IEC 62138-2004 pdf – Nuclear power plants – Instrumentation and control important for safety – Software aspects for computer-based systems performing category B or C functions.
1 Scope This International Standard provides requirements for the software of computer-based I&C systems performing functions of safety category B or C as defined by IEC 61 226. It complements IEC 60880 and IEC 60880-2, which provide requirements for the software of computer-based I&C systems performing functions of safety category A. It is also consistent with, and complementary to, IEC 61 51 3. Activities that are mainly system level activities (for example, integration, validation and installation) are not addressed exhaustively by this standard: requirements that are not specific to software are deferred to IEC 61 51 3. IEC 61 51 3 defines the safety classes of I&C systems important to safety as follows: • I&C systems of safety class 1 are basically intended to perform functions of safety category A, but may also perform functions of safety category B and/or C, and non safety- classified functions; • I&C systems of safety class 2 are basically intended to perform functions of safety category B, but may also perform functions of safety category C, and non safety-classified functions; • I&C systems of safety class 3 are basically intended to perform functions of safety category C, but may also perform non safety-classified functions. Since a given safety-classified I&C system may perform functions of different safety categories and even non safety-classified functions, the requirements of this standard are attached to the safety class of the I&C system. This standard takes into account the current practices for the development of software for I&C systems, in particular: • the use of pre-developed software, equipment and equipment families that were not necessarily designed to nuclear industry sector standards; • the use of dedicated “black-box” devices with embedded software; • the use of application-oriented languages. This standard is not intended to be used as a general-purpose software engineering guide.
3 Terms, definitions and abbreviations For the purposes of this document, the following terms, definitions and abbreviation apply. 3.1 animation process by which the behaviour defined by a specification is displayed with actual values derived from the stated behaviour expressions and from some input values (IEC 60880-2) 3.2 application function function of an I&C system that performs a task related to the process being controlled rather than to the functioning of the system itself (IEC 61 51 3) 3.3 application-oriented language computer language specifically designed to address a certain type of application and to be used by persons who are specialists of this type of application NOTE 1 Equipment families usually feature application-oriented languages so as to provide easy to use capability for adjusting the equipment to specific requirements. NOTE 2 Application-oriented languages may be used to specify the functional requirements of an I&C system, and/or to specify or design application software. They may be based on texts, on graphics, or on both. NOTE 3 Examples: function block diagram languages, languages defined by IEC 61 1 31 -3. NOTE 4 See also General-purpose language. 3.4 application software part of the software of an I&C system that implements the application functions (IEC 61 51 3) NOTE See also System software, Operational system software. 3.5 category of an I&C function one of three possible safety assignments (A, B, C) of I&C functions resulting from considerations of the importance to safety of the functions to be performed. An unclassified assignment may be made if the function is not significant to safety (IEC 61 51 3) NOTE See also Class of an I&C system.
3.6 class of an I&C system one of three possible assignments (1 , 2, 3) of I&C systems important to safety resulting from consideration of their requirement to implement I&C functions of differing importance to safety. An unclassified assignment is made if the I&C system does not implement functions important to safety (IEC 61 51 3) NOTE See also Category of an I&C function. 3.7 complexity degree to which a system or component has a design, implementation or behaviour that is difficult to understand and verify (IEC 61 51 3) 3.8 configuration management discipline applying technical and administrative direction and surveillance to identify and document the functional and physical characteristics of a configuration item, control modifications to those characteristics, record and report changes in status, and verify compliance with specified requirements (IEC 61 51 3) 3.9 design specification document or set of documents that describe the organisation and functioning of an item, and that are used as a basis for the implementation and the integration of the item 3.1 0 documentation for safety document or set of documents that specifies how a product can be safely used for applications important to safety 3.1 1 equipment family set of hardware and software components that may work co-operatively in one or more defined architectures (configurations). The development of plant specific configurations and of the related application software may be supported by software tools. An equipment family usually provides a number of standard functionalities (application functions library) that may be combined to generate specific application software (IEC 61 51 3) NOTE 1 An equipment family may be a product of a defined manufacturer or a set of products interconnected and adapted by a supplier. NOTE 2 The term “Equipment platform” is sometime used as a synonym of “Equipment family”.