Safety Classification for I&C Systems in Nuclear Power Plants - Current Status & Difficulties

CORDEL Digital Instrumentation & Control Task Force

First published in 2015 – Revised in 2020

Classification of structures, systems and components (SSC) acts as part of the defence in depth approach as an essential task in the overall life cycle of a nuclear power plant. The classification of SSCs specifies their importance to safety, according to the consequences of their failure to perform when required.

The approach for safety classification of instrumentation and control (I&C) systems has been reorganized following the release of the standards IEC 61226 and IAEA SSG-30 in recent years. Whereas before classification of an item was derived from the safety importance of its system, today it is derived from the categorization of the safety relevance of a process and safety function to be realized by e.g. the I&C system The nuclear industry’s graded approach to safety stipulates that systems having higher safety importance should be of demonstrably higher quality, more tolerant of failures, and more resistant of hazards both inside and outside the plant. Thus the safety class of an I&C system and its assigned defence in depth (DiD) level have direct impact on the requirements on qualification, quality assurance, fault tolerance, system architecture, physical layout within the plant and the extent of engineering documentation.

To achieve a proper safety classification of I&C functions, it is necessary that the process and safety engineer from the vendor, customer and regulatory authority shall have a common understanding of the criteria for placing I&C functions into the various classification categories. Amending the categorization of I&C functions late in the design presents significant challenges for the project execution.

This report provides an overview of the generic approach to I&C safety classification, the important international standards and guidelines published by IEC and IAEA and a comparison of I&C classification approaches. The purpose is to identify topics that create difficulty for CORDEL members when developing and applying safety classification for I&C systems in nuclear power plants, and to describe the apparent cause of these difficulties.

As safety classification is closely linked to plant states and postulated initiating events, Annex 1 describes the important areas from an I&C view.

The initial edition of this report on Safety Classification for I&C Systems in Nuclear Power Plants was published in September 2015. This 2020 revision takes into account the feedback provided by CORDEL DICTF counterparts such as MDEP DICWG as well as latest discussions on the topic of safety classification in other international fora publications (IAEA, SDOs, etc)