Content uploaded by Jan-Erik Holmberg
Author content
All content in this area was uploaded by Jan-Erik Holmberg on Dec 05, 2014
Content may be subject to copyright.
A preview of the PDF is not available
Proposal for the Taxonomy of Failure Modes of Digital System Hardware for PSA
Abstract and Figures
Currently a new taxonomy approach is developed by the DIGREL task group, established by the Working Group on Risk Assessment of OECD/NEA, in order to support the modelling of digital I&C systems in the framework of PSA for nuclear power plants (NPP). It should improve the identification of potential failure modes of hardware as well as software. It is based on generic experience with different types of digital I&C systems. Also it should help to define the structure of data to be collected and support the quantification of PSA models. The DIGREL task group has decided to separate the evaluation of the taxonomy approaches of digital I&C systems into two parts: a taxonomy of the failure modes of hardware and a taxonomy of the failure modes of software. This paper presents a proposal for a generic structure of the hardware of a digital I&C system with safety-functions relevant to safety. The hardware failure mode taxonomy approach is based on decomposition of a particular digital I&C system according to a generic hardware structure. It is assumed that this generic decomposition is sufficient to identify generic issues of the specific I&C systems, components and functions. The decomposition of the hardware into modules is based on the current practice of data collection from operating experience of analog and digital I&C to be applied in PSA. The simplified model takes into account the typical design features of digital I&C systems in the NPP e.g. redundant signal processing, network communication and voting of the actuation signal. Furthermore, a concept (methodology) is presented for the identification of generic issues with regard to failure modes of hardware of a digital I&C system and to probable effects by propagation of the failure modes through each level of signal processing (local, next higher assembly and system level).
Figures - uploaded by Jan-Erik Holmberg
Author content
All figure content in this area was uploaded by Jan-Erik Holmberg
Content may be subject to copyright.
... (1) the entire system (2) a division (3) processing units (and cabinets) (4) modules, i.e. subcomponents of processing units (5) generic components, i.e. subcomponents of modules. ...
... To accurately model the effect of detected failures may be a laborious task in practice, but failure detection should be analysed and considered at least in FMEA. The following categories of failure detection are possible: • Demand (no periodic test detects the failure) • Periodic test • Monitoring o Self-monitoring (online monitoring of the module itself) o Monitoring by another moduleDevelopment of the hardware failure modes taxonomy in DIGREL is further discussed in[5]. ...
To assess the risk of nuclear power plant operation and to determine the risk impact of digital systems, there is a need to quantitatively assess the reliability of the digital systems in a justifiable manner. Due to the many unique attributes of digital systems, a number of modelling and data collection challenges exist, and consensus has not yet been reached. The OECD/NEA CSNI Working Group on Risk Assessment (WGRisk) has set up a task group called DIGREL to develop a taxonomy of failure modes of digital components for the purposes of probabilistic safety assessment (PSA). An activity focused on development of a common failure modes taxonomy is seen as a step towards standardised digital I&C reliability assessment techniques. Needs from PSA will guide the work, meaning e.g. that I&C system and its failures are studied from their functional significance point of view. The taxonomy will be the basis of modelling and quantification efforts. It will also help to define a structure for data collection and to review PSA. DIGREL will take advantage from R&D activities, actual PSA applications as well as experience related to digital systems. The scope of the taxonomy includes both protection and control systems, though primary focus is on protection systems. The taxonomy is divided into hardware and software related failure modes, for which purpose example taxonomies have been collected from the member countries. A representative fictive digital protection system example has been developed to be used as a reference in the demonstration of the taxonomy. With regard to the hardware failure modes taxonomy, the main issue is to define a feasible level of details. Module level, i.e., subcomponents of processing units, seems to be the most appropriate from the PSA modelling point of view. The software failure modes taxonomy is focused on identifying and defining which common cause failures are reasonable to postulate. The plan is to publish guidelines in 2013.
... The latter approach is called top-down approach. This approach is considered as a usual approach which is adopted by the different governments in the whole [21]. One of the main disadvantages of this approach that it takes a long time to 2-Methods and Methodology 9. Februar 2019 Integrated water resources management course 8 impose political and legislation for the upcoming crisis. ...
With the increasing threats of climate change and uncertainty of conditions on water resources, there has been the need to have in-place measures to promote the protection, regulation and sustainable usage of water. Climate change is a phenomenon with all science proving its dreadful impacts on water resources and its dependents now, with global temperatures of approximately 1.0°C above pre-industrial levels and even worst conditions when temperatures reach 4-5°C by 2100 if current trends continue [1]. However, there is a chance to mitigate the impacts now while putting in place adaptive measures to help build climate resilience and prolong the sustainability of water resource. Building resilience comes along with challenges which could be surmounted through the application of tools offered by integrated water resource management (IWRM). This report herein, addresses how Thailand, as a country which faces disasters (e.g. flood and drought), ripples from climate change has implemented IWRM tools in building resilience to climate change. This case study showed that the world should take steps now towards climate change resilience, doing so through policy provision, framework and systems of stakeholder participation for water management action to ensure the sustainability of water resources.
