TOPIC:MODERN INSTRUMENTATION AND CONTROL FOR NUCLEAR POWER PLANTS

ABSTRACT:This paper gives a overview of the use of modern instrumentation and control systems in nuclear power plants, speaks of its development, utility,operation, brief description of its function and structure and also a few major drawbacks in its applications.As nuclear power plants are rising nowadays,and they are one of the main pillars in technological as well as human advancement ,so the above topic has been chosen to discuss the role of I&C in NPPs.Different PWR plants in France,United States,Japan etc,nowadays use the advanced technology,and have focused on developments of I&C as well,for betterment of safety purpose,power and other neccesities. INTRODUCTION
The development in the field of instrumentation and control (I&C) has been very rapid over the last two decades. New generations of equipment with improved performance have been introduced to the market at a high rate. The new systems take advantage of technological achievements to accommodate sophisticated treatment of measurement and control signals, for speed and reliability, but also for flexibility and versatility. The introduction of the new system in nuclear power plants has been considerably slower than in the conventional industry ,mainly due to the fact that very few new nuclear power plants have been built during the past twenty years. Today the new systems are introduced in modernisation projects at nuclear power plants all over the world . There are many indisputable benefits of the new I&C systems, but the licensing of them have showed to be difficult in NPP.There are different forces driving nuclear power plants to modernise their I&C systems. The instrumentation and control (I&C) systems of a nuclear power plant (NPP)have three major roles. Firstly, they are the eyes and ears of the operator. If properly designed, constructed and maintained, they provide accurate and appropriate information and permit judicious action during both normal and abnormal operation. They are therefore, with the human operator, vital for the safe and efficient operation of the plant. Secondly, under normal operating conditions they provide automatic control, both of the main plant and of many ancillary systems. This allows the operator time to observe plant behaviour and monitor what is happening so that the right corrective action can be taken quickly, if required. Thirdly, the I&C safety systems protect the plant from the consequences of any mistakes which the operato ror the automatic control system may make. Under abnormal conditions they provide rapid automatic action to protect both the plant and the environment. The I&C requirements of an NPP are, in most cases, more complex and diverse than those of a conventional power plant.

NEED FOR THE DEVELOPMENT OF I&C IN NPP:

--, After the accident at TMI (1979) and especially after the Chernobyl accident (1986), requirements for more flexible operation and greater availability as well as additional safety increased and there was a worldwide evolution in regulation and greater demand for reliability. ---Optimum production of electrical energy consistent with the protection of the environment implies design for high efficiency and a minimum number of interruptions (to avoid outage time as well as to minimize stress on systems and components) combined with utmost life extension of the entire plant. --- In order to save outage time and fuel cost, fuel design and loading patterns have been optimized for low neutron leakage (low leakage loading) as well as for load cycle lengths of more than 1, 1 or even 2 years (plus higher burn up rates). This enhances cost effectiveness and availability but, unfortunately, also causes new necessities, such as: Better accuracy for power density measurement or improved calculations for locations in the middle of the core; Enhanced noise filtering of out-of-core neutron flux signals; Adaptation of licensing and procedures for longer periods between maintenance; Avoidance, or solution, of oxidation problems with fuel cladding. ----Furthermore, it requires protection against all anticipated operational occurrences (AOOs) by early, sensitive, quick and forceful but, if possible, reversible countermeasures, e.g. by the use of supervisory control or protective limitation systems. Finally, it must be possible to shut the plant down and then keep it safe by removal of the residual heat and by mitigating the consequences of all kinds of accident conditions (ACCOs). . This proved obsolescence aspects of I&C systems and equipment and urged all kinds of back fitting and upgrading. These matters were influenced by the revolutionary development of many I&C techniques, especially the introduction of processor based equipment for I&C systems important to safety. The new capabilities of these techniques were accompanied by some important difficulties. For example, the application of software increased the probability of CMFs and hence generated a need for complicated V&V procedures. This, in turn, necessitated the application of formal specifications and the use of tools for software engineering.

