1 General requirements for class 1 and class 2 . 24
6.1.2 Functional and performance requirements for class 1 and class 2 . 25
6.1.3 Reliability requirements for class 1 and class 2 . 26
6.1.4 Environmental conditions requirements for class 1 and class 2 . 27
6.1.5 Manufacturing requirements for class 1 and class 2 . 27
6.1.6 Documentation requirements for class 1 and class 2 . 27
6.2 Hardware aspects of system requirements specification for class 3. 27
6.2.1 General requirements for class 3 . 27
6.2.2 Reliability for class 3 . 27
6.2.3 Environmental conditions requirements for class 3 . 28
6.2.4 Documentation requirements for class 3 . 28
7 Selection of pre-existing components . 28
7.1 Selection of pre-existing components for class 1 and class 2 . 28
7.2 Selection of pre-existing components for class 3 . 29
8 Hardware aspects of system detailed design and implementation . 29
8.1 Hardware aspects of system detailed design and implementation for class 1
and class 2 . 29
8.1.1 General requirement for class 1 and class 2 . 29
8.1.2 Design activities for class 1 and class 2 . 30
8.1.3 Reliability for class 1 and class 2 . 30
8.1.4 Maintenance for class 1 and class 2 . 31
8.1.5 Power failure for class 1 and class 2 . 32
8.1.6 Design documentation for class 1 and class 2 . 32
8.2 Hardware aspects of system detailed design and implementation for class 3 . 33
8.2.1 General requirement for class 3 . 33
8.2.2 Reliability for class 3 . 33
8.2.3 Maintenance for class 3 . 33
9 Equipment (component) manufacturing . 33
---------------------- Page: 8 ----------------------
SIST EN IEC 60987:2021
IEC 60987:2021 © IEC 2021 – 3 –
9.1 Equipment (component) manufacturing for class 1 and class 2 . 33
9.1.1 Manufacturing quality management for class 1 and class 2 . 33
9.1.2 Training of personnel for class 1 and class 2 . 34
9.1.3 Planning and organisation of the manufacturing activities for class 1
and class 2 . 35
9.1.4 Input data for class 1 and class 2 . 35
9.1.5 Purchasing and procurement for class 1 and class 2 . 35
9.1.6 Manufacturing for class 1 and class 2 . 36
9.2 Equipment (component) manufacturing for class 3 . 41
9.2.1 Manufacturing quality management for class 3 . 41
9.2.2 Training of personnel for class 3 . 41
9.2.3 Input data for class 3 . 41
9.2.4 Purchasing and procurement for class 3 . 42
9.2.5 Assessment of electronic modules for class 3 . 42
9.2.6 Identification and traceability for class 3 . 43
9.2.7 Protection and storage of product for class 3 . 43
9.2.8 Manufacturing of electronic modules for class 3 . 44
10 Hardware aspects of system installation . 44
10.1 General . 44
11 Hardware aspects of system modification . 45
11.1 General . 45
12 Operation and maintenance . 45
12.1 General . 45
12.2 Operation and maintenance requirements . 46
12.3 Failure data . 46
12.3.1 Failure data acquired during equipment operation constitutes a major
source of information which can be used to improve: . 46
12.4 Operation and maintenance documentation . 47
Annex A (informative) Typical documentation. 48
Bibliography . 49
Figure 1 – System safety lifecycle (informative, as defined by IEC 61513) . 18
Figure 2 – Hardware related activities in the system safety lifecycle . 19
Table A.1 – Typical documentation . 48
---------------------- Page: 9 ----------------------
SIST EN IEC 60987:2021
– 4 – IEC 60987:2021 © IEC 2021
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
NUCLEAR POWER PLANTS – INSTRUMENTATION AND CONTROL
IMPORTANT TO SAFETY – HARDWARE REQUIREMENTS
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 60987 has been prepared by subcommittee 45A: Instrumentation,
control and electrical power systems of nuclear facilities, of IEC technical committee 45:
Nuclear instrumentation.
