To control systems important to safety. to control systems important for

02.12.2021

FEDERAL SERVICE FOR ENVIRONMENTAL, TECHNOLOGICAL

AND NUCLEAR SUPERVISION

RESOLUTION

ON THE APPROVAL AND INTRODUCTION OF THE FEDERAL NORMS AND RULES IN THE FIELD OF THE USE OF NUCLEAR ENERGY "REQUIREMENTS FOR CONTROL SYSTEMS IMPORTANT FOR THE SAFETY OF NUCLEAR POWER PLANTS"

The Federal Service for Ecological, Technological and Nuclear Supervision decides:

Approve and put into effect from January 5, 2005 the attached federal norms and rules in the field of the use of atomic energy "Requirements for control systems important for the safety of nuclear power plants" (NP-026-04).

Acting Head

A.B. MALYSHEV

REQUIREMENTS

TO CONTROL SYSTEMS IMPORTANT FOR THE SAFETY OF NUCLEAR PLANTS

NP-026-04

I. TERMS AND DEFINITIONS

For the purposes of this document, the following terms and definitions are used:

1. Automated control - control carried out with the participation of personnel using automation tools.

2. Automatic control - control carried out by means of automation without the participation of personnel.

3. Blocking - a control function, the purpose of which is to prevent or stop the actions of personnel, automation equipment and equipment.

4. Diagnostics - a control function, the purpose of which is to determine the state of operability (inoperability) or serviceability (malfunction) of the diagnosed object.

5. Remote control - control of an object at a distance, which can be implemented manually or automatically.

6. Protection - a control function, the purpose of which is to prevent:

a) damage, failure or destruction of protected equipment or automation equipment;

b) the use of faulty equipment or automation equipment;

c) undesirable actions of management personnel.

7. Indication - an information function of the control system, the purpose of which is to display information to operational personnel on automation tools.

9. Control - a part of the control function, the purpose of which is to evaluate the value (identification) of a parameter or determine the state of the controlled process or equipment.

10. Unauthorized access - not authorized in accordance with the established procedure access to automation equipment or equipment.

11. Registration - an information function, the purpose of which is to fix information on any medium that allows its storage.

12. Control system - a system that is a combination of a control object and a control system.

13. Automation tools - a set of software, hardware and software and hardware tools designed to create control systems.

14. Control system - a part of the control system that manages an object according to specified goals, criteria and restrictions.

15. Security control systems (elements) - systems (elements) designed to initiate the actions of security systems, control them in the process of performing specified functions.

16. Control systems important for safety - a set of control systems for safety and control systems for normal operation important for safety.

17. Control systems (elements) of normal operation - systems (elements) that form and implement, according to specified technological goals, criteria and restrictions, the control of process equipment of normal operation systems.

18. Functional group - a part of control systems adopted in the project, which is a set of automation tools that perform a given function of control systems.

II. PURPOSE AND SCOPE

2.1. This regulatory document establishes:

General provisions;

Requirements for control systems of normal operation important for safety (hereinafter referred to as USNE VB) of a nuclear power plant (hereinafter referred to as NPP);

Requirements for control safety systems (hereinafter referred to as CSS) of the NPP;

Terms and definitions in the regulated scope.

2.2. For NPP units designed and in operation prior to the entry into force of this regulatory document, the terms and scope of bringing control systems important to safety (hereinafter referred to as the SCS) in accordance with this regulatory document are determined on a case-by-case basis in accordance with the established procedure.

2.3. The requirements of this regulatory document do not apply to the development and manufacture of automation equipment.

III. GENERAL PROVISIONS

3.1. The USBCS are designed to control the technological equipment of the NPP unit, which ensures safety in normal operation, modes with deviations from normal operation, pre-emergency situations and accidents.

3.2. The composition and functions of the USWSS should be determined by the design of the NPP unit.

3.3. The premises where the automation equipment of the USBS is located, as well as the automation equipment itself, must be protected on the NPP unit from unauthorized access.

3.4. Design, engineering and technological documentation for measuring instruments, which is part of the USVB, must be subjected to metrological examination.

During the operation of the NPP, verification and calibration of measuring instruments that are part of the USVB should be carried out to the extent established by the nomenclature lists of measuring instruments.

3.5. The USBS supplied to the NPP unit, which include automation tools, must have a certificate of compliance of these tools with federal norms and rules in the field of atomic energy use.

3.6. The means of displaying information, which are part of the WWCS, should provide for several levels of displaying information - from displaying generalized information reflecting the state of systems important for NPP safety to displaying detailed information about the state of individual elements of equipment and automation tools.

