Environmental Engineering Reference
In-Depth Information
•
To overcome diiculties related to obtain-
ing of required conidence that there is no
inluence from hidden errors and / or to
representation of lack of inluence.
safety management systems and normal operation
systems sufficient for power unit control, timely
detection and elimination of normal operation
failures, prevention of emergencies, accident
control and result estimation.
Redundancy of I&C system components,
which take part in functions execution of informa-
tion display, related to category A (including facili-
ties, placed in the main control room) is provided.
To eliminate a possibility of false interpretation
of information in case of failure or taking out of
operation of one of redundant channels, simultane-
ous display of values of each parameter, obtained
from all channels, is provided, or display only
those values, which are considered reliable ones
as a result of automatic check or obtained from
operable channels (or only one the most reliable
value that is defined by automatic processing of
information obtained from all channels). There
can be no redundancy if nonoperability of an
element can be detected and eliminated faster
than permissible data loss time, provided that
before operability recovery obtained information
is displayed together with a clear and unambigu-
ous understanding by personnel of indication of
their invalidation.
Data of personnel actions, which can affect
safety, are immediately transferred to the main
control room (or emergency control room). If
control of safety important technological sys-
tems and equipment can be performed not only
from the main- or emergency control room, but
also from other places (for example, with local
control panel), visual identification of the place,
from where control is performed this moment (the
possibility of simultaneous control from different
places is precluded) is provided.
Immediate warning of operational personnel
about failures of components of I&C systems
(SHC, hardware or software), which prevent
performance of category A and B function(s),
is provided. Relevant emergency (visual and
audio) and preventive alarm facilities are placed
in the main control room. Prevention of errors,
•
Compensates for insuicient approbation
of complex I&C systems or SHC by practi-
cal operating experience.
According to NP, 2000 observance of the
diversity principle is mandatory for a group of
I&C systems or SHC, taking part in performance
of the emergency reactor protection function. For
other category А functions determination of the
necessity or suitability of diversity and selection
of adequate type(s) of diversity are based on prob-
ability analysis of “hidden” errors made during
development (design) and manufacturing, which
may cause simultaneous failures of several group
elements, severity of probable failure effects, de-
gree of approbation, etc. The diversity principle
can be not observed if a risk of possible common
cause failures, caused by such failures, is admitted
as more applicable, comparing to a significant rise
in the cost of design, development and operation
of diversity I&C systems and SHC, performing
the same functions. For a group of independent
elements, taking part in performance of category
B and C function(s), observance of the diversity
principle is not mandatory.
Prevention of Personnel Error
NP 2000 and NP 2008,a consider prevention of
personnel error as one of the important factors
for safety assurance during intended use I&C
systems (during unit control in operating modes
and / or accident management), inspections of
maintenance and recovery and also in case of
reconfiguration.
Operational personnel obtains full, timely and
accurate data of specified and current values of
controlled technological, neutron-physical and
other parameters, state of structures, systems and
equipment of unit, initiating events, actions of
Search WWH ::
Custom Search