To control systems important to safety. IV. normal operation control systems important to the safety of the

19.11.2019

FEDERAL SERVICE FOR ENVIRONMENTAL, TECHNOLOGICAL

AND NUCLEAR SUPERVISION

RESOLUTION

ON THE APPROVAL AND INTRODUCTION OF THE FEDERAL NORMS AND RULES IN THE FIELD OF THE USE OF NUCLEAR ENERGY "REQUIREMENTS FOR CONTROL SYSTEMS IMPORTANT FOR THE SAFETY OF NUCLEAR POWER PLANTS"

The Federal Service for Ecological, Technological and Nuclear Supervision decides:

Approve and put into effect from January 5, 2005 the attached federal norms and rules in the field of the use of atomic energy "Requirements for control systems important for the safety of nuclear power plants" (NP-026-04).

Acting Head

A.B. MALYSHEV

REQUIREMENTS

TO CONTROL SYSTEMS IMPORTANT FOR THE SAFETY OF NUCLEAR PLANTS

NP-026-04

I. TERMS AND DEFINITIONS

For the purposes of this document, the following terms and definitions are used:

1. Automated control - control carried out with the participation of personnel using automation tools.

2. Automatic control - control carried out by means of automation without the participation of personnel.

3. Blocking - a control function, the purpose of which is to prevent or stop the actions of personnel, automation equipment and equipment.

4. Diagnostics - a control function, the purpose of which is to determine the state of operability (inoperability) or serviceability (malfunction) of the diagnosed object.

5. Remote control - control of an object at a distance, which can be implemented manually or automatically.

6. Protection - a control function, the purpose of which is to prevent:

a) damage, failure or destruction of protected equipment or automation equipment;

b) the use of faulty equipment or automation equipment;

c) undesirable actions of management personnel.

7. Indication - an information function of the control system, the purpose of which is to display information to operational personnel on automation tools.

9. Control - a part of the control function, the purpose of which is to evaluate the value (identification) of a parameter or determine the state of the controlled process or equipment.

10. Unauthorized access - not authorized in accordance with the established procedure access to automation equipment or equipment.

11. Registration - an information function, the purpose of which is to fix information on any medium that allows its storage.

12. Control system - a system that is a combination of a control object and a control system.

13. Automation tools - a set of software, hardware and software and hardware tools designed to create control systems.

14. Control system - a part of the control system that manages an object according to specified goals, criteria and restrictions.

15. Security control systems (elements) - systems (elements) designed to initiate the actions of security systems, to control them in the process of performing specified functions.

16. Control systems important for safety - a set of control systems for safety and control systems for normal operation important for safety.

17. Control systems (elements) of normal operation - systems (elements) that form and implement control according to specified technological goals, criteria and restrictions technological equipment normal operating systems.

18. Functional group - a part of control systems adopted in the project, which is a set of automation tools that perform a given function of control systems.

II. PURPOSE AND SCOPE

2.1. This regulatory document establishes:

General provisions;

Requirements for control systems of normal operation, important for safety (hereinafter - USNE WB) nuclear power plant(hereinafter referred to as AS);

Requirements for control safety systems (hereinafter referred to as CSS) of the NPP;

Terms and definitions in the regulated scope.

2.2. For NPP units designed and in operation prior to the entry into force of this normative document, the timing and scope of bringing the control systems important to safety (hereinafter referred to as SSCS) in accordance with this regulatory document are determined in each specific case in the prescribed manner.

2.3. The requirements of this regulatory document do not apply to the development and manufacture of automation equipment.

III. GENERAL PROVISIONS

3.1. The USBCS are designed to control the technological equipment of the NPP unit, which ensures safety in normal operation, modes with deviations from normal operation, pre-emergency situations and accidents.

3.2. The composition and functions of the USWSS should be determined by the design of the NPP unit.

3.3. The premises where the automation equipment of the USBS is located, as well as the automation equipment itself, must be protected on the NPP unit from unauthorized access.

3.4. Design, engineering and technological documentation for measuring instruments, which is part of the USVB, must be subjected to metrological examination.

During the operation of the NPP, verification and calibration of measuring instruments that are part of the USBS must be carried out to the extent established by the nomenclature lists of measuring instruments.

3.5. The USBS supplied to the NPP unit, which include automation equipment, must have a certificate of compliance of these equipment with federal norms and rules in the field of atomic energy use.

3.6. The means of displaying information, which are part of the WWCS, should provide for several levels of displaying information - from displaying generalized information reflecting the state of systems important for NPP safety to displaying detailed information about the state of individual elements of equipment and automation tools.

3.7. In the WSS, information about parameters important to safety must be protected from unauthorized access.

3.8. The information received from the automatic recording tools that are part of the SIS should be sufficient to identify:

1) the initiating event that caused the violation of operational limits or limits of safe operation of the NPP unit;

2) changes in technological parameters in the process of development of the accident;

4) actions of operational personnel;

5) information transmitted to the operational personnel of the unit control point (hereinafter referred to as the BCR) (backup control point (hereinafter referred to as the RCC)) via the communication systems of the NPP unit in the event of modes with deviations from normal operation, pre-emergency situations and accidents;

6) the time of occurrence of the events specified in subparagraphs 1) - 4).

3.9. At the NPP unit, the information must be registered in the single time system.

3.10. The amount of information required and the frequency of its registration in normal operation modes, modes with deviations from normal operation, pre-emergency situations and accidents should be established in the design documentation.

3.11. Systems for displaying and recording information about parameters important to safety must be connected to the power supply network of the first category of reliability.

