Guidance for Addressing Software Common cause Failure In High Safety-Significant Safety Related Digital I&c systems

Associated First Principles of Protection Against Software CCF

Download 1.39 Mb. View original pdf Page 43/51 Date 17.12.2021 Size 1.39 Mb. #57931

Navigate this page:

• 10.12.3 Safe Design Objectives

Associated First Principles of Protection Against Software CCF • First Principle 6.1 - Software quality depends on complete and correct requirements, design and implementation • First Principle 6.2 - Concurrent triggering conditions are required to activate a latent software defect 10.12.3 Safe Design Objectives Safe design objectives for achieving protection against concurrent, untested triggering conditions in the context of application software areas follows 10.12.3.1 For each potentially hazardous control action identified via activities performed under SDO 10.1.3.2, causal factor scenarios related to the application software are identified and mitigated. 10.12.3.2 Analysis demonstrates that untested combinations of external and internal I&C system states have no impact on achieving the application software functional and performance requirements resulting from the SDOs provided in Section 10.1. 10.12.3.3 When equipment under the control of the I&C system is normally in the state needed to perform a safety function, the I&C system design has no inputs that will change state when the EUC is in its normal state, and non-normal states in the EUC are readily detectable via independent means. Administrative controls limit the duration of non-normal EUC states and limit the EUC in a non-normal state to one channel or division. DRAFT B - August 2020 © NEI 2020. All rights reserved. nei.org 28 Download 1.39 Mb. Share with your friends: