New Regulatory Documents with Requirements for...
Transcript of New Regulatory Documents with Requirements for...
1
UDC 621.039.586
Yu. V. Rozen, M. O. Yastrebenetsky State Scientific and Technical Center for Nuclear and Radiation Safety, Kyiv, Ukraine
New Regulatory Documents with Requirements for Instrumentation and Control Systems Important to NPP Safety
The paper presents information on the new draft regulatory documents developed by SSTC NRS (regulation of the State Nuclear Regulatory Inspectorate of Ukraine and branch standard of the Ministry for Energy and Coal Industry of Ukraine) to replace NP 306.5.02/3.035 “Requirements for Nuclear and Radiation Safety of Instrumentation and Control Systems Important to NPP Safety”.
Keywords: NPP, safety, instrumentation and control systems, seismic resistance category, safety class, regulatory framework, regulation, branch standard, safety function.
Modernization of the existing instrumentation and control systems (I&C systems) is
currently underway at all nuclear power plants of Ukraine in the framework of safety
improvement programs and programs for lifetime extension of operating power units.
Modernization of operating I&C systems and development of new ones involve the use of
modern information technologies, new electronic components, local networks, fiber-optic
data transmission lines, computer-aided diagnostics, display and archiving tools.
Regulation NP 306.5.02/3.035 [1] is used for the development and assessment of all
new and upgraded I&C systems. However, after the issue of this Regulation in 2000, the
following new regulations were introduced in Ukraine: NP 306.2.141 NP [2], NP 306.2.145
[3], NP 306.2.106 [4], etc., as well as new standards of the International Atomic Energy
Agency (IAEA), International Electrotechnical Commission (IEC), International
Organization for Standardization (ISO) and European Committee for Electrotechnical
Standardization (CENELEC). They significantly tightened the requirements for
instrumentation and control systems and their components with regard to safety
classification, electromagnetic compatibility, seismic resistance, equipment certification,
software verification, etc.
2
Some international standards were implemented in Ukraine by issuing relevant state
standards that are identical to international standards (DSTU IEC, DSTU ISO, etc.). The
requirements for I&C and their components are also established in a series of interstate
standards (GOST) and/or in identical state standards of Ukraine (DSTU). However, these
requirements are currently out of date in many respects and contradict not only new
Ukrainian regulations and international standards but also each other.
This necessitated the revision and improvement of the current regulatory framework
taking into account results of the design (modernization, upgrading) and operation of I&C
systems and their components at Ukrainian NPPs, peculiarities of modern information
technologies and world experience accumulated in national and international safety
standards for NPPs.
In compliance with the plan of applied research and development in the field of
nuclear regulation for 2008, approved by SNRIU Chairperson, SSTC NRS revised
NP 306.5.02/3.035 [1], taking into account experience in its application, IAEA
recommendations and proposals of interested Ukrainian organizations and enterprises, and
submitted the draft of new Regulation in March 2010. In considering the proposed draft, the
SNRIU decided that it was necessary to differentiate regulatory requirements (which should
be included in SNRIU regulations) and technical requirements (which should be the subject
of regulation in corresponding branch standards) in the development of the national
regulatory and legal framework of Ukraine in the field of nuclear and radiation safety. It
was meant that such differentiation should contribute to the improvement of regulations and
standards on nuclear and radiation safety and to the adaptation of the national legal
framework to EU legislation. Accordingly, the State Nuclear Regulatory Inspectorate of
Ukraine and the Ministry for Energy and Coal Industry of Ukraine decided, preserving the
total scope and structure of the proposed draft, to differentiate all the requirements for this
draft in the following two regulations:
Regulation “Nuclear and Radiation Safety Requirements for Instrumentation and
Control Systems Important to NPP Safety” (hereinafter - Regulation);
Branch Standard “Instrumentation and Control Systems Important to NPP Safety.
General Technical Requirements” (hereinafter – Branch Standard) requested by the
National Nuclear Utility Energoatom.
3
It was envisaged that the same approach to the differentiation of regulatory
requirements for nuclear and radiation safety and technical requirements ensuring
compliance of supplied products and/or performed work with these regulatory requirements
should be used in the development of other SNRIU regulations and corresponding standards
of lower level.
Development Objectives
The objective of the Regulation is to establish regulatory requirements for design,
manufacture, testing and commissioning of I&C systems and their components: digital I&C
and their independently operating components; independently operating automation
hardware included to I&C and/or digital I&C structure; software, as an integral part of I&C,
digital I&C, and perhaps automation hardware. The compliance with these regulatory
requirements is considered an obligatory condition to ensure the functional safety1 of I&C,
digital I&C, automation hardware and software.
The objective of the Branch Standard is to establish technical requirements to
ensure, at all stages of the I&C life cycle, compliance of safety-important I&C systems and
their components with regulatory requirements set forth in the Regulation.
The documents under development will be used by experts of Energoatom, other
organizations and enterprises, State Nuclear Regulatory Inspectorate of Ukraine and expert
organizations dealing with:
design of new I&C systems and modernization (modification, refurbishment) of
operating safety-important I&C systems at Ukrainian NPPs;
development, manufacture, testing and supply of components (digital I&C,
automation hardware and software) to complete such systems;
installation, adjustment, integration, preliminarily tests of new and upgraded safety-
important I&C systems;
operation (proper use, scheduled maintenance, periodic tests, serviceability
maintenance) and subsequent modernization of I&C systems and/or their components;
safety assessment of I&C systems and their components at all stages of the life cycle. 1 Functional safety is the capability to perform properly all the required safety important functions and to
comply the relevant characteristics under all design-basis operating conditions, operational occurrences and
design-basis accidents. As far as I&C, digital I&C, automation hardware and software are concerned,
functional safety is meant.
4
Development and Agreement of Regulations
The requirements of (Fig. 1):
Standards and rules on nuclear and radiation safety of NPPs in force in Ukraine
[2-9];
International standards on NPP safety [10-23] and similar Ukrainian standards
[24-29];
International industrial standards [30-44] and similar Ukrainian standards [45-57]
that apply to domestic I&C systems and/or their components
were taken into account in the development of the Regulation and Branch Standard.
Both documents were developed by SSTC NRS2, the final drafts of the Regulation
and Branch Standard were submitted to the organizations concerned in 2012.
The first and final drafts of the Regulation and Branch Standard were submitted for
comments to Energoatom and its NPPs, Kharkov and Kyiv Design & Research Institutes
Energoproject, Westron Ltd., Research and Production Corporation Radiy, Severodonetsk
Research and Production Association Impulse, Kharkov Machine-Tool Building Plant and
Kharkov Research Institute of Complex Automation. All organization provided their
comments and proposals on each draft and noted that introduction of the developed
documents would be a timely and necessary step. They pointed out the high scientific and
technical level of development and adequate harmonization with international standards.