TECHNOLOGICAL ADVANCEMENT AND DEVELOPMENTS:

The majority of the I&C systems which monitor and control todays NPPs are largely based on process technology from the 1950s and 1960s. Since that period, dramatic advances in electronics and computer technology have occurred and have resulted in multi fold increases in functionality and performance. The reduction in cost has been equally spectacular. This combined effect of increased performance and reduced cost has made it possible for the I&C industry quickly to assimilate the rapid technological change. As a result, I&C technology has advanced more rapidly and more radically than any other discipline important to NPPs In assessing the changing I&C technology there are a few important observations to be made. Firstly there has been a transfer from analogue to digital technology, which implies that control solutions have moved from continuous to time sampled control. Secondly the new systems are programmable, which makes it possible to implement a large range of algorithms with the same hardware. Thirdly the development has been very rapid, which means that product generations have become very short and introduced a different kind of obsolescence .The consequence of the introduction of the new technology has been that a new range of requirements has to be taken into account and reflected in the engineering processes.The new technology carries many important technical benefits as compared with old analogue and relay based I&C technology. It is for example basically drift free and there are large possibilities to implement advanced computational algorithms. It is also possible to use advanced fault response mechanisms to increase the reliability of the I&C. Further signal multiplexing on cables can be used to achieve a very high throughput to make it viable to use redundant cabling routes. With the shift of technology there has been a shift from conventional control rooms with handles and meters to control rooms based on soft control and visual display units(VDU), which give far better operability and overview in various situations. The new systems make use of computers in the design process to ease both documentation and the verification and validation (V&V) processes. The use of digital technology in the safety panel has considerable advantages over conventional analog displays. These include: Potential for lower costs;

Improved testing; Ability to display information in different patterns; Use of mathematical models to interpret ongoing phenomena; Flexibility of modification; Ability to interface with other digital devices. It is essential that operators participate in the development of these monitoring and diagnostic systems from the start. For example, operators can conduct preliminary tests in full-scope simulators and provide the system designer with important feedback on system weaknesses and additional operational needs. Research on artificial neural networks (ANNs) as a potential operator support tool has been growing recently. ANNs mimic the basic functions of neurons. They learn from experience and, by using an inductive process, are able to generalize from previous events to new ones.

The major technological features resulting from technological evolution are assembled below :
DIGITAL ELECTRONICS: Digital electronics technology has rapidly taken over the bulk of new electronic applications because of its vastly increased functionality, lower cost, improved reliability and reduced maintenance requirements. COMPUTER BASED MONITERING AND CONTROL SYSTEM: The extraordinary increase in computing power and the simultaneous dramatic reduction in cost of computing hardware have made it possible to develop high performance plant monitoring and control systems with a wide range of functions and features. Their most recognizable feature is user friendly humanmachine interfaces (HMIs) with graphical displays. . COMPUTER SYSTEM PERIPHERALS: There have been enormous improvements in the performance and cost of computer peripherals as well as in computers themselves. The capacities of read-only memories, hard disks and removable diskettes have increased by orders of magnitude while maintaining small physical sizes . SOFTWARE ENGINEERING: Over the last 1015 years, rapid computerization in NPPs has resulted in software becoming an important component of NPP design, operation and maintenance. MICROPROCESSOR BASED SYSTEMS: Microprocessors have revolutionized I&C systems. With their capability for convenient programming of complex tasks, they have found applications in a phenomenally wide range of applications . INFORMATION DISPLAYS: The last decade has seen vast ement logic are now largely built using microprocessor improvements in cathode ray tubes (CRTs): increased resolution, improved colour and increased size. These features have been put to use in NPPs as the need for information presentation has continued to grow. Other types of visual display unit (VDU) have become available and offer benefits that are of particular interest in NPP applications. Plasma displays provide features such as flicker free pictures and are only a few centimetres deep. They are also proof against shock and vibration stresses. Liquid crystal displays (LCDs) offer fewer advantages in AC powered installed units but are ubiquitous in portable equipment, including computers. COMMUNICATIONS: Another dramatic technological advance has occurred in the field of data communications. The rate of data transfer over communications highways has increased by orders of magnitude in the last decade. Fibre optics and high speed optoelectronics have made possible a significant improvement in data communications speed.

other devices.

