SIST EN 60987:2010
(Main)Nuclear power plants - Instrumentation and control important to safety - Hardware design requirements for computer-based systems
Nuclear power plants - Instrumentation and control important to safety - Hardware design requirements for computer-based systems
This International Standard is applicable to NPP computer-system hardware for systems of Class 1 and 2 (as defined by IEC 61513). The structure of this standard has not changed significantly from the original 1989 issue; however, some issues are now covered by standards which have been issued in the interim (for example, IEC 61513 for system architecture design) and references to new standards have been provided where applicable. The text of the standard has also been modified to reflect developments in computer system hardware design, the use of pre-developed (for example, COTS) hardware and changes in terminology. Computer hardware facilities used for software loading and checking are not considered to form an intrinsic part of a system important to safety and, as such, are outside the scope of this standard. Although the primary aim of this standard is to address aspects of new hardware development, the processes defined within this standard may also be used to guide the assessment and use of pre-developed hardware, such as COTS hardware. Guidance has been provided in the text concerning the interpretation of the requirements of this standard when used for the assessment of such components. In particular, the quality assurance requirements of 4.3, concerning configuration control, apply. Pre-developed components may contain firmware (as defined in 3.8), and, where firmware software is deeply imbedded, and effectively "transparent" to the user, then IEC 60987 should be used to guide the assessment process for such components. An example of where this approach is considered appropriate is in the assessment of modern processors which contain a microcode. Such a code is generally an integral part of the "hardware", and it is therefore appropriate for the processor (including the microcode) to be assessed as an integrated hardware component using this standard. Software which is not firmware, as described above, should be developed or assessed according to the requirements of the relevant software standard (for example, IEC 60880 for Class 1 systems and IEC 62138 for Class 2 systems). I&C components may include programmable logic devices that are given their specific application logic design by the designer of the I&C component, as opposed to the chip manufacturer. Examples of such devices include complex programmable logic devices (CPLD) and field programmable gate arrays (FPGA). While the programmable nature of these devices gives the development processes used for these devices, some of the characteristics of a software development process and the design processes used for such devices, are very similar to those used to design logic circuits implemented with discrete gates and integrated circuit packages. Therefore, the design processes and design verification applied to programmable logic devices should comply with the relevant requirements of this standard (i.e. taking into account the particular features of the design processes of such devices). To the extent that software-based tools are used to support the design processes for programmable logic devices, those software tools should generally follow the guidance provided for software-based development tools in the appropriate software standard, i.e. IEC 60880 (Class 1 systems) or IEC 62138 (Class 2 systems).
Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung - Anforderungen an die Hardware-Auslegung rechnerbasierter Systeme
Centrales nucléaires de puissance - Instrumentation et contrôle-commande importants pour la sûreté - Exigences applicables à la conception du matériel des systèmes informatisés
Est applicable au matériel des systèmes informatisés des centrales nucléaires de puissance de Classes 1 et 2 (telles que définies dans la CEI 61513). Cette nouvelle édition tient compte des développements récemment survenus dans le domaine de la conception du matériel des systèmes informatisés, l'utilisation de matériels prédéveloppés commercialement disponibles sur étagère et l'évolution de la terminologie.
Jedrske elektrarne - Merilna in nadzorna oprema za zagotavljanje varnosti - Zahteve za načrtovanje strojne opreme računalniških sistemov (IEC 60987:2007, spremenjen)
Ta mednarodni standard velja za strojno opremo računalniških sistemov jedrskih elektrarn za sisteme Razreda 1 in 2 (kot jih določa standard IEC 61513). Struktura tega standarda se ni bistveno spremenila od izvirne izdaje leta 1989, vendar pa so nekatera vprašanja zdaj vključena v standarde, ki so izšli v vmesnem obdobju (na primer IEC 61513 za načrtovanje arhitekture sistema), na voljo pa so tudi sklici na nove standarde, kjer je primerno. Besedilo standarda se je spremenilo tako, da odraža razvoj na področju načrtovanja strojne opreme računalniških sistemov, uporabe vnaprej izdelane strojne opreme (na primer COTS) ter spremembe v terminologiji. Zmogljivosti računalniške strojne opreme, ki se uporablja za nalaganje programske opreme in preverjanje, ne spadajo v bistveni del sistema za zagotavljanje varnosti in so kot take izven področja uporabe tega standarda. Čeprav je glavni cilj tega standarda obravnava značilnosti izdelave nove strojne opreme, se lahko postopki, opredeljeni v tem standardu, uporabljajo tudi kot vodilo za ocenjevanje in uporabo vnaprej izdelane strojne opreme, kot je strojna oprema COTS. V besedilu so navodila glede predstavitve zahtev tega standarda, kadar se uporablja za oceno takšnih komponent. Veljajo predvsem zahteve za zagotavljanje kakovosti v točki 4.3 glede nadzora konfiguracije. Vnaprej razvite komponente lahko vključujejo sistemske programe (kot jih opredeljuje točka 3.8); kjer je programska oprema sistemskih programov popolnoma vgrajena in dejansko »očitna« za uporabnika, potem se mora IEC 60987 uporabiti kot vodilo za postopek ocenjevanja takšnih komponent. Primer ustreznosti takšnega pristopa je ocenjevanje modernih procesorjev, ki vsebujejo mikrokodo. Takšna koda je v splošnem sestavni del »strojne opreme«, zato je primerno, da se procesor (vključno z mikrokodo) ocenjuje s tem standardom kot neločljiva komponenta strojne opreme. Programska oprema, ki ni sistemski program, kot je opisano zgoraj, se izdeluje in ocenjuje v skladu z zahtevami ustreznega standarda za programsko opremo (na primer IEC 60880 za sisteme Razreda 1 in IEC 62138 za sisteme Razreda 2). Nadzorni in merilni elementi lahko vključujejo programirljive logične pripomočke, katerih specifično logično uporabnost načrtuje načrtovalec nadzornih in merilnih elementov, ne pa proizvajalec čipov. Primeri takšnih pripomočkov vključujejo kompleksna programirljiva logična vezja (CPLD) in programirljive matrike logičnih vrat (FPGA). Medtem ko programirljiva narava teh pripomočkov dopušča razvojne procese, ki se uporabljajo za te pripomočke, so nekatere značilnosti razvojnih procesov programske opreme in procesi načrtovanja takšnih pripomočkov zelo podobni tistim, ki se uporabljajo pri načrtovanju logičnih vezij za diskretna vrata in vgrajene pakete vezij. Procesi načrtovanja in preverjanje načrtovanja, ki veljajo za programirljive logične naprave, morajo torej izpolnjevati ustrezne zahteve tega standarda (tj. z upoštevanjem določenih lastnosti procesov načrtovanja takšnih naprav). Če se orodja na osnovi programske opreme uporabljajo za podporo procesov načrtovanja programirljivih logičnih naprav, morajo takšna programska orodja običajno upoštevati navodila za programska razvojna orodja v ustreznem standardu za programsko opremo, tj. IEC 60880 (sistemi Razreda 1) ali IEC 62138 (sistemi Razreda 2).
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
SIST EN 60987:2010
01-januar-2010
-HGUVNHHOHNWUDUQH0HULOQDLQQDG]RUQDRSUHPD]D]DJRWDYOMDQMHYDUQRVWL
=DKWHYH]DQDþUWRYDQMHVWURMQHRSUHPHUDþXQDOQLãNLKVLVWHPRY,(&
VSUHPHQMHQ
Nuclear power plants - Instrumentation and control important to safety - Hardware design
requirements for computer-based systems
Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung -
Anforderungen an die Hardware-Auslegung rechnerbasierter Systeme
Centrales nucléaires de puissance - Instrumentation et contrôle-commande importants
pour la sûreté - Exigences applicables à la conception du matériel des systèmes
informatisés
Ta slovenski standard je istoveten z: EN 60987:2009
ICS:
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
SIST EN 60987:2010 en,fr
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST EN 60987:2010
---------------------- Page: 2 ----------------------
SIST EN 60987:2010
EUROPEAN STANDARD
EN 60987
NORME EUROPÉENNE
June 2009
EUROPÄISCHE NORM
ICS 27.120.20
English version
Nuclear power plants -
Instrumentation and control important to safety -
Hardware design requirements for computer-based systems
(IEC 60987:2007, modified)
Centrales nucléaires de puissance - Kernkraftwerke -
Instrumentation et contrôle-commande Leittechnische Systeme mit
importants pour la sûreté - sicherheitstechnischer Bedeutung -
Exigences applicables à la conception Anforderungen an die
du matériel des systèmes informatisés Hardware-Auslegung
(CEI 60987:2007, modifiée) rechnerbasierter Systeme
(IEC 60987:2007, modifiziert)
This European Standard was approved by CENELEC on 2009-06-01. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the Central Secretariat has the same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Cyprus, the
Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain,
Sweden, Switzerland and the United Kingdom.
CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
Central Secretariat: Avenue Marnix 17, B - 1000 Brussels
© 2009 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 60987:2009 E
---------------------- Page: 3 ----------------------
SIST EN 60987:2010
EN 60987:2009 – 2 –
Foreword
The text of the International Standard IEC 60987:2007, prepared by SC 45A, Instrumentation and
control of nuclear facilities, of IEC TC 45, Nuclear instrumentation, together with the common
modifications prepared by the Technical Committee CENELEC TC 45AX, Instrumentation and control
of nuclear facilities, was submitted to the formal vote and was approved by CENELEC as EN 60987
on 2009-06-01.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
national standard or by endorsement (dop) 2010-06-01
– latest date by which the national standards conflicting
with the EN have to be withdrawn (dow) 2012-06-01
Annex ZA has been added by CENELEC.
________________
---------------------- Page: 4 ----------------------
SIST EN 60987:2010
– 3 – EN 60987:2009
Endorsement notice
The text of the International Standard IEC 60987:2007 was approved by CENELEC as a European
Standard with agreed common modifications as given below.
COMMON MODIFICATIONS
1 Scope
1.1 General
Replace NOTE 2 by the following text:
The more complex hardware components are out of the scope of EN 60987. IEC/SC 45 A
accepted new works items to cover the cases of those more complex hardware components
(e.g. IEC 62566 under development when EN 60987 was published).
---------------------- Page: 5 ----------------------
SIST EN 60987:2010
EN 60987:2009 – 4 –
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
NOTE When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.
Publication Year Title EN/HD Year
1)
IEC 60780 - Nuclear power plants - Electrical - -
equipment of the safety system -
Qualification
2)
1)
IEC 60812 - Analysis techniques for system EN 60812 2006
reliability - Procedure for failure
mode and effects analysis (FMEA)
1)
IEC 60880 - Nuclear power plants - - -
Instrumentation and control systems
important to safety - Software
aspects for computer-based systems
performing category A functions
IEC 61000 Series Electromagnetic compatibility (EMC) EN 61000 Series
1) 2)
IEC 61025 - Fault tree analysis (FTA) EN 61025
2007
IEC 61513 2001 Nuclear power plants - - -
Instrumentation and control for
systems important for safety -
General requirements for systems
1)
IEC 62138 - Nuclear power plants - - -
Instrumentation and control important
for safety - Software aspects for
computer-based systems performing
category B or C functions
2)
1)
ISO 9001 - Quality management systems - EN ISO 9001 2008
Requirements
1)
IAEA NS-G 1.3 - Instrumentation and control systems - -
important to safety in nuclear power
plants
IAEA 50-C/SG-Q 1996 Quality assurance for safety in - -
nuclear power plants and other
nuclear installations
———————
1)
Undated reference.
2)
Valid edition at date of issue.
---------------------- Page: 6 ----------------------
SIST EN 60987:2010
IEC 60987
Edition 2.0 2007-08
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Nuclear power plants – Instrumentation and control important to safety –
Hardware design requirements for computer-based systems
Centrales nucléaires de puissance – Instrumentation et contrôle-commande
importants pour la sûreté – Exigences applicables à la conception du matériel
des systèmes informatisés
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
V
CODE PRIX
ICS 27.120.20 ISBN 2-8318-9285-6
---------------------- Page: 7 ----------------------
SIST EN 60987:2010
– 2 – 60987 © IEC:2007
CONTENTS
FOREWORD.4
INTRODUCTION.6
1 Scope.8
1.1 General .8
1.2 Use of this standard for pre-developed (for example, COTS) hardware
assessment .8
1.3 Applicability of this standard to programmable logic devices development.9
2 Normative references .9
3 Terms and definitions .10
4 Project structure .12
4.1 General .12
4.2 Project subdivision .12
4.3 Quality assurance .12
5 Hardware requirements .13
5.1 General .13
5.2 Functional and performance requirements.14
5.3 Reliability/Availability requirements .15
5.4 Environmental withstand requirements .16
5.5 Documentation requirements.16
6 Design and development .17
6.1 General .17
6.2 Design activities .17
6.3 Reliability .18
6.4 Maintenance.18
6.5 Interfaces .19
6.6 Modification.19
6.7 Power failure .19
6.8 Component selection.19
6.9 Design documentation.19
7 Verification and validation .20
7.1 General .20
7.2 Verification plan .20
7.3 Independence of verification.21
7.4 Methods .21
7.5 Documentation .22
7.6 Discrepancies.22
7.7 Changes and modifications .22
7.8 Installation verification.22
7.9 Validation .22
7.10 Verification of pre-existing equipment platforms .22
8 Qualification .23
9 Manufacture .23
10 Installation and commissioning .23
11 Maintenance.23
11.1 Maintenance requirements .24
---------------------- Page: 8 ----------------------
SIST EN 60987:2010
60987 © IEC:2007 – 3 –
11.2 Failure data.24
11.3 Maintenance documentation.25
12 Modification.26
13 Operation .26
Annex A (informative) Overview of system life cycle .27
Annex B (informative) Outline of qualification.28
Annex C (informative) Example of maintenance procedure .29
Bibliography.30
---------------------- Page: 9 ----------------------
SIST EN 60987:2010
– 4 – 60987 © IEC:2007
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
NUCLEAR POWER PLANTS –
INSTRUMENTATION AND CONTROL
IMPORTANT TO SAFETY –
HARDWARE DESIGN REQUIREMENTS
FOR COMPUTER-BASED SYSTEMS
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 60987 has been prepared by subcommittee 45A: Instrumentation
and control of nuclear facilities, of IEC technical committee 45: Nuclear instrumentation.
This second edition cancels and replaces the first edition published in 1989. This edition
includes the following significant technical changes with respect to the previous edition:
• account has been taken of the fact that computer design engineering techniques have
advanced significantly in the intervening years;
• update of the format to align with the current IEC/ISO directives on the style of standards;
• alignment of the standard with the new revisions of IAEA documents NS-R-1 and NS-G-
1.3, which includes as far as possible an adaptation of the definitions;
---------------------- Page: 10 ----------------------
SIST EN 60987:2010
60987 © IEC:2007 – 5 –
• replacement, as far as possible, of the requirements associated with standards published
since the first edition, especially IEC 61513, IEC 60880, edition 2, and IEC 62138;
• review of the existing requirements and updating of the terminology and definitions.
The text of this standard is based on the following documents:
FDIS Report on voting
45A/662/FDIS 45A/666/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
---------------------- Page: 11 ----------------------
SIST EN 60987:2010
– 6 – 60987 © IEC:2007
INTRODUCTION
a) Technical background, main issues and organization of the standard
The basic principles for the design of nuclear instrumentation, as specifically applied to the
safety systems of nuclear power plants, were first interpreted in nuclear standards with
reference to hardwired systems in IAEA Safety Guide 50-SG-D3 which has been superseded
by IAEA Guide NS-G-1.3.