This third edition cancels and replaces the second edition published in 2007, and its
Amendment 1, published in 2013. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) Title modified;
b) Take account of the fact that hardware requirements apply to all I&C technologies,
including conventional hardwired equipment, programmable digital equipment or by using
a combination of both types of equipment;
c) Align the standard with the new revisions of IAEA documents SSR-2/1, which include as
far as possible an adaptation of the definitions;
---------------------- Page: 10 ----------------------
SIST EN IEC 60987:2021
IEC 60987:2021 © IEC 2021 – 5 –
d) Replace, as far as possible, the requirements associated with standards published since
the edition 2.1, especially IEC 61513, IEC 60880, IEC 62138, IEC 62566 and
IEC 62566‑2;
e) Review the existing requirements and update the terminology and definitions;
f) Extend the scope of the standard to all hardware (computerized and non-computerized)
and to all safety classes 1, 2 and 3;
g) Complete, update the IEC and IAEA references and vocabulary;
h) Check possible impact of other IAEA requirements and recommendations considering
extension of the scope of SC 45A;
i) Highlight the use of IEC 62566 and IEC 62566-2 for HPD development;
j) Introduce specific activities for pre-existing items (selection, acceptability and/or
mitigation);
k) Introduce clearer requirements for electronic module-level design, manufacturing and
control;
l) Complete reliability assessment methods;
m) Introduce requirements when using automated tests or control activities;
n) Complete description of manufacturing control activities (control process, assessment of
manufactured equipment, preservation of products);
o) Define and ensure the inclusion of a graded approach for dealing with the 3 different
classes of equipment and related requirements.
The text of this International Standard is based on the following documents:
FDIS Report on voting
45A/1365/FDIS 45A/1372/RVD
Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
---------------------- Page: 11 ----------------------
SIST EN IEC 60987:2021
– 6 – IEC 60987:2021 © IEC 2021
INTRODUCTION
a) Technical background, main issues and organization of the standard
This International Standard provides requirements on the hardware aspects of E/E/PE items
used in instrumentation and control (I&C) systems performing safety functions as defined by
IEC 61226.
It is consistent with, and complementary to, IEC 61513. Activities that are mainly system level
activities (for example, integration, validation and installation) are not addressed exhaustively
by this document: requirements that are not specific to hardware are deferred to IEC 61513.
The basic principles for the design of nuclear instrumentation, as specifically applied to the
systems important to safety of nuclear power plants, were first interpreted in nuclear
standards with reference to hardwired systems in IAEA Safety Guide 50 SG D3 which has
been superseded by IAEA Guide SSG-39.
IEC 60987 was first issued in 1989 to cover the hardware aspects of digital systems design
for systems important to safety.
Although many of the requirements within the original issue continue to be relevant, there
were significant factors which justified the development of this revised edition of IEC 60987, in
particular:
– the use of different technologies that may include conventional hardwired equipment,
programmable digital equipment or by using a combination of both types of equipment;
– IEC 61226 and IEC 61513 cover I&C systems performing 3 different categories of
functions (A, B and C) and 3 classes of systems (class 1, 2 and 3);
– the use of pre-existing components, rather than bespoke developments, has increased
significantly.
b) Situation of the current standard in the structure of the IEC SC 45A standard series
The first-level IEC SC 45A standard for I&C systems important to safety in nuclear power
plants (NPPs) is IEC 61513. IEC 60987 is a second-level IEC SC 45A standard which
addresses the generic issue of I&C systems hardware requirements.
IEC 60880 and IEC 62138 are second-level standards which together cover the software
aspects of computer-based systems used to perform functions important to safety in NPPs.
IEC 60880 and IEC 62138 make direct reference to IEC 60987 for I&C systems hardware
requirements.
IEC 62566 and IEC 62566-2 are second-level standards which together cover the
development of HPDs used to perform functions important to safety in NPPs. IEC 62566 and
IEC 62566-2 make direct reference to IEC 60987 for I&C systems hardware requirements.
The requirements of IEC/IEEE 60780-323 for equipment qualification are referenced within
IEC 60987.
For more details on the structure of the IEC SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of the standard
It is important to note that this standard establishes no additional functional requirements for
classified systems (see IEC 61226 for system classification requirements).
---------------------- Page: 12 ----------------------
SIST EN IEC 60987:2021
IEC 60987:2021 © IEC 2021 – 7 –
Aspects for which special recommendations have been produced (so as to assure the
production of highly reliable systems), are:
– a general approach to the hardware safety lifecycle;
– an approach from the requirements specifications down to on-site operation and
maintenance activities.
It is recognized that I&C technology is continuing to evolve and that it is not possible for a
standard such as this to include references to all modern design technologies and techniques.
To ensure that the standard will continue to be relevant in future years the emphasis has been
placed on issues of principle, rather than specific hardware design technologies. If new
design techniques are developed then it is possible to assess the suitability of such
techniques by adapting and applying the design principles contained within this standard.
