EN IEC 61500-2019 pdf free.Nuclear power plants – Instrumentation and control systems important to safety – Data communication in systems performing category A functions (IEC 61500:2018).
5.1 Principles of selection of data communication techniques and equipment
The communication equipment shall meet requirements for systems performing category Afunctions.
To ensure acceptability for nuclear applications one of the following principles for selection ofdata communication techniques and equipment shall be applied:
use of protocols implementing safety features;
use of industrial standard protocols with added safety layers;
use of protocols where higher protocol layers implementing unsafe or not neededfunctionality are removed or replaced by ones with reduced and safe functionality.
The hardware and the software shall be qualified,see Clause 9.
5.2Functional requirements
Generally each data communication channel is part of an overall system providing services ofinformation gathering and presentation, control or protection of the nuclear power plant.
Equipment providing data over a communication channel shall do it in a cyclic way that is notdependent on the receipt of acknowledge messages from the receiver for continued operation.
Communication channels including the memory mapping and allocation for sending/receivingdata shall not be allocated dynamically during the run time of the system but shall be staticallyallocated and predefined by design.
All application software messages shall be transmitted periodically within a pre-defined cycletime.
Messages should have a fixed length predefined by design.
The communication system shall provide communication channels for data exchange withinstruments and other equipment allowing transfer within a specified time frame.
Messages should have data integrity information.
The data communication network topology and media access control shall be designed andimplemented to avoid CCF of independent systems or subsystems (see 8.3).
Data may be distributed via data communication to redundant systems to enable continuedoperation if one system fails.
The security threats arising from the use of data communication shall be taken intoconsideration within the scope of the security plans according to lEC 62645.
5.3Performance requirements
Data communication channels shall provide sufficient performance to ensure that anymessage sent from any communication node is received by the intended destination nodewithin a predefined maximum period.
Data communication shall meet the performance requirements in terms of response time anddata capacity which result from the functional requirements and the architectural design of thel&C systems.The mechanisms and protocols used shall guarantee that any delay which mayoccur’during communication or during access to the communication equipment is known andbounded by design.
Communication channels shall be verified to meet the specified real time responserequirements of the category A functions to be performed,under credible worst-caseconditions. The specified values of the required real time response and the worst-caseconditions shall be justified by analysis.Deterministic communication shall be used so thatthe communication load does not vary, irrespective of plant conditions.
Where communication equipment is used for manual plant control and indication through acontrol room, the time from operating the physical switch or soft control until the confirmationof the action by indication of the changed state in the control room should be assessed underall potential circumstances including worst-case conditions.
For monitoring functions and manually initiated functions that are needed in accidentconditions to bring the plant back into a safe state, the worst-case time response and limitedusage of resources shail be justified by analysis.
5.4Communication within and between division
The data communication within a segregated division (train) shall be protected from adverseinfluences from outside of the division.Thus messages in a division shall be passed directlyfrom the sending communication node to the receiving one without involvement of anycommunication equipment outside the division.
Data communication in a division shall be separated from the other divisions.However,communication between divisions may be acceptable for voting logic.
5.5 lnterfaces to systems of lower importance to safety
Communication equipment of systems performing category A functions shall be adequatelysegregated from communication equipment of systems performing only lower categoryfunctions.
When plant systems performing functions of different categories are required to communicateover communication channels, then the plant data flow should be from category A functions tolower category functions only.
Data flow from lower categories to category A functions should be prevented unless thedesign of the communication channel is such that category A functions cannot be adverselyaffected by such a connection.EN IEC 61500 pdf download.