Nuclear power plants - Control rooms - Supplementary control points for reactor shutdown without access to the main control room

This International Standard establishes requirements for the supplementary control points provided to enable the operating staff of nuclear power plants to shut down the reactor and maintain the plant in a safe shut-down state in the event that control of the safety functions can no longer be exercised from the main control room, due to unavailability of the main control room or its facilities. The standard also establishes requirements for the selection of functions, the design and organisation of the human-machine interface, and the procedures which shall be used systematically to verify and validate the functional design of the supplementary control points. It is assumed that supplementary control points provided for shutdown operations from outside the main control room would be unattended during normal plant conditions other than for periodic testing. The requirements reflect the application of human engineering principles as they apply to the human-machine interface during such periodic testing and during abnormal plant conditions. This standard does not cover special emergency response facilities (e.g. a technical support centre) or facilities provided for radioactive waste handling. Detailed equipment design is also outside the scope of the standard. This standard follows the principles of IAEA Requirements NS-R-1 “Safety of Nuclear Power Plants: Design” and IAEA Safety Guide NS-G-1.3 “Instrumentation and Control Systems Important to Safety in Nuclear Power Plants”. The purpose of this standard is to provide functional design requirements to be used in the design of the supplementary control points of a nuclear power plant to meet safety requirements. This standard is intended for application to supplementary control points whose conceptual design is initiated after the publication of this standard. If it is desired to apply it to existing plants or designs, special care must be taken to ensure a consistent design basis. This relates, for example, to factors such as the consistency between the supplementary control points and the main control room, the ergonomic approach, the automation level and the information technology.

Kernkraftwerke - Warten - Notsteuerstellen für das Abfahren des Reaktors ohne Verbindung zur Hauptwarte

Centrales nucléaires de puissance - Salles de commande - Points de commande supplémentaires pour l'arrêt des réacteurs sans accès à la salle de commande principale (salle de commande de repli)

La CEI 60965:2009 établit des exigences applicables aux points de commande supplémentaires permettant au personnel d'exploitation des centrales nucléaires d'arrêter le réacteur et de maintenir l'installation dans un état d'arrêt sûr, pour le cas où les fonctions de sûreté ne pourraient plus être commandées de la salle de commande principale, en cas d'indisponibilité de celle-ci ou de ses équipements. Les modifications techniques majeures par rapport à l'édition précédente sont les suivantes:
- clarification des définitions et revue technique des exigences;
- mise à jour des références avec celles des nouvelles normes CEI publiées depuis la première édition;
- mise en cohérence de la norme avec les nouvelles éditions des documents de l'AIEA pertinents.

Jedrske elektrarne - Nadzorne sobe - Dodatne nadzorne točke za prekinitev obratovanja reaktorja brez dostopa do glavne nadzorne sobe

Ta mednarodni standard vzpostavlja zahteve za dodatne nadzorne točke, ki operativnemu osebju jedrskih elektrarn omogočajo prekinitev obratovanja reaktorja in vzdrževanje elektrarne v varnem zaustavljenem stanju v primeru, da nadzora varnostnih funkcij ni več mogoče opravljati iz glavne nadzorne sobe zaradi nerazpoložljivosti glavne nadzorne sobe ali njene opreme. Standard tudi vzpostavlja zahteve za izbiro funkcij, načrtovanje in organizacijo vmesnika človek-stroj ter postopke, ki se bodo sistematično uporabljali za preverjanje in validacijo dodatnih nadzornih točk. Predvideva se, da se dodatne nadzorne točke za prekinitev obratovanja zunaj glavne nadzorne sobe med normalnimi pogoji v elektrarni ne bi uporabljale, razen pri občasnem preskušanju. Zahteve odsevajo uporabo človeških inženirskih načel, kot se uporabljajo za vmesnik človek-stroj pri takem občasnem preskušanju in med nenormalnimi pogoji v elektrarni. Ta standard ne zajema posebnih prostorov za ukrepanje ob nesreči (npr. tehničnega podpornega centra) ali prostorov za ravnanje z radioaktivnimi odpadki. Iz obsega uporabe tega standarda je prav tako izvzeta natančna zasnova opreme. Ta standard upošteva načela zahtev IAEA NS-R-1 »Varnost jedrskih elektrarn: načrtovanje« in varnostnih navodil IAEA NS-G-1.3 »Merilna in nadzorna oprema za zagotavljanje varnosti v jedrskih elektrarnah«. Namen tega standarda je zagotoviti zahteve glede funkcionalne zasnove, ki se uporabljajo pri načrtovanju dodatnih nadzornih točk jedrske elektrarne, tako da ustrezajo varnostnim zahtevam. Ta standard je namenjen uporabi pri dodatnih nadzornih točkah, katerih načrtovanje konstrukcije se začne po objavi tega standarda. Če se želi uporabiti za obstoječe elektrarne ali zasnove, je potrebna posebna previdnost, da osnova načrta ohrani konsistentnost. To se na primer nanaša na dejavnike, kot so skladnost med dodatnimi nadzornimi točkami in glavno nadzorno sobo, ergonomski pristop, raven avtomatizacije in informacijska tehnologija.

