Home > Electronic Reading Room > Document Collections > NUREG-Series Publications > Publications Prepared by NRC Contractors > NUREG/CR-6479

Technical Basis for Environmental Qualification of Microprocessor-Based Safety-Related Equipment in Nuclear Power Plants (NUREG/CR-6479)

On this page:

• Publication Information
• Abstract

Download complete document

The following links on this page are to documents in Adobe Portable Document Format (PDF). See our Plugins, Viewers, and Other Tools page for more information. For successful viewing of PDF documents on our site please be sure to use the latest version of Adobe.

• NUREG/CR-6479 (PDF - 9.84 MB)

Publication Information

Manuscript Completed: December 1997
Date Published: January 1998

Prepared by
K. Korsah, ORNL
M. Hassan, BNL
T. J. Tanaka, SNL
R. T. Wood, ORNL

Oak Ridge National Laboratory
Managed by Lockheed Martin Energy Research Corp.

Brookhaven National Laboratory
Department of Energy

Sandia National Laboratorles
Managed by Sandia Corporation

Oak Ridge National Laboratory
Oak Ridge, TN 37831-6010

Brookhaven National Laboratory
Upton, NY 11973

Sandia National Laboratories
Albuquerque, NM 87185-0747

C. E. Antonescu, NRC Project Manager

Prepared for
Division of Systems Technology
Office of Nuclear Regulatory Research
U.S. Nuclear Regulatory Commission
Washington, DC 20555
NRC Job Code L1798

Availability Notice

Abstract

This document presents the reults of studies sponsored by the Nuclear Regulatory Commission to provide the technical basis for environmenta qualification of computer-based safety equipment in nuclear power plants. The studies were conducted by Oak Ridge National Laboratory, Sandia National Laboratories, and Brookhaven National Laboratory.l

The studies address the following: (1) adequacy of pretest test methods for qualification of digital instrumentation and control (I&C) systems; (2) preferred (i.e., Regulatory Guide-endorsed) standards; (3) recommended stressors to be included in the qualification process during type testing; (4) resolution of recommended stressors to be included in the qualification process during type testing; (4) resolution of need for accelerated aging for equipment to be located in a benign environment; and (5) determination of an appropriate approach for addresssing the impact of smoke in digital equipment qualification programs.

Significant conclusions from the studies are the following:

(1) Type testing should continue to be the preferred test method for safety-related I&C systems.

(2) The state of the art does not warrant any changes to be made with regard to aging methodologies for digital systems in nuclear power plants.

(3) A stressor not previously considered for analog safety system qualification is smoke exposure. Reseach documented in this report confirms that smoke is a stressor that can adversely impact digital safety equipment. However, current reseach and the state of the art for testing do not support the explicit inclusion of smoke exposure as a stressor during type testing. Additional research into the susceptibility of digital components and modules to smoke-induced effects is ongoing and should be continued. Based on exisiting research, present methodologies with regard to fire and its effects (i.e., smoke, heat, ignition, explosions, and toxic gases), which are addressed via General Design Criteria (GDC) 3, Institute of Electrical and Electronics Engineers (IEEE) 384, and Appendix R of Title 10 of the Code of Federal Regulations (10 CFR 50), should continue to be applied for digital I&C safety systems.

(4) The synergistic effect of high temperature in combination with high relative humidity is potentially risk-significant to digital I&C. Therefore, although high relative humidity is not as likely in the controlled environments where digital I&C is typically located (e.g., control rooms), the synergistic effect of these two stressors needs to be considered on a case-by-case basis, especially for postaccident monitoring equipment.

(5) Based on a comparative analysis of IEEE 323-1974 and IEEE 323-1983, we recommend that IEEE 323-1983 be endorsed, with appropriate exceptions as specified in thsi report.

(6) The dynamic response of a distributed system under environmental stress should be considered during type testing. System response time is usually considered during design, but the sequential nature of digital processes (as opposed to the essentially instantaneous nature of analog processes) increases the significance of the potential of environmental stressors to cause intermittent upsets in subsystems, leading to degraded performance in the total system. Dynamic performance under environmental stress is especially important in postaccident monitoring systems, which typically are required to function following a reactor trip or engineered safety feature actuation.

(7) There is a need for electromagnetic compatibility standard(s) for the nuclear power plant environment. The information provided in the following reports can be used as the basis for electromagnetic compatibility of I&C systems in nuclear power plants:

(8) The nuclear industry should adopt a new philosophy of qualification, in which the assurance that safety-related equipment will perform properly is "built-in" as well as being "tested-in." In this approach, assurance of an equipment's quality starts at the semiconductor component level. As a minimum, it might be required as part of the environment qualification standards used by the semiconductor manufacturer for stress testing. Integrated circuits are susceptible to long-term failure mechanisms under various environmental stressors so the use of components from high quality manufacturing process, as demonstrated through manufacturer stress testing, can minimize that susceptibility.

Privacy Policy | Site Disclaimer
Tuesday, August 19, 2008