1、Nuclear power plants Control rooms Computer-based proceduresBS IEC 62646:2016BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06National forewordThis British Standard is the UK implementation of IEC62646:2016.It supersedes BS IEC 62646:2012 which is withdrawn.The UK par
2、ticipation in its preparation was entrusted to TechnicalCommittee NCE/8, Instrumentation, Control any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental organizations liaising with the IEC also partic
3、ipate in this preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an
4、international consensus of opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees. 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While all r
5、easonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to apply
6、 IEC Publications transparently to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC itself does not provide any attestation of co
7、nformity. Independent certification bodies provide conformity assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any services carried out by independent certification bodies. 6) All users should ensure that they have the latest edition of this publi
8、cation. 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoever, whether direct or indirect,
9、or for costs (including legal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable for the corr
10、ect application of this publication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. International Standard IEC 62646 has been prepared by
11、subcommittee 45A: Instrumentation, control and electrical systems of nuclear facilities, of IEC technical committee 45: Nuclear instrumentation. This second edition cancels and replaces the first edition published in 2012. This edition constitutes a technical revision. This edition includes the foll
12、owing significant technical changes with respect to the previous edition: a) clarification of the way in which the standard is to be used in conjunction with related standards (in 1.4); b) replacement, when necessary, of HMI system by DPDS (abbreviation added in Clause 4); c) new titles for 5.2.2 an
13、d 5.2.3 to more closely represent their content; d) text improvement in 5.2.2, to present the CBP system as a part of the I e) text improvement in 5.2.3 and 7.2 to clarify links between safety and CBP; BS IEC 62646:2016 6 IEC 62646:2016 IEC 2016 f) new definition of CPB families in 5.3; g) addition
14、of generic recommendations for computerization in 5.4.2; h) addition of generic recommendations for CBP guidance in 5.4.3; i) improvements regarding use of CBP in 5.4.4; j) addition of 5.6, named “Design extension conditions”; k) addition of reference standards in 6.2.1; l) addition of a criterion r
15、elated to detail compatibility between CBP and operating formats in 6.2.2; m) addition of references related to HMI in 6.2.3; n) addition of 7.3 to deal with HMI aspects; o) text improvement regarding integration of the CBP system into the DPDS in 7.3; p) text improvement regarding implementation of
16、 the CBP into a system independent of the DPDS in 7.4; q) text improvement regarding the CBP system failure in 7.6; r) note added to detail the different types of feedbacks in 8.5.4; s) text improvement to detail interactions between operators and procedure based automation in 8.6.2; t) text improve
17、ment regarding design of CBP to control the plant in 8.6.3; u) clarification of the content of the V v) clarification regarding CBP programming in 9.4; w) inversion of subclauses 9.4 and 9.5; x) clarification of the content and requirements of the V y) change of title of 9.7. The text of this standa
18、rd is based on the following documents: FDIS Report on voting 45A/1098/FDIS 45A/1110/RVD Full information on the voting for the approval of this standard can be found in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Pa
19、rt 2. IEC 62646 is to be read in conjunction with IEC 60964:2009 and IEC 61839:2000. BS IEC 62646:2016IEC 62646:2016 IEC 2016 7 The committee has decided that the contents of this publication will remain unchanged until the stability date indicated on the IEC website under “http:/webstore.iec.ch“ in
20、 the data related to the specific publication. At this date, the publication will be reconfirmed, withdrawn, replaced by a revised edition, or amended. IMPORTANT The colour inside logo on the cover page of this publication indicates that it contains colours which are considered to be useful for the
21、correct understanding of its contents. Users should therefore print this document using a colour printer. BS IEC 62646:2016 8 IEC 62646:2016 IEC 2016 INTRODUCTION a) Technical background, main issues and organisation of the standard This IEC standard focuses on computerisation of procedures used by
22、the operating staff. Procedures have always contributed to a large extent to nuclear power plant (NPP) safety and availability and, now, the use of computer technology to provide enhanced guidance to the plant operators is increasing and becoming current practice. This standard also provides guidanc
23、e for the decision of the extent to which the procedures should be computerised. It is intended that the standard be used by nuclear power plant designers, utilities operating staff, systems evaluators and by regulatory inspectors. In June 2013 during the IEC SC 45A meeting held in Moscow, the decis
24、ion was made to revise IEC 62646 with the lessons learned from the Tokyo Electric Power Company (TEPCO) Fukushima Daiichi accident and the late comments from the national committee of Canada. The resulting improvements are listed in the Foreword of the Standard. b) Situation of the current standard
25、in the structure of the IEC SC 45A standard series IEC 62646 is the third level IEC SC 45A document tackling the generic issue of computerised procedures. As indicated in the Foreword, IEC 62646 is to be read with IEC 60964 and IEC 61839. IEC 60964 supported by IEC 61227, IEC 61771 and IEC 61772 is
26、the appropriate IEC SC 45A document providing guidance on operator controls, verification and validation of design, application of visual display units in the control room, whereas IEC 61839 establishes functional analysis and assignment guidance for allocating functions between operators and system
27、s. For more details on the structure of the IEC SC 45A standard series, see the item d) of this introduction. c) Recommendations and limitations regarding the application of the standard It is important to note that this standard establishes no additional functional requirements for safety systems.