General Information

Status
Withdrawn
Publication Date
13-Sep-2011
Withdrawal Date
16-Jun-2019
Technical Committee
Current Stage
9900 - Withdrawal (Adopted Project)
Start Date
17-Jun-2019
Due Date
10-Jul-2019
Completion Date
17-Jun-2019

Relations

Buy Standard

Standard
EN 60965:2011
English language
19 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN 60965:2011
01-oktober-2011
-HGUVNHHOHNWUDUQH1DG]RUQHVREH'RGDWQHQDG]RUQHWRþNH]DSUHNLQLWHY
REUDWRYDQMDUHDNWRUMDEUH]GRVWRSDGRJODYQHQDG]RUQHVREH
Nuclear power plants - Control rooms - Supplementary control points for reactor
shutdown without access to the main control room
Kernkraftwerke - Warten - Notsteuerstellen für das Abfahren des Reaktors ohne
Verbindung zur Hauptwarte
Centrales nucléaires de puissance - Salles de commande - Points de commande
supplémentaires pour l'arrêt des réacteurs sans accès à la salle de commande principale
(salle de commande de repli)
Ta slovenski standard je istoveten z: EN 60965:2011
ICS:
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
SIST EN 60965:2011 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN 60965:2011

---------------------- Page: 2 ----------------------

SIST EN 60965:2011

EUROPEAN STANDARD
EN 60965

NORME EUROPÉENNE
August 2011
EUROPÄISCHE NORM

ICS 27.120.20


English version


Nuclear power plants -
Control rooms -
Supplementary control points for reactor shutdown without access to the
main control room
(IEC 60965:2009)


Centrales nucléaires de puissance -  Kernkraftwerke -
Salles de commande - Warten -
Points de commande supplémentaires Notsteuerstellen für das Abfahren des
pour l'arrêt des réacteurs sans accès à la Reaktors ohne Verbindung zur
salle de commande principale (salle de Hauptwarte
commande de repli) (IEC 60965:2009)
(CEI 60965:2009)





This European Standard was approved by CENELEC on 2011-08-08. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the Central Secretariat or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the Central Secretariat has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus,
the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia,
Spain, Sweden, Switzerland and the United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Management Centre: Avenue Marnix 17, B - 1000 Brussels


© 2011 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 60965:2011 E

---------------------- Page: 3 ----------------------

SIST EN 60965:2011
EN 60965:2011 - 2 -
Foreword
The text of the International Standard IEC 60965:2009, prepared by SC 45A, Instrumentation and control
of nuclear facilities, of IEC TC 45, Nuclear instrumentation, was submitted to the formal vote and was
approved by CENELEC as EN 60965 on 2011-08-08 without any modification.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN and CENELEC shall not be held responsible for identifying any or all such patent
rights.
The following dates were fixed:
– latest date by which the EN has to be implemented
at national level by publication of an identical
(dop) 2012-08-08
national standard or by endorsement
– latest date by which the national standards conflicting
(dow) 2014-08-08
with the EN have to be withdrawn
As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member States
are not prevented from taking more stringent safety measures in the subject-matter covered by the
Directive, in compliance with Community law.

