Nuclear power plants - Control rooms - Design
Kernkraftwerke - Warten - Auslegung
Centrales nucléaires de puissance - Salles de commande - Conception
Jedrske elektrarne - Nadzorne sobe - Zasnova - Popravek AC
Standards Content (sample)
SIST EN IEC 60964:2019/AC:2019
Jedrske elektrarne - Nadzorne sobe - Zasnova - Popravek AC
Nuclear power plants - Control rooms - Design
Kernkraftwerke - Warten - Auslegung
Centrales nucléaires de puissance - Salles de commande - Conception
Ta slovenski standard je istoveten z: EN IEC 60964:2019/AC:2019-08
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
SIST EN IEC 60964:2019/AC:2019 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega sta...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
This May Also Interest You
• provides requirements and recommendations for the overall Electrical Power System. In
particular, it covers interruptible and uninterruptible Electrical Power Systems including
the systems supplying the I&C systems;
• is consistent and coherent with IEC 61513. Like IEC 61513, this document also highlights
the need for complete and precise requirements, derived from the plant safety goals.
Those requirements are prerequisites for generating the comprehensive requirements for
the overall Electrical Power System architecture, and for the electrical power supply subsystems;
• has to be considered in conjunction with and at the same level as IEC 61513. These two
standards provide a complete framework establishing general requirements for
instrumentation, control, and Electrical Power System for Nuclear Power Plants.
This document establishes:
• the high level specification and requirement to implement a suitable Electrical Power
System in a NPP that supports reactor systems important to safety. It also enables
electrical energy production providing the transmission grid with active and reactive power
and electro-mechanical inertia;
• the relationships between:
– the plant safety requirements and the architecture of the overall Electrical Power
System and its sub-systems (see Figure 1) including:
a) the contribution to the plant Defence in Depth;
b) the independency and redundancy provisions;
– the electrical requirements and the architecture of the Electrical Power System and its
– the functional requirements and the architecture of the Electrical Power System and its
– the requirements associated with the maintenance strategy and the architecture of the
Electrical Power System and its sub-systems;
• the design of Electrical power sub-systems (e.g. interruptible and uninterruptible);
• the requirements for supporting systems of Electrical Power System (HVAC, I&C, etc.);
• the Electrical Power System life-cycle framework.
This document does not cover the specification of:
• I&C systems;
• the transmission lines connecting to substations outside the NPP;
• electrical equipment requirements already defined in the industrial IEC standards;
• electrical power for security systems (e.g., fences, surveillance systems, entrance
• lighting and socket facility.
This document does not consider power production requirements.
- Standard91 pagesEnglish languagesale 10% offe-Library read for×1 day
- Draft91 pagesEnglish languagesale 10% offe-Library read for×1 day
This International Standard describes methods for establishing seismic qualification procedures
that will yield quantitative data to demonstrate that the equipment can meet its performance
requirements. This document is applicable to electrical, mechanical, instrumentation and control
equipment/components that are used in nuclear facilities. This document provides methods and
documentation requirements for seismic qualification of equipment to verify the equipment’s
ability to perform its specified performance requirements during and/or after specified seismic
demands. This document does not specify seismic demand or performance requirements. Other
aspects, relating to quality assurance, selection of equipment, and design and modification of
systems, are not part of this document. As seismic qualification is only a part of equipment
qualification, this document is used in conjunction with IEC/IEEE 60780-323.
The seismic qualification demonstrates equipment’s ability to perform its safety function(s)
during and/or after the time it is subjected to the forces resulting from at least one safe shutdown
earthquake (SSE/S2). This ability is demonstrated by taking into account, prior to the SSE/S2,
the ageing of equipment and the postulated occurrences of a given number of lower intensity
operating basis earthquake (OBE/S1). Ageing phenomena to be considered, if specified in the
design specification, are those which could increase the vulnerability of equipment to vibrations
caused by an SSE/S2.
- Standard85 pagesEnglish languagesale 10% offe-Library read for×1 day
- Draft85 pagesEnglish languagesale 10% offe-Library read for×1 day
This part of IEC 62566 provides requirements for achieving highly reliable HDL-Programmed
Devices (HPDs), for use in I&C systems of nuclear power plants performing functions of safety
category B or C as defined by IEC 61226.
