(Teleprem) Advanced I&c Systems For Nuclear Power

Download as pdf or txt
Download as pdf or txt
You are on page 1of 6

International Conference Nuclear Energy in Central Europe 2001

Hoteli Bernardin, Portoro, Slovenia, September 10-13, 2001


www: http://www.drustvo-js.si/port2001/ e-mail: [email protected] tel.:+ 386 1 588 5247, + 386 1 588 5311 fax:+ 386 1 561 2335 Nuclear Society of Slovenia, PORT2001, Jamova 39, SI-1000 Ljubljana, Slovenia

ADVANCED I&C SYSTEMS FOR NUCLEAR POWER PLANTS FEEDBACK OF EXPERIENCE


Heinz Josef Prehler Framatome ANP GmbH Berliner Strasse 295, D-63037 Offenbach, Germany [email protected] 1 INTRODUCTION

Advanced I&C systems for nuclear power plants have to meet increasing demands for safety and availability. Additionally specific requirements arising from nuclear qualification have to be fulfilled. To meet both subjects adequately in the future, Siemens has developed advanced I&C technology consisting of the two complementary I&C systems TELEPERM XP and TELEPERM XS.

T E L E P E R M X S /X P
S a fe ty I& C
E n g in e e rin g S y s te m SPACE

G e n e ra l C o n c e p t
O p e r a tio n a l I& C
E n g in e e rin g S y s te m E S 680 P ro ce s s C o n tro l a n d In fo rm a tio n S y s te m O M 650

S a fe ty C o n tro l P anel

B ackup P anel

~
G a te w a y

P la n t b u s

R e a c to r P ro te c tio n S y s te m
M

P rio rity L o g ic F ie ld

A u to m a tio n S y s te m A S 620
M

Figure 1: TELEPERM XP and TELEPERM XS TELEPERM XP is primarily oriented to automation of the non safety related part of the power plant process. Such applications involve extensive open and closed loop control systems and encompass all tasks required for process control via the man-machine interface. Therefore the TELEPERM XP system consists of the AS 620 automation system, the OM 690 process control and management system, the ES 680 engineering system, the DS 670 diagnostic system and the SIMATIC NET bus system. Three versions of automation systems are available: for standard automation, for fail safe automation of safety related tasks and for turbine automation.

504.1

504.2

TELEPERM XS is designed to meet all the requirements on I&C important to safety in nuclear power plants. Typical applications include reactor protection (RPS) and Engineered Safety Features Actuation System functions (ESFAS). The following explanations deal with this safety related digital I&C system TELEPERM XS. 2 DIGITAL I&C SYSTEMS FOR SAFETY TASKS

TELEPERM XS Groups of Components


Standard hardware
operating system runtime environment libraries Selected components from SIMICRO MMC SIMATIC SIMATIC NET

TELEPERM XS qualified for nuclear applications Specific system software Engineering system

Tools for specification code generation verification testing documentation diagnostics

Figure 2: Teleperm XS Groups of Components TELEPERM XS is qualified for application in the highest safety category to be suitable for all of these tasks, and the scalability of the system makes it an equally cost-effective solution for other functions important to safety such as reactor control or use as control rod worth minimizer. Specific requirements for safety I&C systems are defined in national and international codes and standards. These related particularly to Fault tolerance Robustness Qualification Specific system properties are essential to meet these requirements without any restriction. These are implemented in the specially developed and qualified system software. This is the prerequisite for TELEPERM XS being based to a maximum extent on standard devices despite the specific properties. TELEPERM XS is based to the maximum possible extent on standard hardware incorporating the required quality features and enhanced by targeted design measures. The qualification stipulated by codes and standards for use in nuclear installations is gained by type-testing all the hardware and software components.

Proceedings of the International Conference Nuclear Energy in Central Europe, Portoro, Slovenia, Sept. 10-13, 2001

504.3

Configurable System Architecture Scope of Possible Architectures


Design Requirements Degree of Redundancy
2/3 2/3 1/2 2/3 2/3 2/4 2/3 2/3

safe: available:

a single failure does not cause a spurios actuation a single failure does not cause a loss of function

2/2

1/2

2/2

2/4

Common cause failure


available safe 2/3 1/2 2/2

Recurrent test during power operation Single failure criterion save and available Single failure tolerant

Figure 3: Configurable System The degree of redundancy of a safety I&C system is one of the main factors contributing to fault tolerance. TELEPERM XS can easily be adapted to plant-specific requirements since the system supports distributed multiple computer systems with almost any degree of redundancy. Its scalability permits technically and economically optimized solutions to be developed for the entire spectrum of safety-related tasks, from specific safety functions for individual plant components right up to complex functionalities. Extensive Generic Qualification according to international Standards Qualification Concept

Sequence of qualification steps

Installation Tests Factory Acceptance Test Manufacturing Tests Hardware Software Verification of Specification Integration and System Test

Specific Syste Qualification


Qualification ste have to be cond in each project a

Component Type Test Hardware Concept Review Software

Generic Syste Qualification


Qualification ste have to be cond once for a syste family

Figure 4: Comprehensive Qualification


Proceedings of the International Conference Nuclear Energy in Central Europe, Portoro, Slovenia, Sept. 10-13, 2001