In a similar manner, this European standard does not prevent Member States from taking more stringent
nuclear safety measures in the subject-matter covered by this standard.
Annex ZA has been added by CENELEC.
__________
Endorsement notice
The text of the International Standard IEC 60965:2009 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following note has to be added for the standard indicated:
ISO 11064 series NOTE  Harmonized as EN ISO 11064 series (not modified).
__________

---------------------- Page: 4 ----------------------

SIST EN 60965:2011
- 3 - EN 60965:2011
Annex ZA
(normative)

Normative references to international publications
with their corresponding European publications

The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.

NOTE  When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.

Publication Year Title EN/HD Year

IEC 60709 - Nuclear power plants - Instrumentation and EN 60709 -
control systems important to safety -
Separation


IEC 60964 - Nuclear power plants - Control rooms - EN 60964 -
Design


IEC 61226 - Nuclear power plants - Instrumentation and EN 61226 -
control important to safety - Classification of
instrumentation and control functions


IEC 61513 - Nuclear power plants - Instrumentation and - -
control for systems important to safety -
General requirements for systems


IEC 61771 - Nuclear power plants - Main control-room - - -
Verification and validation of design


IAEA NS-R-1 2000 Safety of nuclear power plants: Design - -


IAEA Safety guide 2002 Instrumentation and control systems important - -
NS-G-1.3 to safety in nuclear power plants

---------------------- Page: 5 ----------------------

SIST EN 60965:2011

---------------------- Page: 6 ----------------------

SIST EN 60965:2011
IEC 60965
®
Edition 2.0 2009-07
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE


Nuclear power plants – Control rooms – Supplementary control points for
reactor shutdown without access to the main control room

Centrales nucléaires de puissance – Salles de commande – Points de
commande supplémentaires pour l’arrêt des réacteurs sans accès à la salle de
commande principale (salle de commande de repli)
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
Q
CODE PRIX
ICS 27.120.20 ISBN 978-2-88910-354-6
® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale

---------------------- Page: 7 ----------------------

SIST EN 60965:2011
– 2 – 60965 © IEC:2009
CONTENTS
FOREWORD.3
INTRODUCTION.5
1 Scope.7
2 Normative references .7
3 Terms and definitions .8
4 Abbreviations .9
5 Design principles.9
5.1 General .9
5.2 Main objectives .9
5.3 Safety principles.10
5.4 Human factors engineering principles.12
6 Design process.12
7 Functional design .13
7.1 General .13
7.2 Human factors.13
7.3 Location and access route.13
7.4 SCP environment .14
7.5 Space and configuration.14
7.6 Information and control equipment .14
7.7 Communication systems.15
7.8 Other equipment.15
8 System verification and validation.15
Bibliography.16

---------------------- Page: 8 ----------------------

SIST EN 60965:2011
60965 © IEC:2009 – 3 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________

NUCLEAR POWER PLANTS –
CONTROL ROOMS –
SUPPLEMENTARY CONTROL POINTS FOR REACTOR SHUTDOWN
WITHOUT ACCESS TO THE MAIN CONTROL ROOM


FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with an IEC Publication.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 60965 has been prepared by subcommittee 45A: Instrumentation
and control of nuclear facilities, of IEC technical committee 45: Nuclear instrumentation.
The text of this standard is based on the following documents:
FDIS Report on voting
45A/749/FDIS 45A/769/RVD

Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This second edition cancels and replaces the first edition published in 1989. This edition
constitutes a technical revision.

---------------------- Page: 9 ----------------------

SIST EN 60965:2011
– 4 – 60965 © IEC:2009
The main technical changes with regard to the previous edition are as follows:
• to clarify the definitions and review the requirements.
• to update the reference to new standards published since the first issue, including
IEC 61227, IEC 61771, IEC 61772, IEC 61839, and IEC 62241.
• to align the Standard with the new revisions of IAEA documents NS-R-1 and NS-G-1.3.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this publication will remain unchanged until
the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in
the data related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.

