ebook img

IS 15399: Hardware for Computers in the Safety System of Nuclear and Radiation Facilities PDF

22 Pages·2003·2 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview IS 15399: Hardware for Computers in the Safety System of Nuclear and Radiation Facilities

इंटरनेट मानक Disclosure to Promote the Right To Information Whereas the Parliament of India has set out to provide a practical regime of right to information for citizens to secure access to information under the control of public authorities, in order to promote transparency and accountability in the working of every public authority, and whereas the attached publication of the Bureau of Indian Standards is of particular interest to the public, particularly disadvantaged communities and those engaged in the pursuit of education and knowledge, the attached public safety standard is made available to promote the timely dissemination of this information in an accurate manner to the public. “जान1 का अ+धकार, जी1 का अ+धकार” “प0रा1 को छोड न’ 5 तरफ” Mazdoor Kisan Shakti Sangathan Jawaharlal Nehru “The Right to Information, The Right to Live” “Step Out From the Old to the New” IS 15399 (2003): Hardware for Computers in the Safety System of Nuclear and Radiation Facilities [LITD 8: Electronic Measuring Instruments, Systems and Accessories] “!ान $ एक न’ भारत का +नम-ण” Satyanarayan Gangaram Pitroda ““IInnvveenntt aa NNeeww IInnddiiaa UUssiinngg KKnnoowwlleeddggee”” “!ान एक ऐसा खजाना > जो कभी च0राया नहB जा सकता हहहहै””ै” Bhartṛhari—Nītiśatakam “Knowledge is such a treasure which cannot be stolen” IS 15399:2003 Indian Standard HARDWARE FOR COMPUTERS IN THE SAFETY SYSTEM OF NUCLEAR AND RADIATION FACILITIES ICS 27.120.20 0 BIS 2003 BUREAU OF INDIAN STANDARDS MANAK BHAVAN, 9 BAHADUR SHAH ZAFAR MARG NEW DELHI 110002 (Ictober 2003 Price Group 7 Nuclear Instrumentation Sectional Committee, LTD 26 FOREWORD This Inclian Standard was adopted by the Bureau of Indian Standards, atler the draft finalized by the Nuclear instrumentation Sectional Committee had been approved by the Electronics and Telecommunication Division Council. Computer systems are extensively used for on line monitoring of the reactor core against blockage of coolant flow, on line power regulation, fuel handling operation, supervision ofprocess parameters against safety thresholds, event sequence analysis, measurement of radiation level, etc. This standard gives the principles for the utilization of digital systems hardware for systems important to safety. This includes multiprocessor distributed systems and large-scale central processor systems constructed from off-the-shelf items or from newly developed hardware. [t lays down requirements specific to the hardware of digital systems. For specific requirements for computer software and common areas of hardware and software, IS 15398 :2003 ‘Software for computers in the safety systems of nuclear and radiation facilities’ isapplicable. For modules used inthe design of aspecific safety system application, relevant and auditable operating experience from nuclear or other applications asdescribed incombination with quality assurance programmed ofhigh reliability may be an acceptable method of qualification. This standard may also be useful as a guide for other computer systems requiring real time applications. This standard isbased on IEC 987 (1989) ‘Programmed digital computers important to safety for nuclear power stations’ issued by the International Electrotechnical Commission. The composition of the Committee responsible for formulation of this standard is given in Annex E. IS 15399:2003 Indian Standard HARDWARE FOR COMPUTERS IN THE SAFETY SYSTEM OF NUCLEAR AND RADIATION FACILITIES 1SCOPE b) Sof~are— A basic part of a programme. 1.1 This standard is applicable to computer systems 3.5 Design — The theoretical work which leads hardware for systems important tosafety used innuclear towards a system requirements specification. Facilities. It is, therefore, applicable to safety systems 3.6 Development —The experimental test demonstra- and in general to safety-related systems. tion work which is intended to prove the success of 1.2 The requirements specified are applicable but not any parts of the design whose performance cannot be restricted to the following items of such systems, down ensured by theoretical work alone. to the component level: 3.7 Diversity— The existence of different means of a) External power supplies tothe computer system; performing a required function (for example, other b) Internal architecture; physical principles, other ways of solving the same task). c) Input/Output equipment and interfaces; d) Data transmission means; 3.8 Guaranteed Power Supply — Apower supply for the computer system which is designed to be able to e) Storage devices; and provide satisfactory electrical supplies normally, during o Test devices toprove continued correct operation loss of electrical generator on the station, and during as far as any Failure of these devices leads to loss of connection of the station to the electrical failure of the computer system. distribution network or grid which itserves. 