Nuclear power plants - Instrumentation and control important to safety - Development of HDL-programmed integrated circuits for systems performing category A functions

EN IEC 62566 provides requirements for achieving highly reliable “HDLProgrammed Devices” (HPD), for use in I&C systems of nuclear power plants performing functions of safety category A as defined by IEC 61226. The programming of HPDs relies on Hardware Description Languages (HDL) and related software tools. They are typically based on blank FPGAs or similar micro-electronic technologies. General purpose integrated circuits such as microprocessors are not HPDs. This Standard provides requirements on: a) a dedicated development life-cycle addressing each phase of the development of HPDs, including specification of requirements, design, implementation, verification, integration and validation, b) planning and complementary activities such as modification and production, c) selection of pre-developed components. This includes micro-electronic resources (such as a blank FPGA or CPLD) and HDL statements representing Pre-Developed Blocks (PDB), d) use of simplicity and deterministic principles, recognized to be of primary importance to achieve “fault free” implementation of category A functions, e) tools used to design, implement and verify HPDs. This Standard does not put requirements on the development of the micro-electronic resources, which are usually available as "commercial off-the-shelf" items and are not developed under nuclear quality assurance Standards. It addresses the developments made with these micro-electronic resources in an I&C project with HDLs and related tools. This Standard provides guidance to avoid as far as possible latent faults remaining in HPDs, and to reduce the susceptibility to single failures as well as to potential Common Cause Failures (CCF). The requirements within this Standard for clear and comprehensive documentation should facilitate the effective application of IEC 62340. Reliability aspects related to environmental qualification and failures due to ageing or physical degradation are not handled in this Standard. Other Standards, especially IEC 60987, IEC 60780 and IEC 62342, address these topics. Subclause 5.7 of IEC 60880:2006 provides security requirements that apply to the development of HPDs as applicable.

Kernkraftwerke – Leittechnik für Systeme mit sicherheitstechnischer Bedeutung – Entwicklung HDL-programmierter integrierter Schaltkreise für Systeme, die Funktionen der Kategorie A ausführen

Centrales nucléaires de puissance - Instrumentation et contrôle-commande importants pour la sûreté - Développement des circuits intégrés programmés en HDL pour les systèmes réalisant des fonctions de catégorie A

La CEI 62566:2012 énonce des exigences pour atteindre une fiabilité élevée dans les 'circuits intégrés programmés en HDL' (HPD) destinés aux systèmes d'I&C des centrales nucléaires de puissance réalisant des fonctions de sûreté de catégorie A telles que définies par la CEI 61226. La programmation des HPD repose sur des Langages de Description de Matériel (HDL) et des outils logiciels associés. Ils sont typiquement basés sur des FPGA vierges ou des technologies micro-électroniques similaires.

Jedrske elektrarne - Instrumenti in krmilje, pomembni za varnost - Razvoj HDL-programiranih integriranih vezij za sisteme, ki izvajajo funkcije kategorije A (IEC 62566:2012)