The comments and proposals were related to the terminology, classification,
accuracy requirements, immunity to electromagnetic interference and development & test
procedure. All comments and proposals were finalized as summaries of comments and were
considered by the developers of the Regulation and Branch Standard drafts.
2 Besides the authors of this paper, employees of SSTC NRS Kharkiv Subsidiary (O. Butova, S.
Vinogradskaya, V.Gol’drin, A. Klevtsov and S. Trubchaninov), Kirovograd Research and Production
Corporation Radiy (V. Sklyar and А. Yurtsevich), SSTC NRS (V. Kritskii), Severodonetsk Research and
Production Association Impulse (G. Pivovarov), Energoatom (Yu. Gasheva), experts of Ukrainian NPPs,
Design Institutes and other organizations and enterprises that reviewed the drafts and made practical
proposals and recommendations, took part in the development of the Regulation and Branch Standard.
5
General assessments that do not require changes in the text, as well as comments and
proposals that are considered reasonable but cannot be incorporated completely or partially
because this requires a special decision or approval by State Nuclear Regulatory
Inspectorate of Ukraine and/or Energoatom, were considered.
The comments and proposals that indicate mistakes in the text, improve the
statement of specific requirements, set new and clarify current requirements, taking into
account actual conditions and/or experience and do not contradict current regulations and
standards on nuclear and radiation safety and international standards, were accepted.
The comments and proposals that contain reasonable statements that, however,
cannot be taken into account completely or should be reworded were taken into account.
The mistaken or groundless comments or proposals that have no significant
differences with the draft Regulation (Branch Standard), do not belong to the subject of
regulation, do not comply with current Ukrainian regulations standards, do not take into
account or contradict requirements of international standards were rejected.
Each comment (proposal) included in the summary of comments was provided with
a conclusion of the developers and appropriate justification or explanation. The rejected
comments and proposals were included in statements of disagreement along with
explanations. All accepted comments and proposals were incorporated in the final drafts of
Regulation and Branch Standard.
The final drafts of Regulation and Branch Standard were reviewed and agreed by
Energoatom and all NPPs of Ukraine. The final draft of Regulation was agreed upon with
the SNRIU Legal Department and Ministry for Energy and Coal Industry of Ukraine, and is
to be submitted to the Ministry of Justice of Ukraine for registration.
It was proposed to implement the Regulation and Branch Standard simultaneously,
and then NP 306.5.02/3.035 [1] should be canceled. It would be reasonable to revise and, if
necessary, cancel a number of interstate standards on I&C and their components in force in
Ukraine (Table 1).
6
*STATE STANDARD OF UKRAINE IDENTICAL TO THIS INTERNATIONAL STANDARD WAS DEVELOPED
Figure 1. Regulations and Standards with Requirements for Functional Safety of I&C
Systems and Their Components
UKRAINIAN REGULATIONS AND STANDARDS APPLICABLE TO I&C SYSTEMS IMPORTANT
TO NPP SAFETY
REQUIREMENTS FOR
NUCLEAR AND RADIATION SAFETY FOR I&C SYSTEMS
IMPORTANT TO NPP SAFETY
IEC STANDARDS APPLICABLE TO I&C SYSTEMS AND THEIR
COMPONENTS
I&C IMPORTANT TO NPP SAFETY. GENERAL TECHNICAL
REQUIREMENTS UKRAINIAN STANDARDS
IDENTICAL TO INTERNATIONAL
STANDARDS
GENERAL PROVISIONS
BASIC TERMS, DEFINITIONS AND ABBREVIATIONS
CLASSIFICATION
FUNCTIONAL REQUIREMENTS
REQUIREMENTS FOR RELIABILITY OF FUNCTION PERFORMANCE
REQUIREMENTS FOR STABILITY OF FUNCTION PERFORMANCE
REQUIREMENTS FOR
PERFORMANCE QUALITY
REQUIREMENTS FOR INDEPENDENCE OF PERFORMED
FUNCTIONS
REQUIREMENTS FOR SOFTWARE
REQUIREMENTS FOR DATAWARE
REQUIREMENTS FOR DEVELOPMENT
ASSESSMENT AND CONFIRMATION OF COMPLIANCE
REQUIREMENTS FOR OPERATION
7
Table 1. Standards to be revised
Standard Number Title Assessment
GOST 23765-79 NPP Radiation Safety Monitoring Instrumentation. General Technical Requirements for Data Transfer Channel
To be revised taking into account new national and international regulations and standards
GOST 24789-81
Instrumentation Channels of In-core Instrumentation System of Pressurized Water Reactors. General Technical Requirements
To be revised taking into account new national and international regulations and standards
GOST 25804.1-83 GOST 25804.2-83 GOST 25804.3-83 GOST 25804.5-83 GOST 25804.6-83 GOST 25804.7-83
Equipment and Instrumentation for NPP Process Control Systems
Does not comply with requirements of new national and international regulations and standards. Should be cancelled in Ukraine
GOST 25804.4-83 GOST 25804.8-83
To be revised taking into account new national and international regulations and standards
GOST 26344.0-84 Nuclear Instrumentation for Nuclear Power Plants. Basic Provisions
Does not comply with requirements of new national and international regulations and standards. Should be cancelled in Ukraine
GOST 26635-85 Pressurized Water Reactors.General Requirements for In-core Instrumentation System
To be revised taking into account new national and international regulations and standards
GOST 26843-86 Рower Reactors.General Requirements for Control and Protection System
To be revised taking into account new national and international regulations and standards
GOST 27445-87 Neutron Flux Monitoring System for Power Reactor Control and Protection. General Technical Requirements
To be revised taking into account new national and international regulations and standards
GOST 27452-87 NPP Radiation Safety Monitoring Instrumentation. General Technical Requirements
To be revised taking into account new national and international regulations and standards
GOST 29075-91 DSTU GOST 29075
Nuclear Instrumentation for Nuclear Power Plants. General Requirements
To be revised taking into account new national and international regulations and standards
Description of Documents
The Regulation includes the following sections3.
General Provisions. This section determines the regulatory framework and
development sources as well as commitment to comply with the regulatory requirements set 3 The Branch Standard has the same structure and its volume is 2.5 times greater than that of the Regulation
(more than 9 printed pages in the Ukrainian version) because of detailed description of each section.
8
forth in the Regulation. In particular, it indicates that new and modernized I&C systems and
their components shall comply with these requirements if there is no SNRIU authorization
to proceed with their installation as of the date this Regulation is implemented. The
Operator (Energoatom), after agreement with the State Nuclear Regulatory Inspectorate of
Ukraine, shall specify the necessity, scope and timeframe for brining I&C systems and/or
their components that have been authorized for installation or are already operated at NPPs
into compliance with the Regulation.
