1、Nuclear power plants Instrumentation and control systems important to safety Design and qualification of isolation devices BS EN 62808:2016(IEC 62808:2015)BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06National forewordThis British Standard is the UK implementation
2、of EN 62808:2016.The UK participation in its preparation was entrusted to TechnicalCommittee NCE/8, Instrumentation, Control any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental organizations liaisi
3、ng with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express,
4、 as nearly as possible, an international consensus of opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees
5、 in that sense. While all reasonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Co
6、mmittees undertake to apply IEC Publications transparently to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not pr
7、ovide any attestation of conformity. Independent certification bodies provide conformity assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the l
8、atest edition of this publication. 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, w
9、hether direct or indirect, or for costs (including legal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
10、 indispensable for the correct application of this publication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. International Standard IEC
11、62808 has been prepared by subcommittee 45A: Instrumentation, control and electrical systems of nuclear facilities, of IEC technical committee 45: Nuclear instrumentation. The text of this standard is based on the following documents: FDIS Report on voting 45A/1004/FDIS 45A/1019/RVD Full information
12、 on the voting for the approval of this standard can be found in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. BS EN 62808:2016 4 IEC 62808:2015 IEC 2015 The committee has decided that the contents of this publ
13、ication will remain unchanged until the stability date indicated on the IEC web site under “http:/webstore.iec.ch“ in the data related to the specific publication. At this date, the publication will be reconfirmed, withdrawn, replaced by a revised edition, or amended. BS EN 62808:2016IEC 62808:2015
14、IEC 2015 5 INTRODUCTION a) Technical background, main issues and organisation of the standard I in Clause 6: to establish design requirements on the selection and application of suitable isolation devices; in Clause 7: to establish requirements on qualification testing done to validate the adequacy
15、of the isolation device design. It is intended that the standard be used by operators of NPPs (utilities), designers of nuclear I these requirements are outside the scope of this standard. 2 Normative references The following documents, in whole or in part, are normatively referenced in this documen
16、t and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. IEC 60709, Nuclear power plants Instrumentation and control systems important to safety Separat
17、ion IEC TS 61000-6-5, Electromagnetic compatibility (EMC) Part 6-5: Generic standards Immunity for power station and substation environments IEC 61513, Nuclear power plants Instrumentation and control important to safety General requirements for systems IEC 62003, Nuclear power plants Instrumentatio
18、n and control important to safety Requirements for electromagnetic compatibility testing 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 barrier device or structure interposed between redundant equipment or circuits important to safety, or be
19、tween equipment or circuits important to safety and a potential source of damage to limit damage to the I however, good engineering practices are followed to prevent the propagation of faults. In cases where Class 2 systems need to take on the aspects of Class 1 systems due to the functions performe
20、d, isolation is applied. An example of this is a Class 2 system performing a Category B function in support of a Class 1 system performing a Category A function to protect against the same fault. Temporary connections for maintenance to systems performing Category A functions without isolation devic
21、es are only permitted provided that they are connected to only a single redundancy at any given time, that they are disconnected after use, and that the system is capable of withstanding a fault introduced through failure or use of the connection. NOTE This standard discusses isolation devices as st
22、and-alone devices which are separate from the equipment performing safety functions. The isolation device may be part of a module or equipment that performs a safety function. In other designs, the isolation device may be contained in several modules (e.g. one part handling rapid transient overvolta
23、ges and the other static voltages). This standard is also applicable to these design variations. 5.2 Isolation characteristics The isolation device shall be capable of providing isolation against the following failure conditions: a) short-circuits between terminals or to ground; b) open circuits; c)
24、 application of the maximum AC or DC potential that could reasonably occur, considering potentials and sources available in both the Class 1 and non-Class 1 systems; and d) electromagnetic and electrostatic interference. If the equipment can generate other signal types in fault conditions, such as a
25、 square wave or other form of oscillating signal in fault conditions, the isolation device shall be capable of providing isolation against such signals. The properties of an isolation device shall include: tolerance of and isolation for the electrical transients defined in IEC TS 61000-6-5; toleranc
26、e and isolation for EMI to IEC TS 61000-6-5; simple physical barriers between close or adjacent terminals or contact groups on relay equipment used for electrical isolation; and prevention of transmission of excessively high or damaging voltages and/or currents. In this context, an assessment shall
27、be done of the maximum credible fault that could be envisaged under normal and faulted conditions and its potential effects on the equipment important to safety when applied to the isolation device terminals of the circuit of lesser safety class. BS EN 62808:2016 10 IEC 62808:2015 IEC 2015 Precautio
28、ns are also taken to minimise the possibility that failure in a non-Class 1 system causes spurious or premature actuation of a Category A function. 5.3 Actuation priority Where plant equipment that is controlled by a Class 1 system is also controlled by a lower class system, devices are provided whi