3.7. In the WSS, information about parameters important to safety must be protected from unauthorized access.

3.8. The information received from the automatic recording tools that are part of the SIS should be sufficient to identify:

1) the initiating event that caused the violation of operational limits or limits of safe operation of the NPP unit;

2) changes in technological parameters in the process of development of the accident;

4) actions of operational personnel;

5) information transmitted to the operational personnel of the block control point (hereinafter referred to as the BCR) (backup control point (hereinafter referred to as the RCC)) via the communication systems of the NPP unit in the event of modes with deviations from normal operation, pre-emergency situations and accidents;

6) the time of occurrence of the events specified in subparagraphs 1) - 4).

3.9. At the NPP unit, the information must be registered in the single time system.

3.10. The amount of information required and the frequency of its registration in normal operation modes, modes with deviations from normal operation, pre-emergency situations and accidents should be established in the design documentation.

3.11. Systems for displaying and recording information about parameters important to safety must be connected to the power supply network of the first category of reliability.

3.12. The quality of the WWCS functions established in the design documentation should be determined depending on the impact of the functions they perform on the safety of the NPP unit and other operating conditions, as well as in accordance with the requirements of the current federal norms and rules in the field of atomic energy use.

3.13. To fulfill the requirement of paragraph 3.12, all automation tools for control systems (hereinafter referred to as CS) should be divided into functional groups (hereinafter referred to as FG) according to the functions performed, which must be accepted as elements of the CS when classifying according to the impact on safety in accordance with federal norms and rules in the field of the use of atomic energy.

3.14. Depending on the impact of the functions performed on the NPP safety and other operating conditions, the FG SS can be classified into four categories, each of which corresponds to the performance indicators given in Appendix 1.

FG of safety class 2 USVB, for which the development of an accident, if it takes place in the event of failure of these FG, occurs during a period of time during which it is impossible to take compensatory or restorative measures in order to ensure the safe state of the NPP;

FGs of safety class 2 USVB, for which the development of an accident, if it takes place in the event of failure of these FGs, occurs within a period of time during which compensatory or restorative measures can be taken to ensure the safe state of the NPP;

FGs that provide operators with information about the parameters characterizing the state of the reactor plant during design basis and beyond design basis accidents;

FG US automation equipment, which are located in unattended premises, where their repair and replacement is impossible for a long time;

FG security classes 2 or 3 USBB, providing:

Operator with the information necessary for automated control in order to prevent violation of the limits of safe operation or reduce the consequences of an accident;

Information necessary for the investigation of accidents;

FG safety class 2 or 3 USBB, providing the implementation of automated control in order to prevent violation of the limits of safe operation or reduce the consequences of an accident;

FG safety class 2 or 3 USBB not assigned to the first and second categories;

e) the fourth category includes:

FG safety class 4 SS, the failures of which do not affect the safety of the NPP.

3.16. The FG US classification designation must include the FG safety class (2, 3 or 4) in accordance with federal norms and rules in the field of atomic energy use; a symbol denoting the RS, which includes the FG (U - control safety system, N - control system for normal operation), and the quality category of the FG (K1, K2, K3, K4).

Example 1. 2UK1, where 2 is the safety class; U - control safety system; K1 - the first category of FG quality.

Example 2. 3NK3, where 3 is the safety class; H - control system of normal operation; K3 - the third category of FG quality.

3.17. A list of functional groups and their classification into categories should be defined in the project documentation for the OSWB.

3.18. The quality of the FG in the composition of the USWB should be determined in the project documentation by a set of indicators of the properties of the FG, given in Appendix 1, depending on the category to which this group is assigned.

3.19. The quality of the FG or the automation equipment included in it must be confirmed by the results of the implementation of the quality control procedures given in Appendix 2.

3.20. WWCS at NPP units must be operated in accordance with the operational documentation provided for in the project, process regulations and CS operation instructions.

3.21. In order to determine the residual life of the automation equipment of the WWCS, the timing of their replacement or modernization during operation, data on the resource and failures of the automation equipment should be recorded and analyzed.

3.22. The design documentation for the USBS should contain a test program and methodology before putting the SWTS into operation.

3.23. In the design documentation, the NPP unit's CSS should be subdivided into safety-important normal operation control systems (hereinafter referred to as OSNE VB) and CSS.

3.24. Prior to delivery to a nuclear power plant, the WWCS must be tested at a specially equipped test site in order to confirm the design characteristics, including their compliance with the requirements of the rules and regulations in the field of atomic energy use.

3.25. It is allowed to test individual parts or subsystems of the USBS with justification of the test conditions.

3.26. The results of tests of the USVB or its individual parts or subsystems at the test site must be presented in the NPP safety analysis report.

IV. NORMAL OPERATION CONTROL SYSTEMS IMPORTANT TO NPP SAFETY

4.1. USNE WB should carry out automatic and automated control of technological equipment of normal operation systems important for the safety of a nuclear power plant unit.

