1、WB9423_BSI_StandardColCov_noK_AW:BSI FRONT COVERS 5/9/08 12:55 Page 1Nuclear power plants Instrumentation and controlimportant to safety Classification of instrumentationand control functionsBS EN 61226:2010National forewordThis British Standard is the UK implementation of EN 61226:2010. It is ident
2、ical sedes BS IEC 61226:2009 which is withdrawn. The UK participation in its preparation was entrusted to Technical CommitteeNCE/8, Reactor instrumentation.A list of organizations represented on this committee can be obtained onrequest to its secretary.This publication does not purport to include al
3、l the necessary provisions of acontract. Users are responsible for its correct application. BSI 2010 ISBN 978 0 580 70133 7 ICS 27.120.20Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy an
4、d Strategy Committee on 30 September 2009BRITISH STANDARDBS EN 61226:2010to IEC 61226:2009. It superAmendments issued since publicationDate Text affected/ c o r r i g e n d aThis corrigendum renumbers BS IEC 61226:2009 as BS EN 61226:2010.30 June 2010EUROPEAN STANDARD EN 61226 NORME EUROPENNE EUROPI
5、SCHE NORM March 2010 CENELEC European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung Central Secretariat: Avenue Marnix 17, B - 1000 Brussels 2010 CENELEC - All rights of exploitation in any form and by
6、any means reserved worldwide for CENELEC members. Ref. No. EN 61226:2010 E ICS 27.120.20 English version Nuclear power plants - Instrumentation and control important to safety - Classification of instrumentation and control functions (IEC 61226:2009) Centrales nuclaires de puissance - Instrumentatio
7、n et contrle-commande importants pour la sret - Classification des fonctions dinstrumentation et de contrle-commande (CEI 61226:2009) Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung - Kategorisierung leittechnischer Funktionen (IEC 61226:2009) This European Standard was
8、approved by CENELEC on 2010-03-01. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such
9、national standards may be obtained on application to the Central Secretariat or to any CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC member into its own lan
10、guage and notified to the Central Secretariat has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland,
11、Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. Foreword The text of the International Standard IEC 61226:2009, prepared by SC 45A, Instrumentation and control of nuclear facilitie
12、s, of IEC TC 45, Nuclear instrumentation, was submitted to the CENELEC formal vote for acceptance as a European Standard and was approved by CENELEC as EN 61226 on 2010-03-01. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN an
13、d CENELEC shall not be held responsible for identifying any or all such patent rights. The following dates are proposed: latest date by which the EN has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2011-03-01 latest date by which the na
14、tional standards conflicting with the EN have to be withdrawn (dow) 2013-03-01 Annex ZA has been added by CENELEC. As stated in the nuclear safety Directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member States are not prevented from taking more stringent safety measures in the subject-matter
15、 covered by the Directive, in compliance with Community law. In a similar manner, this European Standard does not prevent Member States from taking more stringent nuclear safety measures in the subject-matter covered by this European Standard. _ Endorsement notice The text of the International Stand
16、ard IEC 61226:2009 was approved by CENELEC as a European Standard without any modification. BS EN 61226:2010EN 61226:2010 (E) 2 CONTENTS INTRODUCTION. 1 Scope. 2 Normative references . 3 Terms and definitions . 4 Abbreviations .12 5 Classification scheme.12 5.1 General .12 5.2 Background .13 5.3 Des
17、cription of categories.13 5.3.1 General .13 5.3.2 Category A 14 5.3.3 Category B 14 5.3.4 Category C 14 5.4 Assignment criteria15 5.4.1 General .15 5.4.2 Category A 15 5.4.3 Category B 15 5.4.4 Category C 16 6 Classification procedure .16 6.1 General .16 6.2 Identification of design basis .17 6.3 Id
18、entification and classification of functions.17 7 Assignment of technical requirements to categories .20 7.1 General requirements20 7.2 Requirements related to functions .20 7.2.1 Basic requirements20 7.2.2 Specific requirements 21 7.3 Requirements related to I assign specification and design requir
19、ements to I b) the consequences of failure to perform the function; c) the probability that it (the I d) the time following a PIE at which, or the period throughout which it (the I b) those structures, systems and components that prevent anticipated operational occurrences from leading to accident c
20、onditions; c) those features which are provided to mitigate the consequences of malfunction or failure of structures, systems or components. IAEA Safety Glossary: 2007 NOTE Items important to safety considered in this standard are mainly I the time for which alternative actions can be taken; the tim
21、eliness by which hidden faults can be detected and remedied. This standard extends the classification strategy presented in IAEA Safety Guide NS-G-1.3, and establishes the criteria and methods to be used to assign the I b) functions, the failure or spurious actuation of which would lead to unaccepta
22、ble consequences, and for which no other category A function exists that prevents the unacceptable consequences; c) functions required to provide information and control capabilities that allow specified manual actions necessary to reach the non-hazardous stable state. 5.4.3 Category B An I b) funct
23、ions required to provide information or control capabilities that allow specified manual actions necessary after the non-hazardous stable state has been reached to prevent a DBE from leading to unacceptable consequences, or mitigate the consequences; c) functions, the failure of which during normal
24、operation, would require the operation of a category A function to prevent an accident whose study is required; d) functions to reduce considerably the frequency of a DBE as claimed in the safety analysis; e) plant process control functions operating so that the main process variables are maintained
25、 within the limits assumed in the safety analysis, if these control functions are the only means of control of these variables. If different means are provided, clause 5.4.4 a) may apply; f) functions used to prevent or mitigate a radioactive release or fuel degradation outside of the limits and con
26、ditions of normal operation as defined in the safety analysis; NOTE 1 This refers to functions that are not already covered by the analysis of DBE leading to category A classification. BS EN 61226:2010EN 61226:2010 (E) 15 g) functions that provide continuous or intermittent tests or monitoring of fu