Basic Terms, Definitions and Abbreviations. About 60 main notions that
complement the terms introduced by the regulations and standards [2-9] or make more
specific the available definitions with regard to I&C systems and their components were
defined. In particular, the following terms were defied: verification; basic, complementary,
preset and required function; alarm, emergency and process protection; function category;
system (component) configuration and configuration control; normal operation and limiting
conditions of operation; resistance to external hazards; and independently operating device
were defined. In addition, about 40 terms were defined in the Branch Standard.
Classification. Automatic control functions for processes and equipment are
classified by categories, while I&C and their components are categorized by purpose and
safety class.
Categorization of functions (Category А, В and С) takes into account the
contribution of these functions to safety and to potential consequences caused by failure to
perform the function or by incorrect performance, as recommended in International
Standard IEC 61226 [20] accepted in most European countries.
Category А is set for the functions:
that ensure emergency protection (reactor scram and core subcritical state),
emergency heat removal, prevention (limitation) of radioactive releases beyond the design
limits;
that support operating personnel actions on prevention of emergencies or accidents;
whose failure can cause an emergency or accident if these consequences cannot be
mitigated by any other Category A function;
that detect and/or limit the consequences of hazards (for example, earthquake or fire)
that can cause an emergency or accident.
9
Category B is set for the functions (if do not relate to Category А):
that prevent initiating events that may lead to operational events or detect such
events or limit their negative consequences;
that support operating personnel actions on prevention of operational events or
limitation of their negative consequences;
whose failures under normal operation require initiation of Category A functions to
prevent an emergency or accident;
that keep the main process parameters within set (permissible) limits provided that
failures of these functions necessitate the initiation of Category A functions to prevent an
emergency or accident;
that are intended for automated control of the technical state of systems and
components involved in the performance of Category A functions, for continuous
demonstration of the preparedness of systems and components to perform such functions
and/or for detection of system and component failures and for warning personnel on the
failures.
Category C is set for other safety-important functions. Functions that do not affect
safety are not classified.
I&C classification (Fig. 2) envisages I&C subdivision into:
I&C-U (I&C systems that perform safety functions);
I&C-N (I&C systems that perform normal operation functions);
I&S-NU (I&C systems that combine the above functions).
I&C-U, I&C-NU and those I&C-N whose failures cause operational events or hinder
their mitigation and thus can lead to an emergency are safety-important systems.
Each safety important I&C system should relate to one of the three safety classes,
whose indication combines a number and a letter (as per NP 306.2-141 [2]) specifying the
highest category of the main functions performed by I&C. In this connection, I&C systems
relate to the following safety classes:
2(А), if at least one of the functions performed by I&C relates to Category A;
3(В), if I&C is not involved in performance of Category A functions and at least
one of its functions relates to Category В;
10
3(С), if I&C is not involved in performance of Category A and/or В functions and
at least one of its functions relates to Category С;
4, if none of the functions performed by I&C is classified with by categories (this
I&C is not safety-related).
The safety classes of digital I&C, automation hardware and their components are
established in the same way by highest category of the functions performed.
Functional Requirements. This section governs functions of control safety systems
and normal operation systems, including radiation monitoring systems, in-core
instrumentation systems, post-accident monitoring systems, data transfer systems, and also
functions of the main control room and emergency control room systems and equipment.
General requirements are formulated for the power unit automated process control
system, in compliance with NP 306.2.141 [2], which includes I&C systems that interact
with protection, confining and support safety systems, normal operation systems, process
equipment and operating personnel (Fig. 2).
If one I&C system (digital I&C and automation hardware) combines normal
operation and safety functions, the latter functions should be the priority; failure of any
normal operation function should not affect the performance of safety functions by the
system (component). If one I&C system (digital I&C and automation hardware) combines
functions that relate to different categories, it should not cause incompliance with
requirements that relate to functions of higher category, and any function failure should not
affect the performance and characteristics of higher-category functions performed by this
system (component).
Functions of control safety systems are established for I&C-U and I&C-NU, which
together with protection, confining and support safety systems and/or components should
perform emergency protection functions, emergency heat removal and core and spent fuel
pool decay heat removal, prevention or limitation of radioactive releases in case of
accidents.
Control safety systems should perform their functions in cases when normal
operation systems are not capable to keep process parameters within set operational limits
(for example, as a result of failure) and quick and reliable response to failure to comply with
design limits or safe operation conditions is required.
11
Figure 2. I&C classification by Purpose and Nature of Functions and Safety Impact
Safety Important Systems
I&C-U
Safe
ty S
yste
ms
Nor
mal
Ope
ratio
n Sy
stem
s
Protection
Support
Confining
I&C-NU
Instrumentation
I&C-N
Control
Normal Operation Process Systems
Non-Safety-Related Systems
Instrumentation
I&C-N
Control
Normal Operation Process Systems
I&C Systems Process Systems
12
After I&C-U (I&C-NU) actuation:
personnel intervention should not be required;
all signals should be held on system outputs until complete performance of all
initiated actions;
potential deactivation of signals should be blocked automatically for the time agreed
with SNRIU but not less than for 10 min.
I&C-U (I&C-NU) and their components should remain capable of performing all
functions necessary for safety assurance at any events that may occur under normal
operation, anticipated operational occurrences, emergencies and design-basis accidents.
Failures of components should be automatically detected with subsequent initiation of
actions necessary for safety assurance.
Functions of normal operation systems are established for I&C-N and I&C-NU,
which together with process equipment and operating personnel should automatically
control the electricity production process and prevent operational events:
keep power unit parameters within set limits in case of internal and external hazards
that may occur in each operating state;
receive and generate remote control signals, display the results, support all other
actions of operating personnel in power increase and decrease, reactor scheduled shutdown,
cooldown and refueling;
provide relevant data to personnel monitoring the processes, performance of normal
operation systems and process equipment, physical barriers to the spread of ionizing
radiation and radioactive releases.
In case of an operational event, I&C-N and I&C-NU should perform functions
preventing emergencies:
detect deviations from operating limits and/or normal operation conditions and
initiate actions to eliminate them;
detect hazards (earthquake, fire, radioactive release) and perform automatic actions
to mitigate their consequences (personnel warning, interlocking of mechanisms, fire
suppression control, etc.).
This section also establishes requirements for functions of I&C-N that deal with:
13
automatic control of core neutronic and thermal hydraulic parameters, calculation of
neutron flux and power density field distribution, generation of signals in case of deviation
of core and heat exchanger state indicators from the design values;
automated radiation monitoring inside NPP premises and within NPP territory, in the
controlled and observation areas under all operating states, during and after accidents and in
decommissioning;
generation, output and/or reception and decoding of digital signals transmitted by
electrical and optic fiber cables;
support of personnel in analyzing the causes and sequence of design-basis and
beyond design-basis accidents, in accident management and mitigation of consequences.