3.12. The quality of the WWCS functions established in the design documentation should be determined depending on the impact of the functions they perform on the safety of the NPP unit and other operating conditions, as well as in accordance with the requirements of the current federal norms and rules in the field of atomic energy use.

3.13. To fulfill the requirement of clause 3.12, all means of automation of control systems (hereinafter referred to as CS) should be divided into functional groups (hereinafter referred to as FG) according to the functions performed, which must be accepted as elements of the CS when classifying according to the impact on safety in accordance with federal norms and rules in the field of the use of atomic energy.

3.14. Depending on the impact of the functions performed on the NPP safety and other operating conditions, the FG SS can be classified into four categories, each of which corresponds to the performance indicators given in Appendix 1.

FGs of safety class 2 USVB, for which the development of an accident, if it occurs in case of failure of these FGs, occurs during a period of time during which it is impossible to take compensatory or restorative measures in order to ensure the safe state of the NPP;

FG of safety class 2 USVB, for which the development of an accident, if it occurs in case of failure of these FG, occurs within a period of time during which compensatory or restorative measures can be taken to ensure the safe state of the NPP;

FGs that provide operators with information about the parameters characterizing the state of the reactor plant during design basis and beyond design basis accidents;

FG US automation equipment, which are located in unattended premises, where their repair and replacement is impossible for a long time;

FG security classes 2 or 3 USBB, providing:

Operator with the information necessary for automated control in order to prevent violation of the limits of safe operation or reduce the consequences of an accident;

Information necessary for the investigation of accidents;

FG safety class 2 or 3 USBB, ensuring the implementation of automated control in order to prevent violation of the limits of safe operation or reduce the consequences of an accident;

FG safety class 2 or 3 USBB not assigned to the first and second categories;

e) the fourth category includes:

FG safety class 4 SS, the failures of which do not affect the safety of the NPP.

3.16. The FG US classification designation must include the FG safety class (2, 3 or 4) in accordance with federal norms and rules in the field of atomic energy use; a symbol denoting the RS, which includes the FG (U - control safety system, N - control system for normal operation), and the quality category of the FG (K1, K2, K3, K4).

Example 1. 2UK1, where 2 is the safety class; U - control safety system; K1 - the first category of FG quality.

Example 2. 3NK3, where 3 is the safety class; H - control system of normal operation; K3 - the third category of FG quality.

3.17. A list of functional groups and their classification into categories.

3.18. The quality of the FGs as part of the DWSS should be determined in project documentation a set of indicators of the properties of FG, given in Appendix 1, depending on the category to which this group is assigned.

3.19. The quality of the FG or the automation equipment included in it must be confirmed by the results of the implementation of the quality control procedures given in Appendix 2.

3.20. WWCS at NPP units must be operated in accordance with the operational documentation provided for in the project, technological regulations and operating instructions for the US.

3.21. In order to determine the residual life of the automation equipment of the WWCS, the timing of their replacement or modernization during operation, data on the resource and failures of the automation equipment should be recorded and analyzed.

3.22. The design documentation for the USBS should contain a test program and methodology before putting the SWTS into operation.

3.23. In the design documentation, the NPP unit's CSS should be subdivided into safety-important normal operation control systems (hereinafter referred to as OSNE VB) and CSS.

3.24. Prior to delivery to a nuclear power plant, the WWCS must be tested at a specially equipped test site in order to confirm the design characteristics, including their compliance with the requirements of the rules and regulations in the field of atomic energy use.

3.25. It is allowed to test individual parts or subsystems of the USBS with justification of the test conditions.

3.26. The results of tests of the USVB or its individual parts or subsystems at the test site must be presented in the NPP safety analysis report.

IV. NORMAL OPERATION CONTROL SYSTEMS IMPORTANT TO NPP SAFETY

4.1. USNE WB should carry out automatic and automated control technological equipment of normal operation systems important for the safety of the nuclear power plant unit.

4.2. The composition and functions of the USNE WB should be determined by the design of the NPP unit.

4.3. The USNE WB should provide for several levels of influence on the means of controlling the technological parameters of the reactor plant, according to which the limits of safe operation (thermal power, coolant pressure, etc.) are determined, aimed at returning the controlled parameters to normal values. These actions should be sequentially transferred to the execution as the specified parameters deviate from the set value before the CSS initiates protective actions.

4.4. Technological protection and blocking of equipment should be carried out with automatic decommissioning and commissioning upon reaching the conditions established in the design documentation.

4.5. As part of the automation equipment that generates signals and implements technological protection, means of warning signaling about the operation of the protection should be provided.

4.6. The USNE WB should provide for self-diagnosis of serviceability and automated testing of technological protections.

4.7. The implemented algorithm of the protection action program must be executed until the termination of this program, regardless of changes in the triggering condition that caused it to fire.

4.8. The removal of the command to start protection after the completion of the protection action program must be carried out by personnel with the adoption of the organizational and technical measures, preventing the erroneous removal of the command.

4.9. The operator on the control room should display information about the action and completion of each protection.

4.10. For automation equipment that perform the function of protecting process equipment, design solutions should be provided to ensure their withdrawal for repair or maintenance without violating the conditions of normal operation.

4.11. When automation equipment that performs the protection function is taken out for repair or maintenance, a signal about the protection withdrawal should be generated in the USNE WB, while the alarm about the protection operation should be stored.

4.12. The project documentation for the USNE WB should define:

Conditions for triggering technological interlocks;

States of systems under which their start-up and operation are allowed.

4.13. The states of the USNE WB, under which their launch and operation are allowed, should be determined in the technological regulations and operating instructions of the US.

4.14. USNE WB must be tested at the facility according to the functions established in the design documentation before commissioning technological systems that they manage.

