Nuclear power plants - Instrumentation and control important to safety - Hardware design requirements for computer-based systems

Is applicable to computer-system hardware for systems of Class 1 and 2 (as defined by IEC 61513) in nuclear power plants. This new edition reflects recent developments in computer system hardware design, the use of pre-developed hardware and changes in terminology.

Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung - Anforderungen an die Hardware-Auslegung rechnerbasierter Systeme

Centrales nucléaires de puissance - Instrumentation et contrôle-commande importants pour la sûreté - Exigences applicables à la conception du matériel des systèmes informatisés

Est applicable au matériel des systèmes informatisés des centrales nucléaires de puissance de Classes 1 et 2 (telles que définies dans la CEI 61513). Cette nouvelle édition tient compte des développements récemment survenus dans le domaine de la conception du matériel des systèmes informatisés, l'utilisation de matériels prédéveloppés commercialement disponibles sur étagère et l'évolution de la terminologie.

Jedrske elektrarne - Merilna in nadzorna oprema za zagotavljanje varnosti - Zahteve za načrtovanje strojne opreme računalniških sistemov

Standard se uporablja za strojno opremo računalniških sistemov za sisteme razredov 1 in 2 (kot je opredeljeno v standardu IEC 61513) v jedrskih elektrarnah. V to novo izdajo so vključeni nedavni dosežki pri načrtovanju strojne opreme računalniških sistemov, uporaba vnaprej razvite strojne opreme in spremembe v terminologiji.

General Information

Status
Published
Publication Date
13-Aug-2015
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
27-Jul-2015
Due Date
01-Oct-2015
Completion Date
14-Aug-2015

RELATIONS

Buy Standard

Standard
SIST EN 60987:2015 - BARVE na PDF-strani 8,9,15,16,29-35
English language
40 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung - Anforderungen an die Hardware-Auslegung rechnerbasierter SystemeCentrales nucléaires de puissance - Instrumentation et contrôle-commande importants pour la sûreté - Exigences applicables à la conception du matériel des systèmes informatisésNuclear power plants - Instrumentation and control important to safety - Hardware design requirements for computer-based systems27.120.20Jedrske elektrarne. VarnostNuclear power plants. SafetyICS:Ta slovenski standard je istoveten z:EN 60987:2015SIST EN 60987:2015en01-september-2015SIST EN 60987:2015SLOVENSKI

STANDARDSIST EN 60987:20101DGRPHãþD
SIST EN 60987:2015
EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM
EN 60987
February 2015 ICS 27.120.20 Supersedes EN 60987:2009
English Version

Nuclear power plants - Instrumentation and control important to safety - Hardware design requirements for computer-based systems (IEC 60987:2007 + A1:2013)

Centrales nucléaires de puissance - Instrumentation et contrôle-commande importants pour la sûreté - Exigences applicables à la conception du matériel des systèmes informatisés (IEC 60987:2007 + A1:2013)

Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung - Anforderungen an die Hardware-Auslegung rechnerbasierter Systeme (IEC 60987:2007 + A1:2013) This European Standard was approved by CENELEC on 2015-02-16. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. European Committee for Electrotechnical Standardization

Comité Européen de Normalisation Electrotechnique Europäisches Komitee für Elektrotechnische Normung CEN-CENELEC Management Centre: Avenue Marnix 17,

B-1000 Brussels © 2015 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.

Ref. No. EN 60987:2015 E SIST EN 60987:2015

EN 60987:2015 - 2 - Foreword This document (EN 60987:2015) consists of the text of IEC 60987:2007 + A1:2013 prepared by SC 45A “Instrumentation, control and electrical systems of nuclear facilities” of IEC/TC 45 “Nuclear instrumentation".

The following dates are fixed:

• latest date by which the document has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2016-02-16 • latest date by which the national standards conflicting with the document have to be withdrawn (dow) 2018-02-16

This document supersedes EN 60987:2009.