---------------------- Page: 10 ----------------------

SIST EN 60965:2011
60965 © IEC:2009 – 5 –
INTRODUCTION
a) Technical background, main issues and organization of the standard
IEC 60965:1989 was developed to provide requirements relevant to the design of NPP
supplementary control points for reactor shutdown without access to the main control room.
The first edition of IEC 60965 has been used extensively within the nuclear industry. It was
however recognized that recent technical developments especially those which are based on
software technology should be incorporated. It was also recognized that the relationships with
the standard for the main control room (i.e. IEC 60964) and the derivative standards to that
standard (i.e. IEC 61227, IEC 61771, IEC 61772, IEC 61839, and IEC 62241) should be
clarified and conditioned.
This IEC standard specifically focuses on the functional design process of the supplementary
control points of an NPP. It is intended that the standard is used by NPP designers, design
authorities, vendors, utilities, and by licensors.
At the end of the current revision, at the FDIS stage, two further points were identified. These
are: (a) requirements should be included associated with regular testing of the SCP, and (b) a
theoretical assessment is needed of the time available during which the reactor will be safe
but unattended, in order to move from the MCR to the SCP and for the SCP to become
operational. However, since these points were not raised formally by any National Committee,
they are recorded in this introduction for development in the next revision.
b) Situation of the current standard in the structure of the IEC SC 45A standard series
IEC 60965 is the third level IEC SC 45A document tackling the issue of the design of
supplementary control points.
IEC 60965 is to be read in association with IEC 60964 for the design of the main control room
(including the derivative standards mentioned above) which is the appropriate IEC SC 45A
document providing guidance on operator controls, verification and validation of design,
application of visual display units, functional analysis and assignment, and alarm functions
and presentation.
For more details on the structure of the IEC SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of this Standard
The purpose of this standard is to provide functional design requirements to be used in the
design of the supplementary control points of a nuclear power plant to meet safety
requirements.
This standard is intended for application to supplementary control points whose conceptual
design is initiated after the publication of this standard. The recommendations of the standard
may be used for refits, upgrades and modifications.
Aspects for which special recommendations have been provided in this Standard, in
accordance with Clauses 6.15 to 6.30 of IAEA NS-G-1.3, are:
• The definition of the MCR and plant design bases for which the supplementary control
points are to be used.
• Access by station staff to the supplementary control points in such emergencies.
• Assurance for the station staff that the environment at the supplementary control points is
safe when they are to be used.

---------------------- Page: 11 ----------------------

SIST EN 60965:2011
– 6 – 60965 © IEC:2009
• Provision of information at the supplementary control points on the state of the reactor
critical functions.
• Transfer of control and indication functions from the main control room to the
supplementary control points in emergencies.
• Independence and separation of the cabling used by the supplementary control points
from that used by the main control room.
• Assurance that a safe shutdown state has been reached using the supplementary control
points.
• Communication facilities between the supplementary control points and to the station
management.
To ensure that the Standard will continue to be relevant in future years, the emphasis has
been placed on issues of principle, rather than specific technologies.
d) Description of the structure of the IEC SC 45A standard series and relationships
with other IEC documents and other bodies documents (IAEA, ISO)
The top-level document of the IEC SC 45A standard series is IEC 61513. It provides general
requirements for I&C systems and equipment that are used to perform functions important to
safety in NPPs. IEC 61513 structures the IEC SC 45A standard series.
IEC 61513 refers directly to other IEC SC 45A standards for general topics related to
categorization of functions and classification of systems, qualification, separation of systems,
defence against common cause failure, software aspects of computer-based systems,
hardware aspects of computer-based systems, and control room design. The standards
referenced directly at this second level should be considered together with IEC 61513 as a
consistent document set.
At a third level, IEC SC 45A standards not directly referenced by IEC 61513 are standards
related to specific equipment, technical methods, or specific activities. Usually these
documents, which make reference to second-level documents for general topics, can be used
on their own.
A fourth level extending the IEC SC 45A standard series, corresponds to the Technical
Reports which are not normative.
IEC 61513 has adopted a presentation format similar to the basic safety publication
IEC 61508 with an overall safety life-cycle framework and a system life-cycle framework and
provides an interpretation of the general requirements of IEC 61508-1, IEC 61508-2 and
IEC 61508-4, for the nuclear application sector. Compliance with IEC 61513 will facilitate
consistency with the requirements of IEC 61508 as they have been interpreted for the nuclear
industry. In this framework IEC 60880 and IEC 62138 correspond to IEC 61508-3 for the
nuclear application sector.
IEC 61513 refers to ISO as well as to IAEA 50-C-QA (now replaced by IAEA GS-R-3) for
topics related to quality assurance (QA).
The IEC SC 45A standards series consistently implements and details the principles and
basic safety aspects provided in the IAEA code on the safety of NPPs and in the IAEA safety
series, in particular the Requirements NS-R-1, establishing safety requirements related to the
design of Nuclear Power Plants, and the Safety Guide NS-G-1.3 dealing with instrumentation
and control systems important to safety in Nuclear Power Plants. The terminology and
definitions used by SC 45A standards are consistent with those used by the IAEA.