4.15. At the stages of commissioning and mastering the power of the NPP unit, tests for the stability of the control loops must be carried out according to special programs that take into account the real initiating conditions of normal operation.

4.16. USNE WB should be subject to periodic checks of the functions performed during operation.

V. NPP SAFETY CONTROL SYSTEMS

5.1. CSS should provide automatic and automated performance of the security functions provided for by the project.

5.2. The automatic commissioning of the technological equipment of the SS should be carried out when the conditions established in the project documentation arise.

5.3. Automated commissioning of technological equipment of the Security Service should be provided with the MCR and, in case of its failure, with the RCR.

5.4. The composition and functions of the CSS should be determined by the design of the NPP unit.

5.5. CSS should automatically display information on the MCR and RPU for operational personnel about the occurrence of conditions for the introduction of the SS and the implementation of actions to protect the SS.

5.6. When automatically starting the SB to block the operator's actions to turn off the SB for 10 - 30 minutes. As part of the CSS, automation tools should be provided.

5.7. The SB automatic control commands from the USB must have the highest priority compared to all other control commands.

5.8. The CSS design documentation must show the adequacy of the physical and functional separation of the CSS channels, ensuring the autonomy of each channel.

5.9. The design documentation of the NPP unit should provide for technical and organizational protection against unauthorized access to CSS hardware and software during operation.

5.10. CSS project documentation should contain:

List of conditions for automatic start of the SB;

Calculation results and values of FG reliability indicators;

Analysis of the consequences of failures;

Data on the resource of the RS and automation tools;

Draft regulation Maintenance, repairs, metrological verifications and tests;

Criteria and assessment of the limit state of automation equipment;

The procedure for decommissioning, testing and the procedure for commissioning channels;

Requirements for the number and qualifications of service personnel;

Requirements for the nomenclature, quantity and storage of spare components.

5.11. Justification of the reliability of FG CSS in the design documentation should be carried out taking into account the flow of requirements for the operation of systems and taking into account possible failures due to a common cause.

5.12. The CSS design documentation should define the recovery time of the CSS channels for each function performed by this channel.

5.13. CSS project documentation should contain:

List of CSS failures, in which it is planned to automatically bring the reactor plant to a state in which the safety of the NPP unit is ensured;

Test program and methodology before CSS commissioning.

5.14. When putting into operation the NPP unit's CSS control channels, tests must be carried out to verify the performance by the channels of the functions established in the design documentation.

Attachment 1

No. p / p	FG US property
No. p / p	FG US property

	Diversity
	Multichannel
	Independence
	Reliability
	Traceability
	Electromagnetic compatibility
	Resistance to mechanical external influencing factors
	Resistance to climatic factors
	Seismic resistance
	fire safety
	Resistance in the fields of ionizing radiation for elements of systems located in the zone of these fields
	Metrology
	Resistance to chemicals

Note. FG property indicators of category 4 are not regulated by this regulatory document, since they do not affect NPP safety.

Legend:

Indicators of the FG property indicated in column 2 of the table must be substantiated in the design in accordance with federal norms and rules in the field of atomic energy use for the category indicated in columns 3, 4 or 5 of the table;

Indicators of the FG property indicated in column 2 of the table may not be justified in the project for the category indicated in columns 4 or 5 of the table.

Appendix 2

SCROLL

OF THE MAIN QUALITY CONTROL PROCEDURES OF US, FG US AND AUTOMATION TOOLS INCLUDED IN THEIR COMPOSITION

1. Factory testing

2. Technological run and quality check of the functions established in the project documentation

3. Acceptance tests

4. Certification*

5. On-site testing

6. Quality assurance during operation:

6.1. Compliance with design specifications

6.2. Episodic in-service EMC tests**

6.3. Metrological tests

6.4. Periodic confirmation of reliability by statistical methods

______________

* For control systems and automation equipment subject to mandatory certification.

** Carried out on the initiative of the operating organization.

FEDERAL SERVICE
AND NUCLEAR SUPERVISION

ON THE APPROVAL OF FEDERAL NORMS AND RULES
"REQUIREMENTS

NUCLEAR PLANTS"

In accordance with Article 6 of Federal Law No. 170-FZ of November 21, 1995 "On the Use of Atomic Energy" (Collection of Legislation Russian Federation, 1995, N 48, art. 4552; 1997, N 7, art. 808; 2001 N 29, art. 2949; 2002, N 1, art. 2; No. 13, Art. 1180; 2003, N 46, Art. 4436; 2004, N 35, Art. 3607; 2006, N 52, Art. 5498; 2007, N 7, Art. 834; No. 49, art. 6079; 2008, N 29, art. 3418; No. 30, art. 3616; 2009, N 1, art. 17; No. 52, art. 6450; 2011, N 29, art. 4281; No. 30, Art. 4590, Art. 4596; No. 45, art. 6333; No. 48, Art. 6732; No. 49, art. 7025; 2012, N 26, Art. 3446; 2013, N 27, art. 3451; 2016, N 14, art. 1904; No. 15, art. 2066; No. 27, Art. 4289), subclause 5.2.2.1 of clause 5 of the Regulations on the Federal Service for Environmental, Technological and Nuclear Supervision, approved by Decree of the Government of the Russian Federation of July 30, 2004 N 401 (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2004, N 32, Art. 3348; 2006 , N 5, item 544; N 23, item 2527; N 52, item 5587; 2008, N 22, item 2581; N 46, item 5337; 2009, N 6, item 738; N 33, 4081; N 49, item 5976; 2010, N 9, item 960; N 26, item 3350; N 38, item 4835; 2011, N 6, item 888; N 14, item 1935; No. 41, article 5750; No. 50, article 7385; 2012, No. 29, article 4123; No. 42, article 5726; 2013, No. 12, article 1343; No. 45, article 5822; 2014, No. 2 , item 108; N 35, item 4773; 2015, N 2, item 491; N 4, item 661; 2016, N 28, item 4741), I order:
1. Approve the attached federal norms and rules in the field of the use of atomic energy important for the safety of nuclear power plants" (NP-026-16).
2. Recognize the resolution as invalid Federal Service on Environmental, Technological and Nuclear Supervision of October 4, 2004 N 2 "On Approval and Enactment of Federal Norms and Rules in the Field of the Use of Atomic Energy" Requirements for Control Systems Important for the Safety of Nuclear Power Plants "(registered by the Ministry of Justice of the Russian Federation 1 November 2004, registration N 6092; Bulletin of normative acts of federal executive bodies, 2004, N 45).

