Environmental Engineering Reference
In-Depth Information
The CCF risks may be essential for diversity-
oriented or so-called multi-version systems
(MVSs) (Kharchenko, 1999) as well if choice of
a version redundancy type and development of
channel versions are fulfilled without thorough
analysis of their independence and assessment of
real diversity degree assessed by special metrics,
for example, β-factor (Bukowsky & Goble, 1994).
of effect failures, because it allows determining
the moment of partial or full CCFs (or CTFs) by
simple means of channel output data comparison.
ANALYSIS OF DIVERSITY
RELATED STANDARDS
There are the following standards and guides
contained requirements to diversity:
COMMON EVENT AND
COMMON CAUSE FAILURES
•
IEC 61513:
2001. NPPs - I&Cs impor-
tant to safety - general requirements for
systems.
•
IEC 60880:
2006. NPPs - I&Cs important
to safety - SW aspects for computer-based
systems performing category A functions.
•
IAEA NS-G-1.3:
2002. I&Cs important to
safety in NPPs.
•
IEEE std.7-4.3.2:
1993. IEEE standard
criteria for digital computers in safety sys-
tems of NPPs.
•
NUREG/CR-6303:
1993. Method for
Performing Diversity and Defense-in-
Depth Analyses of Reactor Protection
Systems.
• DI&C-ISG-02, Diversity and Defense-in-
Depth Issues, Interim Staf Guidance, BTP
7-19, Guidance for Evaluation of D&DiD
In Digital I&C Systems (USA).
•
NP 306.5.02/3.035:
2000. Requirement on
nuclear and radiation safety to I&Cs im-
portant to safety in NPPs (Ukraine), etc.
CCF is an event, when e
f
(two or more) channels
(versions) of redundant e-channel (e-version)
system fail simultaneously, and there is a common
reason caused this event. Thus, CCF is a multiple
failure (MF). It is an alternative of a single failure
(SF). On the other hand, multiple failures occur
as a result of not only one (common) cause. Mul-
tiple failures may be caused by an influence of a
few different reasons if these reasons concur or
spread of influence time value is less than a speed
of on-line testing and reconfiguration means. In
this case MF may be called a common time failure
(CTF). Hence, CCF and CTF are multiple failures
or common event failures (CEF).
Attributes of the classification form simple
hierarchy. CCFs and CTFs may be additionally
divided in two groups in accordance with a num-
ber of failures (partial and full CCFs, i.e. PCCFs
and FCCFs, and partial and full CTFs, i.e. PCTFs
and FCTFs) and distinguishability of channel
output data on failures, i.e. distinguishable (DC-
CFs, DCTFs) and undistinguishable (UDCCFs,
UDCTFs) failures.
Authors of works related to NPP safety prob-
lems, first of all, attend to CCFs analysis. However,
CTFs are the important objective of a research, as
there are examples of serial failures caused by at-
tacks on vulnerabilities of redundant channels and
other reasons. Besides, a very important problem,
in our opinion, is the analysis of distinguishability
These standards contain general requirements
concerning: systems which must/should be devel-
oped using the diversity approach (RTSs); types
of diversity used to develop NPP I&Cs and to
decrease CCF probability; features of the diver-
sity implementation, determination of types and
volume of the diversity; assessment (justification)
of real level of the diversity in developed systems;
Search WWH ::
Custom Search