This publication defines a framework that represents the state of the art in assessment methodologies for safety and instrumentation and control software used at nuclear power plants. It describes an approach for developing and communicating assessments based on claims, argument and evidence. The assessment of software dependability, which encompasses properties such as safety, reliability, availability, maintainability and security, is an essential and challenging aspect of the safety justification. Guiding principles for a dependability assessment are established to provide the basis for defining an assessment strategy and implementing the assessment process. Sources of evidence for the assessment are provided and lessons learned from past digital instrumentation and control system implementation in areas such as software development, operational usage, regulatory review and platform certification are also described.

With the current transition from analog to digital instrumentation and control systems in nuclear power plants, the number and variety of software-based systems have significantly increased. The sophisticated nature and increasing complexity of software raises trust in these systems as a significant challenge. The trust placed in a software system is typically termed software dependability. Software dependability analysis faces uncommon challenges since software systems' characteristics differ from those of hardware systems. The lack of systematic science-based methods for quantifying the dependability attributes in software-based instrumentation as well as control systems in safety critical applications has proved itself to be a significant inhibitor to the expanded use of modern digital technology in the nuclear industry. Dependability refers to the ability of a system to deliver a service that can be trusted. Dependability is commonly considered as a general concept that encompasses different attributes, e.g., reliability, safety, security, availability and maintainability. Dependability research has progressed significantly over the last few decades. For example, various assessment models and/or design approaches have been proposed for software reliability, software availability and software maintainability. Advances have also been made to integrate multiple dependability attributes, e.g., integrating security with other dependability attributes, measuring availability and maintainability, modeling reliability and availability, quantifying reliability and security, exploring the dependencies between security and safety and developing integrated analysis models. However, there is still a lack of understanding of the dependencies between various dependability attributes as a whole and of how such dependencies are formed. To address the need for quantification and give a more objective basis to the review process -- therefore reducing regulatory uncertainty -- measures and methods are needed to assess dependability attributes early on, as well as throughout the life-cycle process of software development. In this research, extensive expert opinion elicitation is used to identify the measures and methods for assessing software dependability. Semi-structured questionnaires were designed to elicit expert knowledge. A new notation system, Causal Mechanism Graphing, was developed to extract and represent such knowledge. The Causal Mechanism Graphs were merged, thus, obtaining the consensus knowledge shared by the domain experts. In this report, we focus on how software contributes to dependability. However, software dependability is not discussed separately from the context of systems or socio-technical systems. Specifically, this report focuses on software dependability, reliability, safety, security, availability, and maintainability. Our research was conducted in the sequence of stages found below. Each stage is further examined in its corresponding chapter. Stage 1 (Chapter 2): Elicitation of causal maps describing the dependencies between dependability attributes. These causal maps were constructed using expert opinion elicitation. This chapter describes the expert opinion elicitation process, the questionnaire design, the causal map construction method and the causal maps obtained. Stage 2 (Chapter 3): Elicitation of the causal map describing the occurrence of the event of interest for each dependability attribute. The causal mechanisms for the "event of interest" were extracted for each of the software dependability attributes. The "event of interest" for a dependability attribute is generally considered to be the "attribute failure", e.g. security failure. The extraction was based on the analysis of expert elicitation results obtained in Stage 1. Stage 3 (Chapter 4): Identification of relevant measurements. Measures for the "events of interest" and their causal mechanisms were obtained from expert opinion elicitation for ...

Accidents and natural disasters involving nuclear power plants such as Chernobyl, Three Mile Island, and the recent meltdown at Fukushima are rare, but their effects are devastating enough to warrant increased vigilance in addressing safety concerns. Nuclear Power Plant Instrumentation and Control Systems for Safety and Security evaluates the risks inherent to nuclear power and methods of preventing accidents through computer control systems and other such emerging technologies. Students and scholars as well as operators and designers will find useful insight into the latest security technologies with the potential to make the future of nuclear energy clean, safe, and reliable.