The scope of this document covers I&C systems hardware for all classes of systems important
to safety. This includes conventional hardwired equipment, programmable digital equipment
or by using a combination of both types of equipment; it covers the assessment and use of
pre-existing items, for example, commercial off-the-shelf items (COTS), and the development
of new hardware.
This document does not explicitly address how to protect systems against those threats
arising from malicious attacks, i.e. cybersecurity, for programmable digital item. IEC 62645
provides requirements for security programmes for programmable digital item for all their
development phases and on-site operation.
d) Description of the structure of the IEC SC 45A standard series and relationships
with other IEC documents and other bodies documents (IAEA, ISO)
The top-level documents of the IEC SC 45A standard series are IEC 61513 and IEC 63046.
IEC 61513 provides general requirements for I&C systems and equipment that are used to
perform functions important to safety in NPPs. IEC 63046 provides general requirements for
electrical power systems of NPPs; it covers power supply
...
SLOVENSKI STANDARD
oSIST prEN IEC 60987:2021
01-junij-2021
Jedrske elektrarne - Merilna in nadzorna oprema za zagotavljanje varnosti -
Zahteve za načrtovanje strojne opreme računalniških sistemov (IEC 60987:2021)
Nuclear power plants - Instrumentation and control important to safety - Hardware design
requirements for computer-based systems (IEC 60987:2021)
Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung -
Hardware-Anforderungen (IEC 60987:2021)
Centrales nucléaires de puissance - Systèmes d'instrumentation et de contrôle-
commande importants pour la sûreté - Exigences applicables au matériel (IEC
60987:2021)
Ta slovenski standard je istoveten z: prEN IEC 60987:2021
ICS:
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
oSIST prEN IEC 60987:2021 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
oSIST prEN IEC 60987:2021
---------------------- Page: 2 ----------------------
oSIST prEN IEC 60987:2021
EUROPEAN STANDARD DRAFT
prEN IEC 60987
NORME EUROPÉENNE
EUROPÄISCHE NORM
April 2021
ICS 27.120.20 Will supersede EN 60987:2015 and all of its
amendments and corrigenda (if any)
English Version
Nuclear power plants - Instrumentation and control important to
safety - Hardware design requirements for computer-based
systems
(IEC 60987:2021)
Centrales nucléaires de puissance - Systèmes To be completed
d’alimentation électrique - Analyse des systèmes (IEC 60987:2021)
d’alimentation électrique
(IEC 60987:2021)
This draft European Standard is submitted to CENELEC members for enquiry.
Deadline for CENELEC: 2021-07-09.
The text of this draft consists of the text of IEC 60987:2021.
If this draft becomes a European Standard, CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which
stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
This draft European Standard was established by CENELEC in three official versions (English, French, German).
A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to
the CEN-CENELEC Management Centre has the same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to
provide supporting documentation.
Warning : This document is not a European Standard. It is distributed for review and comments. It is subject to change without notice and
shall not be referred to as a European Standard.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2021 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Project: 73539 Ref. No. prEN IEC 60987:2021 E
---------------------- Page: 3 ----------------------
oSIST prEN IEC 60987:2021
prEN IEC 60987:2021 (E)
European foreword
This document (prEN IEC 60987:2021) consists of the text of document IEC 60987:2021, prepared by
IEC/TC 45 "Instrumentation, control and electrical power systems of nuclear facilities"
This document is currently submitted to the CENELEC Enquiry.
The following dates are proposed:
• latest date by which the existence of this document (doa) dor + 6 months
has to be announced at national level
• latest date by which this document has to be (dop) dor + 12 months
implemented at national level by publication of an
identical national standard or by endorsement
• latest date by which the national standards (dow) dor + 36 months
conflicting with this document have to be withdrawn (to be confirmed or
modified when voting)
This document will supersede EN 60987:2015 and all of its amendments and corrigenda (if any).
As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member States
are not prevented from taking more stringent safety measures in the subject-matter covered by the
Directive, in compliance with Community law.
In a similar manner, this European standard does not prevent Member States from taking more stringent
nuclear safety and/or security measures in the subject-matter covered by this standard.