2 REFERENCES 3.9 Integration Tests — Tests performed during the hardware/software integration process prior tocomputer The standards given inAnnex Aare necessary adjuncts system validation to verifi compatibility ofthe software to this standard. and the computer system hardware. 3 TERMS AND DEFINITIONS 3.10 Maintainability — The probability that a given 3.0 For the purpose of this standard, the following active maintenance action to an item under given definitions shall apply: conditions of use can be carried out within astated time interval when the maintenance is performed under 3.1 Availability -– The ability of an item to be in a stated conditions and using stated procedures and state to perform a required function under given resources. conditions at a given instant of time or over a given time interval, assuming that the required external 3.11 Maintenance — The combination of alltechnical resources are provided. and administrative actions, including supervision actions, intended to retain an item in, or restore itto, a 3.2 Computer— A programmable timctional unit that state in which itcan perform a required fimction. consists of one or more associated processing units and peripheral equipment, that is controlled by internally 3.12 Module — Any assembly of interconnected stored programmed and that can perform substantial components which constitutes an identifiable device, computation, including numerous arithmetic operations instrument or piece of equipment. A module can be or logic operations, without human intervention during removed as a unit and replaced with a spare. It has a run. definable performance characteristics which permit it to be tested asaunit. Amodule could be acard, adraw 3.3 Computer System —A system consisting of one out circuit breaker orany other sub-assembly ofalarger or more computers (comprising hardware as well as device, provided it meets the requirements of this software) collectively forming a functional unit of an definition. instrumentation and control system. 3.13 Qualified Life—The period of time for which 3.4 Component satisfacto~ performance can be verified for aspecified a) Hardware — Items from which the system is set of operating conditions. assembled (for example, integrated circuits, resistors, capacitors, wires, connectors, 3.14 Redundancy — The provision of alternative transistors, switches, etc.) (identical or diverse) elements so that any one can 1 1S 15399:2003 perform the required function regardless ofthe state of presence of a limited number of hardware or software operation or failure of any other. faults. 3.15 Reliability — The probability that afailure which 3.28 Graceful Degradation —Stepwise reduction of causes deviation from the required output by more than system functions inresponse to detected failures while specified tolerances, in a specific environment, does essential functions are maintained. n-etoccur during a specified exposure period. 3.29 Initialize— To set counters, switches, addresses, 3.16 Single Failure —A random failure, which results or contents of storage devices to zero or other starting in the loss of capability of a component to perform its values at the beginning of, or at prescribed points in intended safety function. Consequential failures the operation of a computer programme. resutting from a single random occurrence are 3.30 Procedure—A portion ofacomputer programme considered to be part of the single failure. which is named and which performs a specific task. 3.16.”1 Single Failure Criterion — A criterion applied 3.31 Software — Programmed, procedures, rules and to a system such that it is capable of performing its any associated documentation pertaining to the safety task in the presence of any single failure. operation of a computer system. 3.17 Software — Programmed, procedures, rules and 3.32 Software Life Cycle—The period of time that any associated documentation pertaining to the starts when a software product is conceived and ends operation of a computer system. when the product is no longer available for use. The software life cycle typically includes a requirements 3.18 Sub-system — Adivision of asystem that initself phase, design phase, implementation phase, test.phase, has the characteristics of a system. installation and check-out phase, operation and 3.19 System — A set of interconnected elements maintenance phase. constituted to achieve agiven objective by performing 3.33 Software Modification — Changes of already a specified function. agreed documents leading toachange tothe executable 3.20 Validation — The test and evaluation of the code or its data. integrated computer system (hardware and software) 3.34 Software Modularity — The sofiware attribute to ensure compliance with the functional, performance that provides a structure of highly independent and interface requirements. computer programme units that are discrete and 3.21 Verification — The process of determining identifiable with respect to translating, testing and combining with other units. whether or not the product of each phase of the digital computer system development process fulfills all the 4 PROJECT STRUCTURE requirements imposed by the previous phase. 