. .. . .. ..
IMPLEMENTATION
Except in those cases in which a licensee proposes or has previously established an acceptable alternative method for complying with specified portions of the NRC’s regulations, the NRC staff will use the methods described in this Interim Staff Guidance (ISG) to evaluate licensee compliance with NRC requirements as presented in submittals in connection with applications for standard plant design certifications and combined licenses.
This ISG provides acceptable methods for addressing HICRc in digital I&C system designs. This guidance is consistent with current Commission policy on digital I&C systems and is not intended to be a substitute for NRC regulations, but to clarify how a licensee or applicant may satisfy those regulations.
This ISG also clarifies the criteria the staff will use to evaluate whether an applicant/licensee digital system design is consistent with HICRc guidelines. The staff intends to continue interacting with stakeholders to refine digital I&C ISGs and to update associate guidance and generate new guidance where appropriate.
SCOPE Implemention
除了许可证持有者提出或先前已确立符合NRC规定可行的替代方案外,NRC的工作人员将使用本ISG所描述的方法,结合NRC的要求并同时结合标准电厂设计认证和许可证来评估申请方案。
本ISG提供了在数字I&C系统设计中,可接受的解决HICRc问题的方法。本指导原则与目前现行的委员会关于数字I&C系统的政策一致,不是NRC法规的替代品,但要阐明持牌人或申请人怎样满足这些法规。
ISG也阐明了制定标准方和监管方使用ISG评估申请人/持牌人提出的数字系统设计方案是否符合HICRc的指导方针。工作人员会保持与从业者合作,完善数字I&C ISGs和适当的更新相关指导和制定新的指导方案。
范围
ISG用于指导核电厂安全相关的数字化系统的设计和审查。这些准
. v ..
. .. . .. ..
This Interim Staff Guidance addresses the design and review of digital systems proposed for safety-related service in nuclear power plants. These guidelines address only selected digital aspects of such systems. Such systems are also subject to requirements germane to safety-related systems, such as requirements for separation, independence, electrical isolation, seismic qualification, quality requirements, etc. cited in the General Design Criteria of Appendix A to Part 50 of Title 10 of the Code of Federal Regulations. Additional guidance applicable to such systems is also provided in various other NRC and industry documents.
This guidance specifically addresses issues related to interactions among safety divisions and between safety-related equipment and equipment that is not safety-related. This guidance is not applicable to interactions among equipment that are all in the same safety division or that do not involve anything that is safety-related. This guidance does address certain aspects of digital control systems that are not safety-related but which may affect the plant conformance to safety analyses (accident analyses, transient analyses, etc.).
This document presents guidance and also references requirements. In the interest of maintaining simplicity and focus upon the technical considerations, a distinction is not always clearly drawn between “guidance” and “requirements.” In some cases, 则只适用核电控制系统的数字化应用方面。核电控制系统也要满足与安全密切相关的系统的要求,如隔离,独立,电气隔离,抗震鉴定,质量要求等,引用联邦规章法典第十条中 一般的设计标准 Appendix到part 50。其他部分NRC法规和行业文件提供进一步的指导。
本指南适用于相互关联的安全部门,和关联的安全相关设备与安全不相关设备。本指南不适用于都在同一安全部门设备的关联,或不涉及任何安全有关的设备,本指导的确是确立了数字控制系统的某些特定方面,虽然不直接涉及安全设备但是可能会影响电厂的一致性安全分析(事故分析,瞬态分析等)的部分。 一页
本文档介绍了指导和引用的要求。但为了保持文档的简洁性和专注对技术问题,在某些情况下,“指导”和“要求”并没有明显的区分,在某些情况下,要求使用建议性的语言来描述(例如,“应该”而不是“必须”)。警告读者,本文件不替换任何现有的标准和法规(只是作为补充),申请人的责任确保满足所有相关的要求和条例而不仅仅是满足本规定。
. v ..
. .. . .. ..
requirements are described using the language of recommendations (for example, “should” rather than “must”). The reader is cautioned that this document does not alter any existing requirements, and that it is the responsibility of the applicant to ensure that all requirements are satisfied regardless of how they may be presented or addressed herein.
DEFINITION
The term “Highly-Integrated Control Room” (HICR) refers to a control room in which the traditional control panels, with their assorted gauges, indicating lights, control switches, annunciators, etc., are replaced by computer-driven consolidated operator interfaces. In an HICR:
? The primary means for providing information to the plant operator is by way of computer- driven display screens mounted on consoles or on the control room walls.
