《BS-IEC-61497-1998.pdf》由会员分享,可在线阅读,更多相关《BS-IEC-61497-1998.pdf(18页珍藏版)》请在三一文库上搜索。
1、BRITISH STANDARD BS IEC 61497:1998 Nuclear power plants Electrical interlocks for functions important to safety Recommendations for design and implementation ICS 27.120.20 Licensed Copy: sheffieldun sheffieldun, na, Sun Nov 26 11:42:15 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS IEC 61497:1998 Thi
2、s British Standard, having been prepared under the direction of the Engineering Sector Committee, was published under the authority of the Standards Committee and comes into effect on 15 March 1999 BSI 05-1999 ISBN 0 580 32090 1 National foreword This British Standard reproduces verbatim IEC 61497:1
3、998 and implements it as the UK national standard. The UK participation in its preparation was entrusted to Technical Committee NCE/8, Reactor instrumentation, which has the responsibility to: aid enquirers to understand the text; present to the responsible international/European committee any enqui
4、ries on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. A list of organizations represented on this committee can be obtained on request to its secretary. From 1 January 1997, all
5、IEC publications have the number 60000 added to the old number. For instance, IEC 27-1 has been renumbered as IEC 60027-1. For a period of time during the change over from one numbering system to the other, publications may contain identifiers from both systems. Cross-references The British Standard
6、s which implement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or by using the “Find” facility of the BSI Standards Electronic Catalogue. A British Standard d
7、oes not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an in
8、side front cover, pages i and ii, the CEI IEC title page, page ii, pages 1 to 10, an inside back cover and a back cover. This standard has been updated (see copyright date) and may have had amendments incorporated. This will be indicated in the amendment table on the inside front cover. Amendments i
9、ssued since publication Amd. No.DateComments Licensed Copy: sheffieldun sheffieldun, na, Sun Nov 26 11:42:15 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS IEC 61497:1998 BSI 05-1999i Contents Page National forewordInside front cover Text of CEI IEC 614971 Licensed Copy: sheffieldun sheffieldun, na,
10、Sun Nov 26 11:42:15 GMT+00:00 2006, Uncontrolled Copy, (c) BSI ii blank Licensed Copy: sheffieldun sheffieldun, na, Sun Nov 26 11:42:15 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Licensed Copy: sheffieldun sheffieldun, na, Sun Nov 26 11:42:15 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS IEC 61497:1
11、998 ii BSI 05-1999 Contents Page Introduction1 1Scope1 2Normative references2 3Definitions and abbreviations2 3.1Definitions2 3.2Abbreviations3 4Requirements3 4.1System requirements3 4.2System design4 4.3Interlock integrity5 4.4Interlock equipment6 4.5Documentation7 4.6Computer-based equipment7 4.7O
12、perator actions8 4.8Power supplies8 5Test methods8 5.1Test and monitoring facilities8 5.2Automatic test aids8 5.3Self-testing and monitoring9 Annex A (informative) Typical interlocks10 Annex B (informative) Guidance on application of single-channel, double-channel or multi-channel interlocks11 Licen
13、sed Copy: sheffieldun sheffieldun, na, Sun Nov 26 11:42:15 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS IEC 61497:1998 BSI 05-19991 Introduction Interlock functions on nuclear power plants prevent unsafe conditions or operations, protect personnel and prevent hazards. Interlock functions prevent ac
14、tions which could lead to or increase danger or damage to the plant, and do not normally take steps to correct conditions. Interlock functions may limit a continuing action in order to prevent a condition developing, or may prevent a possible action and thereby prevent a condition. Interlock functio
15、ns may generate a permissive signal to allow selection of the output of an instrument only when in its operating range, for use by the reactor protection system or a control system for the current power, temperature range or condition. Interlock functions may be provided by mechanical means or by ad
16、ministration, by operator action or by electrical methods. Administration is under control of the plant management, and involves signatures on permits and records of authority to perform operations, which are not discussed. Such methods may be used to control personnel access to an active area, to p
17、ermit operator use of a control, to authorize issue of a key which can release a locked control or which allows access to perform some operation for special or non-routine reasons. Electrical methods include use of the reactor protection system, logic within control systems, logic in computer-based