Requirements for Reliability of Functions. This section envisages prevention of
and protection from the common-cause failures; compliance with the single failure,
redundancy and diversity principles; prevention of human errors; protection from
unauthorized access; testing.
Common-cause failures are defined as loss of the possibility to perform the required
function as a result of simultaneous failure of two or more redundant parts caused by one
and the same event that may result from a design drawback, fabrication defect, human error
in operation or maintenance, external hazards and dependent failures of I&C (digital I&C)
redundant parts.
To prevent common-cause failures, the Regulation and Branch Standard
requirements that relate to the development (design), assessment and confirmation of
compliance, testing and maintenance should be met. To ensure protection against common-
cause failures, the requirements for compliance with the principles of diversity,
independence, prevention of human errors and resistance (immunity) to external hazards
should be met. These requirements are obligatory for I&C and digital I&C that relate to
safety class 2(А) and recommended for I&C and digital I&C that relate to safety class 3(В)
and 3(С).
Single failure principle envisages that I&C (digital I&C) should perform all required
Category A functions at any initiating event combined with a failure of one (any)
component dependent failures of other components and combined with failures caused by
latent malfunctions and/or possible effect of the initiating event. The principle should be
14
also observed during maintenance and testing of I&C (digital I&C) that perform Category A
functions at operating power units4.
For I&C and digital I&C that relate to safety class 2(А) and 3(В), it is recommended
to observe the single failure principle in relation to Category B functions (it is allowed not
to take into account potential latent malfunctions).
Redundancy principle should be observed for I&C and digital I&C that relate to
safety class 2(А) by using auxiliary features that are redundant to minimally required ones
to perform the Category A functions. For I&C and digital I&C that relate to safety class
2(А) and 3(В), it is recommended to observe the redundancy principle also in relation to the
required Category B functions, and if these functions relate to the control and protection
system, then redundancy is obligatory. The requirements of NP 306.2.145 [3] should be
taken into account for redundancy of the emergency protection system and neutron flux
monitoring system.
Diversity principle is formulated for a group consisting of two or more systems
(I&C, digital I&C) that simultaneously and with inter-redundancy perform safety functions
identical in terms of the objective to be achieved if they, to a certain extent, physically differ
from one another and/or if they differently achieve the required objective. The difference
between the systems determines the type of diversity (design, functional, signal, hardware,
software, subject or any their combination). The diversity allows decreasing the probability
of common-cause failure of several redundant systems.
It is recommended to reasonably observe the diversity principle in the design of
I&C-B that participate in the performance of safety functions and/or in the development of
digital I&C components for such systems. To determine the need for or expediency of
diversity and select an appropriate type (types) of diversity, potential failure causes, their
probability and consequences are analyzed.
Compliance with the diversity principle is obligatory for I&C (digital I&C) that
participate in the emergency protection function and is to be agreed between the I&C
(digital I&C) designer and operator or customer (user) for I&C (digital I&C) involved in the
4 Upon agreement with the State Nuclear Regulatory Inspectorate of Ukraine, the single failure principle may be not observed within a limited period of time required for maintenance, testing or recovery of I&C systems (digital I&C) and/or their redundant parts provided that the probability of the single failure principle for this time does not exceed the minimum allowed value set for Category A functions performed by I&C systems.
15
performance of other safety functions.
Prevention of human errors in power unit control, inspections, maintenance,
reconfiguration and accident management should be ensured by providing personnel with
complete, timely and reliable data on the process parameters, state and performance of I&C
systems and their components, process systems and equipment and on physical barriers to
the spread of ionizing radiation and radioactive releases.
Data on the removal of I&C components that perform Category A and B functions
from service for maintenance, inspections or recovery and subsequent connection should be
transmitted to operating personnel prior and after completion of these actions. Human errors
should also be prevented by ensuring compliance with the requirements established in the
Regulation and the Branch Standard for testing, man-machine interface, software and
operation.
Protection against unauthorized access to the automation hardware, independently
operating components, software, databases and archives for digital I&C should prevent the
possibility of intentional or unintentional removal from service, change of conditions or
output signal and command generation algorithm, change of programs and archive data, and
damage or theft that may jeopardize safety. The MCR personnel should be warned
immediately about any attempt to change programs and/or data of digital I&C that relate to
safety class 2(А), including other I&C or digital I&C, and also on unauthorized use of ECR.
Reliability indicators should be established for:
basic functions performed by I&C, digital I&C and automation hardware;
replacement components of digital I&C and automation hardware.
The mean time to or between failures is the reliability indicator for replacement
components. The mean time between failures or failure rate are the reliability factors for
continuously performed functions. The availability factor and/or failure rate should be
regulated for the functions performed in required conditions or on demand. The reliability
indicators of all components directly involved in the function should be taken into account
in reliability (availability) assessment. Aging and wear of components, common-cause
failures, software failures and human errors should be considered if there are proven
methodologies and initial data that allow numerical evaluation of their impact on reliability.
The mean time to recovery (replacement of a failed component and subsequent
testing of instrumentation reliability) is regulated for digital I&C and automation hardware
16
recovered on-site.
The service life indicated in documentation on I&C, digital I&C and automation
hardware is accepted as the life indicator. The I&C should be upgraded (digital I&C,
automation hardware should be replaced) before their actual life reaches the regulated
period, or a decision should be made and agreed in compliance with the procedure
established in NP 306.5.02/2.068 [58] to continue operation over a new regulated period.
Requirements for Reliability of Function Performance. This section regulates the
capability to perform appropriate functions under certain environmental conditions,
operating media, mechanical (including seismic) and electrical impacts, variation in power
supply parameters and electromagnetic disturbances that may occur in locations of I&C and
automation hardware components:
under normal operation;
under boundary conditions caused by design-basis accidents, operation of powerful
electrical facilities, failures of support systems, abnormal natural phenomena (earthquake,
lightning stroke) or internal events (fire, flooding);
under beyond design-basis accidents.
Environmental resistance is regulated with regard to upper and/or lower temperature
limits and temperature change rate, humidity, atmospheric pressure, γ-radiation absorbed
dose rate and dose absorbed during regulated operation life, and concentration of corrosive
agents and dust.
To verify environmental resistance, test loads are determined on the basis of test data
on operating values of the environmental parameters provided by the operator or customer
and also based on evaluation of possible limits of these parameters, expected frequency of
occurrence and duration. If such data are absent, it is necessary to rely on generic operating
values and limits of environmental parameters indicated in the Branch Standard for the
group of operation conditions to which the automation hardware or independently operating
digital I&C components (hereinafter - equipment) are related.
Mechanical stability (resistance to vibrations and shock loads) is determined for each
independently operating component under test loads indicated by the operator or customer
using test data on actual values of operating mechanical parameters or generic operating
values indicated in the Branch Standard for the group of arrangement conditions to which
this equipment is related.
