80 likes | 167 Views
Post FISA-2003 Workshop Cost Effective Modernisation of Systems Important to Safety CEMSIS (Luxembourg, 13 Nov. 2003) Regulatory Aspects F. Seidel (Federal Office for Radiation Protection, Salzgitter, Germany). 1. 2. EC WS CEMSIS, Nov. 2003.
E N D
Post FISA-2003 Workshop Cost Effective Modernisation of Systems Important to Safety CEMSIS (Luxembourg, 13 Nov. 2003) Regulatory Aspects F. Seidel (Federal Office for Radiation Protection, Salzgitter, Germany) 1
2 EC WS CEMSIS, Nov. 2003 Implementation of Digital I&C in German NPPs (Examples)
3 EC WS CEMSIS, Nov. 2003 Research Projects concerning the Safety Case of the Digital I&C Implementation in German NPPs
4 EC WS CEMSIS, Nov. 2003 Related Experiences in Germany (Recent Examples)
CAE method and complexity: • Although the method is systematically structured it’s applicability might be dependent on the I&C system’s and component’s (SW) complexity. Are there examples of the application on distributed I&C systems? • Final loop over all justification results:It might be useful to ensure that the safety demonstration was performed - correctly - completely (all claims and sub-claims) and - non-ambiguously Thought as a kind of validation loop. Because of it’s systematic structure, it might be inherently supported by CAE approach. 5 EC WS CEMSIS, Nov. 2003 Safety justification: Claims-Arguments-Evidence (CAE) approach
Different model levels - multiple leg approach(plant system/ I&C system/ HW, SW modules/ operation): - Different models require multidisciplinary expert groups to apply the method comprehensively. - Experts of different disciplines (system engineers, I&C engineers, HW/SW- experts, operating personnel) might be responsible for the justification results of distinct model levels. - The responsibilities should be non-ambiguously attached to the experts and their management. • Question: To which extent can the justification results for different levels mutually complement one another?Particularly, in the frame of the CAE approach: - Is the evidence on system and equipment qualification (level 2 and 3) complemented by operational experience (level 4) - What kind of arguments are to be used in this case? 6 EC WS CEMSIS, Nov. 2003 Safety justification: Claims-Arguments-Evidence (CAE) approach
Reference to the IEC 62340 project“Requirements to cope with common cause failure (CCF)”Selected aspects to be considered within the CAE approach: • - Diversity is considered as an important but not the only one aspect to cope with CCF • - Other aspects are raised systematically, e.g.: • defence-in-depth (regarding functional as well as non-functional I&C system properties) • robustness against latent faults • avoidance of failure propagation • requirements on maintenance activities 7 EC WS CEMSIS, Nov. 2003 Safety justification: Claims-Arguments-Evidence (CAE) approach
Topic: Safety requirements on digital I&C maintenance under special consideration of related operating experiences Reasons: - Some recent operating experiences show links to digital I&C maintenance errors/mistakes - To derive evidence for the correct digital I&C development from operating experience, it is substantial to distinguish between specification faults and errors/mistakes due to maintenance - Safety requirements on maintenance should also be analysed from the security point of view and should be complemented if necessary 8 EC WS CEMSIS, Nov. 2003 Suggestion for future CEMSIS research activities