Supervisor
A.V. ALESHIN

Approved
order of the Federal Service
on environmental, technological
and nuclear supervision
dated 11/16/2016 N 483

FEDERAL NORMS AND RULES

TO CONTROL SYSTEMS IMPORTANT TO SAFETY
NUCLEAR PLANTS"
(NP-026-16)

I. Purpose and scope

1. These federal norms and rules in the field of the use of atomic energy "Requirements for control systems important for the safety of nuclear power plants" (NP-026-16) (hereinafter - the Rules) are developed in accordance with federal law dated November 21, 1995 N 170-FZ "On the use of atomic energy" (Collected Legislation of the Russian Federation, 1995, N 48, item 4552; 1997, N 7, item 808; 2001, N 29, item 2949; 2002 , N 1, item 2; N 13, item 1180; 2003, N 46, item 4436; 2004, N 35, item 3607; 2006, N 52, item 5498; 2007, N 7, item 834 ; N 49, item 6079; 2008, N 29, item 3418; N 30, item 3616; 2009, N 1, item 17; N 52, item 6450; 2011, N 29, item 4281; N 30, item 4590, item 4596; N 45, item 6333; N 48, item 6732; N 49, item 7025; 2012, N 26, item 3446; 2013, N 27, item 3451; 2016 , N 14, item 1904; N 15, item 2066; N 27, item 4289), Decree of the Government of the Russian Federation of December 1, 1997 N 1511 "On approval of the Regulations on the development and approval of federal norms and rules in the field of use atomic energy" (Sobraniye zakonodatelstva Rossiyskoy Federatsii, 1997, No. 49, Art. 5600; 1999, No. 27, Art. 3380; 2000, No. 28, Art. 2981; 2002, No. 4, Art. 325; No. 44, Art. 4392; 2003, N 40, item 3899; 2005, N 23, item 2278; 2006, N 50, item 5346; 200 7, No. 14, Art. 1692; No. 46, Art. 5583; 2008, N 15, art. 1549; 2012, N 51, art. 7203).
2. The requirements of these Rules apply in full to the designed units of nuclear power plants.
3. Bringing into compliance with these Rules the operating conditions of units of operating nuclear power plants, as well as units of nuclear power plants under construction, licenses for the construction of which were issued prior to the entry into force of these Rules, should be carried out with the simultaneous introduction of changes in the terms of the license for construction or operation. .
4. The list of abbreviations used is given in Appendix N 1, terms and their definitions - in Appendix N 2 to these Rules.