One of the most important issues of the current PRA methodology is the precise modeling of dynamic changes such as state transitions among several states including fault(s) or maintenance of the nuclear facility, safety-related systems or components by fault-tree analysis and event-tree analysis. Moreover, though safety-related systems are usually in the stand-by state during normal operating conditions of a nuclear power plant, modeling of the dynamic changes in safety functions, along with changes in component failure rates due to the aging effect in the stand-by state or continuous/intermittent effects originating from external hazards, is also carried out under the same situation. On the basis of the background described above, the authors proposed a reliability analysis methodology of using the Markov state transition model applied to the digital reactor protection system of an ABWR plant, and demonstrated the applicability of the developed methodology using the component failure modes discussed in DIGREL, the task group of WGRisk belonging to OECD/NEA/CSNI. These studies showed that the PRA methodology including the state transition model can consider state transitions of components and time-dependent changes in component failure rates, and the relationship between this methodology and minimal cut sets for calculating the core damage frequency was also clarified.
Recently, digital instrumentation and control systems have been increasingly installed to the important safety features in nuclear power plants such as the reactor trip system and the actuation system of the engineered safety features. On the other hand, it has been found that it is difficult to model the digital equipment reliability in probabilistic risk assessment (PRA) by the conventional Fault Tree Analysis technique. The OECD/NEA CSNI Working Group of Risk Assessment (WGRisk) set up the task group DIGREL to discuss several issues including quantitative dynamic modeling. This paper shows that, taking account of the relationship among the reactor trip system failures, demand after the initiating event, detection of the reactor trip system fault by self-diagnostic or surveillance tests, repair of the failed reactor trip system components and plant shutdown operation by the plant operators as a stochastic process, the anticipated transient without scram (ATWS) event can be modeled by the event logic fault tree and Markov state-transition diagrams in the case of the 2-out-of-4 digital reactor trip system.
NKS-230 Digital protection and control systems are appearing as upgrades in older nuclear power plants (NPPs) and are commonplace in new NPPs. To assess the risk of NPP operation and to determine the risk impact of digital system upgrades on NPPs, quantitative reliability models are needed for digital systems. Due to the many unique attributes of these systems, challenges exist in systems analysis, modeling and in data collection. Currently there is no consensus on reliability analysis approaches. Traditional methods have clearly limitations, but more dynamic approaches are still in trial stage and can be difficult to apply in full scale probabilistic safety assessments (PSA). The number of PSA:s worldwide including reliability models of digital I&C systems are few. A comparison of Nordic experiences and a literature review on main international references have been performed in this pre-study project. The study shows a wide range of approaches, and also indicates that no state-of-the-art currently exists. The study shows areas where the different PSA:s agree and gives the basis for development of a common taxonomy for reliability analysis of digital systems. It is still an open matter whether software reliability needs to be explicitly modelled in the PSA. The most important issue concerning software reliability is proper descriptions of the impact that software-based systems has on the dependence between the safety functions and the structure of accident sequences. In general the conventional fault tree approach seems to be sufficient for modelling reactor protection system kind of functions.
Guidelines for reliability analysis of digital systems in PSA context, Phase 2 Status Report [7] United States Nuclear Regulatory Commission. Instrumentation and Controls in Nuclear Power Plants: An Emerging Technologies Update
- S Authén
- J Gustafsson
- J.-E Holmberg
Authén, S., Gustafsson, J., Holmberg, J.-E., Guidelines for reliability analysis of digital systems in
PSA context, Phase 2 Status Report, NKS Report, January 2012.
[7]
United States Nuclear Regulatory Commission. Instrumentation and Controls in Nuclear Power
Plants: An Emerging Technologies Update. NUREG/CR-6992, 2009
[8]
International Atomic Energy Agency. Core Knowledge on Instrumentation and Control Systems in
Nuclear Power Plants. IAEA Nuclear Energy Series No. NP-T-3.12. Vienna, Austria, 2011.
[9]
International Atomic Energy Agency. Safety Standards Series No. NS-R-1, SAFETY OF NUCLEAR
POWER PLANTS: DESIGN, Safety Requirements, Vienna, 2000.
Safety and Non-Safety Communications and Interactions in International Nuclear Power Plants, Guidelines for the Design of Highly Integrated Control Rooms
- R Kisner
Kisner, R. et al. Safety and Non-Safety Communications and Interactions in International Nuclear
Power Plants, Guidelines for the Design of Highly Integrated Control Rooms, ORNL/NRC/LTR-07/05, Prepared for the U.S. Nuclear Regulatory Commission, August 2007.
Development of best practice guidelines on failure modes taxonomy for reliability assessment of digital I&C systems for PSA. 11th International Probabilistic Safety Assessment & Management Conference
- J.-E Holmberg
- S Authén
- A Amri
Holmberg J.-E., Authén S., Amri, A., Development of best practice guidelines on failure modes
taxonomy for reliability assessment of digital I&C systems for PSA. 11th International Probabilistic
Safety Assessment & Management Conference, PSAM 11, Helsinki, June 25-29, 2012.
Identification of Failure Modes of Software in Safety-Critical Digital I&C Systems in Nuclear Power Plants
- C Smidts
- M C Kim
Smidts, C., Kim, M.C. Identification of Failure Modes of Software in Safety-Critical Digital I&C
Systems in Nuclear Power Plants. 11th International Probabilistic Safety Assessment & Management
Conference, PSAM 11, Helsinki, June 25-29, 2012.