4.2. The composition and functions of the USNE WB should be determined by the design of the NPP unit.

4.3. The USNE WB should provide for several levels of influence on the means of controlling the technological parameters of the reactor plant, according to which the limits of safe operation (thermal power, coolant pressure, etc.) are determined, aimed at returning the controlled parameters to normal values. These actions should be sequentially transferred to the execution as the specified parameters deviate from the set value before the CSS initiates protective actions.

4.4. Technological protection and blocking of equipment should be carried out with automatic decommissioning and commissioning upon reaching the conditions established in the design documentation.

4.5. As part of the automation equipment that generates signals and implements technological protection, means of warning signaling about the operation of the protection should be provided.

4.6. The USNE WB should provide for self-diagnosis of serviceability and automated testing of technological protections.

4.7. The implemented algorithm of the protection action program must be executed until the termination of this program, regardless of changes in the triggering condition that caused it to fire.

4.8. The removal of the command to start protection after the completion of the protection action program must be carried out by personnel with the adoption of the organizational and technical measures provided for in the design documentation to prevent the erroneous removal of the command.

4.9. The operator on the control room should display information about the action and completion of each protection.

4.10. For automation equipment that perform the function of protecting process equipment, design solutions should be provided to ensure their withdrawal for repair or maintenance without violating the conditions of normal operation.

4.11. When automation equipment that performs the function of protection is taken out for repair or maintenance, a signal about the protection withdrawal must be generated in the USNE WB, while the signaling of the protection operation must be maintained.

4.12. The project documentation for the USNE WB should define:

Conditions for triggering technological interlocks;

States of systems under which their start-up and operation are allowed.

4.13. The states of the USNE WB, under which their launch and operation are allowed, should be determined in the technological regulations and operating instructions of the US.

4.14. USNE WB should be tested at the facility according to the functions established in the design documentation before the commissioning of the technological systems they control.

4.15. At the stages of commissioning and mastering the power of the NPP unit, stability tests of the control loops must be carried out according to special programs that take into account the real initiating conditions of normal operation.

4.16. USNE WB should be subject to periodic checks of the functions performed during operation.

V. NPP SAFETY CONTROL SYSTEMS

5.1. CSS should provide automatic and automated performance of the security functions provided for by the project.

5.2. The automatic commissioning of the technological equipment of the SS should be carried out when the conditions established in the project documentation arise.

5.3. Automated commissioning of technological equipment of the Security Service should be provided with the MCR and, in case of its failure, with the RCR.

5.4. The composition and functions of the CSS should be determined by the design of the NPP unit.

5.5. CSS should automatically display information on the MCR and RPU for operational personnel about the occurrence of conditions for the introduction of the SS and the implementation of actions to protect the SS.

5.6. When automatically starting the SB to block the operator's actions to turn off the SB for 10 - 30 minutes. As part of the CSS, automation tools should be provided.

5.7. The SB automatic control commands from the USB must have the highest priority compared to all other control commands.

5.8. The CSS design documentation must show the adequacy of the physical and functional separation of the CSS channels, ensuring the autonomy of each channel.

5.9. The design documentation of the NPP unit should provide for technical and organizational protection against unauthorized access to CSS hardware and software during operation.

5.10. CSS project documentation should contain:

List of conditions for automatic start of the SB;

Calculation results and values of FG reliability indicators;

Analysis of the consequences of failures;

Data on the resource of the RS and automation tools;

Draft regulations for maintenance, repairs, metrological verifications and tests;

Criteria and assessment of the limit state of automation equipment;

The procedure for decommissioning, testing and the procedure for commissioning channels;

Requirements for the number and qualifications of service personnel;

Requirements for the nomenclature, quantity and storage of spare components.

5.11. Justification of the reliability of FG CSS in the design documentation should be carried out taking into account the flow of requirements for the operation of systems and taking into account possible failures due to a common cause.

5.12. The CSS design documentation should define the recovery time of the CSS channels for each function performed by this channel.

5.13. CSS project documentation should contain:

List of CSS failures, in which it is planned to automatically bring the reactor plant to a state in which the safety of the NPP unit is ensured;

Test program and methodology before CSS commissioning.

5.14. When putting into operation the NPP unit's CSS control channels, tests must be carried out to verify the performance by the channels of the functions established in the design documentation.

Attachment 1

No. p / p	FG US property
No. p / p	FG US property

	Diversity
	Multichannel
	Independence
	Reliability
	Traceability
	Electromagnetic compatibility
	Resistance to mechanical external influencing factors
	Resistance to climatic factors
	Seismic resistance
	fire safety
	Resistance in the fields of ionizing radiation for elements of systems located in the zone of these fields
	Metrology
	Resistance to chemicals

Note. FG property indicators of category 4 are not regulated by this regulatory document, since they do not affect NPP safety.