4.1 General 3.22 Application Programm e— A computer 4.1.1 Any project will normally be divided up into a programme that performs atask related to the process number of phases. Each phase is to some extent self- being controlled rather than the functioning of the contained but will depend on other phases and will, in computer itself. its turn, be depended on by others. These phases are 3.23 Code Compaction —The purposeful reduction informally recognizable by the specif]c activities in memory size required for a computer programme pertinent tothem. For applications important to safety, by the elimination of redundant or extraneous these phases shall be formalized and none of the instructions. identified phases shall be omitted. Some hardware and software phases may be performed simultaneously. 3.24 Computer Programmed A set of ordered Formalized procedures shall be defined to regulate the instructions and data that specify operations in a form feedback between phases. suitable for execution by a digital computer. 4.1.2 Project management documentation shall be 3.25 Data —A representation of facts, concepts or provided to define the project sub-division so that the instructions in a formalized manner suitable for project can be run in a controlled manner with communication, interpretation or processing by a evolutions recorded and monitored. Aquality assurance computer. plan shall be applied. 3.26 Defence in Depth — Provision of multiple levels 4.2 Project Sub-division of protection for ensuring safety of workers, the public The following general factors determine the activities or the environment. in implementing aproject: 3.27 Fault Tolerance —The built-in capability of a a) The whole system life cycle (see Annex B) shall system to provide continued correct execution in the be considered. 2 IS 15399:2003 b) Each phase of the system life cycle shall be e) Document control; divided into elementary tasks with awell defined f) Control of purchase material and services; activity for each of them. d Identification and control of material; c) Hardware products to be introduced into aphase h) Inspection; shall be checked, verified and tested as appropriate before incorporation. j) Control of test equipment; k) Control of handling/storage/shipping; d) Adequate means (spare parts, devices for test or maintenance) and accommodation (laboratories, m) Inspection and testing status; workshops, space, etc) shall be provided to carry n) Monitoring of non-conformance and corrective out the tasks of each phase. actions; e) Each phase shall include generation of the P) Production of quality assurance records; appropriate documents. q) Audits; and f) Each phase shall be terminated ‘by verification r) Environmental qualification conformance. (see 7). 5 HARDWARE REQUIREMENTS g) Every verification step shall result in a report on the analysis performed, the conclusions 5.1 General reached and any necessary changes decided. 5.1.1 The hardware requirements shall be derived from This report shall be included in the the requirements of the systems important to safety and documentation. form part of the computer system specification. The h) The time schedule of the project shall be laid computer system specification is a ~escription of the down with regard to: combined hardware/software system and states the I) facilitating feedback between hardware and objectives and functions assigned to the computer software phases; system. 2) providing sufficient time for documentation, 5.1.2 The hardware requirements shall be described in testing, verification, maintenance and the hardware requirements specification, quality assurance; and 5.1.3 The hardware requirements specification is part 3) giving a means for the recognition of of the hardware documentation (see 14.2). difficulties which arise unexpectedly. 5.1.4 Hardware requirements shall be presented 4.3’*Quality Assurance according to a standard whose formality shall not 4.3.1 A hardware quality assurance plan shall exist as preclude readability. a part of the quality assurance pla n for the computer 5.1.5 The requirements shall be unambiguous, testable, system. It should include requiremen t s for hardware verifiable and achievable. which already has undergone a quality assurance procedure as well as for new hardware. The hardware 5.1.6 The hardware requirements specification shall quality assurance plan is closely connected to the be structured to give as an introduction, an overview of licensing procedures. All activities during the computer hardware requirements with a list of reference lifetime executed by the plant operator, owner, documents and the edition to be used and to identify contractors and