QUALITY ASSURANCE PLANNING AND QUALITY CONTROL

QA planning and quality control (QC) are normal constituents of the overall safety life cycle of I&C systems important to safety. This cycle may be roughly described as comprising the following phases Concept;

Safety analysis; Requirements; Planning; Realization; Installation and commissioning; Verification and validation; Operation and maintenance;

BRIEF DISCUSSION ON DESIGN,STRUCTURE AND OPERATION OF I&C SYSTEMS IN NPP

. BASIC PHILOSOPHY The basic purpose of NPPs is to generate electrical power as cheaply as possible while ensuring the safety of the public and the operating staff. It is also necessary to keep harmful effects to the environment below an acceptable level, which means preventing non-radioactive pollution as well as containing radioactive material under normal and abnormal operating conditions. NPPs are different from more conventional systems such as chemical plants or fossil fuelled power plants because: They contain much larger quantities of accessible stored energy. Their large capital investment demands high reliability and freedom from spurious shutdown. This precludes the use of very simple protection systems and, for example, leads to the need for techniques such as redundant voting. There is the possibility of releasing radioactive material and the possibility (or at least the perception) of environmental damage greater than that possible by chemical means. The two main objectives, power production and safety, determine the I&C requirements of all NPPs. Provide independent safety and control actions (and shutdown actions if required); Prevent further undesirable consequences of an accident for a significant time (at least 30 min) without operator intervention and then provide appropriate facilities for whatever action is necessary. The first of these is self-evident in many ways but there are constraints which are not obvious. Thus, control systems, both manual and automatic, must be consistent with the safety regime of the plant and must not, for example, impose transients which the safety protection systems might find difficult to handle. The extreme case of this is the prevention of excess reactivity which could lead to prompt criticality. Similarly, instruments and their displays must be consistent with the safety analysis and must take into account conceivable accident scenarios. This leads to

concepts such as qualification. The primary basis of NPP safety is not I&C but lies in the conceptual, mechanical and thermohydraulic design of the plant itself and is the responsibility of the plant designer. For example, although instruments can warn of excessive pressure, there is little that they can do to prevent a weak pressure vessel from bursting. Equipment ought to be reliable and easily manageable so that control and protection requirements are minimized. The ideal reactor is one in which all possible transients are terminated by the dynamics of the system and in which the protection devices are never required. Unfortunately, this ideal is not possible and the basic safety purpose of I&C is to assist in detecting and announcing lapses, flaws and errors of all kinds and in preventing them from leading to unacceptable stress on the first line of defence. The I&C system provides data to the human and automatic operators and then monitors internal and external influences, including the operators, to ensure that the plant remains within its ordained safety envelope. Thus, I&C works with the basic nature of the plant to achieve the safety and operational reliability targets. These statements are not trivial because they highlight, for example, the advantages of separating control from protection functions and the need for the protection system design to follow the plant fault analysis. They also underline the need for I&C specialists to understand the properties of the plant in some detail. In an NPP it is necessary to deal with a wide variety of signals, both nuclear and conventional, before reliable plant status information can be derived. These data are used as information inputs for the control and status annunciation systems as well as for the actuation of systems important to safety. A large number of transducers, measurement principles and methods are employed. Their classification is difficult but one convenient grouping is as follows: Nuclear instrumentation: e.g. for neutron flux density and spatial distribution measurements used in reactor power determination. Process instrumentation: e.g. for measurements of reactor pressure, coolant or pressurizer level, steam flow, coolant temperature and flow, recirculation pump speed and containment pressure, as well as for indicating component status such as valve and control rod position. Radiation monitoring instrumentation: e.g. for steam line monitoring, checking for gas effluents and site (area) radiation monitoring. Special instrumentation: e.g. for meteorology, seismic monitoring, failed fuel detection and measurement of vibration, hydrogen concentration, water conductivity and boric acid concentration. DESIGN FACTORS Conceptual design is very important and governs the systems provided, their functions and their separation. In general, the overall concepts and the individual systems should be simple so that they can be analysed without ambiguity and the consequences of failure predicted. Balance is necessary between the complexity needed for the task and the reliability which is likely to be achieved in operation. This philosophy has tended to change in recent years and it is often now argued that complex systems can provide self-monitoring and are therefore better. This is acceptable if it can be proved by detailed analysis. As has been stated, I&C must be in harmony with the plant and must dovetail with its protection needs. The process starts with a review of the plant to establish its modes of failure and the ways in which hazard can arise. Postulated initiating events (PIEs) are considered, their consequences followed and possible failure trees generated. All of these must be detected by instrumentation which is also expected to tolerate a specified level of internal failure. For example, it will certainly have to meet the SFC . Some authorities also demand that potential accidents be detectable through two different parameters (e.g. flux and pressure), one of which is the parameter of greatest concern, i.e. the one which has the closest relationship with the cause of the hazard. As a simple example, excess reactivity is better detected via neutron flux than via its (delayed) thermal effect. Systems may be designed and justified on a deterministic or a probabilistic basis, the latter having the advantage that the relative importance of each system failure mode is established. In the past, failure trees were subjectively labelled credible or incredible and, in essence, protection was provided only against credible