Standard EN IEC 62566 določa zahteve za doseganje visoko zanesljivih HDL-programiranih naprav (HPD) za uporabo v merilni in nadzorni opremi jedrskih elektrarn, ki izvaja funkcije varnostne kategorije A, kot je opredeljeno v standardu IEC 61226. Programiranje HDL-programiranih naprav se izvaja na podlagi opisnega jezika za strojno opremo (HDL) in povezanih orodij programske opreme. Običajno temeljijo na praznih programirljivih poljih vrat (FPGA) ali podobnih mikroelektronskih tehnologijah. Integrirana vezja za splošne namene, kot so mikroprocesorji, niso HDL-programirane naprave. Ta standard določa zahteve za: a) ustrezen življenjski cikel razvoja, ki obravnava vsako fazo razvoja HDL-programiranih naprav, vključno s specifikacijo zahtev, zasnovo, izvajanjem, preverjanjem, integracijo in potrjevanjem, b) načrtovanje in dopolnilne dejavnosti, kot sta spreminjanje in proizvodnja, c) izbiro vnaprej razvitih komponent. To vključuje mikroelektronske vire (kot je prazni FPGA ali CPLD) in izjave HDL, ki predstavljajo vnaprej razvite bloke (PBD), d) uporabo načel enostavnosti in determinizma, ki so ključni za doseganje izvajanja »brez napak« funkcij kategorije A, e) orodja, ki se uporabljajo za zasnovo, izvajanje in preverjanje HDL-programiranih naprav. Ta standard ne postavlja zahtev za razvoj mikroelektronskih virov, ki so običajno na voljo kot »nabavljeni komercialni« elementi in niso razviti v skladu s standardi zagotavljanja kakovosti na področju jedrskih elektrarn. Obravnava razvojne dosežke s temi mikroelektronskimi viri v merilnem in nadzornem projektu s HDL-ji in povezanimi orodji. Ta standard podaja napotke, kako v čim večji meri preprečiti latentne napake, ki ostajajo v HDL-programiranih napravah, in zmanjša dovzetnost za posamezne odpovedi delovanja ter tudi za morebitne odpovedi iz normalnih razlogov (CCF). Zahteve v tem standardu glede jasne in izčrpne dokumentacije naj bi spodbudile učinkovito uporabo standarda IEC 62340. Vidiki zanesljivosti, povezani z okoljsko kvalifikacijo in odpovedmi zaradi staranja ali fizične degradacije, niso obravnavani v tem standardu. Drugi standardi, zlasti IEC 60987, IEC 60780 in IEC 62342, obravnavajo te teme. Točka 5.7 standarda IEC 60880:2006 vsebuje varnostne zahteve, ki se uporabljajo za razvoj HDL-programiranih naprav, kjer je to primerno.

General Information

Status
Published
Publication Date
16-Sep-2014
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
05-Sep-2014
Due Date
10-Nov-2014
Completion Date
17-Sep-2014

Buy Standard

Standard
EN 62566:2014
English language
55 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN 62566:2014
01-oktober-2014
Jedrske elektrarne - Instrumenti in krmilje, pomembni za varnost - Razvoj HDL-
programiranih integriranih vezij za sisteme, ki izvajajo funkcije kategorije A (IEC
62566:2012)
Nuclear power plants - Instrumentation and control important to safety - Development of
HDL-programmed integrated circuits for systems performing category A functions
Kernkraftwerke – Leittechnik für Systeme mit sicherheitstechnischer Bedeutung –
Entwicklung HDL-programmierter integrierter Schaltkreise für Systeme, die Funktionen
der Kategorie A ausführen
Centrales nucléaires de puissance - Instrumentation et contrôle-commande importants
pour la sûreté - Développement des circuits intégrés programmés en HDL pour les
systèmes réalisant des fonctions de catégorie A
Ta slovenski standard je istoveten z: EN 62566:2014
ICS:
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
SIST EN 62566:2014 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN 62566:2014

---------------------- Page: 2 ----------------------

SIST EN 62566:2014


EUROPEAN STANDARD EN 62566

NORME EUROPÉENNE

EUROPÄISCHE NORM
August 2014
ICS 27.120.20

English Version
Nuclear power plants - Instrumentation and control important to
safety - Development of HDL-programmed integrated circuits for
systems performing category A functions
(IEC 62566:2012)
Centrales nucléaires de puissance - Instrumentation et Kernkraftwerke - Leittechnik für Systeme mit
contrôle-commande importants pour la sûreté - sicherheitstechnischer Bedeutung - Entwicklung HDL-
Développement des circuits intégrés programmés en HDL programmierter integrierter Schaltkreise für Systeme,
pour les systèmes réalisant des fonctions de catégorie A die Funktionen der Kategorie A ausführen
(CEI 62566:2012) (IEC 62566:2012)
This European Standard was approved by CENELEC on 2014-08-04. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.