sub-contractors shall be included. the hardware functions important to safety. This includes the following phases: 5.1.7 The hardware functional and performance requirements, the reliability, the environmental and a) Design and development, documentation requirements form the hardware b) Procurement, requirements. c) Manufacturing, 5.1.8 The hardware facilities for programme and data d) Construction and commissioning, and loading and checking aswell asverification during start e) Operation and maintenance. up and normal operation do not form an intrinsic part of the computer system required for continuous 4.3.2 The quality assurance plan shall describe the operation. The reliability requirements of 5.2 for these organization, management and execution of quality facilities may be different from those of the computer assurance orientated activities including: system. a) Specifications control; 5.1.9 The hardware requirements for computer systems b) Design and design changes control; include requirements which are applicable to hardware c) Procurement control; in general and requirements which are applicable to d) Control of instructions, procedures, drawings; computer system hardware only. 3 IS 15399:2003 5.1.10 Thehardware requirements describe theproduct, include but are not restricted to the definition OE not the project. The hardware requirements shall a) Data acquisition rate; describe what has to be done and not how ithas to be b) Data handling capability; done. That is, the functions to be performed are described, rather than the means of implementation. c) Computation and data transmission speed; .d) Computation and conversion accuracy; 5.2 Functional and Performance Requirements e) Noise rejection; 5.2.1 The hardware functional and performance f) Response time; and requirements are derived from the functional and performance requirements of the systems important to g) Irrationality check for input signal. safety. They shall be the result of a first design phase The performance requirements for the design of sub- at system level allowing: systems shall be selected on the basis of the levels a) Definition of the overall architecture of the mentioned in 5.2.5. computer system and its division into sub- systems which fulfil the necessary functions; 5.2.7 The hardware functional and performance requirements and mutual constraints between hardware b) Definition of the structural distribution of the and software shall be checked for feasibility and for sub-systems; and the allowance of installed spare capacity, at an early c) Assignment of hardware performance require- phase ofthe project, to avoid the need for later changes. ments to these sub-systems. 5.3 Reliability Requirements 5.2.2 The hardware functional and performance requirements, combined with the software require- 5.3.1 The hardware reliability requirements represent ments, shall be checked for compliance with the an expansion of the reliability requirements of the requirements for the systems important to safety. systems important to safety. They shall include a description of the types of failure which have to be 5.2.3 AIIparts of the system, down to the component tolerated without loss or with a defined and limited level, which contain built-in programmed shall be loss of function. In this context, the term reliability is identified and the functions and programmed of those applied to the safety of the plant and its operational parts shall be appropriately specified inaccordance with availability. 7 of IS 15398. 5.3.2 No single random hardware failure shall prevent 5.2.4 The hardware functional requirements shall directly or indirectly the safety actions of the safety include, but are not restricted to, the definition ofi systems. a) Purpose of the computer system hardware and 5.3.3 To support the system level safety analysis, an each sub-system; analysis of failures shall be made during design. Proper b) Structure of the computer s ystem hardware; consideration for the potentiaI for common-mode or c) Number and type of sensors and actuators to be common cause failures shall be included inthis analysis. connected to the computer system; 5.3.3.1 Reliability and safety assessment shall begin d) Characteristics of signals, such as, range, type, as soon asthe design starts. The methods which can be details needed for conversion from electrical used for this purpose are: range to physical range; and a) Fault-tree analysis, which isconcerned with the e) Number and type ofdevices forthe man/machine identification and analysis of conditions and interface, such as, displays, printers and factors which cause or contribute to the keyboards. occurrence of a defined undesirable event. 5.2.5 The hardware functional requirements shall b) Failure mode effects analysis, which identities clearly define the level at which a sub-system is to be failures which have significant consequences integrated into the system. This definition shall identify affecting the system performance, for example, for the sub-system, the relevant cabinet, frame, printed reliability, safety, availability [see “IS 11137 circuit board and integrated circuits. The design (Part 2)]. requirements will be selected on the basis ofthese levels (SW6). 