AREVA NP
> AREVA NP GmbH •
NRPP-G, 2009-05-27
All rights are reserved, see liability notice.
1
BELENE NPP
SAFETY I&C SYSTEMS BASED
ON TELEPERM XS
Speaker:
Co-Author:
Ognyan Trichkov (MSC) – AREVA NP GmbH
Dipl.-Ing. Hartwig Blessing – AREVA NP GmbH
BULGARIAN NUCLEAR ENERGY – NATIONAL, REGIONAL AND
WORLD ENERGY SAFETY
Varna 27-29.05.09
AREVA NP
> AREVA NP GmbH •
NRPP-G, 2009-05-27
All rights are reserved, see liability notice.
2
Guideline for the Presentation
1.
2.
3.
4.
5.
AREVA NP
Requirements by Customer and IAEA
Identification of I&C Systems
Plant Control Philosophy
Overview System Platform Teleperm XS
Teleperm XS References
> AREVA NP GmbH •
NRPP-G, 2009-05-27
All rights are reserved, see liability notice.
3
1. Requirements by NEK and IAEA
Correlation between Classification Concepts
NEK requires a Safety function
classification based on IAEA and
International Electro technical
Commission (IEC) Nuclear
Standard
The correlation between
>
Safety classes of fluid-retaining
components
>
Classes of I&C systems according
to IAEA NS-G-1.3
>
Classes of I&C systems according
to IEC 61513
>
Categories of I&C FSE according
to IEC 61226
is provided in this table.
AREVA NP
> AREVA NP GmbH •
NRPP-G, 2009-05-27
All rights are reserved, see liability notice.
4
1. Requirements by NEK and IAEA
Safety Philosophy
Safety Philosophy
Off-site emergency response
Availability
Control of design base accidents
Detection and Interception Line of Defense
Main Line of Defense
Reliability
Detection & interception of deviations from normal
operation
Preventive Line of Defense
Maintainability
Compliance of normal operation
Redundancy and Single Failure
Criterion,
1st Line
Integrity - Security
2nd Line
Credibility
AREVA NP
Risk Reduction Line of Defense
Distribution of I&C Functions
>
>
Name of Defense Line
3rd Line
>
Concept of Defense in Depth
4th Line
>
>
>
Fission
Products
Operational I&C System
Process Automation System (PAS)
Preventive Protection System
Prevention of Common-Cause
Failures
Diversity of I&C Systems
Independence and Separation
> AREVA NP GmbH •
NRPP-G, 2009-05-27
Reactor Limitation Control System (RLCS)
Safety Automation System (SAS)
Safety Systems
Protection System with Reactor Trip and ESFAS
I&C Control of beyond design accident
Post Accident Monitoring System (PAMS)
I&C Systems which
implements the Defense Lines
All rights are reserved, see liability notice.
5
2. Identification of I&C Systems
The I&C functions are grouped as follows:
>
>
>
>
>
>
Process information and control functions
Reactor limitation functions
Reactor power control functions
Protection functions
Automatic backup functions
Post accident monitoring functions
On the basis of the identification of functions
that are required I&C systems are
established to perform these functions.
The main systems are:
> Process Information and Control System
(PICS)
> Safety Information and Control System
(SICS)
> Process Automation System (PAS)
> Safety Automation System (SAS)
> Reactor Limitation and Control System
(RLCS)
> Protection System (PS)
> Passive Heat Removal System (PHRA)
> Post Accident Monitoring System (part of
SICS)
These I&C systems make up the architecture of
the Instrumentation and Control System.
AREVA NP
> AREVA NP GmbH •
NRPP-G, 2009-05-27
All rights are reserved, see liability notice.
6
3. Plant Control Philosophy
Main Control Room (MCR)
Remote Shut Down Station
IEC 61226 Safety Functions
QDS
1
QDS
2
PAMS
Post Accident
Monitoring
System
SICS
OM
Process
Control and
Information
unclassified
Category A
Category B
Category C
PAS (SPPA-T2000)
SAS (SPPA-T2000)
By Siemens
By Siemens
RLCS (TXS)
QDS
2
Service
Unit
PAMS
Post Accident
Monitoring System
Process
Control and
Information
PICS
PICS
QDS
1
OM
SICS
PHRA
PS (TXS)
(TXS PLD)
PACS (TXS)
Instrumentation
Operational
System
AREVA NP
> AREVA NP GmbH •
Switchgears
Operational
System
NRPP-G, 2009-05-27
Control
Trip
Core Control
Rods
Instrumentation
Switchgears
Safety Systems
Safety Systems
All rights are reserved, see liability notice.
