Nuclear power plants - Design of control rooms - Functional analysis and assignment

EN IEC 61839 specifies functional analysis and assignment procedures (FA and A, sometimes called allocation of functions) for the design of control-room systems for nuclear power plants and gives rules for developing criteria for the assignment of functions. This standard supplements IEC 60694.

Kernkraftwerke - Auslegung von Warten - Analyse und Zuordnung der Funktionen

Centrales nucléaires de puissance - Conception des salles de commande - Analyse fonctionnelle et affectation des fonctions

Définit les procédures d'analyse fonctionnelle et d'affectation des fonctions applicables à la conception du système de salle de commande dans les centrales nucléaires et donne des règles pour établir des critères applicables à l'affectation des fonctions. Est un complément de la CEI 60964. S'applique à la conception de nouvelles salles de commande ou à des rénovations apportées à des salles de commande existantes.

Jedrske elektrarne - Zasnova prostorov za vodenje - Analiza in dodeljevanje funkcij (IEC 61839:2000)

Standard EN IEC 61839 določa postopke analize in dodeljevanja funkcij (včasih imenovane razdelitev funkcij) za zasnovo sistemov prostorov za vodenje za jedrske elektrarne ter podaja pravila za pripravo meril za dodeljevanje funkcij. Ta standard dopolnjuje standard IEC 60694.

General Information

Status
Published
Publication Date
14-Sep-2014
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
05-Sep-2014
Due Date
10-Nov-2014
Completion Date
15-Sep-2014

Buy Standard

Standard
EN 61839:2014
English language
23 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN 61839:2014
01-oktober-2014
Jedrske elektrarne - Zasnova prostorov za vodenje - Analiza in dodeljevanje
funkcij (IEC 61839:2000)
Nuclear power plants - Design of control rooms - Functional analysis and assignment
Kernkraftwerke - Auslegung von Warten - Analyse und Zuordnung der Funktionen
Centrales nucléaires de puissance - Conception des salles de commande - Analyse
fonctionnelle et affectation des fonctions
Ta slovenski standard je istoveten z: EN 61839:2014
ICS:
25.040.99 Drugi sistemi za Other industrial automation
avtomatizacijo v industriji systems
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
SIST EN 61839:2014 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN 61839:2014

---------------------- Page: 2 ----------------------

SIST EN 61839:2014


EUROPEAN STANDARD EN 61839

NORME EUROPÉENNE

EUROPÄISCHE NORM
August 2014
ICS 27.120.20; 29.120.10

English Version
Nuclear power plants - Design of control rooms - Functional
analysis and assignment
(IEC 61839:2000)
Centrales nucléaires de puissance - Conception des salles Kernkraftwerke - Auslegung von Warten - Analyse und
de commande - Analyse fonctionnelle et affectation des Zuordnung der Funktionen
fonctions (IEC 61839:2000)
(CEI 61839:2000)
This European Standard was approved by CENELEC on 2014-08-04. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.


European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
 Ref. No. EN 61839:2014 E

---------------------- Page: 3 ----------------------

SIST EN 61839:2014
EN 61839:2014 - 2 -
Foreword
This document (EN 61839:2014) consists of the text of IEC 61839:2000 prepared by SC 45A
"Instrumentation, control and electrical systems of nuclear facilities" of IEC/TC 45 "Nuclear
instrumentation".
The following dates are fixed:
– latest date by which this document has to be implemented (dop) 2015-08-04
at national level by publication of an identical
national standard or by endorsement
– latest date by which the national standards conflicting (dow) 2017-08-04
with this document have to be withdrawn

As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member
States are not prevented from taking more stringent safety measures in the subject-matter covered by
the Directive, in compliance with Community law. In a similar manner, this European standard does
not prevent Member States from taking more stringent nuclear safety measures in the subject-matter
covered by this standard.
Endorsement notice
The text of the International Standard IEC 61839:2000 was approved by CENELEC as a European
Standard without any modification.

---------------------- Page: 4 ----------------------

SIST EN 61839:2014
- 3 - EN 61839:2014
Annex ZA
(normative)

Normative references to international publications
with their corresponding European publications
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
NOTE 1 When an international publication has been modified by common modifications, indicated by (mod),
the relevant EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is
available here: www.cenelec.eu.
Publication Year Title EN/HD Year
1)
IEC 60964 1989 Design for control rooms of nuclear power - -
plants
IEC 61771 1995 Nuclear power plants - Main control-room - - -
Verification and validation of design


1) IEC 60964 is superseded by IEC 60964:2009, which is harmonized as EN 60964:2010.

