標準號：IEC 62340-2007
中文標準名稱：核電站.儀器和控制設備對安全的重要性.應對共因失效(CCF)的要求
英文標準名稱：Nuclear power plants - Instrumentation and control systems important to safety - Requirements for coping with common cause failure (CCF)
標準類型：F09;F69
發布日期：1999/12/31 12:00:00
實施日期：1999/12/31 12:00:00
中國標準分類號：F09;F69
國際標準分類號：27.120.20
引用標準：IEC 60671;IEC 60709;IEC 60780;IEC 60880;IEC 60980;IEC 61000-4;IEC 61226;IEC 61513;IAEA Safety Guide NS-G-1.3;IAEA Safety Guide SG-D11;IAEA Safety Glossary Ed.2.0-2006
適用范圍：I&C systems important to safety may be designed using conventional hard-wired equipment,computer-based equipment or by using a combination of both types of equipment. ThisInternational Standard provides requirements and recommendations1 for the overallarchitecture of I&C systems, which may contain either or both technologies.The scope of this standard is:a) to give requirements related to the avoidance of CCF of I&C systems that performcategory A functions;b) to additionally require the implementation of independent I&C systems to overcome CCF,while the likelihood of CCF is reduced by strictly applying the overall safety principles ofIEC SC 4** (notably IEC 61226, IEC 61513, IEC 60880 and IEC 60709);c) to give an overview of the complete scope of requirements relevant to CCF, but not tooverlap with fields already addressed in other standards. These are referenced.This standard emphasises the need for the complete and precise specification of the safetyfunctions, based on the analysis of design basis accidents and consideration of the main plantsafety goals. This specification is the pre-requisite for generating a comprehensive set ofdetailed requirements for the design of I&C systems to overcome CCF.This standard provides principles and requirements to overcome CCF by means which ensureindependence2:a) between I&C systems performing diverse safety functions within category A whichcontribute to the same safety target;b) between I&C systems performing different functions from different categories if e.g. acategory B function is claimed as back-up of a category A function and;c) between redundant channels of the same I&C system.The implementation of these requirements leads to various types of defence against initiatingCCF events.Means to achieve protection against CCF are discussed in this standard in relation to:a) susceptibility to internal plant hazards and external hazards;b) propagation of physical effects in the hardware (e.g. high voltages); andc) avoidance of specific faults and vulnerabilities within the I&C systems notably:1) propagation of functional failure in I&C systems or between different I&C systems (e.g.by means of communication, fault or error on shared resources),2) existence of common faults introduced during design or during system operation (e.g.maintenance induced faults),3) insufficient system validation so that the system behaviour in response to input signaltransients does not adequately correspond to the intended safety functions,4) insufficient qualification of the required properties of hardware, insufficient verificationof software components, or insufficient verification of compatibility between replacedand existing system components.