BS IEC 61226:2009 pdf download – Nuclear power plants – Instrumentation and control important to safety – Classification of instrumentation and control functions
5.2 Background The principle of defence in depth is firmly established in the safety design basis of nuclear power plants. The fundamental idea is that there should be several layers or echelons of defence in the prevention of unsafe conditions, and that the prevention of unsafe conditions, before mitigation is required, is always to be preferred. Because of the large number of functions that are required to operate and keep safe a NPP, a number that increases with the principle of defence in depth, it is important that the significance to safety of each function is known. IAEA safety standard series NS-R-1 establishes the idea of classification of NPP systems according to their importance to safety, and gives examples of the classification of the major systems of several types of NPP. All structures, systems and components, including software for instrumentation and control (I&C), that are items important to safety, shall be first identified and then classified on the basis of their function and significance with regard to safety. They shall be designed, constructed and maintained such that their quality and reliability is commensurate with this classification. The IAEA safety guide NS-G-1 .3 gives guidance on the classification of systems according to the importance to safety of the functions they perform. It introduces time factors such as
– the duration that the I&C system is needed once it has been initiated;
– the time for which alternative actions can be taken; –
the timeliness by which hidden faults can be detected and remedied. This standard extends the classification strategy presented in IAEA Safety Guide NS-G-1 .3, and establishes the criteria and methods to be used to assign the I&C functions of a NPP to one of the three categories A, B and C, depending on their importance to safety, or to an unclassified category for functions with no direct safety role. I&C functions falling within the boundary of the safety systems will generally be assigned to category A or B. I&C functions defined as safety related will generally be assigned to categories B or C. The safety importance of, and the corresponding requirements placed on, parts of the safety systems and safety related I&C systems will differ, so that it is appropriate to assign them to different safety classes. Some I&C systems can have a significant effect on safety and therefore require appropriate attention. Other I&C systems have intermediate, low, or no significance to safety. They have correspondingly less stringent requirements for ensuring system performance and safety justification, and therefore have different technical requirements. National application of the principles and criteria of this standard may assign differing nomenclature to categories A, B and C. The national application shall be according to the principles, criteria and associated requirements given in this standard. This shall involve establishing and documenting an appropriate correspondence to the categories defined.
5.3 Description of categories
5.3.1 General I&C systems in NPPs perform functions with different levels of importance to safety. The importance to safety of each I&C function depends upon its role in achieving and maintaining safety, the potential consequence of failure of the function to operate when required, and the probability of these consequences. Therefore, an initial safety analysis of the specific NPP design is required to be completed prior to the classification of the I&C functions. The severity of the potential consequences in the case of a postulated failure of an I&C function, defines the level of assurance that is required for the various attributes of the systems and equipment which deliver the function, most notably that of functionality, performance and reliability.