iaea_presentation_lux
TRANSCRIPT
-
8/7/2019 IAEA_presentation_Lux
1/22
HAEA NSD
Challenges for regulators in licensing
I&C systems
I. Lux, K. Tth, K. Hamar
Hungarian Atomic Energy Authority
TM on Implementing and Licensing Digital I&C Systems and Equipment in NPPs
Espoo, 22-25 November 2005.
-
8/7/2019 IAEA_presentation_Lux
2/22
2/22
HAEA NSDContents
References (2)
Safety classification of I&C
I&C requirements for safety m.
Ageing and failure (2) Basic licensing conditions
Licensing (5)
The Paks NPP RPS story in
brief (6)
The first DI&C
-
8/7/2019 IAEA_presentation_Lux
3/22
3/22
HAEA NSDReferred publications (1/2)
B. Wahlstrm and O. Glckler: Challenges in implementing andlicensing digital I&C, IAEA TM, 13-16.09.2005
Modernization of instrumentation and control in nuclear power plants,TECDOC-1016, IAEA (1998)
Specification of requirements for upgrades using digital instrument and
control systems, TECDOC-1066, IAEA (1999) Management of ageing of I&C in nuclear power plants, TECDOC-
1147, IAEA (2000)
Verification and Validation of Software Related to Nuclear Power PlantInstrumentation and Control, TRS-384. IAEA (1999)
Modern Instrumentation and Control for Nuclear Power Plants: AGuidebook, TRS-387, IAEA (1999)
Quality assurance for software important to safety, TRS-397, IAEA(2000)
-
8/7/2019 IAEA_presentation_Lux
4/22
-
8/7/2019 IAEA_presentation_Lux
5/22
5/22
HAEA NSDSafety classification of I&C components
Hungary ABOS 2 ABOS 3 Unclassified
Management of Life Cycle and Ageing at Nuclear Power
Plants: Improved I&C Maintenance TECDOC-1402, IAEA
(2004)
Graded approach
SCS: protection, actuation
SRS: important but not SCS
National variations of intntl.standards
Classification vs.Categorization
1: may affect on design basis
2: change in SRS or operation
3: minor modifications
Modifications to Nuclear Power Plants,
NS-G-2.3, IAEA (2001)
-
8/7/2019 IAEA_presentation_Lux
6/22
6/22
HAEA NSDBreakdown of plant safety equipment
Management of Life Cycle and Ageing at Nuclear Power
Plants: Improved I&C Maintenance TECDOC-1402, IAEA
(2004)
Modern Instrumentation and Control for Nuclear
Power Plants: A Guidebook, TRS-387, IAEA (1999)
Paks NPPRPS cntrl
panel
-
8/7/2019 IAEA_presentation_Lux
7/22
7/22
HAEA NSDI&C requirements for safety management
Defense in depth Diversity
Redundancy
CCF protection
Single Failure Criterion
Environmental conditions
Self-checking&-testing
HMI
Simplicity in design
Security
Fail-safe, fault tolerant
Barriers and levels of protection
Safety Culture Testability
Maintainability QA
Managing Modernization of NPP I&C
Systems, TECDOC-138, IAEA (2004)
Software for Computer Based Systems Important to Safety in NPPs , NS-G-1.1, IAEA (2000)
TRS-387
Conflicts with almost all other requirements
Redundancy does not protect against sw CMF!