European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
 Ref. No. EN 62566:2014 E

---------------------- Page: 3 ----------------------

SIST EN 62566:2014
EN 62566:2014 - 2 -
Foreword
This document (EN 62566:2014) consists of the text of IEC 62566:2012 prepared by SC 45A
"Instrumentation, control and electrical systems of nuclear facilities" of IEC/TC 45 "Nuclear
instrumentation".
The following dates are fixed:
– latest date by which this document has to be implemented (dop) 2015-08-04
at national level by publication of an identical
national standard or by endorsement
– latest date by which the national standards conflicting (dow) 2017-08-04
with this document have to be withdrawn

As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member
States are not prevented from taking more stringent safety measures in the subject-matter covered by
the Directive, in compliance with Community law. In a similar manner, this European standard does
not prevent Member States from taking more stringent nuclear safety measures in the subject-matter
covered by this standard.
Endorsement notice
The text of the International Standard IEC 62566:2012 was approved by CENELEC as a European
Standard without any modification.

---------------------- Page: 4 ----------------------

SIST EN 62566:2014
- 3 - EN 62566:2014
Annex ZA
(normative)

Normative references to international publications
with their corresponding European publications
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
NOTE 1 When an international publication has been modified by common modifications, indicated by (mod),
the relevant EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is
available here: www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60671 - Nuclear power plants - Instrumentation and EN 60671 -
control systems important to safety -
Surveillance testing
IEC 60880 2006 Nuclear power plants - Instrumentation and EN 60880 2009
control systems important to safety -
Software aspects for computer-based
systems performing category A functions
IEC 60987 2007 Nuclear power plants - Instrumentation and EN 60987 2009
control important to safety - Hardware
design requirements for computer-based
systems
IEC 61513 2011 Nuclear power plants - Instrumentation and EN 61513 2013
control important to safety - General
requirement for systems
IEC 62138 - Nuclear power plants - Instrumentation and EN 62138 -
control important for safety - Software
aspects for computer-based systems
performing category B or C functions
IEC 62340 - Nuclear power plants - Instrumentation and EN 62340 -
control systems important to safety -
Requirements for coping with common
cause failure (CCF)
IAEA guide NS-G-1.3 2002 Instrumentation and control systems - -
important to safety in nuclear power plants

