1、 IEC 62340Edition 1.0 2007-12INTERNATIONAL STANDARD NORME INTERNATIONALENuclear power plants Instrumentation and control systems important to safety Requirements for coping with common cause failure (CCF) Centrales nuclaires de puissance Systmes dinstrumentation et de contrle-commande importants pou
2、r la sret Exigences permettant de faire face aux dfaillances de cause commune (DCC) IEC62340:2007THIS PUBLICATION IS COPYRIGHT PROTECTED Copyright 2007 IEC, Geneva, Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or b
3、y any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IEC or IECs member National Committee in the country of the requester. If you have any questions about IEC copyright or have an enquiry about obtaining additional rights to this pub
4、lication, please contact the address below or your local IEC member National Committee for further information. Droits de reproduction rservs. Sauf indication contraire, aucune partie de cette publication ne peut tre reproduite ni utilise sous quelque forme que ce soit et par aucun procd, lectroniqu
5、e ou mcanique, y compris la photocopie et les microfilms, sans laccord crit de la CEI ou du Comit national de la CEI du pays du demandeur. Si vous avez des questions sur le copyright de la CEI ou si vous dsirez obtenir des droits supplmentaires sur cette publication, utilisez les coordonnes ci-aprs
6、ou contactez le Comit national de la CEI de votre pays de rsidence. IEC Central Office 3, rue de Varemb CH-1211 Geneva 20 Switzerland Email: inmailiec.ch Web: www.iec.ch About the IEC The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes I
7、nternational Standards for all electrical, electronic and related technologies. About IEC publications The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the latest edition, a corrigenda or an amendment might have been published. Catalo
8、gue of IEC publications: www.iec.ch/searchpub The IEC on-line Catalogue enables you to search by a variety of criteria (reference number, text, technical committee,). It also gives information on projects, withdrawn and replaced publications. IEC Just Published: www.iec.ch/online_news/justpub Stay u
9、p to date on all new IEC publications. Just Published details twice a month all new publications released. Available on-line and also by email. Electropedia: www.electropedia.org The worlds leading online dictionary of electronic and electrical terms containing more than 20 000 terms and definitions
10、 in English and French, with equivalent terms in additional languages. Also known as the International Electrotechnical Vocabulary online. Customer Service Centre: www.iec.ch/webstore/custserv If you wish to give us your feedback on this publication or need further assistance, please visit the Custo
11、mer Service Centre FAQ or contact us: Email: csciec.ch Tel.: +41 22 919 02 11 Fax: +41 22 919 03 00 A propos de la CEI La Commission Electrotechnique Internationale (CEI) est la premire organisation mondiale qui labore et publie des normes internationales pour tout ce qui a trait llectricit, llectro
12、nique et aux technologies apparentes. A propos des publications CEI Le contenu technique des publications de la CEI est constamment revu. Veuillez vous assurer que vous possdez ldition la plus rcente, un corrigendum ou amendement peut avoir t publi. Catalogue des publications de la CEI: www.iec.ch/s
13、earchpub/cur_fut-f.htm Le Catalogue en-ligne de la CEI vous permet deffectuer des recherches en utilisant diffrents critres (numro de rfrence, texte, comit dtudes,). Il donne aussi des informations sur les projets et les publications retires ou remplaces. Just Published CEI: www.iec.ch/online_news/j
14、ustpub Restez inform sur les nouvelles publications de la CEI. Just Published dtaille deux fois par mois les nouvelles publications parues. Disponible en-ligne et aussi par email. Electropedia: www.electropedia.org Le premier dictionnaire en ligne au monde de termes lectroniques et lectriques. Il co
15、ntient plus de 20 000 termes et dfinitions en anglais et en franais, ainsi que les termes quivalents dans les langues additionnelles. Egalement appel Vocabulaire Electrotechnique International en ligne. Service Clients: www.iec.ch/webstore/custserv/custserv_entry-f.htm Si vous dsirez nous donner des
16、 commentaires sur cette publication ou si vous avez des questions, visitez le FAQ du Service clients ou contactez-nous: Email: csciec.ch Tl.: +41 22 919 02 11 Fax: +41 22 919 03 00 IEC 62340Edition 1.0 2007-12INTERNATIONAL STANDARD NORME INTERNATIONALENuclear power plants Instrumentation and control
17、 systems important to safety Requirements for coping with common cause failure (CCF) Centrales nuclaires de puissance Systmes dinstrumentation et de contrle-commande importants pour la sret Exigences permettant de faire face aux dfaillances de cause commune (DCC) INTERNATIONAL ELECTROTECHNICAL COMMI
18、SSION COMMISSION ELECTROTECHNIQUE INTERNATIONALE TICS 27.120.20 PRICE CODECODE PRIXISBN 2-8318-9452-2 2 62340 IEC:2007 CONTENTS FOREWORD.3 INTRODUCTION.5 1 Scope.7 2 Normative references .8 3 Terms and definitions .8 4 Abbreviations .12 5 Conditions and strategy to cope with CCF 13 5.1 General .13 5
19、.2 Characteristics of CCF 13 5.3 Principal mechanisms for CCF of digital I any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental organizations liaising with the IEC also participate in this preparati
20、on. IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international consensus
21、 of opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While all reasonable efforts are m
22、ade to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications trans
23、parently to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC provides no marking procedure to indicate its approval and cannot be
24、 rendered responsible for any equipment declared to be in conformity with an IEC Publication. 6) All users should ensure that they have the latest edition of this publication. 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and members
25、 of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publication or a
26、ny other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for the correct application of this publication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publication may
27、be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. International Standard IEC 62340 has been prepared by subcommittee 45A: Instrumentation and control of nuclear facilities, of IEC technical committee 45: Nuclear instrumentation. The tex