27、nctions in category A to indicate their continued availability for operation and alert control room staff to their failures, if no alternative means (e.g. periodic tests) are provided to verify their availability4. NOTE 2 Where the monitoring function is the only means of detecting otherwise unrevea
28、led failures, then assigning the function to category B ensures that the equipment providing the function is suitably qualified. 5.4.4 Category C An I NOTE 1 According to national practices a possible acceptable application of clause 5.4.4 a) is the combination of a regulation function and suitable
29、manual actuation based on independent alarms including a justification of the use of manual action. b) functions used to prevent or mitigate a minor radioactive release, or minor degradation of fuel, within the NPP design basis; NOTE 2 A minor release or minor fuel degradation is considered to be th
30、at which falls within the normal limits and conditions of operation (e.g. discharge limits). c) functions that provide continuous or intermittent tests or monitoring of functions in category A and B to indicate their continued availability for operation and alert control room staff to their failures
31、, and are not classified category B according to 5.4.3 g); d) functions necessary to reach the safety probabilistic goals including those to reduce the expected frequency of a DBE; e) functions to reduce the demands on a category A function, as claimed in the safety analysis; f) functions to monitor
32、 and take mitigating action following internal hazards within the NPP design basis (e.g. fire, flood); g) functions to warn personnel or to ensure personnel safety during or following events that involve or result in release of radioactivity in the NPP, or risk of radiation exposure; h) functions to
33、 monitor and take mitigating action following natural events (e.g. seismic disturbance, extreme wind); i) functions provided for the benefit of the accident management strategy to reach and maintain a safe state for beyond design accidents; j) functions provided to minimise the consequences of sever
34、e accidents; k) functions which provide access control for the NPP. 6 Classification procedure 6.1 General An outline of the procedure is shown in Figure 1. 4 Subclause 4.2.6 of IEC 60671 provides further guidance on the class of equipment used to implement such functions and in particular notes tha
35、t where: “test features could interfere in an inappropriate manner with the proper operation of the system or equipment performing the function important to safety, it shall be assigned to the same category” BS EN 61226:2010EN 61226:2010 (E) 16 6.2 Identification of design basis A main input to the
36、classification process of functions is the nature of the NPP and the reactor type (e.g. PWR (pressurized water reactor), BWR (boiling water reactor) or other reactor type), the associated PIEs, and the major design criteria on redundancy of mechanical and electrical systems and equipment. Another ma
37、in input is the identification of the major mitigation functions, and their supporting functions, for each PIE. The assessment of the frequency and consequences of PIEs leads to the identification of DBEs representing the design base of the plant. When considering the design features of the plant th
38、e specified ranges of operational states and accident conditions and the defined radiological limits have to be reflected. Individual safety principles that together make up an “integrated overall safety approach” ensure the safety of a NPP. These principles are used in the design by considering the
39、 identified DBEs and successive physical barriers to keep radioactive exposure within permitted limits. The DBEs and the major design criteria (redundancy, separation, etc) of the plant, as well as the identification of the prevention and mitigation functions, and their supporting functions are the
40、main input to the classification process. The importance to safety of each I the role of the function in preventing or mitigating postulated initiating events; the role of the function during all operating modes (e.g. start-up, normal operation, refuelling, etc); the role of the function following P
41、IEs such as natural events (e.g. seismic disturbance, flood, extreme wind, lightning) and internal hazards (e.g. fire, internal flood, missiles, radioactive release from adjacent unit or chemical releases from other plants or industries); the consequences of failure of the I the effects of spurious
42、actuation of the I the probability that it will be required to perform a function important to safety; the time following a DBE at which, or during which it will be required to operate; the maintenance, repair and testing strategy. It will not be possible to identify in detail all the functions at a
43、n early stage in the design process, as the characteristics of the NPP will not then have been defined fully. The process of identification and classification of the functions must therefore continue iteratively throughout the design phase. Where an initial assignment of a function to a category is
44、uncertain, then an explanatory note should be added to the categorisation. BS EN 61226:2010EN 61226:2010 (E) 17 Since individual functions may be involved in the implementation of several aspects of the requirements specification, such functions may be assigned to several categories. In that case, t
45、he highest category assigned shall be applied. As the redundancy, diversity and other technical requirements of the functions are determined more exactly, for example after the safety analysis progresses and the operating procedures are developed, the classification list shall be refined and revised
46、, to derive a final list. This list shall be documented and maintained under configuration control since it will be required by plant/I plant operating modes; list of PIEs and their likely frequency of occurrence; list of preventing and mitigating functions. 2. Initial list of functions including fu
47、nctional requirements 3. Assignment of category A, B, C or non-classified 4. Development of detailed systems requirements 5. Identification of detailed I requirements that apply to the design of I requirements concerning the equipment features for the assurance of seismic and environmental durabilit
48、y and electro-magnetic compatibility; requirements that are associated with the quality assurance, verification and maintenance which apply to functions, systems and equipment. In most cases, these requirements are already detailed in appropriate codes and standards. The codes, guides and standards
49、listed in Clause 2 of this standard are normative references and therefore provide the explicit requirements related to the I&C safety categories which are established by this standard. The correlation between the categories and the standards that shall be applied is summarised in Table 1. The detailed requirements from these standards are not repeated in this standard. The same table summarises the main types of requirements for each category. In the text below, some additional details are given.