accidents. More modern analyses ascribe numerical probabilities to scenarios and systems have to be designed to a reliability target such as a particular number of failures on demand. The concept of credibility also survives, however, in the context of design basis and beyond design basis events. The fact that NPP I&C design starts from safety and reliability goals cannot be stressed too highly. This is what has led to current design philosophies and techniques and to the general use of reliable and highly qualified, but often expensive, equipment. It also means that readily available and possibly relatively cheap equipment may not be acceptable unless used in architectures which take potential unreliability into account. This is also true of associated apparatus such as power. supplies and coolers. Complete systems have been known to fail because of the loss of a fan. In summary, an I&C system exists so that the plant can be controlled and be prevented from going outside its safety envelope. It should implement functions which are analysable and traceable to a plant control or failure analysis. If appropriate this will include aspects of human behaviour such as possible control error, response in an emergency or maintenance error. Human error can also arise in the design process itself.

IMPLEMENTATION
The principles described above are generally followed throughout the world but implementation details tend to vary, largely because the regulatory and technical background in a given country tends to depend on the environment and on the individuals who were influential when nuclear power started in that country. This situation is changing but it continues to be a factor in the export and import of plant and plays a part in international discussion. Thus, while systems have a common starting point, various control philosophies have evolved, resulting in different system structures realized by different designers at different times. For example, some early concepts favoured a single, global, plant I&C system, fulfilling functions important to safety as well as operational tasks. Stated benefits of this approach included less instrumentation and increased confidence arising from the continual exercising of safety related equipment (in contrast to standby safety systems). However, the adoption of IAEA Codes and Safety Guides and new trends in design have led to a preference for independence between the operation and protection parts of the system. Each can then be optimized for its own purpose and protection functions given full override priority. Segregation against external CMFs is also simplified. In addition, complementary philosophies have evolved, stressing the safety aspect of all I&C systems and grading them into degrees of importance . The benefits of this are seen in increased plant availability through the avoidance of unnecessary actuation of safety systems. 13.3.2. Failure to safety and defence in depth In theory, plants can be protected by designing instruments in such a way that all failures are safe and lead directly to shutdown. This is a good general philosophy but there are three major problems: It is physically impossible to produce instruments which are totally fail-safe, and even if it were it would probably be impossible to prove it. (b) Even if it could be achieved, complete reliance on failure to safetywould lead to many spurious shutdowns and poor plant economics. In the extreme it would prevent on-line maintenance. (c) The safe direction, i.e. the direction of those actions (automatic or manual) which will bring the plant to a safer condition, is neither always clear nor always the same. For example, it is obvious in the case of a neutron detector guarding against excess reactor power but not so in the case of many of the systems used for decay heat removal after shutdown. Thus, the normal approach is to design as far as reasonably possible for failure to safety and then to overcome the points mentioned above by means of redundancy, diversity and separation STANDARDIZATION OF PLANTS AND THEIR I&C EQUIPMENT . Plants and systems After learning periods of designing and operating prototype reactors, most

