iaea_presentation_lux

8/7/2019 IAEA_presentation_Lux

1/22

HAEA NSD

Challenges for regulators in licensing

I&C systems

I. Lux, K. Tth, K. Hamar

Hungarian Atomic Energy Authority

TM on Implementing and Licensing Digital I&C Systems and Equipment in NPPs

Espoo, 22-25 November 2005.


2/22

2/22

HAEA NSDContents

References (2)

Safety classification of I&C

I&C requirements for safety m.

Ageing and failure (2) Basic licensing conditions

Licensing (5)

The Paks NPP RPS story in

brief (6)

The first DI&C


3/22

3/22

HAEA NSDReferred publications (1/2)

B. Wahlstrm and O. Glckler: Challenges in implementing andlicensing digital I&C, IAEA TM, 13-16.09.2005

Modernization of instrumentation and control in nuclear power plants,TECDOC-1016, IAEA (1998)

Specification of requirements for upgrades using digital instrument and

control systems, TECDOC-1066, IAEA (1999) Management of ageing of I&C in nuclear power plants, TECDOC-

1147, IAEA (2000)

Verification and Validation of Software Related to Nuclear Power PlantInstrumentation and Control, TRS-384. IAEA (1999)

Modern Instrumentation and Control for Nuclear Power Plants: AGuidebook, TRS-387, IAEA (1999)

Quality assurance for software important to safety, TRS-397, IAEA(2000)


4/22


5/22

5/22

HAEA NSDSafety classification of I&C components

Hungary ABOS 2 ABOS 3 Unclassified

Management of Life Cycle and Ageing at Nuclear Power

Plants: Improved I&C Maintenance TECDOC-1402, IAEA

(2004)

Graded approach

SCS: protection, actuation

SRS: important but not SCS

National variations of intntl.standards

Classification vs.Categorization

1: may affect on design basis

2: change in SRS or operation

3: minor modifications

Modifications to Nuclear Power Plants,

NS-G-2.3, IAEA (2001)


6/22

6/22

HAEA NSDBreakdown of plant safety equipment

Management of Life Cycle and Ageing at Nuclear Power

Plants: Improved I&C Maintenance TECDOC-1402, IAEA

(2004)

Modern Instrumentation and Control for Nuclear

Power Plants: A Guidebook, TRS-387, IAEA (1999)

Paks NPPRPS cntrl

panel


7/22

7/22

HAEA NSDI&C requirements for safety management

Defense in depth Diversity

Redundancy

CCF protection

Single Failure Criterion

Environmental conditions

Self-checking&-testing

HMI

Simplicity in design

Security

Fail-safe, fault tolerant

Barriers and levels of protection

Safety Culture Testability

Maintainability QA

Managing Modernization of NPP I&C

Systems, TECDOC-138, IAEA (2004)

Software for Computer Based Systems Important to Safety in NPPs , NS-G-1.1, IAEA (2000)

TRS-387

Conflicts with almost all other requirements

Redundancy does not protect against sw CMF!


8/22

8/22

HAEA NSDAgeing & failure (1/2)

Failure rates of electronic components

Lifetime of electronic components

Managem

entofageingofI&Cinnuclearpowerplants,

TECDOC-1147,

IAEA(

2000)

Solutions for cost effective assessment of software based

instrumentation and control systems in nuclear power

plants, TECDOC-1328, IAEA (2002):

Advances in DI&C is so rapid that

product lifetime < time for licensing


9/22

9/22

HAEA NSD

Ageing & failure (2/2)

Failure modes: dominantly

deterministic, not stochastic

CCF due to specification or

design

Environmental influences

Maintenance and modifications

Unauthorized accessManagement of ageing of I&C in nuclear power plants,

TECDOC-1147, IAEA (2000)

Maintenance strategies

Harmonization of the licensing process for DI&C

systems in NPPs, TECDOC-1327, IAEA (2002)

The technology has unfairly been blamed for problems that have arisen

from unsatisfactory specifications or flowed engineering processes


10/22

10/22

HAEA NSDBasic licensing conditions

Solutions for cost effective assessment of software based instrumentation and control

systems in nuclear power plants, TECDOC-1328, IAEA (2002):

Regulatory requirements:

Clearly defined standards

Consistent approach and policy

Sufficient competence and resources (NS-G-1.1)

Licensee-regulator co-operation requirements:

Confidence building

Clear co-operation rules Early contacting and interactions


11/22

11/22

HAEA NSDLicensing (1/5)

Advantages of DI&C:

Improved accuracy

No drift Correlation of data

possible

Storage possibility

Diagnostics, correction

Improved HMITeleperm XS representative configuration at

the Paks NPP

Harmonization of the licensing process for DI&C

systems in NPPs, TECDOC-1327, IAEA (2002)


12/22

12/22


Disadvantages of DI&C:

More possible op. states

Higher complexity higher

prob. of errors undetected

Increased possibility of failedor unintended functions

Practically impossible todemonstrate the absence of

sw errors

Not easy to use risk-informedtools

VERONA core monitoring system at the

Paks NPP

Difficult to agree upon adequate evidences of correct functioning


13/22

13/22


Licensing issues:

Requirement specifications are very important

Suggested to separate the I&C platform and

the application

Configuration management system needed

Future maintenance and changes should be

addressed

Harmonization of licensing requirements is

suggested

Harmonization of the licensing process for DI&C systems in NPPs, TECDOC-1327, IAEA (2002)

The nuclear industry has reached a point where it is no longer practicaljust to produce more documents on how to license DI&C. The challenge

now lies in reducing the documents to a set, which is structured and can

give true support

CSFM of the Paks NPP


14/22


15/22

15/22


Local regulatory environment is to be reviewed

To identify legal requirements applicable to the target I&C

To reveal differences in licensing the new and the originalsystems

Special considerations to

Missing legislative provisions

Conflicts between national and international standards

Contradicting requirements due to co-existence of old andnew

Additional RB requirements

Modernization of instrumentation and control in nuclear power plants, TECDOC-1016, IAEA (1998)


16/22


17/22


18/22


19/22

19/22

HAEA NSDThe Paks NPP RPS story (4/6)

Representative configuration installed at the full scopesimulator (hw in the loop) (1998)

License for implementation (1999-2002) Two for each unit:

pre-mounting license installation without connecting

modification license dismounting of old, installation, connection,operation

Modernization of sensors and actuators

Modification of related I&C neutron flux, cabling, turbinecontroller, diesel controller

New sw development tools for unit No. 4

License for operation After 3 months of testing operation (independent FAT)

For 1 year, then renewed


20/22

20/22


Operating experiences

No sw error whilecommissioning

Slightly differing unit wise

realizations unification in2003

Modifications: elimination ofminor errors, better technicalsolutions, extension offunctionality

Experiences are favorable,the PR functions properly


21/22

21/22


Specification error (DFD correction needed) 3

Random HW error (power supplier errors in this set: 4) 10

Recurrent HW error (first occurance random, DC power supplier error) 3

Systematic or CCF HW error 1

Application SW bug 2

High load on safety related (non safety) Ethernet bus 1

Measurement anomaly, no cause identified 1

Loss of telegram (due to asyncron behaviour) 1

Error log, but no cause identified 1

Non-recurrent phenomena, had no effect to log files 1

Sensor error 17

Human error , caused value lead to RPS actuation 2

Gateway and Service Unit (recurrent error is 1 error) 3

Error/failure statistics for 1999-2001 (3 years, 4 units)

(Version change, testing)


22/22

22/22

HAEA NSD

THANK YOU FOR YOUR ATTENTION!

iaea_presentation_lux

Documents