BS IEC 61226-2005 pdf – Nuclear power plants — Instrumentation and control systems important to safety — Classification of instrumentation and control functions.
5 Classification scheme 5.1 Introduction Functions to be performed by I&C systems shall be assigned to categories according to their importance to safety. The importance to safety of a function shall be identified by means of the consequences in case of its failure when required to be performed and the consequences in case of a spurious actuation. The category determines the design and quality requirements for I&C systems and equipment. These requirements shall be defined independently from the technology of the equipment to be applied. Subclause 5.2 provides the background to the classification scheme. Subclause 5.3 describes the three categories that are used to classify functions. The categories are based upon those defined originally in the first edition of IEC 61226 published in 1993. Subclause 5.4 presents the assignment criteria for each category. Clause 6 provides guidance on the classification process. Clause 7 provides the technical requirements for each of the three categories. Most of the requirements apply to the systems and equipment that perform the functions, but some requirements apply only to the functions. Annex A contains typical examples of the classification of NPP I&C functions. It is only for information because it may depend on the reactor type. 5.2 Background The principle of defence in depth is firmly established in the safety design basis of nuclear power plants. The fundamental idea is that there should be several layers or echelons of defence in the prevention of unsafe conditions, and that the prevention of unsafe conditions, before mitigation is required, is always to be preferred. Because of the large number of functions that are required to operate and keep safe an NPP, a number that increases with the principle of defence in depth, it is important that the significance to safety of each function is known.
The safety importance of, and the corresponding requirements placed on, parts of the safety systems and safety related I&C systems will differ, so that it is appropriate to assign them to different safety categories. Some I&C systems can have a significant effect on safety and therefore require appropriate attention. Other I&C systems have intermediate, low, or no significance to safety. They have correspondingly less stringent requirements for ensuring system performance and safety justification, and therefore have different technical requirements. National application of the principles and criteria of this standard may assign differing nomenclature to categories A, B and C. The national application shall be according to the principles, criteria and associated requirements given in this standard. This shall involve establishing and documenting an appropriate correspondence to the categories defined. 5.3 Description of categories 5.3.1 General I&C systems in NPPs perform functions with different levels of importance to safety. The importance to safety of each I&C function depends upon its role for achieving and maintaining safety, the potential consequence of failure of the function to operate when required, and the probability of these consequences. Therefore, an initial safety analysis of the specific NPP design is required to be completed prior to the classification of the I&C functions. The severity of the potential consequences in the case of a postulated failure of an I&C function, defines the level of assurance that is required for the various attributes of the systems and equipment which deliver the function, most notably that of functionality, performance and reliability. For the design, assessment and licensing procedures, safety categories, A, B and C are defined, with associated sets of technical and quality requirements on the properties of the I&C systems to be applied for the design and implementation of I&C systems and equipment important to safety.