---------------------- Page: 12 ----------------------

SIST EN 60965:2011
60965 © IEC:2009 – 7 –
NUCLEAR POWER PLANTS –
CONTROL ROOMS –
SUPPLEMENTARY CONTROL POINTS FOR REACTOR SHUTDOWN
WITHOUT ACCESS TO THE MAIN CONTROL ROOM



1 Scope
This International Standard establishes requirements for the supplementary control points
provided to enable the operating staff of nuclear power plants to shut down the reactor and
maintain the plant in a safe shut-down state in the event that control of the safety functions
can no longer be exercised from the main control room, due to unavailability of the main
control room or its facilities.
The standard also establishes requirements for the selection of functions, the design and
organisation of the human-machine interface, and the procedures which shall be used
systematically to verify and validate the functional design of the supplementary control points.
It is assumed that supplementary control points provided for shutdown operations from
outside the main control room would be unattended during normal plant conditions other than
for periodic testing. The requirements reflect the application of human engineering principles
as they apply to the human-machine interface during such periodic testing and during
abnormal plant conditions.
This standard does not cover special emergency response facilities (e.g. a technical support
centre) or facilities provided for radioactive waste handling. Detailed equipment design is also
outside the scope of the standard.
This standard follows the principles of IAEA Requirements NS-R-1 “Safety of Nuclear Power
Plants: Design” and IAEA Safety Guide NS-G-1.3 “Instrumentation and Control Systems
Important to Safety in Nuclear Power Plants”.
The purpose of this standard is to provide functional design requirements to be used in the
design of the supplementary control points of a nuclear power plant to meet safety
requirements.
This standard is intended for application to supplementary control points whose conceptual
design is initiated after the publication of this standard. If it is desired to apply it to existing
plants or designs, special care must be taken to ensure a consistent design basis. This
relates, for example, to factors such as the consistency between the supplementary control
points and the main control room, the ergonomic approach, the automation level and the
information technology.
2 Normative references
The following referenced documents are indispensable for the application of this document.
For dated references, only the edition cited applies. For undated references, the latest edition
of the referenced document (including any amendments) applies.
IEC 60709, Nuclear power plants – Instrumentation and control systems important to safety –
Separation
IEC 60964, Nuclear power plants – Control rooms – Design

---------------------- Page: 13 ----------------------

SIST EN 60965:2011
– 8 – 60965 © IEC:2009
IEC 61226, Nuclear power plants – Instrumentation and control systems important for safety –
Classification of instrumentation and control functions
IEC 61513, Nuclear power plants – Instrumentation and control for systems important to
safety – General requirements for systems
IEC 61771, Nuclear power plants – Main control room – Verification and validation of design
IAEA NS-R-1:2000, Safety of nuclear power plants: Design
IAEA NS-G-1.3:2002, Instrumentation and Control Systems Important to Safety in Nuclear
Power Plants