The programming of HPDs relies on Hardware Description Languages (HDL) and related
software tools. They are typically based on blank Field Programmable Gate Arrays (FPGAs) or
similar micro-electronic technologies such as Programmable Logic Devices (PLD), Complex
Programmable Logic Devices (CPLDs), etc. General purpose integrated circuits such as
microprocessors are not HPDs. Annex B.8 provides descriptions of a number of different types
of integrated circuits.
This document provides requirements on:
a) a dedicated HPD life-cycle addressing each phase of the development of HPDs, including
specification of requirements, design, implementation, integration and validation, as well as
verification activities associated with each phase,
b) planning and complementary activities such as modification and production,
c) selection of pre-developed components. This includes micro-electronic technologies and
Pre-Developed Blocks (PDBs),
d) tools used to design, implement and verify HPDs.
This document does not put requirements on the development of the micro-electronic
technologies, which are usually available as "commercial off-the-shelf" items and are not
developed under nuclear quality assurance standards. It addresses the developments made
with these micro-electronic technologies in an I&C project with HDLs and related tools.
This document provides guidance to avoid as far as possible latent faults remaining in HPDs,
and to reduce the susceptibility to single failures as well as to potential Common Cause Failures
Reliability aspects related to environmental qualification and failures due to ageing or physical
degradation are not handled in this document. Other standards, especially IEC 60987,
IEC/IEEE 60780-323 and IEC 62342, address these topics.
This document does not cover cybersecurity for HDL aspects of I&C systems. IEC 62645
provides requirements for security programmes for I&C programmable digital systems.
This document provides guidance and requirements to produce verifiable HPD designs and
implementations requiring justification due for their role in carrying out category B or C safety
functions. This document describes the activities to develop HPDs, organized in the framework
of a dedicated life-cycle. It also describes activities and guidelines to be used in addition to the
requirements of IEC 61226 for system classification and IEC 61513 for system integration and
validation when HPDs are included.
- Standard61 pagesEnglish languagesale 10% offe-Library read for×1 day
IEC 62003:2020 establishes requirements for electromagnetic compatibility testing of instrumentation, control, and electrical equipment supplied for use in systems important to safety at nuclear power plants and other nuclear facilities. The document lists the applicable IEC standards (principally the IEC 61000 series) which define the general test methods, and provides the necessary application-specific parameters and criteria to ensure that nuclear safety requirements are met.
This second edition cancels and replaces the first edition published in 2009. This edition includes the following significant technical changes with respect to the previous edition:
a) title modified.
b) expand the scope to encompass Electromagnetic Magnetic Compatibility (EMC) considerations for electrical equipment.
c) provide guidance for addressing the use of wireless technology.
d) enhance the description of the electromagnetic environment to provide clarification when selecting custom test levels or for test exemptions.
e) include example information to be contained within an EMC test plan.
f) provide guidance for characterization of the electromagnetic environment at the point of installation within a nuclear facility.
- Standard42 pagesEnglish languagesale 10% offe-Library read for×1 day
This document provides a framework to manage the interactions between safety and
cybersecurity for nuclear power plant (NPP) systems, taking into account the current SC 45A
standards addressing these issues and the specifics of nuclear I&C programmable digital
NOTE In this document (as in IEC 62645), cybersecurity relates to prevention of, detection of, and reaction to
malicious acts perpetrated by digital means (cyberattacks). In this context, it does not cover considerations related
to non-malevolent actions and events such as accidental failures, natural events or human errors (except those
degrading cybersecurity). Those aspects are of course of prime importance but they are covered by other SC 45A
documents and standards, and are not considered as cybersecurity related in this document.
This document establishes requirements and guidance to:
– integrate cybersecurity provisions in nuclear I&C architectures and systems, which are
fundamentally tailored for safety;
– avoid potential conflicts between safety and cybersecurity provisions;
– aid the identification and the leveraging of the potential synergies between safety and
This document is intended to be used for designing new NPPs, or modernizing existing NPPs,
throughout I&C programmable digital systems lifecycle. It is also applicable for assessing the
coordination between safety and cybersecurity of existing plants. It may also be applicable to
other types of nuclear facilities.
This document addresses I&C programmable digital systems important to safety and I&C
programmable digital systems not important to safety. It does not address programmable
digital systems dedicated to site physical security, room access control and site security
This document is limited to I&C programmable digital systems of NPPs, including their on-site
maintenance and configuration tools.
