《BS-IEC-TR-61838-2001.pdf》由会员分享,可在线阅读,更多相关《BS-IEC-TR-61838-2001.pdf(44页珍藏版)》请在三一文库上搜索。
1、| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BRITISH STANDARD BS IEC/TR 61838:2001 ICS
2、27.120.20 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW Nuclear power plants Use of probabilistic safety assessment for the classification of instrumentation and control functions Licensed Copy: sheffieldun sheffieldun, na, Sun Nov 26 11:45:17 GMT+00:00 2006, Uncontrolled Co
3、py, (c) BSI This British Standard, having been prepared under the direction of the Engineering Sector Committee, was published under the authority of the Standards Committee and comes into effect on 15 May 2001 BSI 05-2001 ISBN 0 580 36648 0 BS IEC/TR 61838:2001 Amendments issued since publication A
4、md. No.DateComments National foreword This British Standard reproduces verbatim IEC/TR 61838:2001 and implements it as the UK national standard. The UK participation in its preparation was entrusted to Technical Committee NCE/8, Reactor instrumentation, which has the responsibility to: aid enquirers
5、 to understand the text; present to the responsible international/European committee any enquiries on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. A list of organizations repres
6、ented on this committee can be obtained on request to its secretary. From 1 January 1997, all IEC publications have the number 60000 added to the old number. For instance, IEC 27-1 has been renumbered as IEC 60027-1. For a period of time during the change over from one numbering system to the other,
7、 publications may contain identifiers from both systems. Cross-references The British Standards which implement international publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled International Standards Correspondence Index, or by using the
8、 Find facility of the BSI Standards Electronic Catalogue. A British Standard does not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from le
9、gal obligations. Summary of pages This document comprises a front cover, an inside front cover, the IEC/TR title page, pages 2 to 40, an inside back cover and a back cover. The BSI copyright notice displayed in this document indicates when the document was last issued. Licensed Copy: sheffieldun she
10、ffieldun, na, Sun Nov 26 11:45:17 GMT+00:00 2006, Uncontrolled Copy, (c) BSI RAPPORT TECHNIQUE CEI IEC TECHNICAL REPORT TR 61838 Premire dition First edition 2001-02 Centrales nuclaires Fonctions dinstrumentation et de contrle- commande importants pour la sret Utilisation des valuations probabiliste
11、s de sret pour le classement Nuclear power plants Instrumentation and control functions important for safety Use of probabilistic safety assessment for the classification Commission Electrotechnique Internationale International Electrotechnical Commission BS IEC/TR 61838:2001 Licensed Copy: sheffiel
12、dun sheffieldun, na, Sun Nov 26 11:45:17 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BSI 05-2001 CONTENTS Page FOREWORD 4 INTRODUCTION 6 Clause 1Scope 8 2Reference documents 8 3Definitions and abbreviations 9 3.1Definitions 9 4Limitations regarding the use of PSA.12 5The use of PSA: methods and resul
13、ts12 5.1Introduction12 5.2Use of PSA in the design of future NPPs13 5.2.1Overall scope.13 5.2.2Methods.13 5.2.3Plant analysis and modelling I any IEC National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental and non-governmental org
14、anizations liaising with the IEC also participate in this preparation. The IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between the two organizations. 2)The formal decisions or agreements of the IEC on te
15、chnical matters express, as nearly as possible, an international consensus of opinion on the relevant subjects since each technical committee has representation from all interested National Committees. 3)The documents produced have the form of recommendations for international use and are published
16、in the form of standards, technical specifications, technical reports, or guides and they are accepted by the National Committees in that sense. 4)In order to promote international unification, IEC National Committees undertake to apply IEC International Standards transparently to the maximum extent
17、 possible in their national and regional standards. Any divergence between the IEC Standard and the corresponding national or regional standard shall be clearly indicated in the latter. 5)The IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any equipm
18、ent declared to be in conformity with one of its standards. 6) Attention is drawn to the possibility that some of the elements of this technical report may be the subject of patent rights. The IEC shall not be held responsible for identifying any or all such patent rights. The main task of IEC techn