In the official version, for Bibliography, the following notes have to be added for the standards indicated:
IEC 60671:2007 NOTE Harmonized as EN 60671:2011 (not modified)
IEC 61226 NOTE Harmonized as EN 61226
IEC 62645 NOTE Harmonized as EN IEC 62645
ISO 9001 NOTE Harmonized as EN ISO 9001
2
---------------------- Page: 4 ----------------------
oSIST prEN IEC 60987:2021
prEN IEC 60987:2021 (E)
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60812 - Failure modes and effects analysis (FMEA and EN IEC 60812 -
FMECA)
IEC 60880 - Nuclear power plants - Instrumentation and EN 60880 -
control systems important to safety - Software
aspects for computer-based systems
performing category A functions
IEC 61000-1 series Electromagnetic compatibility (EMC) - Part 1-2: EN 61000-1 series
General - Methodology for the achievement of
functional safety of electrical and electronic
systems including equipment with regard to
electromagnetic phenomena
IEC 61025 - Fault tree analysis (FTA) EN 61025 -
IEC 61513 2011 Nuclear power plants - Instrumentation and EN 61513 2013
control important to safety - General
requirements for systems
IEC 61709 - Electric components - Reliability - Reference EN 61709 -
conditions for failure rates and stress models
for conversion
IEC 62003 - Nuclear power plants - Instrumentation, control EN IEC 62003 -
and electrical power systems - Requirements
for electromagnetic compatibility testing
IEC 62138 2018 Nuclear power plants - Instrumentation and EN IEC 62138 2019
control systems important to safety - Software
aspects for computer-based systems
performing category B or C functions
IEC 62566 2012 Nuclear power plants - Instrumentation and EN 62566 2014
control important to safety - Development of
HDL-programmed integrated circuits for
systems performing category A functions
IEC 62566-2 - Nuclear power plants - Instrumentation and EN IEC 62566-2 -
control systems important to safety -
Development of HDL-programmed integrated
circuits - Part 2: HDL-programmed integrated
circuits for systems performing category B or C
functions
ISO 2859-0 - Sampling procedures for inspection by - -
attributes_- Part_0: Introduction to the
ISO_2859 attribute sampling system
IEC/IEEE 60780-323 - Nuclear facilities - Electrical equipment EN 60780-323 -
important to safety - Qualification
IEC/IEEE 60980-344 - Nuclear facilities - Equipment important to EN IEC/IEEE -
safety - Seismic qualification 60980-344
3
---------------------- Page: 5 ----------------------
oSIST prEN IEC 60987:2021
---------------------- Page: 6 ----------------------
oSIST prEN IEC 60987:2021
IEC 60987
®
Edition 3.0 2021-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Nuclear power plants – Instrumentation and control important to safety –
Hardware requirements
Centrales nucléaires de puissance – Systèmes d’instrumentation et de contrôle-
commande importants pour la sûreté – Exigences applicables au matériel
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 27.120.20 ISBN 978-2-8322-9319-5
Warning! Make sure that you obtained this publication from an authorized distributor.
Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.
® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale
---------------------- Page: 7 ----------------------
oSIST prEN IEC 60987:2021
– 2 – IEC 60987:2021 © IEC 2021
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 9
2 Normative references . 9
3 Terms and definitions . 10
4 Symbols and abbreviated terms . 17
5 Hardware safety lifecycle . 17
5.1 General . 17
5.2 Hardware safety lifecycle for class 1 and class 2 . 20
5.2.1 Project structure for class 1 and class 2 . 20
5.2.2 Quality management for class 1 and class 2 . 20
5.2.3 Verification of hardware for class 1 and class 2 . 21
5.3 Hardware safety lifecycle for class 3 . 23
5.3.1 Project structure and quality management for class 3 . 23
5.3.2 Verification of hardware for class 3 . 24
6 Hardware aspects of system requirements specification . 24
6.1 Hardware aspects of system requirements specification for class 1 and
class 2 . 24
6.1.1 General requirements for class 1 and class 2 . 24
6.1.2 Functional and performance requirements for class 1 and class 2 . 25
6.1.3 Reliability requirements for class 1 and class 2 . 26
6.1.4 Environmental conditions requirements for class 1 and class 2 . 27
6.1.5 Manufacturing requirements for class 1 and class 2 . 27
6.1.6 Documentation requirements for class 1 and class 2 . 27
6.2 Hardware aspects of system requirements specification for class 3. 27
6.2.1 General requirements for class 3 . 27
6.2.2 Reliability for class 3 . 27
6.2.3 Environmental conditions requirements for class 3 . 28
6.2.4 Documentation requirements for class 3 . 28
7 Selection of pre-existing components . 28
7.1 Selection of pre-existing components for class 1 and class 2 . 28