manufacturers (and some countries) have tried to standardize plant types and the components within different plants. The advantages lie not only in the saving of design time but also in the avoidance of new documentation, training, etc. Repetition also permits the use of the same, and therefore cheaper, components and spare parts and possibly the same licensing and certification processes. The exploitation of experience and statistical data, common procedures for normal and abnormal operation, refuelling, repair and upgrading, and the optimum use of simulators are also advantages. . I&C equipment The qualification costs for equipment important to safety are very high and, for hard-wired components, a factor of 2 is a proven good figure for the ratio of qualification to other development costs. The figure for computer based equipment is not yet known but is unlikely to be smaller. This means that multiple use of qualified equipment minimizes costs very effectively. In addition, plants using the same equipment can exchange spare parts. However, the use of qualified equipment for long periods means that the user is restricted to the facilities which it provides and is unable to take advantage of the probably enhanced capability offered by more modern systems. Such improvement could enhance both the operational and safety aspects of the plant and offset the increased cost. The use of modern industry standard equipment, qualified to requirements that are sufficiently comprehensive but less demanding than those often specified for nuclear applications, may be a practical alternative for modern I&C systems. However, such equipment must be configured in an architecture which ensures that overall system requirements are met. Because of requirements placed on the production of computer based equipment (these include considerable planning, documentation and QA/QC) this method may become feasible in the near future. In any case it is an interesting future task to minimize design and qualification costs and achieve advantages in functionality through the flexibility of this new and effective technique. This must, of course, be done without prejudice to the reliability of the global system.

STRUCTURE
. GENERAL The I&C systems in an NPP are carefully and formally structured. This is of great importance to safety because it allows proper analysis and the enforcement of appropriate design and engineering rules. It permits each I&C function to be identified with its safety or operational goal and assists in organizing and guaranteeing appropriate separation, for example between the control and protection functions and between redundant and diverse elements.

MAIN STRUCTURES The processes mentioned above can be implemented using a wide variety of structures and hierarchies and many different systems exist. It is not possible here to discuss them all in detail. However, the field is continually changing and the continued introduction of microprocessors and computer networks, for example, is tending to diffuse intelligence and move it downwards through the system Plant control level. ----System (or group) control level Component (or device) control level.

. STRUCTURES OF SUBSIDIARY UNITS Measured values generated by process variables are converted into electrical or pneumatic signals which are then transmitted to subsidiary units used for indication, control and protection functions. As has been stated, there is an increasing tendency for local units to do more signal processing and to contain more logic and intelligence. One such tendency is the introduction of local specialized expert systems to guide local operators and maintenance staff. Before transmission, sensor signals are usually converted to standard signal levels (e.g. 420 mA or 010 V). For remote transmission of signals the 4 20 mA current signal is more common because of its higher noise immunity. Voltage signals (such as 010 V) are generally used within the control room for recorders and indicators. . Analog systems Many NPPs still use analog devices to provide information to the operator, control processes and actuate the protection system. Once again, there are many different implementations but a typical analog system may comprise the following: Master trip units. Master trip units interface with a 420 mA transmitter or a three wire resistance temperature detector (RTD) located in some remote part of the plant. DESIGN CONCE ----Slave trip units. Trip relays. Power supply. The trip units are designed with individual power regulation circuits so that main power supply voltages need not be precisely regulated. This allows the use of a highly reliable ferroresonant type power supply which is not likely to fail in such a way as to introduce a high voltage into the system. This feature precludes catastrophic failure of all trip units on a single bus due to power supply failure. The power supplies are designed with built-in diode isolation at the output, so they may be connected in parallel for load sharing and/or transfer without unacceptable transients in the event of a single power supply failure. Power leads bypassing the diodes are also brought out for single unit applications or for individual unit voltage sensing when several power supplies are operated in parallel. Digital systems The age related degradation of some earlier analog electronic systems and the difficulty of obtaining qualified replacement components for those systems, together with a desire for enhanced features such as automatic self-testing and diagnostics greater flexibility and increased data availability, have prompted some reactor licensees to replace existing analog systems with digital systems. Both analog and digital systems monitor, control and protect critical plant equipment and processes to ensure that the plant operates safely and reliably. However, analog systems and digital systems perform differing tasks to accomplish these functions. Analog systems execute hard-wired instructions, whereas digital systems accomplish their functions by means of software stored in memory using processing and data transmitting equipment (hardware). The use of hardware and software gives digital systems flexibility, but also increases vulnerability to software failures and to certain hardware failures.