17
The seismic resistance category (I, II or III) should be established for all
independently operating equipment.
Seismic Category I includes equipment involved in functions to be initiated and/or
performed in case of the safe shutdown earthquake at NPP site (seismic load detection,
emergency reactor shutdown, interlocking of moving mechanisms, etc.) or directly after this
event (maintenance of core subcriticality, emergency core cooldown, residual heat removal,
control of critical parameters, prevention of radioactive releases, post-accident control and
monitoring).
Seismic Category II includes equipment that does not relate to category I if its
failure caused by an earthquake can cause power supply failure. This equipment should
perform all the established functions after seismic impacts caused by the design-basis
earthquake at NPP site.
Seismic Category III includes equipment that does not relate to categories I and II;
seismic resistance requirements are not established for such equipment.
Seismic impacts are simulated in response spectrum tests in compliance with
GOST 30546 [59], taking into account possible response of civil engineering structures to
ground vibrations. The response spectrum is determined by calculation and/or modeling, or
with use of generic values indicated in the Branch Standard that take into account possible
earthquake intensity, equipment height and installation methods.
Immunity to variation in power supply parameters is regulated with regard to long-
term deviations of frequency and voltage; short-term voltage fluctuations and power
interruptions [38, 52]; voltage fluctuations [40, 53]; short-term variation in current
frequency [42, 55].
Immunity to electromagnetic disturbances (see [60, 61]) includes:
electrostatic discharge interference [30, 45];
electromagnetic field radio frequency interference [31, 46];
electrical fast transient/burst interference [32, 47];
current surge interference [33, 48];
conducted disturbances induced by radio frequency fields [34, 49];
power frequency magnetic field interference [35, 62];
pulse magnetic field interference [36, 50];
damped oscillatory magnetic field interference [37, 51];
18
damped oscillatory interference [39];
conductive, common mode disturbances in the frequency range from 0 to 150 kHz
[41, 54];
ground line disturbances [1].
Requirements for Performance Quality. Requirements for accuracy, time
characteristics and man-machine interface are established.
Requirements for accuracy in the measurement of physical quantities that
characterize the processes and equipment state are determined as metrological
characteristics of I&C (digital I&C) instrumentation channels: limits of allowed error in
operating conditions or limits of basic allowed error and complementary errors caused by
change in each affecting factor within its nominal range.
The accuracy of I&C (digital I&C) alarm and/or control instrumentation channels is
characterized by the absolute allowed error in alarm actuation and disabling and/or
generation and disabling of control signals that are established for normal or limiting
operation conditions.
The instrumentation channels should undergo metrological certification prior to I&C
commercial operation. Digital I&C and automation hardware, regulated with regard to
accuracy requirements, should undergo primary calibration after the production and periodic
calibration during operation.
Time characteristics regulate the data input rate and time resolution in data input and
backup, permissible delays of discrete functions, data exchange rate, time of digital I&C
(automation hardware) connection after power supply renewal.
Requirements for Independence. This section establishes independence
requirements for the groups of I&C (digital I&C) redundant channels. Each of the channels
should remain capable of performing required Category A or B (recommended) functions
irrespective of the following:
failure or removal from service of other channels in this group for maintenance, tests
and recovery;
external impacts on other channels in this group that may cause their characteristics
to exceed the set limits.
I&C components that relate to safety class 2(А) or 3(В) should remain capable of
performing required Category A or B functions irrespective of failure or removal from
19
operation of related components in this or another I&C system that relates to lower safety
class.
To ensure independence, the following should be provided:
functional and/or physical separation of I&C components (digital I&C constituents)
that relate to different safety classes;
functional and/or physical separation of the redundant digital I&C systems (within
one I&C) and redundant alarm and control channels (within one digital I&C);
electric isolation of lines that transmit signals from a common source to several
receivers and from several sources to a common receiver;
use of local networks that can exchange data between all other (remaining in
operation) equipment after failure or removal from operation of any connected device.
Functional separation is ensured by a complete set of input data required for each
digital I&C and/or alarm and control channel in the group of inter-redundant digital I&C
(channels) to perform all the required functions.
Physical separation provides for allocating each of these digital I&C systems and/or
instrumentation channels in separate rooms or in separate load-bearing structures, separation
of their cables, use of separate cable trays and penetrations for each system/channel.
Electric isolation provides for galvanic isolation and shielding of feeds and leads.
Isolation quality of each power circuit (electric strength and electrical insulation resistance)
is regulated for operating and limiting conditions.
20
Figure 3. Classification of Functions, Systems and Components in Different Countries
Revision of Regulations
The final revisions of the Regulation and Brand Standard include the lessons learned
from the Fukushima accident. These lessons revealed the need to reassess and establish
stricter requirements for functional safety of I&C systems and their components [63]. These
requirements are intended, in particular, to minimize the risk of hazards, including
earthquakes, and to keep data that may be necessary for accident management and/or for
mitigation of accident consequences.
21
To mitigate the risk of earthquakes:
control and monitoring functions to be performed during and/or immediately after an
earthquake are identified;
classification criteria for seismic resistance and test severity are specified for
equipment involved in these functions, taking into account seismic resistance categories and
equipment arrangement conditions;
requirements for test loads that simulate earthquakes are identified. Methods of
seismic resistance assessment and compliance criteria are clarified.
To mitigate the risk of other hazards:
requirements for functional safety of the instrumentation systems that should detect
such hazards (fire detection and alarm, actuation of automated fire extinguishing) are
established;
measures on fire prevention and protection of independently operating equipment in
case of fire hazards are determined;
requirements for resistance to substances that are released in actuation of the
automated fire extinguishing system are identified.
To store the data on accidents:
requirements for the system for monitoring of radioactive releases within NPP rooms
and territory, controlled and observation areas during operation and after accidents,
including beyond design-basis accidents, are established;
requirements for post-accident monitoring systems that support NPP technical
personnel and safety experts in accident management, mitigation of accident consequences,
analysis of the causes and ways of accident progression (including requirements on data
storage reliability in case of a beyond design-basis accident) are identified.
Differences from Current Requirements NP 306.5.02/3.035 [1]
1. The requirements for I&C systems and their components are divided into
regulatory requirements included in the Regulation and technical requirements detailed by
the Branch Standard in order that this document can be used directly for regulation and
assessment of the functional safety of I&C systems and their components.
22
2. Process control and monitoring functions (performed by combined actions of
control, protection, confining and support systems, process equipment and operating
personnel) and I&C functions are separated.
3. Classification by categories, which take into account the importance of these
functions to safety and complies with the classification accepted in IEC 61226 [20] and
reflected in DSTU IEC 61226 [27], is introduced for process control and monitoring
functions. The categories of I&C functions and functions of their components agree with
the processes in which control and monitoring functions are involved.