IEC 60987 was first issued in 1989 to cover the hardware aspects of digital systems design
for systems important to safety, i.e. safety systems and safety-related systems.
Although many of the requirements within the original issue continue to be relevant, there
were significant factors which justified the development of this revised edition of IEC 60987, in
particular:
– a new standard has been produced which addresses in detail the general requirements for
nuclear systems important to safety (IEC 61513);
– the use of pre-developed system platforms, rather than bespoke developments, has
increased significantly.
b) Situation of the current standard in the structure of the IEC SC 45A standard series
The first-level IEC SC 45A standard for computer-based systems important to safety in
nuclear power plants (NPPs) is IEC 61513. IEC 60987 is a second-level IEC SC 45A standard
which addresses the generic issue of hardware design of computerized systems.
IEC 60880 and IEC 62138 are second-level standards which together cover the software
aspects of computer-based systems used to perform functions important to safety in NPPs.
IEC 60880 and IEC 62138 make direct reference to IEC 60987 for hardware design.
The requirements of IEC 60780 for equipment qualification are referenced within IEC 60987.
For modules to be used in the design of a specific system important to safety, relevant and
auditable operating experience from nuclear or other applications as described in IEC 60780,
in combination with the application of rigorous quality assurance programmes, may be an
acceptable method of qualification.
For more details on the structure of the SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of the standard
It is important to note that this standard establishes no additional functional requirements for
Class 1 or Class 2 systems (see IEC 61513 for system classification requirements).
Aspects for which special recommendations have been produced (so as to assure the
production of highly reliable systems), are:
– a general approach to computing hardware development;
– a general approach to hardware verification and to the hardware aspects of computer
system validation.
---------------------- Page: 12 ----------------------
SIST EN 60987:2010
60987 © IEC:2007 – 7 –
It is recognized that computer technology is continuing to develop and that it is not possible
for a standard such as this to include references to all modern design technologies and
techniques. To ensure that the standard will continue to be relevant in future years the
emphasis has been placed on issues of principle, rather than specific hardware design
technologies. If new design techniques are developed then it should be possible to assess the
suitability of such techniques by adapting and applying the design principles contained within
this standard.
The scope of this standard covers digital systems hardware for Class 1 and Class 2 systems.
This includes multiprocessor distributed systems and single processor systems; it covers the
assessment and use of pre-developed items, for example, commercial off-the-shelf items
(COTS), and the development of new hardware.
d) Description of the structure of the SC 45A standard series and relationships with
other IEC, IAEA and ISO documents
The top-level document of the IEC SC 45A standard series is IEC 61513. It provides general
requirements for I&C systems and equipment that are used to perform functions important to
safety in NPPs. IEC 61513 structures the IEC SC 45A standard series.
IEC 61513 refers direct to other IEC SC 45A standards for general topics related to
categorization of functions and classification of systems, qualification, separation of systems,
defence against common-cause failure, software aspects of computer-based systems,
hardware aspects of computer-based systems, and control room design. The standards
referenced direct at this second level should be considered together with IEC 61513 as a
consistent document set.
At a third level, IEC SC 45A standards not referenced direct by IEC 61513 are standards
related to specific equipment, technical methods, or specific activities. Usually these
documents, which make reference to second-level documents for general topics, can be used
on their own.
A fourth level extending the IEC SC 45A standard series, corresponds to technical reports
which are not normative documents.
IEC 61513 has adopted a presentation format similar to the basic safety publication
IEC 61508 with an overall safety life-cycle framework and a system life-cycle framework and
provides an interpretation of the general requirements of IEC 61508-1, IEC 61508-2 and
IEC 61508-4, for the nuclear application sector. Compliance with IEC 61513 will facilitate
consistency with the requirements of IEC 61508 as they have been interpreted for the nuclear
industry. In this framework, IEC 60880 and IEC 62138 correspond to IEC 61508-3 for the
nuclear application sector.