18、equipment, interconnections in switchgear and dedicated units of relay or solid-state logic. Typical interlock functions and methods of providing electrical interlocks are given in Annex A. The nuclear safety requirements for interlocks may be in addition to or different from the interlock requireme
19、nts for fire protection, personnel safety or plant protection. These requirements may conflict and guidance is given on resolution of conflicts. The requirements for classification and for reliability of instrumentation and control systems important to safety are discussed in IEC 61226. Electrical i
20、nterlocks require classification according to that standard to identify basic requirements. Some requirements for safety system interlocks can be derived from IAEA 50-SG-D3, but not for all interlocks important to safety. The system, design, reliability and equipment requirements appropriate to cate
21、gories A, B and C are developed in this standard. Interlock functions exist in many systems on a nuclear plant, which can result in different approaches to their implementation in different systems. They should therefore be implemented in a consistent manner throughout a plant. This standard is conc
22、erned with the practical implications of electrical interlock design and implementation to meet the levels of performance, reliability and consistency required on nuclear plants. 1 Scope This International Standard provides recommendations for the design and implementation of electrical interlocks u
23、sed actively or passively to prevent unsafe conditions or to ensure specific safe conditions and states during the operation of nuclear power plants. Safety system interlocks are covered by standards for safety systems. This standard gives design, reliability and test criteria arising from the consi
24、deration of interlocks important to safety in accordance with IEC 61226. It uses categories A, B and C as defined by that document. It takes into account the interlock safety significance and functions, and the role of the operator in some interlocks. Guidance is given on redundancy and on diversity
25、 of equipment for implementing interlocks, where high availability or integrity is involved, or where common mode failure may limit reliability. The use of computer-based equipment for interlock functions is discussed, and recommendations for diversity are given. Requirements for software and for ve
26、rification and validation are given by reference to IEC 60880. The provision of test facilities is discussed together with self-testing and self-monitoring methods. The system of interlocks for a specific function includes the sensors of plant state (e.g., measuring devices and limit switches), the
27、interlock and control power supplies, the control and instrumentation equipment providing the particular logic function for prevention or limitation of operation, and the cables, electromechanical features, key control and administrative control associated with the function. Licensed Copy: sheffield
28、un sheffieldun, na, Sun Nov 26 11:42:15 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS IEC 61497:1998 2 BSI 05-1999 2 Normative references The following normative documents contain provisions which, through reference in this text, constitute provisions of this International Standard. At the time of p
29、ublication, the editions indicated were valid. All normative documents are subject to revision, and parties to agreements based on this International Standard are encouraged to investigate the possibility of applying the most recent editions of the normative documents indicated below. Members of IEC
30、 and ISO maintain registers of currently valid International Standards. IEC 60231A:1969, First supplement to IEC 60231:1967, General principles of nuclear reactor instrumentation1). IEC 60617-12:1997, Graphical symbols for diagrams Part 12: Binary logic elements. IEC 60812:1985, Analysis techniques
31、for system reliability Procedure for failure mode and effects analysis (FMEA). IEC 60880:1986, Software for computers in the safety systems of nuclear power stations. IEC 60987:1989, Programmed digital computers important to safety for nuclear power stations. IEC 61225:1993, Nuclear power plants Ins
32、trumentation and control systems important for safety Requirements for electrical supplies. IEC 61226:1993, Nuclear power plants Instrumentation and control systems important for safety Classification. IEC 61500:1996, Nuclear power plants Instrumentation and control systems important to safety Funct
33、ional requirements for multiplexed data transmission. IAEA 50-C-D (Rev. 1 ):1988, Code on the safety of nuclear power plants Design. IAEA 50-SG-D3:1980, Protection system and related features in nuclear power plants. IAEA 50-SG-D8:1985, Safety-related instrumentation and control systems for nuclear
34、power plants. 3 Definitions and abbreviations 3.1 Definitions For the purpose of this International Standard, the following definitions apply. 3.1.1 availability fraction of time that a system is actually capable of performing its mission (IAEA 50-SG-D8) 3.1.2 category safety category as A, B, C or
