CORDEL Defence-in-Depth and Diversity: Challenges Related to I&C Architecture

April 2018

Download pdf of report

Inconsistencies in the definitions of terms, attributes, assessment methodologies, and scope associated with the concepts of ‘defence-in-depth’ and ‘diversity’ can lead to significant challenges in design, licensing and cost of nuclear power plants. The differences between these definitions were first investigated in Safety Classification for I&C Systems in Nuclear Power Plants: Comparison of Definitions of Key Concepts and are expanded upon here.

The concept of ‘diversity’ in particular has changed as concern over common cause failure (CCF) in digital instrumentation and control (I&C) systems has become more prevalent. This has in turn affected the development of I&C design for the main line of defence (e.g. protection system). Previously, redundancy and separation of structures and components – such as the use of identical equipment in a four/three divisional arrangement – was an acceptable approach to meet the N+2 criterion and thereby demonstrate diversity. However, the N+2 criterion has now been extended by the conservative assumptions associated with digital I&C and thus digital CCF has come to replace redundancy as the main driver for designing diverse digital protection systems.

This report is organized as follows:

  • A review of the terms and definitions associated with defence-in-depth and diversity used by different organizations.
  • Outline of the challenges in defining ‘defence-in-depth’ and ‘diversity’.
  • Analysis of the challenges related to the application of defence-in-depth and diversity, for example during the upgrading of existing nuclear plants or the implementation of regulatory guidance.
  • Recommendations of potential solutions.



You may also be interested in