---------------------- Page: 5 ----------------------

SIST EN 61839:2014

---------------------- Page: 6 ----------------------

SIST EN 61839:2014
NORME CEI
INTERNATIONALE IEC
61839
INTERNATIONAL
Première édition
STANDARD
First edition
2000-07
Centrales nucléaires de puissance –
Conception des salles de commande –
Analyse fonctionnelle et affectation des fonctions
Nuclear power plants –
Design of control rooms –
Functional analysis and assignment
 IEC 2000 Droits de reproduction réservés  Copyright - all rights reserved
Aucune partie de cette publication ne peut être reproduite ni No part of this publication may be reproduced or utilized in
utilisée sous quelque forme que ce soit et par aucun procédé, any form or by any means, electronic or mechanical,
électronique ou mécanique, y compris la photocopie et les including photocopying and microfilm, without permission in
microfilms, sans l'accord écrit de l'éditeur. writing from the publisher.
International Electrotechnical Commission 3, rue de Varembé Geneva, Switzerland
Telefax: +41 22 919 0300 e-mail: inmail@iec.ch IEC web site http://www.iec.ch
CODE PRIX
Commission Electrotechnique Internationale
R
PRICE CODE
International Electrotechnical Commission
Pour prix, voir catalogue en vigueur
For price, see current catalogue

---------------------- Page: 7 ----------------------

SIST EN 61839:2014
61839  IEC:2000 – 3 –
CONTENTS
Page
FOREWORD . 5
Clause
1 Scope and object . 7
2 Normative references. 7
3 Definitions. 7
4 Process of functional analysis and assignment . 9
4.1 General description. 9
4.1.1 Functional analysis . 9
4.1.2 Assignment of functions . 11
4.2 Basic technical team for FA and A . 11
5 Functional analysis . 13
5.1 General. 13
5.2 Identification of functions . 13
5.3 Identification of basic information and processing requirements. 15
5.3.1 Individual function analysis . 15
5.3.2 Identification of time requirements and representative events . 17
6 Assignment of functions . 19
6.1 General. 19
6.2 Control function analysis. 19
6.2.1 Identifying functional units. 19
6.2.2 Characterising the control functions . 19
6.2.3 Identifying control function characteristics measurements . 21
6.3 Development of assignment criteria . 21
6.3.1 Characteristic measurement and man-machine capabilities. 23
6.3.2 National law, national and international legal rules and guides. 27
6.3.3 Utility and vendors' rules and policies . 27
6.4 Assignment process. 27
Annex A (informative) Examples of decomposition of goals and subgoals . 35
Annex B (informative) Beginning of PWR (pressurized water reactor) functional analysis . 37
Bibliography . 39
Figure 1 – Illustrated FA and A activities given in IEC 60964. 31
Table 1 – Humans and machines in the functional domain and in the physical domain . 33
Table 2 – Assignment of functions to humans and machines – Basic structure . 33

---------------------- Page: 8 ----------------------

SIST EN 61839:2014
61839  IEC:2000 – 5 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
___________
NUCLEAR POWER PLANTS –
DESIGN OF CONTROL ROOMS –
FUNCTIONAL ANALYSIS AND ASSIGNMENT
FOREWORD
1) The IEC (International Electrotechnical Commission) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of the IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, the IEC publishes International Standards. Their preparation is
entrusted to technical committees; any IEC National Committee interested in the subject dealt with may
participate in this preparatory work. International, governmental and non-governmental organizations liaising
with the IEC also participate in this preparation. The IEC collaborates closely with the International
Organization for Standardization (ISO) in accordance with conditions determined by agreement between the
two organizations.
2) The formal decisions or agreements of the IEC on technical matters express, as nearly as possible, an
international consensus of opinion on the relevant subjects since each technical committee has representation
from all interested National Committees.
3) The documents produced have the form of recommendations for international use and are published in the form
of standards, technical specifications, technical reports or guides and they are accepted by the National
Committees in that sense.
4) In order to promote international unification, IEC National Committees undertake to apply IEC International
Standards transparently to the maximum extent possible in their national and regional standards. Any
divergence between the IEC Standard and the corresponding national or regional standard shall be clearly
indicated in the latter.
5) The IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any
equipment declared to be in conformity with one of its standards.
6) Attention is drawn to the possibility that some of the elements of this International Standard may be the subject
of patent rights. The IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 61839 has been prepared by subcommittee 45A: Reactor
instrumentation, of IEC technical committee 45: Nuclear instrumentation.
This standard shall be read in conjunction with IEC 60964.
The text of this standard is based on the following documents:
FDIS Report on voting
45A/382/FDIS 45A/389/RVD
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 3.
Annexes A and B are for information only.
The committee has decided that the contents of this publication will remain unchanged until
2006. At this date, the publication will be
• reconfirmed;
• withdrawn;
• replaced by a revised edition, or
• amended.