4. Safety classification of I&C systems and their components is harmonized with
international standards [64]: the categories of functions were taken as a basis; the number
of safety classes was increased from two to three, as in IEC 61513 [13]; the safety
requirements were differentiated taking into account the categories of functions as
recommended in IEC 60880 [17], IEC 61226 [20], IEC 62138 [22] and in identical State
Standards of Ukraine DSTU ІЕС 60880 [25], DSTU IEC 61226 [27] and
DSTU ІЕС 62138 [29]. At the same time, the consistency with current Ukrainian
classification established in NP 306.2.141 [2] is preserved so as the classified criteria can
be specified and detailed and other classification features can be used (Fig. 3).
5. Requirements of the Regulation and Branch Standard cover all life stages: I&C
design; development of digital I&C, automation hardware and software; equipment
qualification, software verification; acceptance tests of digital I&C and automation
hardware performed by manufacturers; integration of components and I&C tests in
commissioning at NPPs; maintenance, inspections and recovery during operation;
modification and modernization the operating system.
6. Functional requirements for normal operation and safety systems, in-core
instrumentation systems, radiation monitoring system, fire alarm and automated fire
extinguishing system are established.
7. Requirements for emergency and post-accident control (monitoring) systems,
including requirements for backup of the data needed for analysis of accident causes,
accident progression and state of structures, systems and equipment, and requirements for
safety of these data at any impacts that may occur in case of design-basis accidents and
beyond design-basis accidents are specified.
23
8. The classification criteria for seismic resistance and methods for simulation of
seismic loads during tests are clarified. Much more severe seismic resistance requirements
are established. They take into account conservative assessment of the damping coefficient
for civil engineering structures to determine their possible response to ground vibrations.
9. In establishing regulatory requirements for immunity (electromagnetic disturbance
immunity), instead of general assessment of electromagnetic environment, it is proposed
that immunity be analyzed separately for each type of disturbance.
The list of electromagnetic disturbances for which immunity requirements were
established was extended. It additionally includes conductive disturbances induced by radio
frequency fields; damped oscillatory magnetic field interferences; damped oscillatory
interferences; conductive, common mode disturbances in the frequency range from 0 up to
150 kHz; feed voltage fluctuations; short-term variations in supply frequency.
10. Electromagnetic compatibility requirements are specified taking into account
new international standards [30-43] and state standards of Ukraine [45-56, 62]. Stricter
requirements are set for tests of Safety Class 2(А) and 3(В) in comparison with these
standards.
11. Contemporary tendencies in the use of the Field Programmable Logical Devices
(FPLDs) and technology for their development and implementation were taken into account
for safety functions.
12. Requirements for software protection from unwanted and unsafe interference and
from unauthorized change through external computer networks and/or transient carriers
(these requirements should be further detailed taking into account IAEA efforts and new
IEC standards pertaining to the protection against cyber threats) are provided for.
13. Configuration management requirements that allow (at any time) identification
and recording of distinctive features and connections of all elements, whose combination
determines the actual configuration of I&C and digital I&C at the relevant life stage are
included.
24
GND 306.7.013.088–2004. Methodology on State Supervision of Quality Management System in Nuclear Facility Operation GND 306.6.01/1.075–2003. Procedure for Review and Agreement of Product Technical Specifications KND 306.302–96. Requirements for Contents of Safety Analysis Reports for WWER NPPs in Licensing of Commissioning ND 306.711–96. Lifetime Extension for I&C Related to the Safety Important Systems. General Requirements for Work Procedure and Contents SOU-N YaЕК 1.005:2007. Automated Radiation Monitoring Systems at NPPs with WWER. General Technical Requirements SOU-N MPЕ 40.1.35.109:2005. Technical Requirements for Microprocessor-based Protections and Interlocks STP 0.03.069:2007. Metrology. Process Control and Instrumentation Systems. Pilot Model. Metrological Certification Procedure STP 0.03.050–2009. Certification of NPP Equipment and Technical Devices
Fig. 4. Hierarchical Pyramid of Ukrainian Regulations Related to I&C systems and Their
Components Important to Safety
Conclusions
The advances in information technologies, electronic components, local-area
networks, computerized diagnostics, display and archiving tools that serve as the basis for
developing new I&C systems and upgrading the existing ones designed for automation of
nuclear installations have necessitated regular updating of the regulatory framework
governing the functional safety of these systems and their components. Two new revisions
of the standard that relates to the instrumentation and control systems important to NPP
safety (IAEA NS-G-1.3 [13] and IAEA DS-431 [15]), two revisions of international
standard IEC 61513 [21] establishing general requirements for functional safety of such
LAWS OF UKRAINE AND INTERNATIONAL AGREEMENTS
RESOLUTIONS OF THE PRESIDENT AND THE CABINET OF MINISTERS OF UKRAINE
REGULATIONS OF THE STATE REGULATORY BODIES OF UKRAINE
GUIDELINES OF THE STATE REGULATORY BODIES OF UKRAINE
INTERSTATE AND STATE STANDARDS BRANCH REGULATIONS OF THE MINISTRY FOR ENERGY AND COAL INDUSTRY OF UKRAINE REGULATIONS OF THE OPERATOR
25
systems, and three revisions of standard IEC 61226 [20] that relates to the classification of
NPP I&C were issued after NP 306.5.02/3.035 [1] was put into effect in March 2000.
Meanwhile, Ukrainian experts gained substantial experience in design, development,
manufacture and assessment of the functional safety of I&C systems and their components
at Ukrainian NPPs [65]. Under these circumstances, it was recognized that Regulation NP
306.5.02/3.035 [1] should be revised and a new Branch Standard with requirements
harmonized with the latest revisions of international standards should be developed.
The development and implementation of the Regulation and Branch Standard will
contribute to solving top priority issues related to the prevention of nuclear accidents at
Ukrainian NPPs and to the safety of personnel, the public and the environment.
The application of new regulations will improve understanding between experts
involved in the development (modernization), implementation and operation of I&C
systems important to safety, as well as with the State Nuclear Regulatory Inspectorate of
Ukraine, licensing these activities, and with its expert organizations.
The harmonization with international standards will enable export of systems and
components designed and produced in compliance with the Regulation and Branch
Standard, allow extensive use of advanced international experience in regulation and safety
assessment of I&C systems and their components, and facilitate the of the national legal
framework to legislation of the European Union.
The developed Regulation “Nuclear and Radiation Safety Requirements for I&C
Systems Important to NPP Safety” (NP 306.2.XXX-2014) and associated Branch Standard
“Instrumentation and Control Systems Important to NPP Safety. General Technical
Requirements” (SOU N YaEK X.00X:2014) will be included in the hierarchical pyramid of
nuclear and radiation safety regulations (Fig. 4) developed by the SNRIU.