---------------------- Page: 5 ----------------------

SIST EN 62566:2014

---------------------- Page: 6 ----------------------

SIST EN 62566:2014



IEC 62566

®


Edition 1.0 2012-01




INTERNATIONAL



STANDARD




NORME



INTERNATIONALE











Nuclear power plants – Instrumentation and control important to safety –

Development of HDL-programmed integrated circuits for systems performing

category A functions




Centrales nucléaires de puissance – Instrumentation et contrôle-commande

importants pour la sûreté – Développement des circuits intégrés programmés


en HDL pour les systèmes réalisant des fonctions de catégorie A













INTERNATIONAL

ELECTROTECHNICAL

COMMISSION


COMMISSION

ELECTROTECHNIQUE

PRICE CODE
INTERNATIONALE

CODE PRIX XA


ICS 27.120.20 ISBN 978-2-88912-896-9



Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale

---------------------- Page: 7 ----------------------

SIST EN 62566:2014
– 2 – 62566  IEC:2012
CONTENTS
FOREWORD . 5
INTRODUCTION . 7
1 Scope and object . 10
1.1 General . 10
1.2 Use of this Standard . 10
2 Normative references . 11
3 Terms and definitions . 11
4 Symbols and abbreviations . 13
5 General requirements for HPD projects . 14
5.1 General . 14
5.2 Life-cycle. 14
5.3 HPD project management . 17
5.3.1 General . 17
5.3.2 Additional requirements . 17
5.4 HPD quality assurance plan . 17
5.5 Configuration management . 17
6 HPD requirements specification . 18
6.1 General . 18
6.2 Functional aspects of the requirement specification . 18
6.3 Deterministic design . 19
6.4 Fault detection and fault tolerance . 19
6.5 Requirements capture using Electronic System Level tools . 20
6.5.1 General . 20
6.5.2 Requirements on the formalism of tools used at ESL level . 20
6.5.3 Interface with design tools . 20
6.6 Requirements analysis and review . 20
7 Acceptance process for programmable integrated circuits, native blocks and pre-
developed blocks . 21
7.1 General . 21
7.2 Component requirement specification . 21
7.2.1 General . 21
7.2.2 Requirements . 21
7.2.3 Requirements analysis and review . 21
7.3 Rules of use . 22
7.4 Selection . 22
7.4.1 General . 22
7.4.2 Documentation review . 22
7.4.3 Operating experience review . 22
7.4.4 Specific requirements related to the blank integrated circuits . 23
7.5 Acceptance justification . 23
7.6 Modification for acceptance . 24
7.7 Modification after acceptance . 24
7.8 Acceptance documentation . 24
8 HPD design and implementation . 24
8.1 General . 24
8.2 Hardware Description Languages (HDL) and related tools . 24

---------------------- Page: 8 ----------------------

SIST EN 62566:2014
62566  IEC:2012 – 3 –
8.3 Design . 25
8.3.1 General . 25
8.3.2 Defensive design . 25
8.3.3 Structure . 25
8.3.4 Language and coding rules . 26
8.3.5 Synchronous vs asynchronous design . 27
8.3.6 Power management . 27
8.3.7 Initialization . 28
8.3.8 Non-functional configurations . 28
8.3.9 Testability . 28
8.3.10 Design documentation . 28
8.4 Implementation . 29
8.4.1 General . 29
8.4.2 Products . 29
8.4.3 Files of parameters and constraints . 29
8.4.4 Post-route analyses . 30
8.4.5 Redundancies introduced or removed by the tools . 30
8.4.6 Finite state machines . 31
8.4.7 Static timing analysis . 31
8.4.8 Implementation documentation . 31
8.5 System level tools and automated code generation . 32
8.6 Documentation . 33
8.7 Design and implementation review . 33
9 HPD verification . 33
9.1 General . 33
9.2 Verification plan . 34
9.3 Verification of the use of the pre-developed items . 35
9.4 Verification of the design and implementation . 35
9.5 Test-benches . 36
9.6 Test coverage . 36
9.7 Test execution . 37
9.8 Static verification . 37
10 HPD aspects of system integration . 37
10.1 General . 37
10.2 HPD aspects of the system integration plan . 38
10.3 Specific aspects of system integration . 38
10.4 Verification of the integrated system . 39
10.5 Fault resolution procedures . 39
10.6 HPD aspects of the integrated system test report . 39
11 HPD aspects of system validation . 40
11.1 General . 40
11.2 HPD aspects of the system validation plan . 40
11.3 System validation . 40
11.4 HPD aspects of the system validation report . 40
11.5 Fault resolution procedures . 41
12 Modification . 41
12.1 Modification of the requirements, design or implementation . 41
12.2 Modification of the micro-electronic technology . 41

---------------------- Page: 9 ----------------------

SIST EN 62566:2014
– 4 – 62566  IEC:2012
13 HPD production . 41
13.1 General . 41
13.2 Production tests . 41
13.3 Programming files and programming activities . 42
14 HPD aspects of installation, commissioning and operation . 42
15 Software tools for the development of HPDs . 42
15.1 General . 42
15.2 Additional requirements for design, implementation and simulation tools . 42
16 Design segmentation or partitioning. 43
16.1 Background . 43
16.2 Auxiliary or support functions . 43
16.2.1 General . 43
16.2.2 Partitioning of auxiliary or support functions of category other than A . 43
17 Defences against HPD Common Cause Failure . 44
17.1 Background . 44
17.2 Requirements . 44
Annex A (informative) Documentation . 45
Annex B (informative) Development of HPDs . 47
Bibliography . 52