POWER SUPPLIES
20.1. ELECTRICAL POWER SUPPLIES 20.1.1. Principles Most of the I&C equipment used in an NPP requires an electrical power supply and the continuous provision of this supply is essential to the availability and safety of the plant. In particular, it is essential that no fault can lead to loss of supply to more than a small part of the I&C system (e.g. one redundant element or part thereof), even under extreme and infrequent fault conditions. Power supplies must therefore provide the same reliability and performance as the equipment that they feed, which leads to the concept of related supply divisions. . Each section of the supply must be highly reliable and be carefully designed tominimize the consequences of component faults, spurious trips due to transient effects or loss of power input. The quality of the output (e.g. the range of voltage variation) must be suitable for the load. The sections must be segregated so that a fault

in one (e.g. a fire) cannot propagate to another and result in the failure of a second section, possibly feeding a different protection system. For safety reasons protective equipment is usually designed to produce a trip signal in the event of loss of power supply. Therefore, even a short power break of, say, 1 s, may cause a reactor trip and hence major operational difficulty. This can be avoided by use of batteries which either feed the load directly with DC or supply AC through an inverter. The batteries are charged by chargers fed from the incoming power supplies and, in the event of these failing, maintain supply to the load until the battery runs down or until an incoming supply is restored. However, the large batteries required to maintain large loads are expensive and where, as in many cases, a short break of the order of 1 min is acceptable, short break supplies fed directly from AC may be used. In the event of loss of such a supply, another AC supply is automatically switched in or a local generator started up to feed the load after a break of possibly 23 min (some utilities demand that the plant be safe for a 10 min break in case there is an automatic startup failure). This type of supply may be used to feed the battery chargers referred to above. The process of switch-over or of starting supplementary supplies must be carefully specified and controlled. There will also be requirements for special supplies in the event of an accident, coupled with the loss of grid supply. Decay heat removal, in particular, requires significant power and could present a problem if supplies were unavailable for a long time. Plans should therefore be made for the acquisition and use of transportable generators from outside the plant and the I&C system must be able to continue its required functions while these plans are being put into effect. Steam produced from decay heat might be used for generation purposes for a limited time. In order to improve availability, or to interface a multichannel I&C system with a different number of power supply divisions, some cross-connections may be necessary. The system layout must, of course, be looked at as a whole and spatial separation, the isolating devices to be used (diodes, fuses, circuit breakers, transformers, etc.) and the necessary interlocks must be considered. To avoid these issues, the modern trend is towards completely independent divisions with no cross-connections.

SAFETY MEASURES
Defence in depth is a fundamental principle of NPP design and operation since it underlies the essential safety technology. All safety activities, whether organizational, behavioural or equipment related, are subject to layers of overlapping provisions so that if a failure occurred it would be compensated for or corrected without causing harm to individuals or the public at large. This idea of multiple levels (or echelons) of protection is the central feature of defence in depth and it is repeatedly used in the safety principles applied in NPPs. The defence in depth concept provides an overall strategy for NPP safety measures and features. When properly applied, it ensures that no single human or mechanical failure could lead to injury of the public and that even combinations of failures which are only remotely possible would lead to little or no injury. Defence in depth helps to establish that the three basic safety functions (controlling the power, cooling the fuel and confining the radioactive materials) are preserved and that radioactive materials do not reach people or the environment. 14.2. LEVELS OF PROTECTION Defence in depth is implemented by means of a series of physical barriers and a series of levels of protection . Physical barriers are the fuel matrix, the fuel cladding, the boundary of the primary coolant system and the confinement. Levels of protection are: A combination of conservative design, QA and safety culture; Control of normal and abnormal operation and detection of failures; Safety systems and protection systems; Accident management;

Off-site

emergency

response.