As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member States are not prevented from taking more stringent safety measures in the subject-matter covered by the Directive, in compliance with Community law. In a similar manner, this European standard does not prevent Member States from taking more stringent nuclear safety measures in the subject-matter covered by this standard.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such patent rights.

Endorsement notice The text of the International Standard IEC 60987:2007 + A1:2013 was approved by CENELEC as a European Standard without any modification.

In the official version, for Bibliography, the following note has to be added for the standard indicated:

IEC 61226 NOTE Harmonized as EN 61226. SIST EN 60987:2015
- 3 - EN 60987:2015 Annex ZA (normative)

Normative references to international publications with their corresponding European publications

The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant EN/HD applies.

NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here: www.cenelec.eu

Publication Year Title EN/HD Year
IEC 60780 -

Nuclear power plants - Electrical equipment of the safety system - Qualification - -

IEC 60812 -

Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA) EN 60812 -

IEC 60880 -
Nuclear power plants - Instrumentation

and control systems important to safety - Software aspects for computer-based systems performing category A functions EN 60880 -

IEC 61000 Series
Electromagnetic compatibility (EMC) EN 61000 Series
IEC 61025 -
Fault Tree Analysis (FTA) EN 61025 -
IEC 61513 20011) Nuclear power plants - Instrumentation

and control for systems important to safety - General requirements for systems - -

IEC 62138 -
Nuclear power plants - Instrumentation

and control important for safety - Software aspects for computer-based systems performing category B or C functions EN 62138 -

IEC 62671 -
Nuclear power plants - Instrumentation

and control important to safety - Selection and use of industrial digital devices of limited functionality - -

ISO 2768-1 -
General tolerances -

Part 1: Tolerances for linear and angular dimensions without individual tolerance indications EN 22768-1 -

ISO 2768-2 -
General tolerances -

Part 2: Geometrical tolerances for features without individual tolerance indications EN 22768-2 -

1) Superseded by IEC 61513:2011. SIST EN 60987:2015
EN 60987:2015 - 4 - Publication Year Title EN/HD Year
ISO 3951-1 -
Sampling procedures for inspection
by variables -

Part 1: Specification for single sampling plans indexed by acceptance quality limit (AQL) for lot-by-lot inspection for a single quality characteristic and a single AQL - -

ISO 3951-2 -
Sampling procedures for inspection
by variables -

Part 2: General specification for single sampling plans indexed by acceptance quality limit (AQL) for lot-by-lot inspection of independent quality characteristics - -

ISO 9001 -
Quality management systems - Requirements EN ISO 9001 -
IAEA guide
NS-G-1.3 -
Instrumentation and control systems important to safety in nuclear power
plants - -

IAEA 50-C/SG-Q 1996 Quality assurance for safety in nuclear power plants and other nuclear installations - -

SIST EN 60987:2015

IEC 60987 Edition 2.1 2013-02 INTERNATIONAL STANDARD NORME INTERNATIONALE Nuclear power plants – Instrumentation and control important to safety – Hardware design requirements for computer-based systems

Centrales nucléaires de puissance – Instrumentation et contrôle-commande importants pour la sûreté – Exigences applicables à la conception du matériel des systèmes informatisés

INTERNATIONAL ELECTROTECHNICAL COMMISSION COMMISSION ELECTROTECHNIQUE INTERNATIONALE ICS 27.120.20 ISBN 978-2-8322-0674-4

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale ®

Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé. SIST EN 60987:2015 colourinside

– 2 – 60987  IEC:2007+A1:2013 CONTENTS FOREWORD ........................................................................................................................... 4 INTRODUCTION ..................................................................................................................... 6