II. General requirements to control systems important
for security

5. The composition and functions of managers must be established in the design documentation of the NPP (hereinafter referred to as the NPP project) in compliance with the requirements of federal norms and rules in the field of the use of atomic energy. For each NPP unit, the following control systems important for safety should be provided:
USNE WB;
USB;
control systems related to safety-important special technical means for managing beyond design basis accidents.
Control systems for normal operation important to safety perform functions related to the first and second levels of defense in depth; control safety systems - to the third level of defense in depth; control systems related to safety-important special technical means for managing beyond design basis accidents - to the fourth level of defense in depth.
6. The requirements for each of the WWCS should be specified in the terms of reference for the development of this system, which is part of the NPP project. For each DWSS, the SAR must demonstrate compliance with the requirements terms of reference for the development of the relevant SVSS and the requirements of the NPP project.
7. All elements of the NPP should be assigned to functional groups in the NPP project.
8. Control and information functions performed by functional groups in the NPP project should be assigned one of the categories - A, B, C.
9. Category A is assigned to the control and information functions:
performed by CSS (including emergency protection of the reactor, control of emergency core cooling systems, control of localizing safety systems);
designed to provide NPP personnel with the information and control capabilities necessary in the event of an initiating event of a design basis accident to perform actions aimed at achieving a controlled safe state of the NPP.
10. Category B is assigned to the control and information functions:
control of systems maintaining the reactor in a subcritical state after the operation of the reactor's emergency protection;
management of heat removal systems from the shutdown reactor and spent fuel pool (other storage facilities for spent nuclear fuel);
non-fulfillment during normal operation of the NPP which will require the introduction of a control or information function of category A to prevent a pre-emergency situation or an accident;
designed to provide NPP personnel with information and (or) control capabilities necessary to perform actions aimed at limiting the consequences of an accident after reaching a controlled safe state of the NPP;
designed to provide NPP personnel with information on compliance with the limits and conditions of safe operation, as well as information on the performance of safety functions in case of accidents.
11. Category C is assigned to the control and information functions:
management technological process NPP within operational limits and prevent violation of safe operation limits;
detection of dangerous events (fire, flood) and (or) limitation of the impact of these events on NPP safety (for example, control of fire extinguishing systems, localization of floods);
performed by control systems related to safety-important special technical means for managing beyond design basis accidents;
radiation control.
12. If several classification criteria listed in paragraphs 9-11 of the Rules are simultaneously applied to one control or information function, it should be attributed to more high category of those defined by these criteria, with category A being considered the highest.
13. Organizations operating at any of the stages in the life cycle of the SHSMS should conduct these activities in accordance with the quality assurance programs developed in these organizations.
14. Verification should be carried out on the results of activities at the stages of the life cycle of the USBOS. All nonconformities identified during verification should be documented and eliminated.
15. The NPP design shall establish requirements for the reliability of the performance of control and information functions by control systems important to safety.
Compliance with the reliability requirements established in the NPP design must be confirmed by calculating the reliability indicators for each control and information function (including taking into account operating experience), while taking into account the possibility of explicit and hidden failures (including errors in software and failures diagnostic devices), common cause failures, personnel errors, as well as the frequency of maintenance, testing (checks) and repairs.
16. The NPP design shall establish the criteria and procedure for evaluating the limit state of the elements of the WWCS, as well as data on their assigned resource.
17. The NPP design shall analyze the consequences of failures of the WWCS elements (including failures due to common causes, including due to errors in the software) and provide for measures to ensure the safety of the NPP in the event of these failures.
18. In the NPP project, for each of the WWCS, the conditions for safe operation, the procedure for decommissioning, performing periodic checks, tests and the procedure for commissioning elements (channels) of the system, requirements for the volume and frequency of maintenance and repair, to the number and qualifications of service personnel.
19. The NPP project should provide for issuing a signal to the NPP personnel about the withdrawal from operation of the channels (elements) of the CSSD or functional groups.
20. The NPP design should provide for continuous automatic monitoring (self-diagnostics) of the operability of the WWCS. In addition, periodic checks of the WWCS should be provided to identify hidden failures that are not detected by continuous automatic monitoring during operation.
21. The SDCS should include means for archiving and displaying (with a frequency justified in the NPP design) diagnostic information on the technical condition of the SDCS elements, related systems, including data on failures detected during continuous automatic monitoring during operation in the case provided for by the NPP design.
22. At the NPP unit, information must be recorded in a single time system.
23. The design of the AS for the OSWSS should provide for measures to ensure that the performance of a control or information function and (or) a refusal to perform a control or information function of a lower category does not lead to a failure to perform a control or information function of a higher category.
24. In the case when the control or information function is performed with the participation of NPP personnel, the NPP design must show that the NPP personnel are provided with conditions for the performance of this control or information function. In the NPP design, measures to reduce the likelihood of personnel errors should be given and justified.
25. Functional groups that perform control or information functions of category A must comply with the principles of redundancy, independence and diversity. The choice of the type (types) of diversity should be made on the basis of an analysis of the possible causes of failures in the performance of the control or information function of the functional group and the expected consequences. When used as part of a functional group that performs the control or information functions of category A, programmable digital devices to ensure compliance with the principle of diversity, several types of diversity should be used.
26. Functional groups that perform category B control or information functions must comply with the principles of redundancy, independence and diversity. The need to apply or not to apply the principles of independence, redundancy and diversity must be justified in the NPP project.
27. In order to confirm the ability of the elements of the USBC to perform control and information functions, their conformity assessment (in the form of tests) should be provided.
28. In a group of USBC channels involved in the performance of the same control (information) function of category A, reserving each other, each channel should be able to perform the control (information) function of the channel, regardless of:
inoperability (including due to decommissioning, testing, maintenance) of other channels belonging to this group of channels;
violations of the operability of the signal and data transmission line between the channels of this group;
influence on other channels of this group of external impacts of natural and man-caused nature, as well as the impacts of design basis accidents.

III. Requirements for control systems of normal
operation, important to safety

29. The design of the NPP shall provide for automatic and (or) automated control of the process equipment of normal operation systems important to safety by means of WB USNE.
30. The NPP design shall provide for the transfer of control actions from the WB USNE to the control objects in case of deviation from the specified values of the NPP process parameters, according to which the safe operation limits are determined (RI neutron and thermal power, pressure and temperature of the primary coolant, and others). These control actions should be aimed at returning the monitored parameters to the values set for normal operation and transmitted to the control objects before the safety control systems initiate protection actions.
31. In the draft CA for the USNE WB, the following should be defined and justified:
protection operation conditions;
conditions for the activation of blocking;
process control algorithms;
nomenclature of control parameters required for control (including automated control);
the number of measuring channels sufficient to perform control and information functions by USNE WB;
algorithms and criteria for automated control, based on a set of parameter values from different measuring channels;
parameter control mode (continuous and periodic, the frequency of parameter control must be justified);
parameters that are controlled in the mode of indication, direct measurement and processing of the measurement result using software.
32. Protections and interlocks implemented as part of the WB USNE should be performed with the possibility of removing the specified protections and interlocks from operation and putting them into operation when the conditions established in the NPP design are met.
33. The NPP project should provide for automated verification of protections performed by USNE WB.
34. The implemented protection algorithm performed by the WB USNE should be carried out without interruption until the completion of this algorithm, regardless of changes in the triggering condition that caused the protection to operate. Justification for the admissibility of deviation from this requirement should be given in the NPP project.
35. Removal of the command to initiate protection performed by the WB USNE after the completion of the protection algorithm, if the NPP design provides that such removal is carried out by the NPP personnel, should be carried out with the adoption of the organizational and technical measures provided for in the NPP design to prevent erroneous removal of the command.