19、ical committees is to prepare International Standards. However, a technical committee may propose the publication of a technical report when it has collected data of a different kind from that which is normally published as an International Standard, for example “state of the art“. IEC 61838, which
20、is a technical report, has been prepared by subcommittee 45A: Reactor instrumentation, of IEC technical committee 45: Nuclear instrumentation. The text of this technical report is based on the following documents: Enquiry draftReport on voting 45A/363/CDV45A/388/RVC Full information on the voting fo
21、r the approval of this technical report can be found in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Part 3. This document, which is purely informative, is not to be regarded as an International Standard. Annexes A an
22、d B are given for information only. BS IEC/TR 61838:2001 4 Licensed Copy: sheffieldun sheffieldun, na, Sun Nov 26 11:45:17 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BSI 05-2001 The committee has decided that the contents of this publication will remain unchanged until 2006. At this date, the public
23、ation will be: ? reconfirmed; ? withdrawn; ? replaced by a revised edition, or ? amended. BS IEC/TR 61838:2001 5 Licensed Copy: sheffieldun sheffieldun, na, Sun Nov 26 11:45:17 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BSI 05-2001 INTRODUCTION IEC 61226 “Nuclear power plants Instrumentation and con
24、trol systems important for safety Classification“ was published in 1993. The need to classify instrumentation and control functions on nuclear power plants originates from an International Atomic Energy Agency (IAEA) recommendation. IEC 61226 emphasizes that it is the functions which must be classif
25、ied early in the design phase so that the degree of importance to safety of each function is determined. At the design stage, I this is not the case in other countries. For several years, how a risk based classification scheme could be incorporated into IEC 61226 has been the topic of discussion. As
26、 indicated above, there are significant differences in the use of risk assessments throughout the world, which leads to several problems when drafting an International Standard, namely: a) Should a risk based classification scheme be acceptable in place of the deterministic approach? If so, what are
27、 the requirements (especially regarding the standard of modelling and the validity of data) that must be applied? b) If a risk-based classification leads to different classifications of FSE compared to the deterministic approach, which should take precedence? c)Should the two approaches be used toge
28、ther in order to gain the maximum benefit? The deterministic approach is based on sound, well-proven nuclear safety principles. Risk assessment results could lead to the classification of specific I a system that can only carry out a few simple functions has a “low functionality” ?IEC 61226? 3.1.5 I
29、 b) those I c) those I ? unacceptable fuel damage. This might be damage to the fuel clad that leads to an unacceptable increase in the activity of the primary coolant, or structural damage to the fuel that impairs the ability to cool it ?IEC 61226? 3.1.16 single failure criterion* an assembly of equ
30、ipment satisfies the single failure criterion if it can meet its purpose despite a single random failure assumed to occur anywhere in the assembly. Consequential failures resulting from the assumed single failure are a part of the single failure ?IEC 61226? 3.1.17 sub-system* a division of a system
31、that in itself has the characteristics of a system ?IEC 61226? 3.1.18 system* a set of interconnected elements constituted to achieve a given objective of carrying out a specified function ?IEC 61226? Abbreviations CCFCommon cause failure DBCDesign basis conditions DECDesign extension conditions FSE
32、Function(s) and the associated systems and equipment that implement it (them) FMEA Failure modes and effects analysis I ? to verify the design and identify improvements to the I ? to complement the qualitative approach in assessing the frequency of initiating events; ? to identify the complex failur
33、e sequences to be considered in the design; ? to support the definition of technical specifications and emergency procedures; ? to achieve a balanced design. Typically, PSA covers the assessment of the core damage frequency, the evaluation of the containment response and the estimation of release fr
34、equencies and magnitudes. Simplified PSA methods for I ? the quality of the reliability data bases which are used to provide reference data. 5.2.2 Methods 5.2.2.1 Probabilistic safety targets Probabilistic safety targets for the I ? cumulative frequency of exceeding the limiting release shall be low
