Podcast
Questions and Answers
What is a common cause failure (CCF) in DI&C systems?
What is a common cause failure (CCF) in DI&C systems?
Why are DI&C systems vulnerable to common cause failures?
Why are DI&C systems vulnerable to common cause failures?
What can trigger latent design defects in DI&C systems?
What can trigger latent design defects in DI&C systems?
What is the purpose of considering concurrent failures of redundant elements in the design of protection systems and reactivity control systems?
What is the purpose of considering concurrent failures of redundant elements in the design of protection systems and reactivity control systems?
Signup and view all the answers
What is a benefit of using DI&C systems in nuclear power plants?
What is a benefit of using DI&C systems in nuclear power plants?
Signup and view all the answers
What is the term 'software' referred to in the context of DI&C systems?
What is the term 'software' referred to in the context of DI&C systems?
Signup and view all the answers
Why are licensed facilities considered to have sufficient design features to address common cause failures?
Why are licensed facilities considered to have sufficient design features to address common cause failures?
Signup and view all the answers
What is the purpose of considering the possibility of systematic, nonrandom, concurrent failures of redundant elements in the design of protection systems and reactivity control systems?
What is the purpose of considering the possibility of systematic, nonrandom, concurrent failures of redundant elements in the design of protection systems and reactivity control systems?
Signup and view all the answers
What should the reviewer consider when evaluating a CCF of an interconnected DI&C system or platform?
What should the reviewer consider when evaluating a CCF of an interconnected DI&C system or platform?
Signup and view all the answers
What type of spurious operations are addressed within the design basis?
What type of spurious operations are addressed within the design basis?
Signup and view all the answers
What is an important distinction between spurious operation and loss of function resulting from CCF?
What is an important distinction between spurious operation and loss of function resulting from CCF?
Signup and view all the answers
What method(s) can be used to eliminate a potential CCF from further consideration in a D3 assessment?
What method(s) can be used to eliminate a potential CCF from further consideration in a D3 assessment?
Signup and view all the answers
What type of failures are addressed within the design basis?
What type of failures are addressed within the design basis?
Signup and view all the answers
What is the purpose of evaluating spurious operation in a D3 assessment?
What is the purpose of evaluating spurious operation in a D3 assessment?
Signup and view all the answers
What is a potential vulnerability to be addressed in the application?
What is a potential vulnerability to be addressed in the application?
Signup and view all the answers
What is a regulatory requirement that addresses spurious operations?
What is a regulatory requirement that addresses spurious operations?
Signup and view all the answers
What is one of the two general causes of CCF vulnerabilities in DI&C systems?
What is one of the two general causes of CCF vulnerabilities in DI&C systems?
Signup and view all the answers
What can be used in conjunction with a robust development process to correct potential design errors?
What can be used in conjunction with a robust development process to correct potential design errors?
Signup and view all the answers
What is a purpose of testing in the design process?
What is a purpose of testing in the design process?
Signup and view all the answers
What should the reviewer determine when evaluating the testing of a proposed DI&C system?
What should the reviewer determine when evaluating the testing of a proposed DI&C system?
Signup and view all the answers
What should the applicant use to demonstrate that identified latent design defects have been corrected?
What should the applicant use to demonstrate that identified latent design defects have been corrected?
Signup and view all the answers
What should the reviewer consider when evaluating the testing methodology used by the applicant?
What should the reviewer consider when evaluating the testing methodology used by the applicant?
Signup and view all the answers
What is the purpose of the acceptance criteria for use of testing?
What is the purpose of the acceptance criteria for use of testing?
Signup and view all the answers
What is the goal of using thorough system analysis and robust development process in the design of DI&C systems?
What is the goal of using thorough system analysis and robust development process in the design of DI&C systems?
Signup and view all the answers
Study Notes
Consideration of Common-Cause Failures
- Licensed facilities are expected to have sufficient design features to address common-cause failures (CCFs) associated with their specific designs and equipment.
- The use of different designs, equipment, or technology may require additional design features to address specific vulnerabilities.
DI&C Systems
- DI&C systems consist of both hardware components and logic elements (e.g., software).
- Hardware components in DI&C systems are susceptible to failures similar to those considered for analog systems.
- Software refers to software, firmware, and logic developed from software-based development systems.
- DI&C systems may be vulnerable to CCFs due to latent design defects in active hardware components, software, or software-based logic.
Common-Cause Failures
- A CCF occurs when multiple (usually identical) systems fail due to a shared cause.
- Latent design defects in the design of a DI&C system can remain undetected despite traditional design-basis development, verification, validation, and testing processes.
- Certain events, unexpected external stresses, or plant conditions can trigger latent design defects within redundant portions of a system designed to perform safety functions.
Reviewer's Considerations
- The reviewer should consider whether a CCF of an interconnected DI&C system or platform could result in a spurious operation that would have unacceptable consequences.
- The reviewer should also consider the level of interconnection between a safety system and other systems as a potential vulnerability to be addressed in the application.
Spurious Operations
- Spurious operations addressed "within the design basis" include spurious operations resulting from single failures (including cascading effects) or single malfunctions.
- Consistent with regulatory requirements, spurious operations resulting from single failures and single malfunctions are expected during the lifetime of the plant and are addressed as part of the design basis.
The NRC Staff's Evaluation of Spurious Operation
- The reviewer should consider whether the D3 assessment addresses spurious operation resulting from CCF along with loss of function resulting from CCF.
- One important distinction between these two events is that, unlike loss of function, spurious operation is considered an initiating event only, without a concurrent DBE for the purposes of this assessment.
Means to Eliminate the Potential for Common-Cause Failures
- In a D3 assessment, the following methods can be used to eliminate a potential CCF from further consideration: demonstration of adequate diversity within the DI&C system, testing, and alternative approaches within the application.
- Thorough testing can help to identify latent design defects in DI&C systems, provided the design is simple enough to allow such testing.
Use of Testing to Eliminate the Potential for Common-Cause Failures
- CCF vulnerabilities in DI&C systems have two general causes: errors introduced by the system hardware or software design, and errors or defects introduced during the development of the software, hardware, or software-based logic.
- Testing can be used to uncover latent design defects for correction in the design process and to demonstrate that any identified latent design defects have been corrected.
- The reviewer should determine whether testing of the proposed DI&C system shows that all latent design defects have been identified and corrected, so that the system will function as specified under the AOOs.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Safety considerations for designing nuclear facilities, including concurrent failures and protection systems.