The nuclear industry and the U.S. Nuclear Regulatory Commission (USNRC) have been working for several years on the development of an adequate process to guide the replacement of aging analog monitoring and control instrumentation in nuclear power plants with modern digital instrumentation without introducing off-setting safety problems. This book identifies criteria for the USNRC's review and acceptance of digital applications in nuclear power plants. It focuses on eight areas: software quality assurance, common-mode software failure potential, systems aspects of digital instrumentation and control technology, human factors and human-machine interfaces, safety and reliability assessment methods, dedication of commercial off-the-shelf hardware and software, the case-by-case licensing process, and the adequacy of technical infrastructure.

Instrumentation and Control Systems for Nuclear Power Plants provides the latest innovative research onthe design of effective modern I&C systems for both existing and newly commissioned plants, along withinformation on system implementation. Dr. Cappelli and his team of expert contributors cover fundamentals,explore the most advanced research in control systems technology, and tackle topics such as the human–machine interface, control room redesign, and control modeling. The inclusion of codes and standards,inspection procedures, and regulatory issues ensure that the reader can confidently design their own I&Csystems and integrate them into existing nuclear sites and projects. - Covers various viewpoints, including theory, modeling, design and applications of I&C systems - Includes codes and standards, inspection procedures and regulatory issues - Combines engineering and physics aspects in one thorough resource, presenting human factors, modeling and HMI together for the first time - Instrumentation and Control Systems for Nuclear Power Plants highlights the key role nuclear energy plays in the transition to a lower-carbon energy mix

Safety is a paradoxical system property. It remains immaterial, intangible and invisible until a failure, an accident or a catastrophy occurs and, too late, reveals its absence. And yet, a system cannot be relied upon unless its safety can be explained, demonstrated and certified. The practical and difficult questions which motivate this study concern the evidence and the arguments needed to justify the safety of a computer based system, or more generally its dependability. Dependability is a broad concept integrating properties such as safety, reliability, availability, maintainability and other related characteristics of the behaviour of a system in operation. How can we give the users the assurance that the system enjoys the required dependability? How should evidence be presented to certification bodies or regulatory authorities? What best practices should be applied? How should we decide whether there is enough evidence to justify the release of the system? To help answer these daunting questions, a method and a framework are proposed for the justification of the dependability of a computer-based system. The approach specifically aims at dealing with the difficulties raised by the validation of software. Hence, it should be of wide applicability despite being mainly based on the experience of assessing Nuclear Power Plant instrumentation and control systems important to safety. To be viable, a method must rest on a sound theoretical background.

This book is a compilation of selected papers from the fifth International Symposium on Software Reliability, Industrial Safety, Cyber Security and Physical Protection of Nuclear Power Plant, held in November 2020 in Beijing, China. The purpose of this symposium is to discuss Inspection, test, certification and research for the software and hardware of Instrument and Control (I&C) systems in nuclear power plants (NPP), such as sensors, actuators and control system. It aims to provide a platform of technical exchange and experience sharing for those broad masses of experts and scholars and nuclear power practitioners, and for the combination of production, teaching and research in universities and enterprises to promote the safe development of nuclear power plant. Readers will find a wealth of valuable insights into achieving safer and more efficient instrumentation and control systems.

Plant Hazard Analysis and Safety Instrumentation Systems is the first book to combine coverage of these two integral aspects of running a chemical processing plant. It helps engineers from various disciplines learn how various analysis techniques, international standards, and instrumentation and controls provide layers of protection for basic process control systems, and how, as a result, overall system reliability, availability, dependability, and maintainability can be increased. This step-by-step guide takes readers through the development of safety instrumented systems, also including discussions on cost impact, basics of statistics, and reliability. Swapan Basu brings more than 35 years of industrial experience to this book, using practical examples to demonstrate concepts. Basu links between the SIS requirements and process hazard analysis in order to complete SIS lifecycle implementation and covers safety analysis and realization in control systems, with up-to-date descriptions of modern concepts, such as SIL, SIS, and Fault Tolerance to name a few. In addition, the book addresses security issues that are particularly important for the programmable systems in modern plants, and discusses, at length, hazardous atmospheres and their impact on electrical enclosures and the use of IS circuits. Helps the reader identify which hazard analysis method is the most appropriate (covers ALARP, HAZOP, FMEA, LOPA) Provides tactics on how to implement standards, such as IEC 61508/61511 and ANSI/ISA 84 Presents information on how to conduct safety analysis and realization in control systems and safety instrumentation