1 Scope ............................................................................................................................... 8 1.1 General ................................................................................................................... 8 1.2 Use of this standard for pre-developed (for example, COTS)

hardware assessment.............................................................................................. 8 1.3 Applicability of this standard to programmable logic devices development ............... 9 2 Normative references ....................................................................................................... 9 3 Terms and definitions ..................................................................................................... 10 4 Project structure ............................................................................................................. 12 4.1 General ................................................................................................................. 12 4.2 Project subdivision ................................................................................................ 12 4.3 Quality assurance ................................................................................................. 13 5 Hardware requirements .................................................................................................. 13 5.1 General ................................................................................................................. 13 5.2 Functional and performance requirements ............................................................. 14 5.3 Reliability/Availability requirements ....................................................................... 15 5.4 Environmental withstand requirements .................................................................. 16 5.5 Documentation requirements ................................................................................. 17 6 Design and development ................................................................................................ 17 6.1 General ................................................................................................................. 17 6.2 Design activities .................................................................................................... 17 6.3 Reliability .............................................................................................................. 18 6.4 Maintenance .......................................................................................................... 19 6.5 Interfaces .............................................................................................................. 19 6.6 Modification ........................................................................................................... 19 6.7 Power failure ......................................................................................................... 19 6.8 Component selection ............................................................................................. 19 6.9 Design documentation ........................................................................................... 19 7 Verification and validation .............................................................................................. 20 7.1 General ................................................................................................................. 20 7.2 Verification plan .................................................................................................... 20 7.3 Independence of verification .................................................................................. 21 7.4 Methods ................................................................................................................ 21 7.5 Documentation ...................................................................................................... 22 7.6 Discrepancies........................................................................................................ 22 7.7 Changes and modifications ................................................................................... 22 7.8 Installation verification ........................................................................................... 22 7.9 Validation .............................................................................................................. 22 7.10 Verification of pre-existing equipment platforms .................................................... 22 8 Qualification ................................................................................................................... 23 9 Manufacturing ................................................................................................................ 23 9.1 Quality assurance ................................................................................................. 23 9.2 Training of personnel............................................................................................. 24 SIST EN 60987:2015

60987  IEC:2007+A1:2013 – 3 – 9.3 Planning and organisation of the manufacturing activities. ..................................... 24 9.4 Input data .............................................................................................................. 25 9.5 Purchasing and procurement ................................................................................. 25 9.6 Production ............................................................................................................. 27 10 Installation and commissioning ....................................................................................... 29 11 Maintenance ................................................................................................................... 30 11.1 Maintenance requirements .................................................................................... 30 11.2 Failure data ........................................................................................................... 31 11.3 Maintenance documentation .................................................................................. 32 12 Modification .................................................................................................................... 32 13 Operation ....................................................................................................................... 32

Annex A (informative)

Overview of system life cycle ............................................................ 33 Annex B (informative)

Outline of qualification ....................................................................... 34 Annex C (informative)

Example of maintenance procedure .................................................. 35

Bibliography .......................................................................................................................... 36

SIST EN 60987:2015

– 4 – 60987  IEC:2007+A1:2013 INTERNATIONAL ELECTROTECHNICAL COMMISSION ____________

NUCLEAR POWER PLANTS –
INSTRUMENTATION AND CONTROL
IMPORTANT TO SAFETY – HARDWARE DESIGN REQUIREMENTS
FOR COMPUTER-BASED SYSTEMS

FOREWORD 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and in addition to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international consensus of opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees.

3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications transparently to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the latest edition of this publication. 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications.

8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for the correct application of this publication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights.

This consolidated version of IEC 60987 consists of the second edition (2007) [documents 45A/662/FDIS and 45A/666/RVD] and its amendment 1 (2013) [documents 45A/897/FDIS and 45A/906/RVD]. It bears the edition number 2.1. The technical content is therefore identical to the base edition and its amendment and has been prepared for user convenience. A vertical line in the margin shows where the base publication has been modified by amendment 1. Additions and deletions are displayed in red, with deletions being struck through. SIST EN 60987:2015