The revision of Guideline GND 306.7.02/2.041 [66], which sets requirements for the
structure and contents of safety justification documents for I&C systems and their
components at all life stages and describes the procedure for assessment of compliance with
these requirements, is a top priority too. The assessment is carried out by the SNRIU in
licensing of the development (modernization) of I&C systems at Ukrainian NPPs. The
revision is to be aimed at bringing the document into compliance with the new Regulation
and Branch Standard and harmonizing it with IEC 61513 [21] and other IEC standards, in
which the completeness and quality of technical documentation are regarded as very
26
important aspects ensuring the functional safety of I&C systems, automation hardware and
digital I&C.
References
1. NP 306.5.02/3.035-2000. Requirements for Nuclear and Radiation Safety of Instrumentation
and Control Systems Important to NPP Safety. (Rus)
2. NP 306.2.141-2008. General Safety Provisions for Nuclear Power Plants. (Ukr)
3. NP306.2.145-2008. Nuclear Safety Rules for Reactors of Nuclear Power Plants with PWR.
(Ukr)
4. NP 306.2.106-2005. Requirements for Modification of Nuclear Installations and Procedure
for Safety Assessment. (Ukr)
5. NP 306.5.02/2.068-2003. Requirements for Procedure and Contents of Lifetime Extension
Measures for Instrumentation and Control Systems Important to NPP Safety. (Ukr)
6. NP 306.5.02/3.017-99. Requirements for Quality Assurance Program at All Stages of NPP
Lifecycle. (Rus)
7. NP 306.5.02/3.076-2003. Requirements for Arrangement and Procedure of NPP
Commissioning. (Ukr)
8. NAPB 03.005-2002 (VBN V.1.1-034-03.307-2003). Fire Protection. Fire Safety Regulations
for Design of Nuclear Power Plants with WWER. (Ukr)
9. PNAE G-5-006-87. Seismic Design Rules for Nuclear Power Plants. (Rus)
10. IAEA SSR-2/2-2011. Safety of Nuclear Power Plants: Commissioning and Operation. Specific
Safety Requirements.
11. IAEA SSR-2/1 2012. Safety of Nuclear Power Plants: Design. Specific Safety.
12. IAEA NS-G-1.1:2000. Software for Computer Based Systems Important to Safety in Nuclear
Power Plants. Safety Guide.
13. IAEA NS-G-1.3:2002. Instrumentation and Control Systems Important to Safety in Nuclear
Power Plants. Safety Guide.
14. IAEA NS-G-2.3:2001. Modifications to Nuclear Power Plants. Safety Guide.
15. IAEA DS-431. Design of Instrumentation and Control Systems for Nuclear Power Plants.
Draft Safety Guide.
16. IEC 60780:1998. Nuclear Power Plants — Electrical Equipment of the Safety Systems —
Qualification.
17. IEC 60880:2006. Nuclear Power Plants — Instrumentation and Control Systems Important to
Safety — Software Aspects for Computer-Based Systems Performing Category A Functions.
27
18. IEC 60980:2007. Recommended Practice for Seismic Qualification of Electrical Equipment
for Nuclear Power Plants.
19. IEC 60987:2007. Nuclear Power Plants — Instrumentation and Control Important to Safety.
Programmed Digital Computers Important to Safety for Nuclear Power Plants.
20. IEC 61226:2009. Nuclear Power Plants — Instrumentation and Control Systems Important to
Safety — Classification. Ed. 3.0.
21. IEC 61513:2011. Nuclear Power Plants — Instrumentation and Control Important to
Safety — General Requirements for Systems.
22. IEC 62138:2005. Nuclear Power Plants — Instrumentation and Control Important for Safety.
Software Aspects for Computer-Based Systems Performing Category B or C Functions.
23. IEC 62340:2007. Nuclear Power Plants — Instrumentation and Control Systems Important to
Safety - Requirements for Coping with Common Cause Failure (CCF).
24. DSTU ІЕС 60780:2007. Nuclear Power Plants. Electric Equipment of the Safety Systems.
Qualification (ІEC 60780:1998, ІDT). (Ukr)
25. DSTU ІЕС 60880:2008. Nuclear Power Plants. Instrumentation and Control Systems
Important to Safety. Software Aspects of Computer-Based Systems Performing Category A
Functions (ІEC 60880:2006, ІDT). (Ukr)
26. DSTU ІЕС 60987:2010. Nuclear Power Plants. Instrumentation and Control Systems
Important to Safety. Requirements for Design of Hardware for Computer-Based Systems
(ІEC 60987:2007, ІDT). (Ukr)
27. DSTU ІЕС 61226:2007. Nuclear Power Plants. Instrumentation and Control Systems
Important to Safety. Classification of Instrumentation and Control Functions
(ІEC 61226:2005, ІDT). (Ukr)
28. DSTU ІЕС 61513:2009. Nuclear Power Plants. Instrumentation and Control Systems
Important to Safety. General Requirements for Systems (ІEC 61513:2001, ІDT). (Ukr)
29. DSTU ІЕС 62138:2008. Nuclear Power Plants. Instrumentation and Control Systems
Important to Safety. Software Aspects for Computer-Based Systems Performing Category B
or C Functions (ІEC 62138:2004, ІDT). (Ukr)
30. IEC 61000-4-2:2001. Electromagnetic Compatibility (EMC) — Part 4-2: Testing and
Measurement Techniques — Electrostatic Discharge Immunity Test.
31. IEC 61000-4-3:2001. Electromagnetic Compatibility (EMC) — Part 4-3: Testing and
Measurement Techniques - Radiated, Radio-Frequency, Electromagnetic Field Immunity.
32. IEC 61000-4-4:2001. Electromagnetic Compatibility (EMC) — Part 4-4: Testing and
Measurement Techniques — Electrical Fast Transient / Burst Immunity Test. Basic EMS
Publication.
28
33. IEC 61000-4-5:2005. Electromagnetic Compatibility (EMC) — Part 4-5: Testing and
Measurement Techniques — Surge Immunity Test.
34. IEC 61000-4-6:2006. Electromagnetic Compatibility (EMC) — Part 4-6: Testing and
Measurement Techniques - Immunity to Conducted Disturbances, Induced by Radio-
Frequency Fields.
35. IEC 61000-4-8:2001. Electromagnetic Compatibility (EMC) — Part 4-8: Testing and
Measurement Techniques - Power Frequency Magnetic Field Immunity Test.
36. IEC 61000-4-9:2001. Electromagnetic Compatibility (EMC) — Part 4-9: Testing and
Measurement Techniques - Pulse Magnetic Field Immunity Test.
37. IEC 61000-4-10:2001. Electromagnetic Compatibility (EMC) — Part 4-10: Testing and
Measurement Techniques - Damped Oscillatory Magnetic Field Immunity.