35、unclassified, defined for the function, system or equipment by classification to IEC 61226 3.1.3 channel separate path along which information flows through a redundant or distributed system. That path may also require redundancy (adapted from IEC 61500) 3.1.4 diversity existence of two or more diff
36、erent ways or means of achieving a specified objective. Diversity is specifically provided as a defense against common mode failure. It may be achieved by providing systems that are physically different from each other, or by functional diversity, where similar systems achieve the specified objectiv
37、e in different ways (see clause 3 of IEC 61226) 3.1.5 electrical interlocks auxiliary contacts or equipment electrically associated with the controlled apparatus and reacting upon the control circuit or equipment to ensure the equipment operates safely and in the required manner or sequence 3.1.6 in
38、tegrity a quality of completeness, dependability and freedom from defects 3.1.7 interlocks single-channel, double-channel and multi-channel interlocks Single-channel interlocks use a single channel of sensors, logic units and an actuation item such as a contactor or relay. Double-channel interlocks
39、use two channels of equipment and sensors, arranged so that each channel is capable, on its own, of preventing the unsafe condition or state. The channels may consist of two sets of essentially identical equipment. An alternative is two different channels which perform the interlock functions differ
40、ently, or two similar channels, one in normal operation and the other in backup operation to prevent an unsafe condition or state if the first channel fails. 1) This standard contains valuable technical advice, but is not maintained by IEC and is not therefore fully normative. Licensed Copy: sheffie
41、ldun sheffieldun, na, Sun Nov 26 11:42:15 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS IEC 61497:1998 BSI 05-19993 Multi-channel interlocks use several channels of equipment and sensors. They are arranged so that each channel is capable, on its own, of preventing the unsafe condition or state. One
42、failed channel cannot block actions which prevent unsafe conditions or states. Use of multi-channel systems can provide benefits due to allowing on-line maintenance and avoiding the need for a channel bypass. 3.1.8 interlock functions functions implemented as part of the instrumentation and control
43、system of the plant, which prevent unsafe conditions or operations, protect personnel and prevent hazards 3.1.9 redundancy provision of more than the minimum number of (identical or diverse) elements or systems, so that the loss of any one does not result in the loss of the required function of the
44、whole (IAEA 50-C-D) 3.1.10 safety interlock system that part of the protection system which prevents certain operations which may affect the safety of the reactor unless all prescribed conditions are met 3.1.11 interlock system important to safety that part of the electrical and instrumentation and
45、control systems important to safety which prevents or limits certain operations which may affect the safety of the reactor, unless all prescribed conditions are met 3.1.12 software programs, procedures, rules and any associated documentation pertaining to the operation of a computer system (see 2.16
46、 of IEC 60880) 3.2 Abbreviations 4 Requirements 4.1 System requirements 4.1.1 Interlock functional requirements The interlock functions shall be defined and documented, and their safety role determined. The functions, systems and equipment for interlocks shall be classified using the criteria of IEC
47、 61226 to assign them to a category (A, B, C or unclassified) and to determine the requirements for assurance of functionality, reliability, performance, environmental durability, and quality assurance and control. Interlocks functions may be used: a) to prevent an unsafe or incorrect operation bein
48、g taken by an operator or by an automatic system; b) to prevent conditions developing which are unsafe or incorrect by restricting a control action; c) to inhibit the progress of a sequence of operations until conditions are safe or correct; d) to generate a permissive signal to allow selection of t
49、he output of the instrument when it is in its operating range; e) to prevent operation of equipment in one operating mode when it is only safe to operate it in another operating mode; f) to permit the operation of the equipment beyond its intended function or design basis, if the operation would enhance nuclear safety in beyond design basis conditions; g) to prevent hazards such as fire and dropped load from causing an unsafe condition or state. Operational interlock functions typically provide stopping and starting a pump, stopping of valve actuat