7
3.1 Protection System
>
>
>
>
Redundancy: fourfold
Functional Diversity
Automatically initiates the reactivity control system (Reactor Trip)
ESFAS (Engineered Safety Features Actuation System)
initiate and control safety systems that remove heat or otherwise assists in
maintaining the integrity of the three physical barriers to radioactive
release (cladding, reactor coolant pressure boundary and containment).
> The Protection System design is carried out redundantly and
diversely according to single failure criterion and with consideration of
the common course failure.
AREVA NP
> AREVA NP GmbH •
NRPP-G, 2009-05-27
All rights are reserved, see liability notice.
8
3.2 Passive Heat Removal Activation System (PHRA)
>
>
>
Redundancy fourfold
>
Programmable logic control system
with a different hardware (TXS PLD)
Hardware diversity
Open air gates in case of Protection
System failure (Power Supply is
available)
This picture is taken from the presentation “Experimental
Calculation basis parameter for Passive Heat Removal
System”, Authors L. Egorova and A. Plakseev of
Atomenergoprom, Bulatom Conference 2008
AREVA NP
> AREVA NP GmbH •
NRPP-G, 2009-05-27
All rights are reserved, see liability notice.
9
3.3 Reactor Limitation and Control System
> Redundancy fourfold
> Limitation functions for reactor power and other important process
parameters
> Support functions in case of actuation of Protection System
> Reactor control functions (twofold redundancy)
> The design is carried out redundantly according to single failure
criterion.
AREVA NP
> AREVA NP GmbH •
NRPP-G, 2009-05-27
All rights are reserved, see liability notice.
10
3.4 Priority Actuation Control System (PACS)
Solution by AV42 (special type of
function modules dealing with all
actuator control tasks, especially
for priority control, and monitoring
for each single actuator)
MCR
RSS
CRSEL
Control tile
OM
PS
RLCS
Organization of priority commands
(from high to low)
>
>
>
>
>
AREVA NP
Protection System
Reactor Limitation and Control
System
Plant bus
OPDIS
R
AP(SPPA)
S1
or
PROFIBUS
Front plate
Simulation
Commands
Safety
classified part
Priority control
of module AV42
Operational
non classified
part
Bus interface
PAC
Safety Automation System
Process Automation System
Control tile
To switchgear
Manual control signals from SICS
> AREVA NP GmbH •
NRPP-G, 2009-05-27
All rights are reserved, see liability notice.
11
3.5 Supervision and Control Level
AREVA NP
>
As human machine interface serves the Process Information and Control
system (PICS), it is used for process monitoring and operating in all plant
situations.
>
Safety Information and Control System (SICS) contains 4 safety panels for
operating and monitoring of ESFAS functions and the Reactor Protection
Panel (RPP) with all indications for messages from the Protection System
and the most important messages from RLCS.
> AREVA NP GmbH •
NRPP-G, 2009-05-27
All rights are reserved, see liability notice.
12
4.Overview System Platform Teleperm XS
Tools
for Engineering
and
Maintenance
AREVA NP
TXS
System
Software
TXS
System
Documentation
TXS
System
Hardware
Gateways
and
Interface
Solutions
> AREVA NP GmbH •
NRPP-G, 2009-05-27
All rights are reserved, see liability notice.
13
Sequence of Qualification Steps
TELEPERM XS Qualification and Licensing
AREVA NP
> AREVA NP GmbH •
Site
Tests
Factory
Acceptance Test
Project-Specific
Qualification
of Application
has to be
performed
in each project
Manufacturing Tests
Hardware
Software
Verification of Specification
Integration and System Test
Component Type Tests
Hardware
Software
Concept Review of System Development
NRPP-G, 2009-05-27
Generic System
Qualification
performed once
and maintained
for the
TELEPERM XS
system platform
All rights are reserved, see liability notice.
14
5.References
TELEPERM XS, SPPA-T2000 and SIMATIC S5/S7
Implementations
and orders
Plant Units
72
Plants
45
Countries
17
Reactor
Supplier*
11
* Chinese Designs have been merged
AREVA NP
> AREVA NP GmbH •
NRPP-G, 2009-05-27
All rights are reserved, see liability notice.
15
THANK YOU FOR YOUR ATTENTION
AREVA NP
> AREVA NP GmbH •
NRPP-G, 2009-05-27
All rights are reserved, see liability notice.
16
