This International Standard addresses certain devices that contain embedded software or electronically-configured digital circuits that have not been produced to other IEC Standards which apply to systems and equipment important to safety in Nuclear Power Plants, but which are candidates for use in nuclear power plants. It provides requirements for the selection and evaluation of such devices where they have dedicated 2 , limited, and specific functionality and limited configurability.
In accordance with IEC 61 51 3, I&C systems important to safety of classes 1 , 2 and 3 may be implemented using conventional hard-wired equipment, digital technology equipment (computer based or programmed hardware) or by using a combination of both types of equipment. This International Standard provides the acceptance criteria for the selection, evaluation and use of certain digital devices that have not been developed specifically for use in these nuclear I&C systems. Such devices are very often developed to meet IEC 61 508, and this standard acknowledges that compliance with IEC 61 508 can be a key positive factor when qualifying non-nuclear components for nuclear sector use.
Devices addressed by this Standard are dedicated devices of limited, specific functionality, that contain or may contain components driven by software or digital circuits designed using software-based tools. Examples are smart sensors, valve positioners, electrical protective devices or inverters that contain or may contain components driven by software or digital circuits designed using software-based tools. This standard does not address the software aspects of complex general-purpose devices that are addressed by other standards, such as IEC 60880 and IEC 621 38 for software. This standard addresses the issues that should be considered when evaluating the suitability of these dedicated devices of limited, specific functionality for use in a nuclear power plant. The intent is to apply a graded approach to these issues, with more demanding requirements applied for higher classes.
These issues include:
• functional suitability (does the device perform the functions required, and are these functions suitably secure from interference from any other functions),
• the evidence required to demonstrate this suitability (such as the development process followed, and the operational experience and maturity of the device),
• aspects affecting integration of the device in existing systems (e.g. functional compatibility and impact on maintenance and operation), and
• requirements related to ensuring the device will retain its suitability for its required lifetime (such as the lifetime of the plant).
This Standard relies on other standards, especially IEC 60780, to address hardware qualification issues not related to the complexities of software, namely reliability aspects related to environmental qualification and failures due to aging or physical degradation. Other standards such as IEC 61 508 can be used as complementary guidance for the evaluation and assessment of components, but it is recognized that certification to non-nuclear standards alone is insufficient.