IV. Requirements for security control systems

36. Safety control systems must provide automatic and automated control of the safety system to the extent established and justified in the NPP design.
37. Automatic commissioning of the process equipment of the SS should be carried out by commands from the CSS when the conditions established and justified in the NPP design occur.
38. Automated commissioning of technological equipment of the Security Service should be provided from the MCR, as well as (in case of loss of the ability to control from the MCR) from the RPU.
39. In the draft AS for CSS, the following should be defined and justified:
conditions for automatic launch (commissioning) of the SB;
SB control algorithms.
40. Control safety systems shall be designed in such a way that within 10 - 30 minutes after the automatic start of the SS, the possibility of interference in their work by the NPP personnel is prevented, with the exception of interference related to the actions of the NPP personnel provided for by the technological regulations for the operation of the NPP unit, instructions for operation, instructions for the elimination of accidents, guidelines for the management of beyond design basis accidents.
41. Control safety systems performing the function of emergency protection must comply with the requirements established in the nuclear safety rules of RU NPP.
42. Commands generated by CSS for automatic control of security systems should take precedence over all other control commands.
43. In the NPP design, the recovery time of the CSS channels after a channel failure occurs for each function performed by this channel should be determined.
44. Before putting the CSS channels into operation, tests should be carried out to verify the performance by the CSS channels of the functions established in the NPP design.

V. Requirements for control systems related to
to safety-relevant special technical means
for beyond design basis accident management

45. The scope of control exercised by control systems related to safety-related special technical means for managing beyond design basis accidents should be sufficient to determine the state of the main safety functions of the NPP under conditions of beyond design basis accidents (including severe ones), as well as to perform actions by the NPP personnel for management of beyond design basis accidents (including severe ones).
46. Sufficiency of the scope of NPP control carried out by control systems related to safety-related special technical means for managing beyond design basis accidents (including the range of controlled parameters, range and accuracy of measurements, speed, time battery life), should be justified in the NPP project.
47. The display of the controlled parameters of the RP and NPP by control systems related to safety-important special technical means for managing beyond design basis accidents should be ensured during the entire period of the accident and in the post-accident period.
48. When designing control systems related to safety-related special technical means for managing beyond design basis accidents, at a multiunit NPP, the adequacy of the technical means provided for in these control systems for the event of a beyond design basis (including severe) accident occurring simultaneously at all NPP units shall be shown. .
49. Power supply of elements of control systems related to safety-related special technical means for managing beyond design basis accidents must be carried out in such a way that these systems remain operational for the time justified in the NPP design in case of failure of normal operation power supply sources, as well as emergency power supply sources of the second groups of the emergency power supply system.
50. The NPP design shall provide for all reasonably achievable measures to ensure the independence of control systems related to safety-related special technical means for managing beyond design basis accidents from the control systems of normal operation and CSS.

VI. Requirements for the human-machine interface

51. As part of the control systems important to safety, systems should be provided that provide the plant personnel with reliable information about the state of systems and elements of the plant important to safety.
52. The design of the NPP should show that the human-machine interface minimizes the possibility of erroneous actions of the NPP personnel when managing the NPP.
53. The list of NPP parameters controlled from the control room should be sufficient to provide the NPP personnel with unambiguous information on compliance with the limits of safe operation of the NPP, on the occurrence of conditions for the introduction of the SA, as well as on the automatic operation and operation of security systems. The list of NPP parameters controlled from the MCU and RPU must be substantiated in the NPP design and presented in the NPP SAR.
54. As part of the control systems important to safety, implementing protections, means of signaling the operation of protection should be provided. When using a multi-channel structure for the implementation of protection, signaling to the NPP personnel about the operation of individual channels should be provided.
55. Symbols (including abbreviations and abbreviations) used in the WWCS to designate control objects, technological parameters of systems important to safety, parameters of the state of the WWCS and its elements, should not require additional reference documentation for understanding by NPP personnel of these symbols .

VII. Requirements for the interaction of the USBS with adjacent systems

56. For each WSS in the NPP project, the following should be identified and justified:
a list of systems with which the WWCS (adjacent systems) should interact in each of the NPP normal operation modes, as well as in case of violations of the NPP normal operation;
data to be received by the UNWCS from each of the adjacent systems and (or) issued to each of the adjacent systems;
the required frequency, the time of updating the received and issued data, and the conditions that initialize the update;
priority of execution of commands received from adjacent systems;
ways of presenting received and issued data, adopted in related systems;
interface for transmitting (receiving) data.
57. The absence of errors in data exchange between the WWCS and its adjacent systems should be checked automatically during the operation of this WWCS and periodically during the operation of the NPP in accordance with the procedure established in the NPP project.
58. For the integration of the USWB with related systems, the NPP project should determine:
premises for placement of the equipment of this WWCS;
layout restrictions associated with the placement of this WCS at the NPP;
types of interfaces of this USBCS with adjacent systems;
means of detecting errors and malfunctions of interfaces and communication lines.
59. When integrating the USBS with related systems, the following must be performed:
testing of this WWCS and related systems in order to confirm the compliance of their operation with the requirements of the NPP design;
verification of analog and digital signals of exchange between this USBCB and adjacent systems, confirming that when performing control and information functions related to categories A, B, C, the signal values and logical states specified in the NPP project are provided.
60. The exchange of information between the WWCS and normal operation systems that do not affect safety should be carried out in a one-way mode (from WWCS to normal operation systems that do not affect safety) through gateway devices from the WWCS.