3 Terms and definitions
For the purposes of this document, the following terms and definitions apply. For other terms,
refer to the general terminology defined in IEC 60964, IEC 61513 and in the IAEA NUSS
programme, such as Safety Guide NS-G-1.3 or the safety glossary.
3.1
control room staff
a group of plant personnel stationed in the control room, which is responsible for achieving
the plant operational goals by controlling plant through the human-machine interface.
Typically, the control room staff consists of supervisory operators, and operators who actually
monitor plant and plant conditions and manipulate controls, but may also include those staff
members and experts who are authorised to be present in the control room, e.g. during long
lasting event sequences.
[IEC 60964, 3.4]
3.2
local control points (or facilities)
points (or facilities) located outside the control room where local operators perform control
activities
[IEC 60964, 3.17]
3.3
local operators
the operating staff that perform tasks outside the control room
[IEC 60964, 3.18]
3.4
operating staff
plant personnel working on shift to operate the plant. The operating staff includes the control
room staff, maintenance engineers, etc.
[IEC 60964, 3.20]
3.5
supplementary control point
a location from which limited plant control and/or monitoring can be carried out to accomplish
the safety functions identified by the safety analysis as required in the event of a loss of
ability to perform those functions from the main control room. The supplementary control point
may be a special control room, but in many cases comprises a set of control panels and
displays in switchgear rooms or similar areas.

---------------------- Page: 14 ----------------------

SIST EN 60965:2011
60965 © IEC:2009 – 9 –
4 Abbreviations
I&C Instrumentation and Control
LCP Local Control Point
MCR Main Control Room
NPP Nuclear Power Plant
PIE Postulated Initiating Event
SCP Supplementary Control Points, Supplementary Control Point
V&V Verification and Validation
5 Design principles
5.1 General
Clause 6.75 of IAEA NS-R-1 states “Sufficient instrumentation and control equipment shall be
available, preferably at a single location (supplementary control room) that is physically and
electrically separate from the control room, so that the reactor can be placed and maintained
in a shut down state, residual heat can be removed, and the essential plant variables can be
monitored should there be a loss of ability to perform these essential safety functions in the
control room”.
Clauses 6.15 to 6.30 of IAEA NS-G-1.3 provide guidance on the requirements for
supplementary control rooms (‘SCP’ in this standard), including requirements associated with
the following:
• definition of the plant design bases that require use of the SCP (Clauses 6.17, 6.19, 6.20);
• location and configuration of the SCP to promote prompt mobilisation (Clause 6.29);
• qualified access path to the SCP, with hazard indication and suitable countermeasures
along this path (Clauses 6.27, 6.28);
• prevention of unauthorised access to or use of the SCP (Clause 6.21);
• safety functions of the MCR and SCP not affected by the same PIE, and independence of
the circuits associated with the SCP from those of the MCR (Clauses 6.20, 6.23);
• priority of control between the MCR and SCP, and transfer of control from the MCR to the
SCP (Clauses 6.18, 6.20, 6.24);
• manual control in the SCP accomplished by simple actions (Clause 6.22);
• displays and controls in the SCP similar to those in the MCR, to the extent possible
(Clause 6.22);
• consideration of the difference of purpose between the MCR and the SCP (Clause 6.25);
• if long-term use is envisaged, suitable facilities for habitability and workspace for tasks
(Clause 6.30).
5.2 Main objectives
The SCP shall be provided with the means to trip the reactor and bring the plant to a safe
shutdown state and maintain it in that state without access to the MCR. However, the SCP are
not required to perform all the other plant control and monitoring functions which are typically
performed in the MCR. According to the type of NPP and the detailed safety arguments,
provisions to cope with a predefined set of PIE could be integrated in the SCP.
The SCP are required if the conditions within the MCR are no longer within its operational
design bases, and in consequence are such that the MCR is no longer available. Possible
causes include a control room fire, the entry of excess smoke or a dangerous atmosphere to
the MCR, severe damage to the MCR or its cables such that safety functions cannot be
perf
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.