5.3.3.2 It is-noted that a safety analysis at the system level (hardware and software) can be done through an Each component or sub-system delivered by asupplier extension of the fault-tree analysis method. Special and which is to be integrated into the system shall be consideration shall be given to the effects of safety accompanied by a complete specification. analysis document shall be generated for peer review: 5.2.6 The hardware performance requirements shall a) Failure in memories; 4 IS 15399:2003 b) Power failure and subsequent re-start and and specify the requirements for methods or provisions adaptation procedure; by which the appropriate maintenance activities and targets are achieved. c) Failures of sub-systems which share a bus or other resources with other sub-system and These methods may include in-service accessibility, defined actions during such occurrences; modularity, fault traceability to replaceable units, fault d) Electromagnet ic interference; indicators, logging and evaluation ofoperation and fault history. e) Nuclear radiation; and f) Deviation from specified ambient condition. The hardware maintainability requirements shall be defined using as a background the reliability Any changes shown to be necessary fornuclear safety requirements of the nuclear power station. shall be implemented. 5.4 Environmental Requirements s.3.4 Strategies and provisions to assure reliability over the whole lifetime of the computer system shall be 5.4.1 The hardware environmental requirements shall defined. include location, climatic, seismic, chemical, electrical and radiation conditions where the computer system is These measures shall be laid down as maintenance operated. Special consideration shall be given to the requirements, which form part of the reliability environment before and during installation and start- requirements. up. They shall include requirements for: 5.4.2 The electrical environment inwhich the computer a) Maintenance actions; islocated maybe affected by-awide variety of electrical interference sources, for example, switchgear, b) Replacement of sub-systems, modules and contractors, relays, walkie-talkies, electrostatic components; discharges, lightning, earth faults. c) Revalidation; and 5.4.3 The degree of immunity to magnetic, electrical d) Facilitating backfitting. . and electromagnetic interference shall be specified and 5.3.s In order to meet the reliability requirements, the tested according to suitable Indian Standards chosen computer system shall supervise itself by software from IS 14700 series. means. For self-supervision, see 5.7 and A-2.8 of 5.4.4 The test severity levels for sub-systems shall be IS 15398 are applicable. selected in accordance with the most realistic Failures which cannot be made self-annunciating by installation and environmental conditions. these tests s!lall be identified and methods specified by 5.4.5 The hardware requirements shall include any which the failures will be detected. environmental conditions imposed onthe choice of part Hardware features necessary to su p port the design and types, special materials to be used or particular types performance of self-check may include: of production processes and testing strategies. a) Error detection/correction devices for memories; 5.5 Documentation Requirements b) Error detection devices for busses; 5.5.1 The hardware documentation requirements are c) Instruction repetition on wror detection; part ofthe documentation requirements ofthe computer d) Runtime supervision; systems. They shall define the documentation to be e) Memory management with protection of parts produced with the product and shall include agreed of the memory; procedures: 9 Redundancy on the component level in a) to identify parts of the documentation itself and connection with voting logic; and ensure that the documentation iskept up to date; g) Provision for access control to system. b) to identifi signals and components ofthe system; c) for the description of functions important to 5.3.6 The required reliability of the system and the safety; sub-systems shall be clas~ified according to its importance to safety. d) for the description of functions inthe operators’ manuals and in the maintenance manuals; S.3.7 The system shall be designed to allow e) to describe contents and boundaries of functional maintenance activities to be carried out at ease or units (modules); without affecting the operation ofother healthy systems. The hardware requirements should give figures for the f) to modify documentation; and major maintenance parameters (such as, mean time to g) to carry out routine and preventive maintenance repair, maintainability, and mean time to revalidate) check lists. 5

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.