VIII. Requirements for the security of control systems, important
for security, against unauthorized access

61. The NPP must be protected from unauthorized access to elements of control systems important to safety, including communication lines and data.
62. The objects in respect of which protection from unauthorized access must be provided are:
means by which the settings of protections, interlocks, warning and alarm signaling are changed, and the settings of regulators are set;
switching elements for connecting circuits external to the USBB;
replaceable components located inside the elements of the USBS;
manual controls (for example, power supply switches, operation mode switches, means of deactivating the USB channels, and others);
means of manual input and output of data (for example, a keyboard);
media and software on media.
A specific list of objects to be protected from unauthorized access must be specified and justified in the NPP project.
63. For the USBC participating in the performance of control or information functions of category A or B, measures should be provided to prevent unauthorized access to the components of the USBC, to ensure protection against changes in programs and data, including from adjacent systems, as well as immediate notification of NPP personnel about unauthorized access. The NPP project should provide for technical and administrative measures to restrict access to the elements of the CSSD.

IX. Requirements for maintaining the performance of managers
systems important to safety in operation

Changing power supply settings

64. The USBCS must remain operational during permissible changes in power supply parameters: voltage and frequency changes, power supply interruptions. The values of permissible changes in power supply parameters are set in the NPP design.
Permissible changes in the USBS power supply parameters should not lead to errors when the USBS performs control or information functions, loss of data in memory, false output signals, malfunctions of the USBS, requiring the intervention of NPP personnel.
65. The design of the NPP should provide for the storage of information on the position of the valve, which is controlled by the DCVB, in the WWCS after the power supply to the valve actuators fails.
66. In the absence of power supply to the WWCS sensors, the signals used in the WWCS should be regarded by the specified system as unreliable.
67. Tests for resistance to changes in power supply parameters should be carried out for the WWCS. When carrying out these tests, the test effects must be determined on the basis of the initial data established by the NPP design on possible changes in the parameters of the NPP auxiliary power supply network. Options electrical influences, which are simulated during testing, should be determined on the basis of experimental and (or) calculated data on the actual or expected values of these parameters in all rooms where the WWCS is located.
68. If the NPP design does not substantiate the absence of the possibility of loss of power supply to the elements of the USBC, which will lead to the inability of this USBC to perform the control or information functions of categories A and B, for such an USBC it is necessary to provide for additional own uninterruptible power supplies. These sources should be tested for performance at regular intervals justified in the NPP design.

Impact environment

69. For each WWCS, it shall be ensured that its elements remain operational under environmental conditions typical for the normal operation of the NPP (without limiting the exposure time), as well as for violations of the normal operation of the NPP, including accidents (for a time greater than or equal to the expected maximum duration of exposure ) that require the operation of this WWCS.
70. The environmental conditions under which the operability of the WWCS should be maintained should be given in the NPP design. These conditions must include:
nominal (working), maximum permissible lower and upper values of ambient temperature;
the rate of change in ambient temperature;
nominal and maximum values of humidity;
nominal and maximum values of barometric pressure;
limit values of the absorbed dose rate of ionizing radiation and absorbed dose during the regulated period of operation (for elements of the USBS placed in the controlled access zone);
limit values for the concentration of corrosive and other chemical agents;
limit value of dust concentration;
the limiting time of external influence, during which the WWCS must remain operational.
71. Control systems important for safety must be resistant to mechanical impacts, characterized by the parameters of sinusoidal vibration and mechanical shocks established by the NPP design, as well as the parameters of seismic impacts.

Electromagnetic compatibility

72. The NPP design shall establish electromagnetic compatibility requirements, including:
requirements for the immunity of control systems important for safety to the effects of electromagnetic conditions (interference) from the power supply network, from the ground loop, along signal and command transmission circuits, communication lines, local networks, as well as in the space of the premises (hereinafter referred to as noise immunity);
limiting the possible adverse effect of elements of control systems important to safety on other systems (elements) along common or electrically connected circuits, as well as on the space of the premises, caused by electromagnetic processes during switching on, operation, malfunctions and (or) shutdown of the USBS (hereinafter - interference emission).
73. When establishing in the NPP project the requirements for the noise immunity of the USBS, the types of possible interference, the intensity of the interference of each type and the criteria for the quality of the functioning of these systems during tests for noise immunity should be indicated.
74. Requirements for the noise immunity of the USBS should be established in the NPP project in relation to the following types of interference:
discharges of static electricity on the body, controls and external cable shields;
microsecond impulse noise in power supply circuits;
nanosecond impulse noise coming from external sources to information circuits and power circuits;
radiated radio frequency interference;
dynamic changes in power supply voltage;
magnetic fields of industrial frequency;
impulse magnetic fields;
short-term sinusoidal interference in protective and signal grounding circuits;
microsecond impulse noise in protective and signal grounding circuits.
75. The NPP design shall establish requirements for the WWCS in terms of permissible noise emission, including into the power supply and ground loops.
76. For control systems important to safety, immunity tests should be carried out. The test conditions, including the configuration of the equipment and connecting lines during the tests, should be as close as possible to the design conditions. The use of additional grounding and noise suppression devices that are not provided for by the NPP project during testing is not allowed.
77. When the NPP unit is put into operation, as well as after the modernization of the USBC and related systems, tests of the interference emission of the USBC and the electromagnetic environment should be carried out directly at the place of operation at the request of the operating organization.
78. The NPP design shall substantiate the sufficiency of the provided electromagnetic protection measures.