Annex A provides a rationale for and comments about the scope definition and the document
application, in particular about the exclusions and limitations previously mentioned.
This document comprises three normative clauses:
• Clause 5 deals with the overall I&C architecture;
• Clause 6 focuses on the system level;
• Clause 7 deals with organizational and operational issues.
- Standard29 pagesEnglish languagesale 10% offe-Library read for×1 day
This document establishes requirements and provides guidance for the development and
management of effective computer security programmes for I&C programmable digital
systems. Inherent to these requirements and guidance is the criterion that the power plant
I&C programmable digital system security programme complies with the applicable country’s
This document defines adequate measures for the prevention of, detection of and reaction to
malicious acts by digital means (cyberattacks) on I&C programmable digital systems. This
includes any unsafe situation, equipment damage or plant performance degradation that could
result from such an act, such as:
– malicious modifications affecting system integrity;
– malicious interference with information, data or resources that could compromise the
delivery of or performance of the required I&C programmable digital functions;
– malicious interference with information, data or resources that could compromise operator
displays or lead to loss of management of I&C programmable digital systems;
– malicious changes to hardware, firmware or software at the programmable logic controller
Human errors leading to violation of the security policy and/or easing the aforementioned
malicious acts are also in the scope of this document.
This document describes a graded approach scheme for assets subject to digital compromise,
based on their relevance to the overall plant safety, availability, and equipment protection.
Excluded from the scope of this document are considerations related to:
– non-malevolent actions and events such as accidental failures, human errors (except
those impacting the performance of cybersecurity controls) and natural events. In
particular, good practices for managing applications and data, including back-up and
restoration related to accidental failure, are out of scope;
NOTE 1 Although such aspects are often covered by security programme in other normative contexts (e.g., in
the ISO/IEC 27000 series or in the IEC 62443 series), this document is only focused on the protection against
malicious acts by digital means (cyberattacks) on I&C programmable digital systems. The main reason is that
in the nuclear generation domain, other standards and practices already cover accidental failures,
unintentional human errors, natural events, etc. The focus of IEC 62645 is made to provide the maximum
consistency and the minimum overlap with these other nuclear standards and practices.
– site physical security, room access control and site security surveillance systems. These
systems, while not specifically addressed in this document, are to be covered by plant
operating procedures and programmes;
NOTE 2 This exclusion does not deny that cybersecurity has clear dependencies on the security of the
physical environment (e.g., physical protection, power delivery systems, heating/ventilation/air-conditioning
systems (HVAC), etc.).
– the aspect of confidentiality of information about I&C digital programmable systems is out
of the scope of this document (see 18.104.22.168.3).
Annex A provides a rationale for and comments about the scope, definition and the
document's application, and in particular about the exclusions and limitations previously
Standards such as ISO/IEC 27001 and ISO/IEC 27002 are not directly applicable to the cyber
protection of nuclear I&C programmable digital systems. This is mainly due to the specificities
of these systems, including the regulatory and safety requirements inherent to nuclear
facilities. However, this document builds upon the valid high level principles and main
concepts of ISO/IEC 27001:2013, adapts them and completes them to fit the nuclear context.
This document follows the general principles given in the IAEA reference manual NSS17.
- Standard56 pagesEnglish languagesale 10% offe-Library read for×1 day
This document specifies the performance and the functional characteristics of the low voltage
static uninterruptible power supply (SUPS) systems in a nuclear power plant and, for
applicable parts, in general for nuclear facilities. An uninterruptible power supply is an
electrical equipment which draws electrical energy from a source, stores it and maintains
supply in a specified form by means inside the equipment to output terminals. A static
uninterruptible power supply (SUPS) has no rotating parts to perform its functions.
The specific design requirements for the components of the power supply system are covered
by IEC standards and standards listed in the normative references and are otherwise outside
the scope of this document.
- Standard37 pagesEnglish languagesale 10% offe-Library read for×1 day
This document specifies requirements for the software of computer-based instrumentation and
control (I&C) systems performing functions of safety category B or C as defined by
IEC 61226. It complements IEC 60880 which provides requirements for the software of
computer-based I&C systems performing functions of safety category A.
It is consistent with, and complementary to, IEC 61513. Activities that are mainly system level
activities (for example, integration, validation and installation) are not addressed exhaustively
by this document: requirements that are not specific to software are deferred to IEC 61513.