29、ch ensure priority of the Class 1 system actions over those of the lower class systems. Failures of, or normal actions by, the lower class system cannot interfere with the Category A functions under plant conditions requiring success of those Category A functions. The equipment performing the priori
30、ty function is classified as Class 1. The circuit that provides the required isolation could be within the same system, or may be in other systems. Failures and mal-operations in the non-Class 1 systems cannot cause a change in response, drift, accuracy, sensitivity to noise, or other characteristic
31、s of the Class 1 system which might impair the ability of the system to perform its safety functions. Where plant equipment that is controlled by a Class 2 or 3 system is also controlled by signals from a lower class system, failures, or normal actions by the lower class system cannot prevent the hi
32、gher class system from performing its function. Where signals are extracted from Class 2 or 3 systems for use in lower class systems, isolation may not be required; however, good engineering practices are followed to prevent the propagation of faults. In cases where Class 2 systems need to take on t
33、he aspects of Class 1 systems due to the functions performed (i.e. Category A functions), isolation is used. 6 Isolation device design requirements 6.1 Requirements on isolation device application 6.1.1 Isolation device power Isolation devices are classified as part of the safety system and are powe
34、red in accordance with the criteria of IEC 61513 if a power supply is necessary for the function. The power supply of the isolation device shall not be required for the device to perform its isolation function. 6.1.2 Maximum credible fault Maximum credible fault (MCF) requirements shall be establish
35、ed by analysis of neighbouring circuits that are credible sources of the fault, either through inadvertent application from human error or through a fault or failure postulated to occur that involves proximate circuits, cabling, or terminations (e.g., a “hot short” from an adjacent conductor). The c
36、ircuits that shall be analyzed depend on how the isolation device is used. The circuits could be within the same system, or may be in other systems. The highest voltage to which the faulted side of the isolation device maybe exposed to shall determine the minimum voltage level that the device shall
37、withstand. This voltage shall be applied across the faulted side terminals, and between the faulted side terminals and ground (see Figure 1). Transient voltages that may appear in the faulted side shall also be considered. Surge waveforms and characteristics shall be defined for the worst-case condi
38、tions expected at the installation. BS EN 62808:2016IEC 62808:2015 IEC 2015 11 Figure 1 Application of maximum credible fault The MCF voltage shall be the highest AC or DC voltage present in an enclosure containing the conductors of the faulted side circuit of the isolation device, or in any proxima
39、te cable raceway which may collapse on to the raceway containing the lower class circuit of the isolation device. Where grounded metallic barriers separate the isolated circuit from higher voltages, those voltages may be excluded from consideration of the MCF provided that the barriers and grounding
40、 measures are designed to withstand the design basis hazards (induced vibrations due to design basis earthquakes or air plane crash, fire, etc.) for the plant. In establishing the MCF voltage and current, the analysis shall include the consequences of flooding or fire causing a fault voltage to be i
41、ntroduced on a signal line from a proximate circuit or cable. The available fault current for a direct short to ground shall be determined for each MCF source. 6.1.3 Energy limiting devices Energy limiting devices (e.g. fuses for current or suppressors for voltage) may be used to limit the fault ene
42、rgy that must be dissipated in the isolation device or which may be available to be transferred to the protected circuits. In such cases, the energy limiting devices shall be considered to be part of the isolation device, even if they are separately packaged. Effective surveillance procedures shall
43、be implemented to verify during plant operation that the energy limiting devices are properly in place and capable of performing their claimed role. 6.2 Requirements on isolation device design 6.2.1 Basic design requirements The design of isolation devices conforms to IEC 61513 for: a) independence
44、of redundant safety divisions, and b) independence between protection and control systems. MCF MCF MCF Protected system Faulted system Isolation device for signal exchange Protected side Faulted side IEC BS EN 62808:2016 12 IEC 62808:2015 IEC 2015 The isolation device shall include design features f
45、or which credit is taken (e.g., surge protectors or barriers) and shall identify the application limits of the device. 6.2.2 Postulated faults The device shall be designed for postulated electrical faults or failures. The impact on the protected side for each fault shall be determined. As a minimum,
46、 the following faults shall be defined on the faulted side of the isolation device (see Figure 2): (a) short circuit to supply voltage if the isolation device is powered from the faulted side; (b1) short circuit between the faulted side terminals; (b2) short circuit between each faulted side termina
47、l and ground; (c) open circuit of faulted side; (MCF) MCF between each faulted side terminal and ground; (MCF) MCF between faulted side terminals. Figure 2 Application of postulated fault The specified MCF shall equal or exceed the application requirements. The device design shall accommodate the fa
48、ult voltage and current waveforms and characteristics defined for the application. Appropriate industry standards shall be used as a basis for establishing the fault-transient exposure level (e.g. IEC TS 61000-6-5 or IEC 62003). The testing shall use the MCF as a basis for the test levels. 6.2.3 Phy
49、sical component arrangement The physical arrangement of components in the isolation device shall be configured to prevent, in the event of failure, the effects of shattered parts or material (e.g., solder spatter), fire, and smoke from breaching the isolation barrier. Circuit terminals shall be arranged to permit the IEC 60709 specified separation distance between conductors associated with functions of different categories to be established as soon as practical. Minimum separation requirements do not apply for