28、This standard deals with technical requirements and human factor engineering related to computer-based procedures (CBP). However it does not provide detailed guidance on ergonomic design of control centres as it is treated in the ISO 11064 series of standards, nor on task allocation between humans a
29、nd systems dealt with in IEC 61839 and on cyber security, which is developed in IEC 62645. It also excludes the organisation for maintenance of procedures. Aspects for which requirements and recommendations have been provided in this standard are: the establishment of a policy for computerisation of
30、 procedures, especially which types of procedure should be computerised and to what extent. The different families of CBP to be aimed at, with their associated features, are then defined. Finally, the safety aspects of CBP are considered, the use of CBP inside and outside of the MCR (main control ro
31、om), in possible conjunction with paper-based procedures, as well as the assistance provided to operator activities, including user coordination, safety and non safety design requirements for the digital system processing CBP, and considerations about what to do in case of failure of this system, BS
32、 IEC 62646:2016IEC 62646:2016 IEC 2016 9 detailed requirements and recommendations related to the functional features of CBP, from the basic ones to the most sophisticated ones, i.e. information, navigation, guidance and plant control, the CBP life cycle, from the set-up of the project to the CBP ma
33、intenance and the operator training via design and implementation. To ensure that the standard will continue to be relevant in future years, the emphasis has been placed on issues of principle, rather than on specific technologies. d) Description of the structure of the IEC SC 45A standard series an
34、d relationships with other IEC documents and other bodies documents (IAEA, ISO) The top-level documents of the IEC SC 45A standard series are IEC 61513 and IEC 63046. IEC 61513 provides general requirements for I it covers power supply systems including the supply systems of the I it adapts them and
35、 completes them to fit the nuclear context and coordinates with the IEC 62443 series. At level BS IEC 62646:2016 10 IEC 62646:2016 IEC 2016 2, regarding control rooms, IEC 60964 is the entry document for the IEC SC 45A control rooms standards and IEC 62342 is the entry document for the IEC SC 45A ag
36、eing management standards. NOTE 1 It is assumed that for the design of I 2) in addition, the designer may consider that only the operating strategy, or on the contrary, only the detailed part of the procedures, should be computerised, e) operator training, f) data issued from the plant instrumentati
37、on, NOTE 1 The CBP guidance level depends on available instrumentation. g) drawbacks and advantages of processing CBP and other functions in the same system should be carefully weighed with regard to HFE, digital system capacities and the MCR layout. In particular, the unavailability of both CBP and
38、 other operating functions occurring simultaneously is to be considered. According to IEC 61513, the whole architecture including the CBP system, as well as the CBP system itself, are to be considered. NOTE 2 The CBP system can possibly interface with a lot of systems, so that possible failure modes
39、 and operator response considerations can be quite important. A preliminary CBP policy and the types of procedures that could be computerised should be defined from these considerations. 5.2.3 The scope of CBP IEC 61839 shall first be used to identify functions which are to be assigned to human oper
40、ators. To make a final decision on the types of procedures to be computerised and the degree or form of computerisation to be implemented (i.e. refer to CBP families in 5.3), IEC 61772:2009, Clauses 4 and 5, as well as the following issues should be considered in the conceptual design: identificatio
41、n of the types of procedures that could be processed simultaneously (i.e., by multiple operators) in normal operation, in case of fire, in case of a loss of electrical power supply, in case of a periodic test, in case of a PIE, the safety significance of guidance delivered by CBPs to the operator an
42、d operator response time limits assumed or required, assessment of the amount of display formats and VDUs necessary for these procedures, assessment of the maximum number of procedures that could be processed in parallel by a single operator or by the entire operating staff to operate in the case of
43、 an occurrence of the worst design basis combination of events, assessment of the maximum number of windows that could be displayed in parallel in the worst cases on a single workstation or on all room workstations, allocation of operating staffs tasks to CBP and paper-based procedures in a consiste
44、nt way (e.g., for avoidance of operator errors). The above assessment should be made considering the control room concept. Items to be considered are: a) the set of workstations and workplaces where CBP are intended to be used, in the main control room and at all other control points, b) the fact th
45、at a procedure could be temporarily abandoned without being terminated, for example in case of an alarm outbreak, c) the maximum amount of information to be displayed in a format, BS IEC 62646:2016IEC 62646:2016 IEC 2016 19 d) the performance of the CBP system, in particular regarding displays, memo
46、ry capacities, navigation, e) adequate additional margins in order to facilitate future modifications. In addition, the achievable system class (i.e. see IEC 61513) for the CBP system should be considered early in the design process when functional allocation decisions are being made. The achievable
47、 system class of the CBP system will often be determined by the feasibility of qualification of the various elements of the overall architecture within which the CBP system is being implemented. These elements typically include: the CBP system itself, the DPDS and control systems through which the C
48、BP interfaces with the plant and underlying networks that support communications between these elements, and the CBP design itself. These considerations may challenge aspects of the CBP implementation policy, the proposed CBP system design, its capability and operation or the associated cost-benefit
49、 case, as well as the shift organisation or the operating strategies. The content and scope of human factors and organisation studies should be defined regarding both: 1) identification of the human resources necessary for the project, i.e. specialists to be integrated into the project team, specialists for verifying and validating, organisation of CBP maintenance, 2) the use of the final product, including maintenance facilities. IEC 60964, IEC 61772, IEC 61839, IEC 62241, ISO 11064, especially ISO 11064-1, ISO 1106