-
8/7/2019 IAEA_presentation_Lux
8/22
8/22
HAEA NSDAgeing & failure (1/2)
Failure rates of electronic components
Lifetime of electronic components
Managem
entofageingofI&Cinnuclearpowerplants,
TECDOC-1147,
IAEA(
2000)
Solutions for cost effective assessment of software based
instrumentation and control systems in nuclear power
plants, TECDOC-1328, IAEA (2002):
Advances in DI&C is so rapid that
product lifetime < time for licensing
-
8/7/2019 IAEA_presentation_Lux
9/22
9/22
HAEA NSD
Ageing & failure (2/2)
Failure modes: dominantly
deterministic, not stochastic
CCF due to specification or
design
Environmental influences
Maintenance and modifications
Unauthorized accessManagement of ageing of I&C in nuclear power plants,
TECDOC-1147, IAEA (2000)
Maintenance strategies
Harmonization of the licensing process for DI&C
systems in NPPs, TECDOC-1327, IAEA (2002)
The technology has unfairly been blamed for problems that have arisen
from unsatisfactory specifications or flowed engineering processes
-
8/7/2019 IAEA_presentation_Lux
10/22
10/22
HAEA NSDBasic licensing conditions
Solutions for cost effective assessment of software based instrumentation and control
systems in nuclear power plants, TECDOC-1328, IAEA (2002):
Regulatory requirements:
Clearly defined standards
Consistent approach and policy
Sufficient competence and resources (NS-G-1.1)
Licensee-regulator co-operation requirements:
Confidence building
Clear co-operation rules Early contacting and interactions
-
8/7/2019 IAEA_presentation_Lux
11/22
11/22
HAEA NSDLicensing (1/5)
Advantages of DI&C:
Improved accuracy
No drift Correlation of data
possible
Storage possibility
Diagnostics, correction
Improved HMITeleperm XS representative configuration at
the Paks NPP
Harmonization of the licensing process for DI&C
systems in NPPs, TECDOC-1327, IAEA (2002)
-
8/7/2019 IAEA_presentation_Lux
12/22
12/22
HAEA NSDLicensing (2/5)
Disadvantages of DI&C:
More possible op. states
Higher complexity higher
prob. of errors undetected
Increased possibility of failedor unintended functions
Practically impossible todemonstrate the absence of
sw errors
Not easy to use risk-informedtools
VERONA core monitoring system at the
Paks NPP
Difficult to agree upon adequate evidences of correct functioning
-
8/7/2019 IAEA_presentation_Lux
13/22
13/22
HAEA NSDLicensing (3/5)
Licensing issues:
Requirement specifications are very important
Suggested to separate the I&C platform and
the application
Configuration management system needed
Future maintenance and changes should be
addressed
Harmonization of licensing requirements is
suggested
Harmonization of the licensing process for DI&C systems in NPPs, TECDOC-1327, IAEA (2002)
The nuclear industry has reached a point where it is no longer practicaljust to produce more documents on how to license DI&C. The challenge
now lies in reducing the documents to a set, which is structured and can
give true support
CSFM of the Paks NPP
-
8/7/2019 IAEA_presentation_Lux
14/22
-
8/7/2019 IAEA_presentation_Lux
15/22
15/22
HAEA NSDLicensing (5/5)
Local regulatory environment is to be reviewed
To identify legal requirements applicable to the target I&C
To reveal differences in licensing the new and the originalsystems
Special considerations to
Missing legislative provisions
Conflicts between national and international standards
Contradicting requirements due to co-existence of old andnew
Additional RB requirements
Modernization of instrumentation and control in nuclear power plants, TECDOC-1016, IAEA (1998)
-
8/7/2019 IAEA_presentation_Lux
16/22
-
8/7/2019 IAEA_presentation_Lux
17/22
-
8/7/2019 IAEA_presentation_Lux
18/22
-
8/7/2019 IAEA_presentation_Lux
19/22
19/22
HAEA NSDThe Paks NPP RPS story (4/6)
Representative configuration installed at the full scopesimulator (hw in the loop) (1998)
License for implementation (1999-2002) Two for each unit:
pre-mounting license installation without connecting
modification license dismounting of old, installation, connection,operation
Modernization of sensors and actuators
Modification of related I&C neutron flux, cabling, turbinecontroller, diesel controller
New sw development tools for unit No. 4
License for operation After 3 months of testing operation (independent FAT)
For 1 year, then renewed
-
8/7/2019 IAEA_presentation_Lux
20/22
20/22
HAEA NSDThe Paks NPP RPS story (5/6)
Operating experiences
No sw error whilecommissioning
Slightly differing unit wise
realizations unification in2003
Modifications: elimination ofminor errors, better technicalsolutions, extension offunctionality
Experiences are favorable,the PR functions properly
-
8/7/2019 IAEA_presentation_Lux
21/22
21/22
HAEA NSDThe Paks NPP RPS story (6/6)
Specification error (DFD correction needed) 3
Random HW error (power supplier errors in this set: 4) 10
Recurrent HW error (first occurance random, DC power supplier error) 3
Systematic or CCF HW error 1
Application SW bug 2
High load on safety related (non safety) Ethernet bus 1
Measurement anomaly, no cause identified 1
Loss of telegram (due to asyncron behaviour) 1
Error log, but no cause identified 1
Non-recurrent phenomena, had no effect to log files 1
Sensor error 17
Human error , caused value lead to RPS actuation 2
Gateway and Service Unit (recurrent error is 1 error) 3
Error/failure statistics for 1999-2001 (3 years, 4 units)
(Version change, testing)
-
8/7/2019 IAEA_presentation_Lux
22/22
22/22
HAEA NSD
THANK YOU FOR YOUR ATTENTION!