? The primary means for the operator to command the plant is by way of touch screens, keyboards, pointing devices or other computer-based provisions.
A digital workstation is in essence just one device. Unlike a conventional control panel, there is no way for its many functions
Definition(定义)
“高度集成的控制室”(HICR)是指控制室中传统的控制面板,各种传统的仪表,指示灯,控制开关,报警器等均集成计算机驱动操作界面所取代。 在一个HICR中:
?为工厂操作员提供信息最基本的方式,是通过安装在控制台或控制室的计算机驱动的显示屏幕墙。
?操作员控制电厂最基本的方式是通过(计算机)触摸屏,键盘,点击鼠标或其他基于计算机操作。
数字工作站在本质上是一个设备。不同于传统的控制面板,数字工作站无法让许多功能独立或分离,因为它们都使用相同的显示屏幕,处理设备,操作员接口装置等。必须独立的功能一定是在独立的工作站上实现。
. v ..
. .. . .. ..
to be independent of or separated from one another, because they all use the same display screen, processing equipment, operator interface devices, etc. Functions that must be independent must be implemented in independent workstations.
This ISG describes how controls and indications from all safety divisions can be combined into a single integrated workstation while maintaining separation, isolation, and independence among redundant channels. This ISG does not alter existing requirements for safety-related controls and displays to support manual execution of safety functions.
ORGANIZATION
Task Working Group (TWG) 4 has determined that HICRc is comprised of four basic areas of interest:
1. interdivisional communications: communications among different safety divisionsi or between a safety division and a non-safety entity
2. command prioritization: selection of a particular command to send to an actuator when multiple and conflicting commands exist
3. multidivisional control and display stations: use of operator 本ISG介绍如何将控制系统和安全部门的信息集成进一个单一的集成工作站,同时保持分离,隔离,和冗余通道之间的独立性。本 ISG并不改变现行的安全相关的控制和手动执行安全功能的显示要求条规。
Orgnization(组织)
任务工作组(TWG)4已确定HICRc的四个基本领域焦点:
1.内部通信:不同的安全部门或安全部门和非安全实体之间的通信
2.命令的优先次序:当存在多个相互重叠矛盾的命令,发送一个特定的命令到执行器。
3.多部门的控制和显示站:使用多安全部门和/或安全和非安全功能的操作员工作站或显示器。
4.数字系统的网络配置:网络或数字互连系统可能会影响电厂的安全性或电厂安全分析。假设的一致性(在安全部门之间或安全和互
. v ..
. .. . .. ..
workstations or displays that are associated with multiple safety divisions and/or with both safety and nonsafety functions
4. digital system network configuration: the network or other interconnection of digital systems that might affect plant safety or conformance to plant safety analysis assumptions (interconnections among safety divisions or between safety and nonsafety divisions should also satisfy the guidance provided for interdivisional communications) Areas of Interest #1 through 3 are each addressed in a separate section below. Area of Interest #4 has implications concerning each of the first three and is incorporated into those sections as needed.
RATIONALE
In order to prepare this interim staff guidance, the Staff primarily relied upon: (1) 10 C.F.R. §50.55a(h), which invokes IEEE 603-1991; and (2) Regulatory Guide 1.152, which endorses IEEE 7-4.3.2-2003 (with comments).
IEEE 603-1991 requires, among other things, independence among redundant safety channels and redundant safety systems to be independent of one another. IEEE 7-4.3.2-2003 addresses digital communications (NOTE: Some provisions or IEEE 7-4.3.2 have been found to not be suitable for endorsement by the NRC. 连非安全部门也应满足规定的内部指导通信)一到三点 均在单独区域分开讨论。第四点和 前三点皆有关联,需要时和前三部分一起讨论。
Rational
为了准备这次临时人员指导方案,方案主要是依据: (1)0 C.F.R. §50.55a(h),它调用IEEE 603-1991;和
(2)监督管理指南1.152,即支持IEEE 7-4.3.2-2003(评论)。
IEEE 603-1991要求,冗余安全通道相互独立和冗余安全系统之间是相互独立的。IEEE7-4.3.2-2003地址数字通信(注:一些规定或IEEE 7-4.3.2被发现不适合由NRC撰写。此外,IEEE7-4.3.2目前正在修订和最终版本可能会或可能不会被发现是不适用及可能会或可能不会与指导规定一致)。
本指导在IEEE 603-1991和IEEE 7-4.3.2-2003基础上,描述保证冗
. v ..
美国核监管会标准
