Working Group on Inspection Practices Workshop
Inspection of Digital Instrumentation and Control (I&C) Systems Important to Safety
Garching, Germany
24-26 September 2007
The objectives of the workshop are to:
- bring together I&C experts and regulatory inspectors to review current regulatory practices and experience with licensing digital I&C systems;
- enhance the dialogue between I&C experts, licensees and regulatory inspectors; and
- develop best practices for inspecting digital I&C safety systems.
The CNRA has held several workshops (1996 and 2001) on this topic and a joint CSNI/CNRA task goup compiled a study on research and regulatory needs. The WGIP, as part of the CNRA operating plan, is developing a report on inspection practices for digital I&C systems. Previous work by the CNRA/CSNI ad hoc group and the results of CNRA workshops will be referred to in the course of this workshop.
Background
The CNRA believes that safety inspections are a major element in a regulatory authority's efforts to ensure the safe operation of nuclear facilities. Considering the importance of these issues, the committee has established a special Working Group on Inspection Practices (WGIP). The purpose of WGIP is to facilitate the exchange of information and experience related to regulatory safety inspections between NEA member countries. This workshop, along with many other activities performed by the WGIP, is directed towards this goal. The consensus from participants at previous workshops, noted that the value of meeting with people from other inspection organisations was the most important achievement.
The CNRA, in approving the mandate of the WGIP, noted that one important responsibility of a regulatory body is to verify by inspection that licensees operate safely, that their activities fully comply with all applicable regulations and that safety is given the highest priority. Regulatory inspection must therefore be supplemented by reviews and by other regulatory controls to yield an integrated assessment of safety and provide a basis for enforcement, which is an essential part of the regulatory oversight process.
The major issue surrounding the use of digital I&C in nuclear safety protection systems relates to the introduction of computer software into the process. This includes a range of systems from the introduction of large platform computer systems through microprocessor control systems down to embedded software in primary instrumentation and controllers.
The main concern is that protection systems are required to have high and predictable levels of reliability. The evidence from operating experience shows that in some cases that long-term maintenance of software dependability is an issue of concern. This has to be resolved particularly for software-based systems important to safety.
Similar to analogue systems, the characteristics of software-based systems must be determined during their development and installation by analysis and test activities, through a well structured V&V process. In addition to online self tests, periodic tests can be designed which will then allow the periodical calibration of the system and the demonstration that main system characteristics are maintained following the completion of commissioning. This will ensure that the system will operate within acceptable reliability limits.
Because software systems generate their operating characteristics from a series of discrete logical steps, the situation is far more complex and complicated than for analogue hard-wired systems. A greater number of inputs and algorithm complexity further complicate the situation. Every line of code would have to be tested for every combination of inputs at all conceived rates of change to actually determine the system reliability. Such a task borders on the impossible, as the combinations are infinite.
The I&C community therefore adopted an approach based on rules for improved design of software, designed to minimise the consequences of this problem. It should be noted that a number of countries have restricted this equipment's use in nuclear safety protection systems.
In more recent times, the use of software in primary instrumentation and controllers is significantly increasing. Here the customer can be left with no knowledge of the complexity of software included. This itself is an area of increasing challenge.
Scope The workshop will focus on the following topics:
- applied software – including embedded software - in nuclear systems important to safety;
- the involvement of regulatory inspectors and their technical support organisations in verification and validation (V&V) activities;
- ongoing analysis and inspection of digital I&C systems important to safety at site following the completion of commissioning;
- processes to control modification and maintenance to software systems at site following the completion of commissioning;
- operating experience feedback and lessons learned regarding digital I&C maintenance and software modification .
The workshop is expected to provide additional insights on these topics and should enable the facility operators and regulators alike an opportunity to maintain and enhance safety in the future. Related links
Last updated: 9 March 2007
| 
