Environmental Engineering Reference
In-Depth Information
or over the space of rooms, which can re-
veal itself during operation, connection,
disconnection or due to a failure.
• Inluence of closely located electrotech-
nical equipment and / or electrical power
cables.
• Deviation from speciied (“working”) op-
eration conditions, which can be caused
by technological equipment failures, ab-
normal acts of nature (earthquake, light-
ning stroke), dangerous external or internal
events (ire, lood), failures of power sup-
ply systems, ventilation systems, etc.
effects of this PIE and also hidden (undetected by
embedded diagnostic facilities) operability failures
are taken into account. Single failures of passive
elements, properly designed, manufactured and
controlled, can be not considered if for a whole
period of time after PIE, during which operation
of these elements is required, a probability of their
failures (considering loads and environmental
conditions, including impact of PIE itself) does
not exceed agreed minimum allowed value. The
criterion is applied independently of a single
failure type (nonoperation, false operation) and
should consider cases, when a failure of one ele-
ment causes directly or indirectly dependent on
it failures of other elements.
Observance of a single failure criterion means
that I&C system (a group of reserving each other
I&C systems) or SHC can perform all required
category A functions in case of the worst of
possible configurations, for example, if during
unit operation an initiating event occurred at the
time, when individual redundant parts of I&C
system or SHC were taken out of operation for
inspection during maintenance or recovery (in
doing so, it is determined what redundant parts,
an order and time period can be simultaneously
taken out of operation, a procedure of their ter-
mination and further commissioning and also
methods of confirmation of operation accuracy
after configuration recovery). As agreed by the
regulatory body, as an exception, incompliance
with the single failure criterion within a limited
time period required for inspection is allowed. It
is defined on the basis of engineering estimate
of reliability so that a possibility of single failure
occurrence within this period will not exceed the
agreed minimum allowed value specified for a
proper function.
Outputs of redundant part of I&C system or
SHC that failed or are taken out of operation are
automatically determined and held in such sates,
which are defined during analysis as the most
acceptable from safety point of view.
Coping with common cause failures is provided
by observance of:
• Principles of single failure, redundancy,
diversity, independence, prevention of per-
sonnel errors.
• Norms of tolerance (resistance) to inlu-
ences of external factors.
Rules of development, quality manage-
ment, assessment and conirmation of
compliance of I&C systems and their
hardware and software components with
requirements of regulations and standards,
active in Ukraine, and also international
standards.
Observance of Single
Failure Criterion
According to a single failure criterion, I&C sys-
tems and SHC, related to 2(А) safety class, should
perform all specified functions of А class in any
postulated initiating event (PIE), with imposition
of failure of one (any) element independent of this
PIE. The single failure criterion is also used in
relation to a group of I&C systems or SHC, which
reserve each other, simultaneously performing
safety functions identical for achieved goals. Ad-
ditionally a possibility of potentially dangerous
Search WWH ::




Custom Search