IEC 61513 refers to ISO 9001 as well as to IAEA 50-C-QA (now replaced by IAEA 50-C/SG-Q)
for topics related to quality assurance (QA).
The IEC SC 45A standards series consistently implements and details the principles and
basic safety aspects provided in the IAEA Code on the safety of NPPs and in the IAEA safety
series, in particular the requirements of NS-R-1, establishing safety requirements related to
the design of NPPs, and Safety Guide NS-G-1.3 dealing with instrumentation and control
systems important to safety in NPPs. The terminology and definitions used by SC 45A
standards are consistent with those used by the IAEA.
---------------------- Page: 13 ----------------------
SIST EN 60987:2010
– 8 – 60987 © IEC:2007
NUCLEAR POWER PLANTS –
INSTRUMENTATION AND CONTROL
IMPORTANT TO SAFETY –
HARDWARE DESIGN REQUIREMENTS
FOR COMPUTER-BASED SYSTEMS
1 Scope
1.1 General
This International Standard is applicable to NPP computer-system hardware for systems of
Class 1 and 2 (as defined by IEC 61513).
The structure of this standard has not changed significantly from the original 1989 issue;
however, some issues are now covered by standards which have been issued in the interim
(for example, IEC 61513 for system architecture design) and references to new standards
have been provided where applicable. The text of the standard has also been modified to
reflect developments in computer system hardware design, the use of pre-developed (for
example, COTS) hardware and changes in terminology.
Computer hardware facilities used for software loading and checking are not considered to
form an intrinsic part of a system important to safety and, as such, are outside the scope of
this standard.
NOTE 1 Class 3 computer-system hardware is not addressed by this standard, and it is recommended that such
systems should be developed to commercial grade standards.
NOTE 2 In 2006 the development of a new standard to address hardware requirements for “very complex”
hardware was discussed within IEC SC 45A. If such a standard is developed then that standard would be used for
the development of “very complex” hardware in preference to IEC 60987.
1.2 Use of this standard for pre-developed (for example, COTS) hardware assessment
Although the primary aim of this standard is to address aspects of new hardware
development, the processes defined within this standard may also be used to guide the
assessment and use of pre-developed hardware, such as COTS hardware. Guidance has
been provided in the text concerning the interpretation of the requirements of this standard
when used for the assessment of such components. In particular, the quality assurance
requirements of 4.3, concerning configuration control, apply.
Pre-developed components may contain firmware (as defined in 3.8), and, where firmware
software is deeply imbedded, and effectively “transparent” to the user, then IEC 60987 should
be used to guide the assessment process for such components. An example of where this
approach is considered appropriate is in the assessment of modern processors which contain
a microcode. Such a code is generally an integral part of the “hardware”, and it is therefore
appropriate for the processor (including the microcode) to be assessed as an integrated
hardware component using this standard.
Software which is not firmware, as described above, should be developed or assessed
according to the requirements of the relevant software standard (for example, IEC 60880 for
Class 1 systems and IEC 62138 for Class 2 systems).
---------------------- Page: 14 ----------------------
SIST EN 60987:2010
60987 © IEC:2007 – 9 –
1.3 Applicability of this standard to programmable logic devices development
I&C components may include programmable logic devices that are given their specific
application logic design by the designer of the I&C component, as opposed to the chip
manufacturer. Examples of such devices include complex programmable logic devices (CPLD)
and field programmable gate arrays (FPGA).
While the programmable nature of these devices gives the development processes used for
these devices, some of the characteristics of a software development process and the design
processes used for such devices, are very similar to those used to design logic circuits
implemented with discrete gates and integrated circuit packages. Therefore, the design
processes and design verification applied to programmable logic devices should comply with
the relevant requirements of this standard (i.e. taking into account the particular features of
the design processes of such devices). To the extent that software-based tools are used to
support the design processes for programmable logic devices, those software tools should
generally follow the guidance provided for software-based development tools in the
appropriate software standard, i.e. IEC 60880 (Class 1 systems) or IEC 62138 (Class 2
systems).
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition ci
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.