IEEE 379-2014 pdf download

IEEE 379-2014 pdf download.IEEE Standard for Application of the Single-Failure Criterio n to Nuclear Power Generating Station Safety Systems
Statement of the single-failure criterion
The safety systems shall perform all required safety functions for a design basis event in the presence of the following:
Any single detectable failure within the safety systems concurrent with all identifiable but non- detectable failures
All failures caused by the single failure
All failures and spurious system actions that cause or are caused by the design basis event requiring the safety function The single failure could occur prior to, or at any time during, the design basis event for which the safety system is required to function.
5. Requirements
5.1 Independence and redundancy The principle of independence is basic to the effective utilization of the single-failure criterion. The design of a safety system shall be such that no single failure of a component will interfere with the proper operation of an independent redundant component or system.
5.2 Nondetectable failure The detectability of failures is implicit in the application of the single-failure criterion. Detectability is a function of the system design and the specified tests. A failure that cannot be detected through periodic testing or revealed by an alarm or anomalous indication is nondetectable. An objective in an analysis of safety systems is to identify nondetectable failures. Nondetectable failures should be identified by performing an evaluation of the safety system design that includes postulated component level failures and evaluating the effects of these failures including the ability to detect them.
Some designs include redundant components to mitigate the effects of a failure, to improve system availability, or to support maintenance without impacting system availability. When evaluating the effects of a failure in such a configuration, care shall be taken to identify components whose failure will not be revealed by periodic test, alarm or anomalous indication. When nondetectable failures are identified, one of the following courses of action shall be taken:
Preferred course: The system or the test scheme shall be redesigned to make the failure detectable
Alternative course: When analyzing the effect of each single failure, all identified nondetectable failures shall be assumed to have occurred.
5.3 Cascaded failures Whenever the design is such that additional failures could be expected from the occurrence of a single failure, these cascaded failures shall be included in the single-failure analysis.
5.4 Design basis events A design basis event that results in the need for safety functions may cause consequential failures of system components, modules, or channels. In order to provide protection from these failures, the safety equipment is designed, qualified and installed to provide protection from such anticipated challenges. An analysis shall be performed to determine the consequences of safety system failures resulting from design basis events. For a system to meet the single-failure criterion, it shall be shown that the required safety function can be performed in the presence of these event-caused failures, all identifiable nondetectable failures, and any other single failure.
5.5 Common-cause failures
The requirement for a safety system to function in the presence of common-cause failures (CCFs) is beyond the scope of the application of single-failure criterion and, therefore, this standard. However, it is important to screen out the potential CCFs when performing a single-failure analysis. As part of evaluating the overall reliability of safety systems, IEEE Std 352 extends the qualitative analysis beyond that which is done for failure modes and effects analysis (FMEA), or fault tree analysis, by considering CCFs.
Therefore, an extended qualitative analysis described in IEEE Std 352 should be used to identify and screen out common-cause failure mechanisms not normally considered in an analysis of independent component failures. Common-cause failures not subject to single-failure analysis include causative factors from external environmental effects (e.g., voltage, frequency, radiation, temperature, humidity, pressure, vibration, and electromagnetic interference). Also, equipment qualification and quality assurance programs are intended to afford protection from external environmental effects, design deficiencies, and manufacturing errors. Personnel training; proper control room design; and operating, maintenance, and surveillance procedures are intended to afford protection from maintenance and operator errors. Finally, for digital safety systems, vulnerabilities to CCFs are assessed via the diversity and defense-in-depth associated with the safety system.
IEEE Std 352 includes these causative factors contributing to CCFs and the possible preventative measures used to screen out these potential CCFs. The screening process is shown in Figure 1. Other failures may be identified that do not have preventative measures. These failures should be treated as single failures and should be included in the single-failure analysis Digital safety system vulnerabilities to CCFs are assessed via the diversity and defense-in-depth associated with the safety system. Guidance on using diversity and defense-in-depth to address CCFs in digital computers is provided in IEEE Std 7-4.3.2.IEEE 379 pdf download.IEEE 379 pdf download