38. IEC 61000-4-11:2004. Electromagnetic Compatibility (EMC) — Part 4-11: Testing and
Measurement Techniques — Voltage Dips, Short Interruptions and Voltage Variations
Immunity Tests.
39. IEC 61000-4-12:2001. Electromagnetic Compatibility (EMC) — Part 4-12: Testing and
Measurement Techniques - Oscillatory Waves Immunity Test.
40. IEC 61000-4-14:2002. Electromagnetic Compatibility (EMC) — Part 4-14: Testing and
Measurement Techniques - Voltage Fluctuation Immunity Test.
41. IEC 61000-4-16:2002. Electromagnetic Compatibility (EMC) — Part 4-16: Testing and
Measurement Techniques - Test for Immunity to Conducted, Common Mode Disturbances in
the Frequency Range 0 Hz to 150 kHz.
42. IEC 61000-4-28:2002. Electromagnetic Compatibility (EMC) — Part 4-28: Testing and
Measurement Techniques — Variation of Power Frequency, Immunity Test.
43. CISPR 22:2006. Information Technology Equipment — Radio Disturbance Characteristics —
Limits and Methods of Measurement.
44. ISO 9001-2000. Quality Management Systems — Requirements.
45. DSTU ІЕС 61000-4-2:2008. Electromagnetic Compatibility (EMC) — Part 4-2. Testing and
Measurement Techniques. Electrostatic Discharge Immunity Test (ІEC 61000-4-2:2001,
ІDT). (Ukr)
46. DSTU ІЕС 61000-4-3:2007. Electromagnetic Compatibility (EMC) — Part 4-3. Testing and
Measurement Techniques — Radiated, Radio-Frequency, Electromagnetic Field Immunity
(ІEC 61000-4-3:2006, ІDT). (Ukr)
47. DSTU ІЕС 61000-4-4:2008. Electromagnetic Compatibility (EMC) — Part 4-4. Testing and
Measurement Techniques - Electrical Fast Transient / Burst Immunity Test (ІEC 61000-4-
4:2004, ІDT). (Ukr)
29
48. DSTU ІЕС 61000-4-5:2008. Electromagnetic Compatibility (EMC) — Part 4-5: Testing and
Measurement Techniques — Surge Immunity Test (ІEC 61000-4-5:2005, ІDT). (Ukr)
49. DSTU ІЕС 61000-4-6:2007. Electromagnetic Compatibility (EMC) — Part 4-6: Testing and
Measurement Techniques — Immunity to Conducted Disturbances, Induced by Radio-
Frequency Fields (ІEC 61000-4-6:2006, ІDT). (Ukr)
50. DSTU ІЕС 61000-4-9:2007. Electromagnetic Compatibility (EMC) — Part 4-9: Testing and
Measurement Techniques — Pulse Magnetic Field Immunity Test (ІEC 61000-4-9:2001,
ІDT). (Ukr)
51. DSTU ІЕС 61000-4-10:2008. Electromagnetic Compatibility (EMC) — Part 4-10: Testing
and Measurement Techniques — Damped Oscillatory Magnetic Field Immunity. (ІEC 61000-
4-10:2001, ІDT). (Ukr)
52. DSTU ІЕС 61000-4-11:2007. Electromagnetic Compatibility (EMC) — Part 4-11: Testing
and Measurement Techniques — Voltage Dips, Short Interruptions and Voltage Variations
Immunity Tests (ІEC 61000-4-11:2004, ІDT). (Ukr)
53. DSTU ІЕС 61000-4-14:2008. Electromagnetic Compatibility (EMC) — Part 4-14: Testing
and Measurement Techniques - Voltage Fluctuation Immunity Test (ІEC 61000-4-14:2002,
ІDT). (Ukr)
54. DSTU ІЕС 61000-4-16:2007. Electromagnetic Compatibility (EMC) — Part 4-16: Testing
and Measurement Techniques — Test for Immunity to Conducted, Common Mode
Disturbances in the Frequency Range 0 Hz to 150 kHz (ІEC 61000-4-16:2002, ІDT). (Ukr)
55. DSTU ІЕС 61000-4-28:2008. Electromagnetic Compatibility (EMC) — Part 4-28: Testing
and Measurement Techniques — Variation of Power Frequency, Immunity Test (ІEC 61000-
4-28:2002, ІDT). (Ukr)
56. DSTU CISPR 22:2007. Information Technology Equipment — Radio Disturbance
Characteristics — Limits and Methods of Measurement (CISPR 22:2006, ІDT). (Ukr)
57. DSTU ISO 9001 2009. Quality Management Systems — Requirements (ISO 9001:2008,
IDT). (Ukr)
58. NP 306.5.02/2.068-2003. Requirements for Order and Contents of Lifetime Extension
Measures for Instrumentation and Control Systems Important to NPP Safety. (Rus)
59. GOST 30546.1-98. General Requirements for Machines, Devices and Secondary Technical
Equipment and Methods to Calculate Seismic Resistance of Complex Structures. (Rus)
60. Yu. Rozen. Electromagnetic Compatibility of Instrumentation and Control System
Components (1): Rules for Regulation and Assessment of Noise Immunity. Nuclear and
Radiation Safety, 2007, No. 2. – P. 9-26. (Rus)
30
61. Yu. Rozen. Electromagnetic Compatibility of Instrumentation and Control System
Components (2): Electromagnetic Noise Immunity. Nuclear and Radiation Safety, 2008, No.
4. – P. 58-76. (Rus)
62. DSTU 2465-94. Electromagnetic Compatibility of Technical Measures. Power Frequency
Magnetic Field Immunity Test. Technical Requirements and Test Methods. (Ukr)
63. M. Yastrebenetsky, Yu. Rozen, G. Gromov, V. Inyushev, A. Nosovsky, M. Gashev,
B. Stolyarchuk. Requirements for Instrumentation and Control Systems of Ukrainian NPPs
Following Analysis of the Fukushima-1 Accident // Nuclear and Radiation Safety. —
2011. — No. 4. — P. 3—10. (Rus)
64. M. Yastrebenetsky, Yu. Rozen. About Safety Classification of Instrumentation and Control
Systems and Their Components // Nuclear and Radiation Safety. — 2004. — No. 4. —
P. 13—33. (Rus)
65. M. Yastrebenetsky, Yu. Rosen, S. Vinogradskaya, G. Jonhson, V. Eliseev, A. Siora, V. Skliar,
L. Spector, V. Kharchenko. Nuclear reactors control and protection systems / Ed.
M. Yastrebenetsky. — Kiev: Osnova-Print, 2011. — 768. — (Nuclear power plants safety).
(Rus)
66. GND 306.7.02/2.041-2000. Methodology for Assessing Compliance of Instrumentation and
Control Systems Important to Safety of Nuclear Power Plants with Nuclear and Radiation
Safety Requirements. (Ukr)