---------------------- Page: 9 ----------------------

SIST EN 61839:2014
61839  IEC:2000 – 7 –
NUCLEAR POWER PLANTS –
DESIGN OF CONTROL ROOMS –
FUNCTIONAL ANALYSIS AND ASSIGNMENT
1 Scope and object
This International Standard specifies functional analysis and assignment procedures (FA
and A, sometimes called allocation of functions) for the design of the control-room system for
nuclear power plants and gives rules for developing criteria for the assignment of functions.
This standard supplements IEC 60964, which applies to the design of the control-room for
nuclear power plants.
The purpose of this standard is to provide specific requirements for carrying out the functional
analysis and assignment required in 3.1 and 3.2 of IEC 60964, and therefore supersedes the
guidance given in A.3.1 and A.3.2 of IEC 60964.
This standard is applicable to the design of new control-rooms or to backfits (design renewal
and design modifications) to existing control-rooms. In the latter case, particular caution is to
be exercised to identify areas indirectly affected as well as those directly affected.
2 Normative references
The following normative documents contain provisions which, through reference in this text,
constitute provisions of this International Standard. For dated references, subsequent
amendments to, or revisions of, any of these publications do not apply. However, parties to
agreements based on this International Standard are encouraged to investigate the possibility
of applying the most recent editions of the normative documents indicated below. For undated
references, the latest edition of the normative document referred to applies. Members of IEC
and ISO maintain registers of currently valid International Standards.
IEC 60964:1989, Design for control rooms of nuclear power plants
IEC 61771:1995, Nuclear power plants – Main control-room – Verification and validation of
design
3 Definitions
For the purpose of this International Standard, the definitions given in IEC 60964 and the
following definitions apply:
3.1
accident conditions
set of conditions identified in the safety or transient analysis reports and/or in the emergency
operating procedures
3.2
functional assignment
distribution of functions among the human and automated constituents of a system

---------------------- Page: 10 ----------------------

SIST EN 61839:2014
61839  IEC:2000 – 9 –
3.3
human machine interface, HMI
interface between operating staff and I and C system and computer systems linked with the
plant. The interface includes displays, controls, and the Operator Support System interface
(see man/machine interface in IEC 60964)
3.4
probabilistic risk assessment (PRA)
methodological approach to identify accident sequences that can follow from a broad range of
initiating events; it includes the systematic and realistic determination of accident frequencies
and consequences
3.5
control function
control actions performed by humans or machines for the accomplishment of a functional goal
1)
including the associated information acquisition and processing
3.6
tasks
1)
control actions performed by humans for the accomplishment of a functional goal
4 Process of functional analysis and assignment
4.1 General description
The process of functional analysis and assignment is required in clause 3 of IEC 60964 as a
first step for the design of a control-room (see figure 1). It aims initially to identify all of the
functions required to operate the plant, then to assign the functions to humans or to
machines.
Two basic steps are required:
a) functional analysis;
b) assignment of functions.
They are defined respectively in clauses 5 and 6 of this standard.
4.1.1 Functional analysis
The identification of the functions (see 5.2) is obtained initially by defining general or
fundamental objectives of the plant operation, i.e. safe and effective generation of electrical
power, protection of the public from radiological hazards, then by breaking down the top-level
functions, allowing those objectives to be fulfilled, into a hierarchy of functions where the
lowest set of functions are the control functions which must then be assigned to humans or to
machines. The general nuclear power plant functional analysis is a means to the identification
of all the functions achieved from the main control-room.
The static database of functions of different levels, obtained in the previous step, is completed
by the determination of the basic operational information flow and processing requirements for
plant operation (see 5.3.1).
___________
1)
 This definition deviates from IEC 60964 but reflects current use.