The link between functions categories and system classes is given in IEC 61513. Since a
given safety-classified I&C system may perform functions of different safety categories and
even non safety-classified functions, the requirements of this document are attached to the
safety class of the I&C system (class 2 or class 3).
This document is not intended to be used as a general-purpose software engineering guide. It
applies to the software of I&C systems of safety classes 2 or 3 for new nuclear power plants
as well as to I&C upgrading or back-fitting of existing plants.
For existing plants, only a subset of requirements is applicable and this subset has to be
identified at the beginning of any project.
The purpose of the guidance provided by this document is to reduce, as far as possible, the
potential for latent software faults to cause system failures, either due to single software
failures or multiple software failures (i.e. Common Cause Failures due to software).
This document does not explicitly address how to protect software against those threats
arising from malicious attacks, i.e. cybersecurity, for computer-based systems. IEC 62645
provides requirements for security programmes for computer-based systems.
- Standard55 pagesEnglish languagesale 10% offe-Library read for×1 day
This International Standard provides strategies, technical requirements, and recommended
practices for the management of normal ageing of cabling systems that are important to
safety in nuclear power plants. The main requirements are presented in the body of this
International Standard followed by a number of informative annexes with examples of cable
testing techniques, procedures, and equipment that are available for the nuclear industry to
use to ensure that ageing degradation will not impact plant safety.
This International Standard covers cables and their accessories (e.g., connectors) installed in
nuclear power plants (inside and outside the containment). It provides requirements to
perform cable testing for the purposes of predictive maintenance, troubleshooting, ageing
management, and assurance of plant safety. It is concerned with Instrumentation and Control
(I&C) cables, signal cables, and power cables of voltages less than 1 kV. More specifically,
this International Standard focuses on in-situ testing techniques that have been established
for determining problems in cable conductors (i.e., copper wire) and, to a lesser extent, on
insulation material (i.e., polymer). It follows the IEC 62342 standard on “Management of
Ageing” that was prepared to provide general guidelines for management of ageing of I&C
components in nuclear power plants, including cables. It should be pointed out that cable
testing technologies are evolving and new methods are becoming available that are not
covered in this International Standard. More specifically, this International Standard covers
typical cable testing methods that have been in use in the nuclear power industry over the last
decade. It should also be pointed out that a single cable testing technique is unlikely to
provide conclusive results, and a reliable diagnosis normally requires a combination of
- Standard35 pagesEnglish languagesale 10% offe-Library read for×1 day
This document is applicable to nuclear power plant instrumentation and control (I&C) and
electrical systems and equipment, whose functions are required to be independent due to
their contribution to:
• a redundant or diverse safety group;
• different defence in depth levels;
• different safety classes and also with non-classified (NC) systems.
It is also applicable to temporary installations which are part of those I&C and electrical
systems important to safety (for example, auxiliary equipment for commissioning tests and
experiments or mobile power supply systems). Clause 7 is intended particularly for electrical
isolation, Clause 8 is intended particularly for the cabling and the arrangement of equipment
of I&C and electrical systems important to safety.
This document applies to I&C and electrical systems of new nuclear power plants and to I&C
and electrical upgrading or back-fitting of existing plants. For existing plants see 1.2 and 5.4.
Where independence is required by general safety standards such as IAEA safety guides,
IEC 61513 (for I&C), IEC 63046 (for electrical systems) and other project constraints, one
aspect of achieving this independence is physical separation and electrical isolation between
the systems and their equipment that perform safety functions. This document defines the
assessments needed and the technical requirements to be met for I&C and electrical systems,
equipment or cables for which separation is required. Those means are to achieve adequate
physical separation and electrical isolation between redundant sections of a system and
between a higher and lower class systems. This separation is needed to prevent or minimise
the impact on safety that could result from faults and failures which could be propagated or
affect several sections of a system or several systems.
The requirements for functions, and their associated systems and equipment, to be
independent are normally defined in detail in the project documentation; the method of
determining and defining these requirements is not the subject of this document.
Following IAEA SSR-2/1 Requirement 21, separation means by physical separation, electrical
isolation, functional independence and independence of communication are considered. In
this document physical separation and electrical isolation are treated. Functional
independence and independence of communication are not considered in this document.
More details referring to functional independence, independence from control systems and
independence of communication are given in Annex D.
- Standard50 pagesEnglish languagesale 10% offe-Library read for×1 day