504.4

TELEPERM XS was qualified on the basis of national and international nuclear codes and standards by independent German inspection agencies during the course of the development process. These tests along with the field tests for the first pilot project were completed in 1997. In May 2000 we received approval from the US Nuclear Regulatory Commission (NRC) to install safety instrumentation and control (I&C) systems based on the TELEPERM XS platform for safety-related automation tasks in US nuclear power plants. This makes TELEPERM XS the first digital system to be awarded generic approval under NRCs new standard NUREG-0900. The approval issued by NRC was documented in a Safety Evaluation Report (SER) which reflects the results of a detailed technical and regulatory review of all safety features of the TELEPERM XS platform, as well as the underlying design features. NRC stated that the design of TELEPERM XS is acceptable for all safety-related I&C applications and meets the relevant regulatory requirements. The review conducted by the authorized inspection agencies for each project is based on a verification and validation plan which guarantees that the software and hardware conform to their as-qualified status. The key areas of focus here are the tests performed in the test facility and the startup tests conducted at the plant. 3 REFERENCES AND EXPERIENCES

Modernisation Projects Worldwide Different Reactor Types


Kola Callaway Comanche Peak Forsmark Oskarshamn Unterweser Grohnde Philippsb. Neckarwesth.1 Beznau St. Maria de Garoa Pilot Project FRM II Mochovce Bohunice Paks Kozloduy Novovoronezh Rovno Khmelnitzky
Siemens-KWU WWER ABB Westinghouse General Electric

Tianwan

Olkiluoto

Figure 5: Different Reactor Types The scope of installations of TELEPERM XS range from PWRs and BWRs, and also a research reactor, built by Siemens, right up to NPPs built by other suppliers like Westinghouse, ABB, GE and VVER units from Russia. The applications cover all safety related tasks in NPPs. In general, the overall characteristics of TELEPERM XS correspond closely to all the needs of NPPs. By developing and introduction of the digital technology a variety of advantages and improvements were expected:
Proceedings of the International Conference Nuclear Energy in Central Europe, Portoro, Slovenia, Sept. 10-13, 2001

504.5

Replace a large scope of hardwired modules Reduce number of hardwired modules Simplify spare part management Be applicable to a broad field of safety functions Reactor protection Neutron flux measurement Closed loop control etc. Be highly reliable Save space Reduce maintenance effort In total about 160 electronic cabinets, more than 1000 processor modules and 3000 I/O modules have been installed. The accumulated time of operation is more than 7000 moduleyears. The transition from analog to digital technology leads to a reduction in space requirement of about 30%, which offers simultaneously free capacity for additional safety functions. Significantly less cabling is required than for hardwired systems. The spare parts stock needed is reduced by up to 90% and the variety in hardware modules is reduced by up to 70%. The digital technology contributes also to optimizing plant operation. E.g. the capabilities for optimizing functional behavior by closed loop simulation or on-line parameter adaptation has been extensively used. Capabilities to improve human-machine-interfaces are available. But up to now nearly no use of advanced analytical methods e. g. to reduce number of measurement or to increase accuracy and detect errors of measurements have been used. Cost reduction has been observed in maintenance and periodic tests. Repair measures are much fewer due to the lower quantity of hardware per function and a low failure rate. The number of periodic tests were reduced, the interface tests also widely integrate transducer and actuator surveillance tests. TELEPERM XS needs on average ten times less hardware modules than hardwired systems to implement the same functionality. The increased complexity of digital modules did not increase the failure rates. Until now accumulated service records lead to a mean time between failures for a module MTBF > 360 years. This implies ten times less repairs and significantly increased reliability.

Proceedings of the International Conference Nuclear Energy in Central Europe, Portoro, Slovenia, Sept. 10-13, 2001

504.6

CONCLUSION

Summary
TELEPERM XS XS has hasbeen been rapidly rapidly accepted accepted by by the themarket marketand and TELEPERM has accumulated an extensive operational experience has accumulated an extensive operational experience The expected expected advantages advantages The -- reduced reduced space space requirements requirements -- consistent consistentdocumentation documentation -- improved improved ergonomy ergonomy -- reduced reduced testing testing effort effort -- less less repair repair have have been been confirmed confirmed by by the the operation operation The new new possibilities possibilities to to apply applyintelligent intelligentdiagnostic diagnostic methods methods The have have been been only only applied applied in in few few cases cases

The digital I&C system for safety tasks has been accepted by the market world-wide in a short period of time. Very good service records from a broad field of safety application prove that it is right to use digital I&C systems for safety tasks. The expected advantages such as reduced space requirements, less repairs and less effort for periodic tests, have been confirmed by practical experience. For the future, use of digital I&C systems for safety applications will be the usual practice. Possibilities to take advantage of advanced analytical methods will still increase opportunities for optimization of safety standards and plant operation in future.

Proceedings of the International Conference Nuclear Energy in Central Europe, Portoro, Slovenia, Sept. 10-13, 2001

You might also like