---------------------- Page: 11 ----------------------

SIST EN 61839:2014
61839  IEC:2000 – 11 –
The next step of the analysis is the introduction of time requirements, taking into account a
sufficient number of basic design events and plant conditions (normal, abnormal and accident
conditions) (see 5.3.2). In this way, all of the elements needed for the identification of the
functions associated with the control-room are identified.
4.1.2 Assignment of functions
Functional assignment is a distribution of functions between the human and automated
constituents of a system.
As a first step, a characterisation of the identified functions is to be performed to
a) methodically group, if necessary, the defined functions (see 6.2.1);
b) identify and define in detail all the actions needed for the accomplishment of the functions
(see 6.2.2);
c) identify typical function characteristic measurements (see 6.2.3).
Then, the functional assignment can be provided on the basis of a pre-defined set of
assignment criteria (see 6.3).
Assigning functions to humans means achieving them by manual control, monitoring, high-
level mental processing, or their combinations. The assignment of functions to machines
means achieving them by automation. Therefore, machine in the functional domain signifies
automation, while human in the functional domain signifies the control-room staff. See table 1.
The term machine covers a number of hardware entities which include the I and C system and
the operator support system.
It should be noted that manual control systems, controls and displays which are part of the I
and C system are needed to enable the control-room staff to achieve functions assigned to
them.
The verification and validation (V and V) of the functional assignment is outside the scope of
this standard; refer to IEC 61771.
NOTE The design of a plant and the resulting analysis of functions and tasks are limited to the anticipated events,
scenarios and anticipated combinations of events and failures. There may be a need for functions for the diagnosis
and handling of unforeseen operating situations, which is obviously to be handled by the operating staff, which is
then outside the scope of this standard.
4.2 Basic technical team for FA and A
In general, a basic technical team for FA and A should include the following areas of
expertise:
– nuclear and non-nuclear systems engineering;
– systems analysis;
– instrumentation and control (I and C) systems design;
– information and computer systems design;
– human factor engineering;
– plant operation;
– development of normal operation and emergency procedures.
In the following, this technical team is called the “designer”.

---------------------- Page: 12 ----------------------

SIST EN 61839:2014
61839  IEC:2000 – 13 –
5 Functional analysis
5.1
General
The functional analysis process shall include the following two steps:
– identification of functions;
– identification of information flow and processing requirements.
5.2 Identification of functions
The purpose of identifying control functions is to assure that the HMI allocated to these
functions will support them correctly. As an example, the control-room HMI design must
ensure that all signals and controls associated with safety functions are both present and
clearly displayed to the operator.
The identification of control functions needed shall be based on a general nuclear power plant
functional decomposition. In the following, a strictly hierarchical method is outlined. This
decomposition shall be obtained by presenting the results of the overall plant design in a
hierarchical manner, with the plant operational goals:
a) safety goal (prevent activity release to the environment); and
b) availability goal (controlled generation of electricity).
These goals shall be developed further as subgoals, producing a hierarchical goal structure,
i.e. a relationship between functional goals and subgoals structured in a hierarchical order.
With regard to the hierarchical goal structure above, all plant functions to achieve these goals
and subgoals shall be identified. The function identification should follow immediately from
goal identification. In principle, the terms "goal" and "function" are interchangeable. However,
at higher levels of the hierarchy, the plant design concept is considered and better expressed
in terms of goals, when at lower levels it is more appropriate to refer to a function as an
activity or role performed by a human or automated systems (definition in IEC 60964).
The designer shall subdivide each of these functions successively and develop a set of rules
to identify when the hierarchical analysis is completed to a sufficient level of detail. The
decomposition of a function can be typically stopped when
a) the function does not contain a control function any more, for example purely mechanical;
b) the level of controlling individual functions, parameters or actuators is reached.
The defined rules shall ensure that the bottom-level functions form a complete set, itemised
and stated in functional terms, or the process can be stopped where detailed functions are
obtained and the important constituents of the structure have been identified.
In any case, the final level of decomposition shall allow the provision of the information
needed for the next design step (see following paragraphs). Some iteration could be
necessary to reach this final level.
The resultant hierarchy will have the functional goals at the top, system-level functions in the
middle and detailed control functions at the bottom level, to be assigned to humans or
machines.