DRAWBACKS: MAJOR I&C RELATED ISSUES

The following drawbacks of I&C is faced in NPPs. (a) Difficulties in lifetime support for existing I&C equipment and systems. The I&C equipment of a given NPP will most probably have to be replaced or upgraded once, if not twice, in the lifetime of the plant. This has already been experienced in many cases. Contributory factors are described below: The fast pace of technological development in electronics results in rapid obsolescence of I&C equipment. This leads to difficulty in supporting the installed equipment; for example, spare parts prices may become exorbitantly high, making it more economical to replace items with a cheaper, more efficient functional equivalent. Alternatively, the equipmentmay no longer be manufactured and spares and technical expertise may just not be available. Backfitting may arise from a need to incorporate major functional improvements following changes in the operating environment (e.g. from the effect of grid requirements on plant, or a need for automation) or from regulatory imperatives. Incidents (anywhere in the world), some major, some minor, also generate a need for better or more comprehensive instrumentation. The most important issue to be addressed is the licensiability of the new system. The new technology has shown to carry the possibility of unexpected pitfalls, which should be addressed with prudence and diligence to ensure a smooth and timely completion of a modernisation project. In spite of difficulties to apply the new technology there are many modernisation projects, which have been completed in a timely manner with large success. This experience has lead to that IAEA and especially its Technical Working Group on Nuclear Power Plant Control and Instrumentation (TWG-NPPCI, [3]) has befor the modernisation project through the collection and documentation of both positive and negative experience from the project.

AN OUTLOOK FOR THE FUTURE

In taking an outlook for the future the main question is how the nuclear field will develop. If there are no new plants built the future may be meagre. Within the industry many persons predict a new coming of nuclear power in the world, but they at the same time note that it may take a long time. A recent green paper on the situation within the European Union stated that the nuclear option must be re-examined in terms of its contribution to security of supply and greenhouse gas reductions. This statement represents a change in views as compared with earlier positions on nuclear power in Europe. The new plant to be built in Finland may represent an opening in this direction.Looking especially into the I&C area, it can be expected that the present fast development informationand communications technology will continue, as there are no signs that present development towards smaller, faster and more efficient chips will stop. This implies that we may expect more computing power and more functions within the I&C. For the new plants it can be expected that they will rely on far more automation as I&C functions come down in price and are becoming more reliable. It is also to be expected that there will be more sensors and that they will be smart. Most equipment will be intelligent, remotely

controlled and have advanced possibilities for condition monitoring. More generally it can be expected that future plants will have considerably smaller staff as compared with present nuclear power plants. In building those plants it can be expected that specification, design, construction, testing and documentation of the I&C system will be supported with integrated information systems . This will also help in maintaining documents at the plants during their operational life . In the control rooms and during maintenance activities computerised procedures will be used [ Control rooms will be reviewed using virtual reality tools and advanced simulators For the hardware and software solutions it is to be expected that open interfaces make it easier to interconnect different systems. It may even be expected that I&C products will be implemented by system integrators combining a large number of commercial-off- theshelf (COTS) products. Finally the present interest in safety culture and learning organisations can also be expected to influence the requirements set on the I&C .

CONCLUSIONS
The nuclear industry can be considered small in a global I&C market. This means that the nuclear industry has to rely on solutions developed for other applications. The special requirements that is placed on I&C for nuclear applications to provide proof for functional fitness should therefore to be taken care of by collecting all available evidence their design features, from the development process, from the testing and from the operational experience. Sometimes it may be necessary to introduce diversity in the systems at the additional cost of increasing complexity. Properly approached the special needs of the nuclear industries should be possible to handle with components that have been created for other similar safety oriented applications. The long operational life for the nuclear power stations makes it necessary to plan for perhaps 2-3 modernisations from the beginning to cope with the rapidly developing technologies. That would imply for example reliance on functional design that can be made independent of used system platforms. The need for implementing modernisation's over a longer period during several consecutive refuelling outages makes it also necessary to implement a flexible updating procedure for the physic al equipment as well as for plant instructions and documentation. 5(6) A country opting for a nuclear power programme should be aware of the implicit commitments that are made. The country should be able to maintain knowledge and skills to operate the plants and to keep them in good order. This evidently depends on what knowledge and skills can be acquired on an international market. To make any coping strategies efficient the needs have been identified and reacted on a governmental level. This policy has been adopted in Finland with a large success, where national needs have been identified in good cooperation between utilities, the regulator, research establishments and universities [15]. Presently the national nuclear safety research programme [16] is approaching an end and a new 4 year research programme is in its initial phase. VTT is a major player in the nuclear field in Finland and has taken a proactive approach in this regard [17]. Considering strategies for a small country, I&C is one important area, where there is a potential to maintain a good understanding also in a time of rapid technological development.

THE END