60987  IEC:2007+A1:2013 – 5 – International Standard IEC 60987 has been prepared by subcommittee 45A: Instrumentation and control of nuclear facilities, of IEC technical committee 45: Nuclear instrumentation. This edition includes the following significant technical changes with respect to the previous edition: • account has been taken of the fact that computer design engineering techniques have advanced significantly in the intervening years; • update of the format to align with the current IEC/ISO directives on the style of standards; • alignment of the standard with the new revisions of IAEA documents NS-R-1 and NS-G-1.3, which includes as far as possible an adaptation of the definitions; • replacement, as far as possible, of the requirements associated with standards published since the first edition, especially IEC 61513, IEC 60880, edition 2, and IEC 62138; • review of the existing requirements and

updating of the terminology and definitions. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. The committee has decided that the contents of the base publication and its amendments will remain unchanged until the stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data related to the specific publication. At this date, the publication will be

• reconfirmed, • withdrawn, • replaced by a revised edition, or • amended.

IMPORTANT – The “colour inside” logo on the cover page of this publication indicates that it contains colours which are considered to be useful for the correct understanding of its contents. Users should therefore print this publication using a colour printer.

SIST EN 60987:2015

– 6 – 60987  IEC:2007+A1:2013 INTRODUCTION a) Technical background, main issues and organization of the standard The basic principles for the design of nuclear instrumentation, as specifically applied to the safety systems of nuclear power plants, were first interpreted in nuclear standards with reference to hardwired systems in IAEA Safety Guide 50-SG-D3 which has been superseded by IAEA Guide NS-G-1.3. IEC 60987 was first issued in 1989 to cover the hardware aspects of digital systems design for systems important to safety, i.e. safety systems and safety-related systems. Although many of the requirements within the original issue continue to be relevant, there were significant factors which justified the development of this revised edition of IEC 60987, in particular: – a new standard has been produced which addresses in detail the general requirements for nuclear systems important to safety (IEC 61513); – the use of pre-developed system platforms, rather than bespoke developments, has increased significantly. b) Situation of the current standard in the structure of the IEC SC 45A standard series The first-level IEC SC 45A standard for computer-based systems important to safety in nuclear power plants (NPPs) is IEC 61513. IEC 60987 is a second-level IEC SC 45A standard which addresses the generic issue of hardware design of computerized systems. IEC 60880 and IEC 62138 are second-level standards which together cover the software aspects of computer-based systems used to perform functions important to safety in NPPs. IEC 60880 and IEC 62138 make direct reference to IEC 60987 for hardware design.

The requirements of IEC 60780 for equipment qualification are referenced within IEC 60987. For modules to be used in the design of a specific system important to safety, relevant and auditable operating experience from nuclear or other applications as described in IEC 60780, in combination with the application of rigorous quality assurance programmes, may be an acceptable method of qualification. For more details on the structure of the SC 45A standard series, see item d) of this introduction. c) Recommendations and limitations regarding the application of the standard It is important to note that this standard establishes no additional functional requirements for Class 1 or Class 2 systems (see IEC 61513 for system classification requirements). Aspects for which special recommendations have been produced (so as to assure the production of

highly reliable systems), are: – a general approach to computing hardware development; – a general approach to hardware verification and to the hardware aspects of computer system validation. SIST EN 60987:2015

60987  IEC:2007+A1:2013 – 7 – It is recognized that computer technology is continuing to develop and that it is not possible for a standard such as this to include references to all modern design technologies and techniques. To ensure that the standard will continue to be relevant in future years the emphasis has been placed on issues of principle, rather than specific hardware design technologies. If new design techniques are developed then it should be possible to assess the suitability of such techniques by adapting and applying the design principles contained within this standard. The scope of this standard covers digital systems hardware for Class 1 and Class 2 systems. This includes multiprocessor distributed systems and single processor systems; it covers the assessment and use of pre-developed items, for example, commercial off-the-shelf items (COTS), and the development of new hardware. d) Description of the structure of the SC 45A standard series and relationships with other IEC, IAEA and ISO documents

The top-level document of the IEC SC 45A standard series is IEC 61513. It provides general requirements for I&C systems and equipment that are used to perform functions important to safety in NPPs. IEC 61513 structures the IEC SC 45A standard series.