7.2 Selection of pre-existing components for class 3 . 29
8 Hardware aspects of system detailed design and implementation . 29
8.1 Hardware aspects of system detailed design and implementation for class 1
and class 2 . 29
8.1.1 General requirement for class 1 and class 2 . 29
8.1.2 Design activities for class 1 and class 2 . 30
8.1.3 Reliability for class 1 and class 2 . 30
8.1.4 Maintenance for class 1 and class 2 . 31
8.1.5 Power failure for class 1 and class 2 . 32
8.1.6 Design documentation for class 1 and class 2 . 32
8.2 Hardware aspects of system detailed design and implementation for class 3 . 33
8.2.1 General requirement for class 3 . 33
8.2.2 Reliability for class 3 . 33
8.2.3 Maintenance for class 3 . 33
9 Equipment (component) manufacturing . 33
---------------------- Page: 8 ----------------------
oSIST prEN IEC 60987:2021
IEC 60987:2021 © IEC 2021 – 3 –
9.1 Equipment (component) manufacturing for class 1 and class 2 . 33
9.1.1 Manufacturing quality management for class 1 and class 2 . 33
9.1.2 Training of personnel for class 1 and class 2 . 34
9.1.3 Planning and organisation of the manufacturing activities for class 1
and class 2 . 35
9.1.4 Input data for class 1 and class 2 . 35
9.1.5 Purchasing and procurement for class 1 and class 2 . 35
9.1.6 Manufacturing for class 1 and class 2 . 36
9.2 Equipment (component) manufacturing for class 3 . 41
9.2.1 Manufacturing quality management for class 3 . 41
9.2.2 Training of personnel for class 3 . 41
9.2.3 Input data for class 3 . 41
9.2.4 Purchasing and procurement for class 3 . 42
9.2.5 Assessment of electronic modules for class 3 . 42
9.2.6 Identification and traceability for class 3 . 43
9.2.7 Protection and storage of product for class 3 . 43
9.2.8 Manufacturing of electronic modules for class 3 . 44
10 Hardware aspects of system installation . 44
10.1 General . 44
11 Hardware aspects of system modification . 45
11.1 General . 45
12 Operation and maintenance . 45
12.1 General . 45
12.2 Operation and maintenance requirements . 46
12.3 Failure data . 46
12.3.1 Failure data acquired during equipment operation constitutes a major
source of information which can be used to improve: . 46
12.4 Operation and maintenance documentation . 47
Annex A (informative) Typical documentation. 48
Bibliography . 49
Figure 1 – System safety lifecycle (informative, as defined by IEC 61513) . 18
Figure 2 – Hardware related activities in the system safety lifecycle . 19
Table A.1 – Typical documentation . 48
---------------------- Page: 9 ----------------------
oSIST prEN IEC 60987:2021
– 4 – IEC 60987:2021 © IEC 2021
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
NUCLEAR POWER PLANTS – INSTRUMENTATION AND CONTROL
IMPORTANT TO SAFETY – HARDWARE REQUIREMENTS
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 60987 has been prepared by subcommittee 45A: Instrumentation,
control and electrical power systems of nuclear facilities, of IEC technical committee 45:
Nuclear instrumentation.
This third edition cancels and replaces the second edition published in 2007, and its
Amendment 1, published in 2013. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) Title modified;
b) Take account of the fact that hardware requirements apply to all I&C technologies,
including conventional hardwired equipment, programmable digital equipment or by using
a combination of both types of equipment;
c) Align the standard with the new revisions of IAEA documents SSR-2/1, which include as
far as possible an adaptation of the definitions;
---------------------- Page: 10 ----------------------
oSIST prEN IEC 60987:2021
IEC 60987:2021 © IEC 2021 – 5 –
d) Replace, as far as possible, the requirements associated with standards published since
the edition 2.1, especially IEC 61513, IEC 60880, IEC 62138, IEC 62566 and
IEC 62566‑2;
e) Review the existing requirements and update the terminology and definitions;
f) Extend the scope of the standard to all hardware (computerized and non-computerized)
and to all safety classes 1, 2 and 3;
g) Complete, update the IEC and IAEA references and vocabulary;
h) Check possible impact of other IAEA requirements and recommendations considering
extension of the scope of SC 45A;
i) Highlight the use of IEC 62566 and IEC 62566-2 for HPD development;
j) Introduce specific activities for pre-existing items (selection, acceptability and/or
mitigation);
k) Introduce clearer requirements for electronic module-level design, manufacturing and
control;
l) Complete reliability assessment methods;
m) Introduce requirements when using automated tests or control activities;
n) Complete description of manufacturing control activities (control process, assessment of
manufactured equipment, preservation of products);
o) Define and ensure the inclusion of a graded approach for dealing with the 3 different
classes of equipment and related requirements.
