1 Assessment of Reliability/ Dependability –COTS Components Thuy Nguyen and Ray Torok Joint IAEA - EPRI Workshop on Modernization of Instrumentation and Control Systems in NPPs 3 - 6 October, 2006 Vienna, Austria Assessment of Digital Equipment for Safety and High Integrity Applications – Session 4 of 6
28
Embed
Assessment of Reliability/ Dependability –COTS Components
Assessment of Digital Equipment for Safety and High Integrity Applications – Session 4 of 6. Assessment of Reliability/ Dependability –COTS Components. Thuy Nguyen and Ray Torok Joint IAEA - EPRI Workshop on Modernization of Instrumentation and Control Systems in NPPs 3 - 6 October, 2006 - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
Assessment of Reliability/ Dependability –COTS Components
Thuy Nguyen and Ray Torok
Joint IAEA - EPRI Workshop on Modernization of Instrumentation and Control
Systems in NPPs
3 - 6 October, 2006
Vienna, Austria
Assessment of Digital Equipment for Safety and High Integrity Applications – Session 4 of 6
Commercial off-the-Shelf (COTS) Components are Attractive
• Many advantages– Proven track record– Lower vendor costs– More available– Opportunity to standardize– Features– …….
• However, for applications critical to safety or power production, want assurance of high quality/dependability
• Problematic for digital equipment, even more so for COTS• Don’t forget – other industries have this problem too• The alternative, developing new equipment from scratch,
• Grade effort based on complexity and safety significance• Base judgment on preponderance of evidence• Want “reasonable assurance” (there are no guarantees)
• The purchase price is a small fraction of the overall cost for qualification. (Don’t select device based on price)
• Establish acceptable failure modes and abnormal behaviors before selecting candidate devices
• If possible, select simplest device that will do the job
• Costs for qualification will depend on: – To what extent commercial testing and/or certifications can be
credited– What is required to extend device capabilities beyond
commercial specifications (e.g. EMC filter)– Complexity of the device– Extent and relevance of device operating history– Level of involvement and cooperation of device vendor
• Standard Criteria for Safety Systems for Nuclear Power Generating Stations
• Independence and physical separation between the redundant channels of a safety system
– The failure of one channel cannot adversely affect the ability of redundant channels to perform the necessary safety functions
• Credible failures in, and consequential actions by, other systems cannot adversely affect the ability of the safety system to perform their intended safety functions
• Plausibility checks of data received through communication links
• Erroneous data caused by a single postulated failure received through communication links cannot prevent a safety classified station from performing its safety functions
• Appropriate defensive measures can provide reasonable assurance that data communication between redundant channels or safety / non-safety systems will not trigger digital CCF
• Measures to be taken within the data communication subsystems, within safety-classified stations, and at the interface between communication subsystems and stations