28、t of this standard is based on the following documents: FDIS Report on voting 45A/668/FDIS 45A/676/RVDFull information on the voting for the approval of this standard can be found in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC D
29、irectives, Part 2. 4 62340 IEC:2007 The committee has decided that the contents of this publication will remain unchanged until the maintenance result date indicated on the IEC web site under “http:/webstore.iec.ch“ in the data related to the specific publication. At this date, the publication will
30、be reconfirmed, withdrawn, replaced by a revised edition, or amended. 62340 IEC:2007 5 INTRODUCTION a) Background, main issues and organisation of this Standard In order to achieve a high safety level, redundancy is applied as one of the key features for designing instrumentation and control systems
31、 (I b) to additionally require the implementation of independent I c) to give an overview of the complete scope of requirements relevant to CCF, but not to overlap with fields already addressed in other standards. These are referenced. This standard emphasises the need for the complete and precise s
32、pecification of the safety functions, based on the analysis of design basis accidents and consideration of the main plant safety goals. This specification is the pre-requisite for generating a comprehensive set of detailed requirements for the design of I b) between I c) between redundant channels o
33、f the same I b) propagation of physical effects in the hardware (e.g. high voltages); and c) avoidance of specific faults and vulnerabilities within the I b) the ability of the systems to perform their functions is unaffected by the presence of the effects resulting from the postulated initiating ev
34、ent for which they are required to function; c) adequate robustness against common external influences (e.g. from earthquake and EMI) is assured by the design of the systems modified definition of “independent equipment” from IAEA Safety Glossary, Ed. 2.0, 2006 NOTE Means to achieve independence by
35、the design are electrical isolation, physical separation, communications independence and freedom of interference from the process to be controlled. 3.13 input signal transient time behaviour of all process signals which are fed into the I the system is caused to stop its processing, so no response
36、can be given. 5.4 Conditions to defend against CCF of individual I b) latent faults which are introduced during maintenance because the possibility for analysing and testing modifications may be limited under plant constraints (e.g. modification of set-points, use of revised versions of spare-parts
37、or the up-grading of I and 62340 IEC:2007 15 c) the triggering of latent faults during maintenance activities by causing partly specific system states or partly invalid data which do not represent the actual plant status. Depending on the I e) for digital technology the failure propagation via high
38、voltages can be excluded if fibre optics are applied but specific means are required to reduce susceptibilities to failure propagation from erroneous or missing data. This standard gives guidance for reducing the possibility of the existence of mechanisms that could support the triggering of postula
39、ted types of latent design faults to cause CCF during transients (see Clauses 7, 8 and 9). To reduce the likelihood that latent design faults may remain in the final I the exclusion of latent faults may be possible for very small and simple software modules so that a fault analysis and adequate test
40、ing can be performed. 62340 IEC:2007 19 7.3.2 Independent I invariance of processing load and communication load; avoidance of interrupts triggered by process data (for the generally restricted use of interrupts, see Clause B.2 of IEC 60880). 8.2 The (application) software shall be designed to be to
41、lerant of invalid input signals, singly or in groups or due to spurious short-term transients on the input signals, such that safe action is ensured but spurious actuations are avoided. 8.3 Invalid or faulty input signals shall be identified on-line. If faulty signals are identified and processed by
42、 comparison of redundant information, then the dependencies thus introduced between redundant sub-systems shall be analysed for CCF possibilities. 8.4 If an I la CEI ne peut pas tre tenue responsable de lventuelle mauvaise utilisation ou interprtation qui en est faite par un quelconque utilisateur f
43、inal. 4) Dans le but dencourager luniformit internationale, les Comits nationaux de la CEI sengagent, dans toute la mesure possible, appliquer de faon transparente les Publications de la CEI dans leurs publications nationales et rgionales. Toutes divergences entre toutes Publications de la CEI et to
44、utes publications nationales ou rgionales correspondantes doivent tre indiques en termes clairs dans ces dernires. 5) La CEI na prvu aucune procdure de marquage valant indication dapprobation et nengage pas sa responsabilit pour les quipements dclars conformes une de ses Publications. 6) Tous les ut
45、ilisateurs doivent sassurer quils sont en possession de la dernire dition de cette publication. 7) Aucune responsabilit ne doit tre impute la CEI, ses administrateurs, employs, auxiliaires ou mandataires, y compris ses experts particuliers et les membres de ses comits dtudes et des Comits nationaux
46、de la CEI, pour tout prjudice caus en cas de dommages corporels et matriels, ou de tout autre dommage de quelque nature que ce soit, directe ou indirecte, ou pour supporter les cots (y compris les frais de justice) et les dpenses dcoulant de la publication ou de lutilisation de cette Publication de
47、la CEI ou de toute autre Publication de la CEI, ou au crdit qui lui est accord. 8) Lattention est attire sur les rfrences normatives cites dans cette publication. Lutilisation de publications rfrences est obligatoire pour une application correcte de la prsente publication. 9) Lattention est attire s
48、ur le fait que certains des lments de la prsente Publication de la CEI peuvent faire lobjet de droits de proprit intellectuelle ou de droits analogues. La CEI ne saurait tre tenue pour responsable de ne pas avoir identifi de tels droits de proprit et de ne pas avoir signal leur existence. La Norme i
49、nternationale CEI 62340 a t tablie par le sous-comit 45A: Instrumentation et contrle-commande des installations nuclaires, du comit dtudes 45 de la CEI: Instrumentation nuclaire. Le texte de cette norme est issu des documents suivants: FDIS Rapport de vote 45A/668/FDIS 45A/676/RVDLe rapport de vote indiqu dans le tableau ci-dessus donne tout