IEC 61513 refers direct to other IEC SC 45A standards for general topics related to categorization of functions and classification of systems, qualification, separation of systems, defence against common-cause failure, software aspects of computer-based systems, hardware aspects of computer-based systems, and control room design. The standards referenced direct at this second level should be considered together with IEC 61513 as a consistent document set. At a third level, IEC SC 45A standards not referenced direct by IEC 61513 are standards related to specific equipment, technical methods, or specific activities. Usually these documents, which make reference to second-level documents for general topics, can be used on their own. A fourth level extending the IEC SC 45A standard series, corresponds to technical reports which are not normative documents. IEC 61513 has adopted a presentation format similar to the basic safety publication IEC 61508 with an overall safety life-cycle framework and a system life-cycle framework and provides an interpretation of the general requirements of IEC 61508-1, IEC 61508-2 and IEC 61508-4, for the nuclear application sector. Compliance with IEC 61513 will facilitate consistency with the requirements of IEC 61508 as they have been interpreted for the nuclear industry. In this framework, IEC 60880 and IEC 62138 correspond to IEC 61508-3 for the nuclear application sector. IEC 61513 refers to ISO 9001 as well as to IAEA 50-C-QA (now replaced by IAEA 50-C/SG-Q) for topics related to quality assurance (QA). The IEC SC 45A standards series consistently implements and details the principles and basic safety aspects provided in the IAEA Code on the safety of NPPs and in the IAEA safety series, in particular the requirements of NS-R-1, establishing safety requirements related to the design of NPPs, and Safety Guide NS-G-1.3 dealing with instrumentation and control systems important to safety in NPPs. The terminology and definitions used by SC 45A standards are consistent with those used by the IAEA. SIST EN 60987:2015

– 8 – 60987  IEC:2007+A1:2013 NUCLEAR POWER PLANTS –
INSTRUMENTATION AND CONTROL
IMPORTANT TO SAFETY – HARDWARE DESIGN REQUIREMENTS
FOR COMPUTER-BASED SYSTEMS

1 Scope 1.1 General This International Standard is applicable to NPP computer-system hardware for systems of Class 1 and 2 (as defined by IEC 61513). The structure of this standard has not changed significantly from the original 1989 issue; however, some issues are now covered by standards which have been issued in the interim (for example, IEC 61513 for system architecture design) and references to new standards have been provided where applicable. The text of the standard has also been modified to reflect developments in computer system hardware design, the use of pre-developed (for example, COTS) hardware and changes in terminology. Computer hardware facilities used for software loading and checking are not considered to form an intrinsic part of a system important to safety and, as such, are outside the scope of this standard. NOTE 1 Class 3 computer-system hardware is not addressed by this standard, and it is recommended that such systems should be developed to commercial grade standards.

NOTE 2 In 2006 the development of a new standard to address hardware requirements for “very complex” hardware was discussed within IEC SC 45A. If such a standard is developed then that standard would be used for the development of “very complex” hardware in preference to IEC 60987.

1.2 Use of this standard for pre-developed (for example, COTS) hardware assessment Although the primary aim of this standard is to address aspects of new hardware development, the processes defined within this standard may also be used to guide the assessment and use of pre-developed hardware, such as COTS hardware. Guidance has been provided in the text concerning the interpretation of the requirements of this standard when used for the assessment of such components. In particular, the quality assurance requirements of 4.3, concerning configuration control, apply. Pre-developed components may contain firmware (as defined in 3.8), and, where firmware software is deeply imbedded, and effectively “transparent” to the user, then IEC 60987 should be used to guide the assessment process for such components. An example of where this approach is considered appropriate is in the assessment of modern processors which contain a microcode. Such a code is generally an integral part of the “hardware”, and it is therefore appropriate for the processor (including the microcode) to be assessed as an integrated hardware component using this standard.

Software which is not firmware, as describ
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.