Figure 1 – System life-cycle (informative, as defined by IEC 61513) . 15
Figure 2 – Development life-cycle of HPD . 16

---------------------- Page: 10 ----------------------

SIST EN 62566:2014
62566  IEC:2012 – 5 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________

NUCLEAR POWER PLANTS –
INSTRUMENTATION AND CONTROL IMPORTANT TO SAFETY –
DEVELOPMENT OF HDL-PROGRAMMED INTEGRATED CIRCUITS
FOR SYSTEMS PERFORMING CATEGORY A FUNCTIONS

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62566 has been prepared by subcommittee 45A: Instrumentation
and control of nuclear facilities, of IEC technical committee 45: Nuclear instrumentation.
The text of this Standard is based on the following documents:
FDIS Report on voting
45A/859/FDIS 45A/865/RVD

Full information on the voting for the approval of this Standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

---------------------- Page: 11 ----------------------

SIST EN 62566:2014
– 6 – 62566  IEC:2012
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.

---------------------- Page: 12 ----------------------

SIST EN 62566:2014
62566  IEC:2012 – 7 –
INTRODUCTION
a) Technical background, main issues and organisation of the Standard
The electronic systems of class 1 (according to IEC 61513) used in Nuclear Power Plants
(NPP) which are required in emergency situations, need to be fully validated and qualified
before being used in operation.
In traditional systems that are computer-based, a separation can be drawn between the
hardware and software portions. The hardware is mainly designed with standardised
components having pre-defined electronic functions such as microprocessors, timers or
network controllers, whereas software is used to coordinate the different parts of the
hardware and to implement the application functions.
Nowadays, I&C designers may build application functions directly in one integrated circuit
using devices such as FPGAs or similar technologies. The function of such an integrated
circuit is not defined by the supplier of the physical component or micro-electronic technology
but by the I&C designer.
The specific integrated circuits addressed by this Standard are:
1) based on pre-developed micro-electronic resources,
2) developed within an I&C project,
3) developed with Hardware Description Languages (HDL) and related tools used to
implement the requirements in a proper assembly of the pre-developed micro-electronic
resources.
Therefore these circuits are named “HDL-Programmed Devices”, (HPD). The HDL statements
which describe a HPD can include the instantiation of Pre-Developed Blocks (PDB) which are
typically provided as libraries, macros, or Intellectual Property cores.
HPDs can be effective solutions to implement functions required by an I&C project. However,
the verification and validation may be limited by issues such as high number of internal paths
and limited observability, if the HPD has not been developed with verifiability in mind.
In order to achieve the reliability required for safety I&C systems, the development of HPDs
shall comply with strict process and technical requirements such as those provided by this
Standard, including the specification of requirements, the selection of blank integrated circuits
and PDBs, the design and implementation, the verification, and the procedures for operation
and maintenance.
It is intended that this Standard be used by hardware designers, operators of NPPs (utilities),
and by regulators. Regulatory bodies will find guidance to assess important aspects such as
design, implementation, verification and validation of HPDs.
b) Situation of the current Standard in the structure of the IEC SC 45A Standard series
IEC 61513 is a first level IEC SC 45A document and gives guidance applicable to I&C at
system level. It is supplemented by guidance at hardware level (IEC 60987) and software
level (IEC 60880 and IEC 62138). IEC 62340 gives requirements in order to reduce and
overcome the possibility of common cause failure of category A functions.
IEC 62566 is a second level IEC SC 45A document which focuses on the activities when
HPDs are developed. It complements IEC 60987 which deals with the generic issues of
hardware design of computer based systems. It refers to IEC 60880 when issues identical to
that of software development are addressed.

---------------------- Page: 13 ----------------------

SIST EN 62566:2014
– 8 – 62566  IEC:2012
For more details on the structure of the IEC SC 45A Standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of the Standar
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.