Active PAR

P62671

Nuclear Power Plants - Instrumentation and Control Important to Safety - Selection and Use of Industrial Digital Devices of Limited Functionality

1.1 General This document addresses certain devices that contain embedded software or hardware descriptive language (HDL) Programmed Devices (HPD) which are candidates for use in nuclear power plants. It provides requirements for the selection and evaluation of such devices where they have dedicated, limited, and specific functionality and limited configurability. The scope of this standard encompasses what the International Atomic Energy Agency (IAEA) refers to as “Smart Devices” in Safety Reports Series No. 111, which draws from IEC 62671 (see 5.2.2 for Applicability). instrumentation and controls (I&C) systems important to safety of classes 1, 2 and 3 (in the IEC 61513 context) and class 1E (in the IEEE 603 context) may be implemented using conventional hard-wired equipment, digital technology equipment (computer based or programmed hardware) or by using a combination of both types of equipment. This International Standard provides the acceptance criteria for the selection, evaluation and use of certain digital devices. Such devices are very often developed to meet industrial safety standards such as IEC 61508. This standard provides a framework for qualification of the devices for use in a nuclear power plant. Devices addressed by this standard are dedicated devices of limited, specific functionality, that contain or may contain components driven by software or digital circuits designed using software-based tools. Examples are smart sensors, valve positioners, electrical protective devices or inverters that contain or may contain components driven by software or digital circuits designed using software-based tools. This standard does not address the software aspects of complex general-purpose devices that are addressed by other standards, such as IEC 60880, IEC 62138, and IEEE 7-4.3.2 for software. This standard addresses the aspects that should be considered when evaluating the suitability of these dedicated devices of limited, specific functionality for use in a nuclear power plant. The intent is to apply a graded approach to these aspects, with more demanding requirements applied for higher classes. These aspects include: • functional suitability (does the device perform the functions required, and are these functions suitably secure from interference from any other functions), • the evidence required to demonstrate this suitability (such as the development process followed, and the operational experience and maturity of the device), • aspects affecting integration of the device in existing systems (e.g. functional compatibility and impact on maintenance and operation), and • requirements related to ensuring the device will retain its suitability for its required lifetime (such as the lifetime of the plant). This standard relies on other standards, especially IEC/IEEE 60780-323, IEC 62003, IEEE 2425, and IEC/IEEE 60980-344 to address hardware qualification aspects not related to the complexities of software, namely reliability aspects related to environmental qualification and failures due to aging or physical degradation. 1.2 Background The need for this standard arises from current trends in the I&C industry including the advancing obsolescence of existing devices presently in use in nuclear power plants. It is becoming increasingly difficult, if not impossible, to identify analog devices or replace many existing devices with identical ones because suppliers increasingly employ micro-controllers, application specific integrated circuits (ASICS) etc. embedded within the candidate replacement devices, and analog devices are becoming increasingly unavailable. There are various technical risks regarding the suitability of these devices for use in nuclear plants, because: • many of these devices do not duplicate the precise functionality of the obsolete device to be replaced, having in some cases less and in other cases more functionality, or even subtly different functionality that may be inconsistent with the original design intent, • these differences in functionality are not always readily apparent. • they may have specific vulnerabilities or failure modes that did not exist with the original equipment and that need to be considered.

Standard Committee
PE/NPEC - Nuclear Power Engineering Committee
Status
Active PAR
PAR Approval
2025-06-19

Working Group Details

Society
IEEE Power and Energy Society
Standard Committee
PE/NPEC - Nuclear Power Engineering Committee
Working Group
WG_6.6 - Intelligent Digital Devices Working Group
IEEE Program Manager
Jodi Haasz
Contact Jodi Haasz
Working Group Chair
Andrew Nack

Other Activities From This Working Group

Current projects that have been authorized by the IEEE SA Standards Board to develop a standard.


No Active Projects

Standards approved by the IEEE SA Standards Board that are within the 10-year lifecycle.


No Active Standards

These standards have been replaced with a revised version of the standard, or by a compilation of the original active standard and all its existing amendments, corrigenda, and errata.


No Superseded Standards

These standards have been removed from active status through a ballot where the standard is made inactive as a consensus decision of a balloting group.


No Inactive-Withdrawn Standards

These standards are removed from active status through an administrative process for standards that have not undergone a revision process within 10 years.


No Inactive-Reserved Standards
Subscribe to our Newsletter

Sign up for our monthly newsletter to learn about new developments, including resources, insights and more.