1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationNuclear power plants Instrumentation and controlimportant to safety Data communication in systems performing category A functionsBS EN 61500:2011Provided by IHSNot for ResaleNo r
2、eproduction or networking permitted without license from IHS-,-,-National forewordThis British Standard is the UK implementation of EN 61500:2011.The UK participation in its preparation was entrusted to Technical CommitteeNCE/8, Reactor instrumentation.A list of organizations represented on this com
3、mittee can be obtained onrequest to its secretary.This publication does not purport to include all the necessary provisions of acontract. Users are responsible for its correct application. BSI 2011ISBN 978 0 580 70693 6ICS 27.120.20Compliance with a British Standard cannot confer immunity fromlegal
4、obligations.This British Standard was published under the authority of the StandardsPolicy and Strategy Committee on 31 January 2010Amendments/corrigenda issued since publicationBRITISH STANDARDBS EN 61500:2011Date Text affected31 October 2011 This corrigendum renumbers BS IEC 61500:2009 as BS EN 61
5、500:2011It supersedes BS IEC 61500:2009, which is withdrawn.Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-EUROPEAN STANDARD EN 61500 NORME EUROPENNE EUROPISCHE NORM August 2011 CENELEC European Committee for Electrotechnical Standardization Comit E
6、uropen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung Management Centre: Avenue Marnix 17, B - 1000 Brussels 2011 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members. Ref. No. EN 61500:2011 E ICS 27.120.20 Engli
7、sh version Nuclear power plants - Instrumentation and control important to safety - Data communication in systems performing category A functions (IEC 61500:2009) Centrales nuclaires de puissance - Instrumentation et contrle-commande importants pour la sret - Communication de donnes dans les systmes
8、 ralisant des fonctions de catgorie A (CEI 61500:2009) Kernkraftwerke - Leittechnik mit sicherheitstechnischer Bedeutung - Datenkommunikation in Systemen, die Kategorie-A-Funktionen ausfhren (IEC 61500:2009) This European Standard was approved by CENELEC on 2011-08-08. CENELEC members are bound to c
9、omply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the Central
10、Secretariat or to any CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to the Central Secretariat has the same status
11、 as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Nor
12、way, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Foreword The text of the International Standard IEC 61500:2009, prepared by SC 45A, Instrumentation
13、 and control of nuclear facilities, of IEC TC 45, Nuclear instrumentation, was submitted to the formal vote and was approved by CENELEC as EN 61500 on 2011-08-08 without any modification. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent ri
14、ghts. CEN and CENELEC shall not be held responsible for identifying any or all such patent rights. The following dates were fixed: latest date by which the EN has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2012-08-08 latest date by wh
15、ich the national standards conflicting with the EN have to be withdrawn (dow) 2014-08-08 As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member States are not prevented from taking more stringent safety measures in the subject-matter covered by the Directive,
16、 in compliance with Community law. In a similar manner, this European standard does not prevent Member States from taking more stringent nuclear safety measures in the subject-matter covered by this standard. Annex ZA has been added by CENELEC. _ Endorsement notice The text of the International Stan
17、dard IEC 61500:2009 was approved by CENELEC as a European Standard without any modification. In the official version, for Bibliography, the following notes have to be added for the standards indicated: IEC 60068 series NOTE Harmonized in EN 60068 series (not modified). IEC 60721 series NOTE Harmoniz
18、ed in EN 60721 series (not modified). IEC 60964 NOTE Harmonized as EN 60964. IEC 60965 NOTE Harmonized as EN 60965. IEC 61158-3-19 NOTE Harmonized as EN 61158-3-19. IEC 61508-1 NOTE Harmonized as EN 61508-1. IEC 61508-2 NOTE Harmonized as EN 61508-2. IEC 61508-3 NOTE Harmonized as EN 61508-3. IEC 61
19、508-4 NOTE Harmonized as EN 61508-4. IEC 61784-3 NOTE Harmonized as EN 61784-3. IEC 62138 NOTE Harmonized as EN 62138. _ BS EN 61500:2011 EN 61500:2011 (E) 2 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Annex ZA (normative) Normative references to
20、 international publications with their corresponding European publications The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including
21、 any amendments) applies. NOTE When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD applies. Publication Year Title EN/HD Year IEC 60709 - Nuclear power plants - Instrumentation and control systems important to safety - Separation EN 607
22、09 - IEC 60780 1998 Nuclear power plants - Electrical equipment of the safety system - Qualification - - IEC 60880 2006 Nuclear power plants - Instrumentation and control systems important to safety - Software aspects for computer-based systems performing category A functions EN 60880 2009 IEC 60980
23、 - Recommended practices for seismic qualification of electrical equipment of the safety system for nuclear generating stations - - IEC 60987 (mod) 2007 Nuclear power plants - Instrumentation and control important to safety - Hardware design requirements for computer-based systems EN 60987 2009 IEC
24、61000 Series Electromagnetic compatibility (EMC) EN 61000 Series IEC 61226 - Nuclear power plants - Instrumentation and control important to safety - Classification of instrumentation and control functions EN 61226 - IEC 61513 - Nuclear power plants - Instrumentation and control for systems importan
25、t to safety - General requirements for systems - - IEC 62340 2007 Nuclear power plants - Instrumentation and control systems important to safety - Requirements for coping with common cause failure (CCF) EN 62340 2010 IAEA Safety guide NS-G-1.3 2002 Instrumentation and control systems important to sa
26、fety in nuclear power plants - - BS EN 61500:2011 EN 61500:2011 (E) 3 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-CONTENTS INTRODUCTION.1 Scope.2 Normative references .3 Terms and definitions 4 Symbols and abbreviations5 General requirements5.1 P
27、rinciples of selection of data communication techniques and equipment.5.2 Functional requirements . 5.3 Performance requirements 105.4 Failure detection .105.5 Communication within division.105.6 Interfaces to systems of lower importance to safety.106 Physical separation and isolation116.1 Electrica