---------------------- Page: 13 ----------------------

SIST EN 61839:2014
61839  IEC:2000 – 15 –
It should be noted that, even if safety and availability form separate entry points to the
functional breakdown, they often converge on common functions (except for specific
objectives such as containment integrity). As a result, availability and safety objectives may
be considered together for this particular analysis only.
In the case of a new plant design, this top-down process is performed commonly for all plant
systems (i.e. fluid systems, electric systems, etc.). This decomposition of overall goals into
functions subjected to assignment to humans or machines should then be a part of the overall
plant design process, and not be performed exclusively for the control-room design. This
would allow the control-room design to be considered at an early stage of the plant design
and avoid iterations.
The principles and criteria used in the analysis shall be documented.
It should be noted that a strictly hierarchical decomposition of functions is not the only choice
for plant organisation and representation. Depending on the design objectives, other function
representations may be more suitable. Examples of function decomposition are given in
annexes A and B.
5.3 Identification of basic information and processing requirements
The next step in the functional analysis is to identify the basic information and processing
requirements needed for the accomplishment of each control function defined in the previous
step.
Firstly, each function is analysed individually, and then functions are collectively considered
as needed in response to specific plant events to identify time requirements.
5.3.1 Individual function analysis
For each control function, the designer shall identify the following:
– observable parameters which will indicate the plant status and/or will act as a function
input;
– actions performed by the function and involved equipment;
– performance measures required to check the achievement of the function;
– safety relevance (i.e. safety classification).
The designer shall also identify
– how to determine correct operation of the function;
– what alternatives are available if correct functioning is lost and how alternatives can be
chosen. Here, alternatives refer to functions that can support a higher-level function in
place of the function being analysed. For instance, several redundant heat removal paths
could be chosen depending on plant conditions;
– plant operation modes when the function is required (for example, shutdown through full
power operation);
– plant states when the function is required (for example, normal operation, abnormal
operation, accidents);
– the supporting functions (for example, air or electrical power supply).

---------------------- Page: 14 ----------------------

SIST EN 61839:2014
61839  IEC:2000 – 17 –
At this stage the approach should be general and not refer to a specific implementation or
level of human involvement. If, for technological or other reasons, choices have already been
made, they shall be explicitly identified and documented.
When identifying performance measures that ensure the achievement of a function, it is
sometimes advisable to utilise information on basic design events. It is ideal to develop
performance measures based upon a truly physical approach. For instance, one of the
performance measures for core heat removal can be determined from the knowledge of the
materials used for fuel cladding, such as melting temperature. However, not all the
performance measures can be determined this way. Sometimes one has to rely on information
obtained from accident analyses.
5.3.2 Identification of time requirements and representative events
The designer shall include in the analysis all representative events, to cover adequately the
functions associated with the hierarchical functional structure, and to define time-dependent
characteristics. The analysis will allow the identification of the speed at which the influence of
an event may propagate along the hierarchy and at which higher-level functions are
influenced. Consequently, requirements shall be defined for the timing needed to accomplish
specific functions.
For this the following scenarios shall be analysed:
a) all operational sequences such as start-up and normal power operations;
b) all design basis events given in the safety analysis report (for example, LOCA (loss of
coolant accident), loss of a.c. power, etc.);
c) beyond design events, such as core fusion, steam explosions, etc. (severe accident
conditions) when required.
In this analysis those events shall be identified which impose the highest requirements on
timing and reliability. The following should be considered:
– events in the basic plant design which should follow a reactor trip or a safety challenge;
– events requiring operations subjectively judged to be difficult in terms of complexity of
data interpretation or control speed, etc.;
– events requiring the highest certainty of correct response, for example, certain accident
conditions;
– events important in terms of the probabilistic risk assessment;
– events in which plant trip is highly probable unless corrective action is taken in time;
– events whose occurrence rates are high;
– events corresponding to loss of a specific function.

---------------------- Page: 15 ----------------------

SIST EN 61839:2014
61839  IEC:2000 – 19 –
6 Assignment of functions
6.1 General
The functional assignment shall be based on the different functions having been decomposed
into control functions. The assignment process is split up into three phases:
– control function analysis;
– development of assignment criteria;
– assignment process.
6.2 Control function analysis
Using the database developed in the functional analysis (i.e. information flow and processing
requirements) the designer shall conduct an analysis in order to identify the detailed parts of
the functions and their characteristics.
This analysis shall be done in three steps.
6.2.1 Identifying functional units
The first step is related to a possible rearrangement of the f
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.