35、er than 106 per reactor year; ? sequences involving very large releases with gross failure of containment shall have a cumulative frequency well below the previous target of 106 per reactor year. 5.2.2.2 Initiating events The initiating events that will be considered in the probabilistic studies are
36、 principally the events used to justify the design of a specific plant system or of a specific I the probability of common cause failure should be quantified according to the ? factor model or another appropriate technique. For the case of equipment that consists of components whose freedom from fai
37、lures caused by design/manufacturing errors and environmental stresses cannot be reasonably determined through test, experience or analysis, the ? factor model is not applicable. Examples include programmable electronic equipment and computer-based equipment. The present state of practice for the qu
38、antification of the reliability of redundant systems which employ software for the achievement of functions important to safety is to assume a failure per demand for the redundant system, based upon qualitative engineering judgement. BS IEC/TR 61838:2001 14 Licensed Copy: sheffieldun sheffieldun, na
39、, Sun Nov 26 11:45:17 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BSI 05-2001 5.2.2.5 Human reliability Human reliability or the probability of occurrence of human error is an important design consideration. Therefore, the assessment of the probability of human error should be included in the PSA. On
40、 the human error assessment both time independent (e.g. latent errors) and time dependent (e.g. diagnosis errors) should be considered. 5.2.3 Plant analysis and modelling I ? event trees that describe the accident sequences in terms of progression from an initiating event to a final state including
41、the successes or failures of systems and operator actions; ? fault trees or the equivalent mathematical functions that describe the system failures as combinations of basic events (component failures, human errors, etc.). Event trees and fault trees can be combined in order to identify the basic eve
42、nt combinations specific to each accident sequence. A proposal of modelling instrumentation and control functions for use in PSAs is presented in annex A. 5.3 Benefits of the use of PSA for existing NPPs For existing NPPs, PSA is widely used during the periodic safety reviews in order to ? highlight
43、 and to place in the dominant sequences a hierarchy; ? help decide whether to implement modifications to the safety and safety-related I ? evaluate the global safety level of the plants. The possible improvements can be prioritized according to the reduction of risk (probability and consequences). A
44、lso the PSA allows attention to be paid to sequences which can lead to ? high pressure core melt; ? containment by-pass; ? other dominant sequences, such as those including human errors or equipment failures. PSA is a very useful tool to evaluate the importance of I indeed, there will be many ways i
45、n which probabilistic techniques can improve the decision making during the design of a NPP. This report is intended to stimulate debate on the best use of probabilistic techniques during the design phase of the instrumentation and control systems of a NPP. The four approaches are as follows: Approa
46、ch 1, see 6.2 Time and reactor states based approach This has been introduced in the European Utility Requirements document to be used for future NPP to decide how I ? secondly, use the PSA to confirm and to classify the systems and equipment needed to achieve the safety goals in term of probabilist
47、ic safety targets; this second step primarily concerns the DEC, which are a specific set of accident sequences that are considered beyond the design basis conditions. 6.2.2 Classification of functions, systems and equipment The objective of the safety categorization and classification is to establis
48、h a rational and defensible gradation in the requirements applied to functions, systems and equipment. The graded requirements must be consistent with the importance to safety of the functions, without requiring unduly high levels of quality and equipment qualification. 6.2.2.1 First step: mitigatio
49、n of postulated initiating events To achieve the objectives mentioned above, the classification process is based on two considerations: ? the physical state of the reactor; ? the time available to initiate safety functions. Two physical states of the plant are considered in order to give a definition of the safety classes and to allow the introduction of a hierarchy within the safety functions and the associated requirements. These states correspond to shutdown conditions and are the controlled state and the safe shutdown state. They are defined a
链接地址:https://www.31doc.com/p-3748067.html