Integrated software safety analysis method for digital I&C systems

The digitalized Instrumentation and Control (I&C) system of Nuclear power plants can provide more powerful overall operation capability, and user friendly man-machine interface. The operator can obtain more information through digital I&C system. However, while I&C system being digitalized, three issues are encountered: (1) software common-cause failure, (2) the interaction failure between operator and digital instrumentation and control system interface, and (3) the non-detectability of software failure. These failures might defeat defense echelons, and make the Diversity and Defense-in-Depth (D3) analysis be more difficult. This work developed an integrated methodology to evaluate nuclear power plant safety effect by interactions between operator and digital I&C system, and then propose improvement recommendations. This integrated methodology includes component-level software fault tree, system-level sequence-tree method and nuclear power plant computer simulation analysis. Software fault tree can clarify the software failure structure in digital I&C systems. Sequence-tree method can identify the interaction process and relationship among operator and I&C systems in each D3 echelon in a design basis event. Nuclear power plant computer simulation analysis method can further analyze the available backup facilities and allowable manual action duration for the operator when the digital I&C fail to function. Applying this methodology to evaluate the performance of digital nuclear power plant D3 design, could promote the nuclear power plant operation safety. The operator can then trust the nuclear power plant than before, when operating the highly automatic digital I&C facilities.