Legend:

Indicators of the FG property indicated in column 2 of the table must be substantiated in the design in accordance with federal norms and rules in the field of atomic energy use for the category indicated in columns 3, 4 or 5 of the table;

Indicators of the FG property indicated in column 2 of the table may not be justified in the project for the category indicated in columns 4 or 5 of the table.

Annex 2

SCROLL

OF THE MAIN QUALITY CONTROL PROCEDURES OF US, FG US AND AUTOMATION TOOLS INCLUDED IN THEIR COMPOSITION

1. Factory testing

2. Technological run and quality check of the functions established in the project documentation

3. Acceptance tests

4. Certification*

5. On-site testing

6. Quality assurance during operation:

6.1. Compliance with design specifications

6.2. Episodic in-service EMC tests**

6.3. Metrological tests

6.4. Periodic confirmation of reliability by statistical methods

______________

* For control systems and automation equipment subject to mandatory certification.

** Carried out on the initiative of the operating organization.

federal Service

for Environmental, Technological and Nuclear Supervision

FEDERAL NORMS AND RULES IN THE FIELD OF THE USE OF NUCLEAR ENERGY

Approved

Decree

Federal Service

on environmental,

technological

and nuclear supervision

. №2

Requirements

to control systems important for

nuclear plant safety

NP-026-04

put into action

Moscow 2004

REQUIREMENTS FOR CONTROL SYSTEMS IMPORTANT FOR THE SAFETY OF NUCLEAR PLANT. NP-026-04

Federal Service for Ecological, Technological and Nuclear Supervision Moscow, 2004

These federal norms and rules" establish the purpose and scope of the document; general provisions; requirements for normal operation control systems important for NPP safety, and requirements for NPP unit safety control systems.the list of necessary terms and definitions.

These federal norms and rules take into account the changes made to the previously valid document "Requirements for control systems important for the safety of nuclear power plants" (NP-026-01).

*) The developer is the Scientific and Technical Center for Nuclear and Radiation Safety of Gosatomnadzor of Russia. Head of development - head of the department of control systems Ph.D. A.S. Alleev.

This regulatory document takes into account the proposals of interested organizations andenterprises: concern "Rosenergoatom", VNIIA, NIKIET, Atomznergoproekt, VNIIEM after their discussion at meetings and development of agreed decisions.

▪ FGs of safety class 2 USVB, for which the development of an accident, if it takes place in the event of failure of these FGs, occurs within a period of time during which compensatory or restorative measures can be taken to ensure the safe state of the NPP;

▪ FGs that provide operators with information about the parameters characterizing the state of the reactor plant during design basis and beyond design basis accidents;

▪ automation equipment FG US, which are located in unattended premises, where their repair and replacement is impossible for a long time;

▪ FG security classes 2 or 3 USBB, providing:

▪ the operator with the information necessary for automated control in order to prevent violation of the limits of safe operation or reduce the consequences of an accident;

▪ information necessary for the investigation of accidents;

▪ FG safety class 2 or 3 USBB, providing the implementation of automated control in order to prevent violation of the limits of safe operation or reduce the consequences of an accident;

FG safety class 2 or 3 USBB not assigned to the first and second categories;

e) the fourth category includes:

FG safety class 4 SS, the failures of which do not affect the safety of the NPP.

3.16. The classification designation of the FG US should include the safety class of the FG (2, 3 or 4) in accordance with federal norms and rules in the field of atomic energy use, a symbol denoting the US, which includes the FG (U - control safety system, N - control system of normal operation), and the FG quality category (K1, K2, K3, K4).

Example 12UK1, where 2 - safety class; U - control safety system; K1 - the first category of FG quality.

Example 23NK3, where 3 is the safety class; H - control system of normal operation; K3 - the third category of FG quality.

3.17. A list of functional groups and their classification into categories should be defined in the project documentation for the OSWB.

3.18. The quality of the FG as part of the USWB should be determined in the design documentation by a set of indicators of the properties of the FG, given in, depending on the category to which this group is assigned.

3.19. The quality of the FG or the automation equipment included in it must be confirmed by the results of the implementation of the quality control procedures given in.

3.20. WWCS at NPP units must be operated in accordance with the operational documentation provided for in the project, process regulations and CS operation instructions.

3.22. The design documentation for the USBS should contain a test program and methodology before putting the SWTS into operation.

3.23. In the design documentation, the NPP unit's CSS should be subdivided into safety-important normal operation control systems (hereinafter referred to as OSNE VB) and CSS.

3.25. It is allowed to test individual parts or subsystems of the USBS with justification of the test conditions.

3.26. The results of tests of the USVB or its individual parts or subsystems at the test site must be presented in the NPP safety analysis report.

IV. Normal operation control systems important for NPP safety