The text of this International Standard is based on the following documents:
FDIS Report on voting
45A/1365/FDIS 45A/1372/RVD
Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
---------------------- Page: 11 ----------------------
oSIST prEN IEC 60987:2021
– 6 – IEC 60987:2021 © IEC 2021
INTRODUCTION
a) Technical background, main issues and organization of the standard
This International Standard provides requirements on the hardware aspects of E/E/PE items
used in instrumentation and control (I&C) systems performing safety functions as defined by
IEC 61226.
It is consistent with, and complementary to, IEC 61513. Activities that are mainly system level
activities (for example, integration, validation and installation) are not addressed exhaustively
by this document: requirements that are not specific to hardware are deferred to IEC 61513.
The basic principles for the design of nuclear instrumentation, as specifically applied to the
systems important to safety of nuclear power plants, were first interpreted in nuclear
standards with reference to hardwired systems in IAEA Safety Guide 50 SG D3 which has
been superseded by IAEA Guide SSG-39.
IEC 60987 was first issued in 1989 to cover the hardware aspects of digital systems design
for systems important to safety.
Although many of the requirements within the original issue continue to be relevant, there
were significant factors which justified the development of this revised edition of IEC 60987, in
particular:
– the use of different technologies that may include conventional hardwired equipment,
programmable digital equipment or by using a combination of both types of equipment;
– IEC 61226 and IEC 61513 cover I&C systems performing 3 different categories of
functions (A, B and C) and 3 classes of systems (class 1, 2 and 3);
– the use of pre-existing components, rather than bespoke developments, has increased
significantly.
b) Situation of the current standard in the structure of the IEC SC 45A standard series
The first-level IEC SC 45A standard for I&C systems important to safety in nuclear power
plants (NPPs) is IEC 61513. IEC 60987 is a second-level IEC SC 45A standard which
addresses the generic issue of I&C systems hardware requirements.
IEC 60880 and IEC 62138 are second-level standards which together cover the software
aspects of computer-based systems used to perform functions important to safety in NPPs.
IEC 60880 and IEC 62138 make direct reference to IEC 60987 for I&C systems hardware
requirements.
IEC 62566 and IEC 62566-2 are second-level standards which together cover the
development of HPDs used to perform functions important to safety in NPPs. IEC 62566 and
IEC 62566-2 make direct reference to IEC 60987 for I&C systems hardware requirements.
The requirements of IEC/IEEE 60780-323 for equipment qualification are referenced within
IEC 60987.
For more details on the structure of the IEC SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of the standard
It is important to note that this standard establishes no additional functional requirements for
classified systems (see IEC 61226 for system classification requirements).
---------------------- Page: 12 ----------------------
oSIST prEN IEC 60987:2021
IEC 60987:2021 © IEC 2021 – 7 –
Aspects for which special recommendations have been produced (so as to assure the
production of highly reliable systems), are:
– a general approach to the hardware safety lifecycle;
– an approach from the requirements specifications down to on-site operation and
maintenance activities.
It is recognized that I&C technology is continuing to evolve and that it is not possible for a
standard such as this to include references to all modern design technologies and techniques.
To ensure that the standard will continue to be relevant in future years the emphasis has been
placed on issues of principle, rather than specific hardware design technologies. If new
design techniques are developed then it is possible to assess the suitability of such
techniques by adapting and applying the design principles contained within this standard.
The scope of this document covers I&C systems hardware for all classes of systems important
to safety. This includes conventional hardwired equipment, programmable digital equipment
or by using a combination of both types of equipment; it covers the assessment and use of
pre-existing items, for example, commercial off-the-shelf items (COTS), and the development
of new hardware.
This document does not explicitly address how to protect systems against those threats
arising from malicious attacks, i.e. cybersecurity, for programmable digital item. IEC 62645
provides requirements for security programmes for programmable digital item for all their
development phases and on-site operation.
d) Description of the structure of the IEC SC 45A standard series and relationships
with other IEC documents and other bodies documents (IAEA, ISO)
The top-level documents of the IEC SC 45A standard series are IEC 61513 and IEC 63046.
IEC 61513 provides general requirements for I&C systems and equipment that are used to
perform functions important to safety in NPPs. IEC 63046 provides general requirements for
electrical power systems of NPPs; it covers power supply systems including the supply
systems of the I&C
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.