BS IEC 60880-2:2000 pdf free download

BS IEC 60880-2:2000 pdf free download.Software for computers important to safety for nuclear power plants一 Part 2: Software aspects of defence against common cause failures, use of software tools and of pre-developed software.
4 Requirements and recommendations
In the following, the term “requirements” is used as an inclusive term for both requirements and recommendations. The distinction appears at the level of the individual clauses where requirements are expressed by “shall” and recommendations by “should”.
4.1 Defences against common cause failure due to software
This subclause provides requirements for defences against software design and coding faults which can lead to common cause failures (CCF) of functions classified as category A according to IEC 61226.
4.1.1 Introduction
CCF may occur in the I&C architecture’s systems and equipment implementing different lines of defence against the same PIE (see 5.3.1 of IEC 61513). Software by itself does not have a CCF mode. CCF is related to system failures arising from faults in the functional requirements, system design, or in the software.
Defence in depth is required by the IAEA (see 204 of IAEA 50-C-D) to be applied to all safety activities, whether organizational, behavioural or design related, to ensure that there are overlapping defences so that if a failure should occur in a subsystem, it would be compensated for, or corrected in the integral system.
The single-failure criterion (see 329 to 336 of IAEA 50-C-D) requires that the assembly of safety systems have the ability to meet its purpose despite a single random failure assumed to occur anywhere in the assembly.
Software faults are systematic, not random, faults and, therefore, the single-failure criterion can not be applied to the software design of a system in the same manner as it has been applied for hardware. When the defence-in-depth concept is applied, possible effects of CCF due to software inside each defence layer and between redundant layers have to be considered and appropriate counter-measures have to be adopted throughout the development process and in the evaluation processes, for example.
a) in the development, verification and validation of each individual defence layer; and
b) in the evaluation of the independence and diversity of redundant defence layers.
A means of enhancing the reliability of some systems and reducing the potential for certain CCFs is the use of diversity (see 337 to 339 of IAEA 50-C-D Rev 1).BS IEC 60880-2 pdf download.