Environmental Engineering Reference
In-Depth Information
which can lead to a nuclear accident and risk of
personnel radiation during overload of nuclear
fuel, is provided by the refueling machine control
system. Operational personnel and safety experts
that control accidents and their effects obtain
required data of radiation environment and states
of systems, equipment and physical barriers on
the way of propagation of ionizing radiation and
radioactive substances from the post-accident
monitoring system.
Personnel that monitors state of I&C systems,
maintains and performs renewal timely and in full
scope obtains diagnostic messages, containing data
of nonoperable and / or intentionally taken out of
operation system components, component parts of
SHC and power sources. Diagnostic messages are
displayed to facilitate and accelerate the process of
making decisions of recovery of operable state of
a failed component of the I&C system or a compo-
nent part of SHC. Display facilities of diagnostic
messages are placed in the shift engineer room
that monitors state of I&C systems. Also power
supply state (presence of operating and standby
voltage, switching from the main to emergency
power source, etc.) is displayed “by place” and
in the main control room.
During development and operation of the I&C
systems measures are provided implemented to
prevent errors during reconfiguration (adjustment
of set-points, rules of control law, conditions
of protection initiation, interlocking and alarm,
setting and removal of bypasses, taking out and
further into operation of individual components
for checking during maintenance or after recovery)
Allowed reconfigurations can be executed accord-
ing to rules specified in operational documentation
and only by trained personnel that uses specifically
intended hardware and software for it. Attempts
for making any changes, exceeding permissible
limits, are automatically locked and followed by
failure alarm. Operational personnel is warned
in advance about supposed reconfiguration and
informed about its start and completion. In I&C
systems, related to 2(А) safety class, a local preven-
tive alarm and warning of operational personnel
about an attempt of deactivating channel or SGC,
unauthorized and / or not detected from the main
control room, is provided, and the possibility of
simultaneous deactivation of two redundant chan-
nels or two SHCs is precluded.
Component parts during recovery of SHC
can usually be replaced without a power dump,
in this case any adjustments in component parts
of SHC and adjacent products are not required.
Specific design solutions prevent a possibility of
failure during replacement of component parts
and connection of external cables. Apparatus and
their removable component parts, related to 2(А)
safety class, are labeled in such a way that they
can be distinguished from those related to lower
safety classes. Labeling of diversity component
parts, including those stored in a composition of
operating recovery reserves, allows identifying
their belonging to a relevant I&C system or SHC.
Protection from
Unauthorized Access
For prevention of intentional of unintentional
deactivation, reconfiguration, input of interfer-
ences, damage or theft, which can create a threat
for safety, protection against unauthorized access
to the following objects is provided:
• Operating stand-alone devices (hardware).
• Removable component parts and software
products, containing in the devices.
• Switching elements for connecting devices
to external circuits.
• Elements intended for reconiguration of
the I&C system (SHC).
• Power switches, elements of mode selec-
tion and manual control.
• Embedded means for technical diagnostic.
• Means of data input for obtaining access to
software, data base and archive.
• Operating recovery reserve and software
products, containing in storages.
Search WWH ::
Custom Search