28、l isolation . 11 6.2 Physical separation .11 7 Functional independence11 8 Reliability .12 8.1 Self-supervision and failure mitigation .128.1.1 Communication error detection 128.1.2 Response to failure .128.2 Test.128.3 Prevention of failures (including CCF) .139 Qualification .1310 Maintenance and
29、modification 14Bibliography15BS EN 61500:2011 EN 61500:2011 (E) 4 577.89999Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-INTRODUCTION a) Technical background, main issues and organization of the standard The equipment for data communication of on-l
30、ine plant data can simplify the hardwired cables connecting distributed systems for instrumentation, control, protection and monitoring needed for safe Nuclear Power Plants operation. Such communication systems can have advantages over direct cables, for electrical isolation, for reduction of cable
31、fire loads or other reasons. In a distributed computer based system, communication equipment is an essential part of the system. Data communication is usually essential for implementing I use of industrial standard protocols with added safety layers; use of protocols where higher protocol layers imp
32、lementing unsafe or not needed functionality are removed or replaced by ones with reduced and safe functionality. The hardware and the software shall be qualified, see Clause 9. 5.2 Functional requirements Generally each data communication channel is part of an overall system providing services of i
33、nformation gathering and presentation, control or protection of the nuclear power plant. Equipment providing cyclic data over a communication channel shall not depend on the receipt of acknowledge messages from the receiver for continued operation. Communication channels shall not be allocated dynam
34、ically during the run time of the system but shall be statically allocated and predefined by design. All messages of application software shall be transmitted periodically within a pre-defined variation of cycle time. Messages should have fixed length predefined by design. The communication system s
35、hall enable messages from instruments or other outstation equipment using a communications channel to be sent and received within a specified time frame, together with data integrity status information (if implemented). The data communication network topology and media access control shall be design
36、ed and implemented to avoid CCF of independent systems or subsystems (see 8.3). BS EN 61500:2011 EN 61500:2011 (E) 9 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-Data may be distributed via data communication to redundant systems to enable continu
37、ed operation if one system is damaged. The security threats arising from the use of data communication shall be taken into consideration within the scope of the security plans according to IEC 61513. 5.3 Performance requirements Data communication channels shall provide sufficient performance to ens
38、ure that any message sent from any communication node is received by the intended destination node in a timely manner. Data communication shall meet the requirements of the functions. The mechanisms and protocols used shall guarantee that any delay which may occur during communication or during acce
39、ss to the communication equipment is known and bounded by design. Communication channels shall be verified to meet the specified real time response requirements of the Category A functions to be performed, under credible worst-case conditions. The required real time response and the worst-case condi
40、tions shall be justified by analysis. Deterministic communications shall be used so that communications load does not vary, irrespective of plant conditions. Where communication equipment is used for manual plant control and indication through a control room, the time from operating the physical swi
41、tch or soft control until the confirmation of the action by indication of the changed state in the control room should be assessed under all potential circumstances including worst case conditions. 5.4 Failure detection Hardware failures of Communication equipment shall be detected and reported. Det
42、ected failures of the communication equipment that result in unacceptable degradation of the nuclear safety functions of the I such soft errors should not lead to the shutdown of a channel, but these errors should be logged by the system. 8.2 Test The relevant testing requirements of IEC 60987, Clau
43、se 10, shall apply to class 1 communication channels. Also, the relevant subclauses 7.10 (testability), 7.11 (operational bypasses) and 7.12 (control of access to protection systems equipment) of IAEA safety guide No. NS-G-1.3 shall apply to communication channels of systems performing category A fu
44、nctions. BS EN 61500:2011 EN 61500:2011 (E) 12 Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-The performance of data communication functions shall be verified before equipment is placed in full operational service. The following aspects of system f
45、unctionality shall be covered: a) transmission error handling, b) correct operation when under the maximum data transfer rates. IEC 60880 and IEC 60987 require that the data communication system shall have self-test capabilities (see 8.1). Additional periodic tests as a supplement to self-tests shou
46、ld be possible during the lifetime of the equipment as required to reduce the probability of unrevealed hardware failures compromising the performance of category A functions, e.g. 1) alteration of the state or value of input signals, and monitoring of the alteration at the receiving equipment; 2) i
47、nterruption of transmission, and confirmation that the receiving equipment will detect this and take correct actions. NOTE Nuclear safety considerations may make such testing undesirable at power operation. The communication equipment shall be qualified for operational use by functional testing in a
48、ccordance with 4.79 to 4.96 of IAEA safety guide No. NS-G-1.3. Testing of the equipment modules shall be performed during factory tests or on-site commissioning tests, or evidence of previous type testing in accordance with 5.3 of IEC 60780 shall be provided. 8.3 Prevention of failures (including CCF) Data communication equipment could be affected by conditions which cause several redundant parts of the system to fail at the same time. In order to eliminate or minimize the possibility of simultaneous failures of several modules by hazards which a system is required to survive
copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1