X. Requirements for conformity assessment of controls
systems important to safety

79. Prior to the commencement of operation of the said systems, the elements of the WWCS supplied to the NPP must undergo an assessment of compliance with the requirements of federal norms and rules in the field of the use of atomic energy, included in the terms of reference for the development of the said systems.
80. Conformity assessment for the elements of the USVB should be carried out in the form of acceptance and in the form of tests in accordance with the requirements of federal norms and rules in the field of the use of atomic energy for conformity assessment of equipment, components, materials and semi-finished products supplied to nuclear facilities. Based on the test results, the operability of the specified elements should be assessed during the design period of operation under the conditions provided for by the NPP design.
81. The conformity assessment of the elements of the CSSD should include:
determination of requirements for the specified elements (in accordance with paragraph 79 of these Rules);
obtaining information about the actual properties and characteristics of these elements (through testing);
comparison of the actual properties and characteristics of these elements with the established requirements;
making a decision on the compliance or non-compliance of each of these elements with the established requirements.

XI. Requirements for testing control systems important
for security

82. Prior to the start of operation for each of the control systems important to safety, the following must be performed:
autonomous and integrated testing of the system components and acceptance testing of the system outside the NPP in order to make a decision on the possibility of supplying the WWCS to the NPP site;
commissioning and autonomous testing at the NPP site;
comprehensive testing of the system at the NPP site;
pilot operation of the system;
system acceptance testing.
83. Autonomous tests of the components of the USBCS and integrated tests of the specified system should be carried out outside the NPP (for example, at a test site provided by the manufacturer (supplier) of the system) in accordance with test programs agreed with the operating organization.
Acceptance tests of the components of the USVSB should be carried out before the system is delivered to the NPP. In the case of separate delivery of the WWCS equipment to NPPs, system acceptance tests may be performed after delivery of the system equipment to NPPs according to a separate decision agreed with the operating organization.
84. Autonomous testing of the USBS at NPPs is carried out in order to check and adjust all the components of the system and determine the readiness of the SDCS for conducting integrated tests. Comprehensive tests of the USBS are carried out in order to check and adjust joint work elements of this system. Comprehensive tests of the WWCS should confirm that each control or information function of this system is performed in accordance with the requirements of the project (task). Based on the results of the integrated tests, the readiness of the USVSB for trial operation is determined.
85. Experimental operation of the WWCS should be carried out by NPP personnel in order to confirm the actual quantitative and quality characteristics systems and their compliance with the requirements established in the technical project (task) for the development of the system, assessing the readiness of the NPP personnel to operate the system, assessing and updating operational documentation.
86. Acceptance tests are carried out to determine the conformity technical project(task), as well as to assess the quality of trial operation and decide on the possibility of accepting the USWB into operation.
87. To carry out acceptance tests of the WWCS, the operating organization shall appoint a commission with the participation of the developer of the NPP (system) project and the manufacturer (supplier) of the system.
88. At the stages of putting the NPP unit into operation, tests of the STCS for the stability of automatic control loops should be carried out according to programs that provide for real initiating signals with an impact on control objects.
89. Information about the results of tests of the WWCS performed prior to the start of operation of these systems should be included in the NPP SAR.
90. USBCS should be tested for correct operation during operation.

XII. Requirements for the operation and modernization of control
systems important to safety

91. Prior to the start of operation of the newly developed or upgraded WWCS, the necessary changes must be made to the operational documentation of the NPP.
92. For each of the control systems important to safety, the NPP operational documentation must contain information about the set of service equipment, as well as the set of spare parts and accessories used during installation, maintenance and restoration of system elements. The list of service equipment and spare parts must be defined and justified in the NPP design.
93. Restoration of the operability of the USBS and its elements should be carried out by replacing failed replaceable components with operable ones from the set of spare parts and accessories. Faulty elements that do not have replaceable components should be replaced as a whole. After the replacement, the functioning of the corresponding WWCS should be checked, as well as the verification of measuring channels, signaling, the characteristics of which the replacement could have affected.
94. Control systems important for safety must be operated in accordance with the instructions for the operation of these systems, as well as in accordance with the technological regulations for the operation of the NPP unit.
95. During the operation of the WWCS, operational and routine maintenance of their elements should be carried out.
96. Periodic inspection of the technical condition of control systems important to safety should be carried out during routine maintenance, as well as during each scheduled preventive maintenance of the NPP unit. Periodic testing should cover elements of systems for which continuous automatic testing (diagnostics) is not provided, as well as those characteristics of these systems that cannot be controlled automatically.
97. During the modernization of the WWCS and its elements, the compatibility of the newly installed equipment with the equipment remaining in operation should be ensured.
98. Assessment of the residual life of equipment and measures to extend the design life of control systems important to safety and their elements should be carried out as part of the program for managing the resource characteristics of NPP equipment.

Appendix No. 1

in the field of atomic energy use
"Requirements for control systems,

on environmental, technological
and nuclear supervision
of November 16, 2016 N 483

LIST OF ABBREVIATIONS

AS - nuclear power plant
BPU - block control point
ZIP - spare parts, tools and devices
SAR - Safety Analysis Report
ON - software
RPU - reserve control point
RU - reactor plant
SB - security system
USB - Security Control System
USVB is a control system important to safety
USNE VB - normal operation control system important for safety

Appendix No. 2
to federal rules and regulations
in the field of atomic energy use
"Requirements for control systems,
important for the safety of nuclear power plants",
approved by order of the Federal Service
on environmental, technological
and nuclear supervision
of November 16, 2016 N 483

TERMS AND THEIR DEFINITIONS

For the purposes of these rules, the following terms are used
and their definitions

1. Automated control of the AU - control carried out with the participation of personnel using the control system (s), important for safety.
2. Automatic control - control carried out by a control system (systems) important to safety, without the participation of personnel.
3. Hardware-software devices - programmable digital devices, in which the software is an (integral) integral part of the hardware (an example of a hardware-software device is a processor containing microcode).
4. Blocking - a control function, the purpose of which is to prevent or stop the actions of personnel, a control system important to safety, or a control object.
5. Putting into operation of protection (blocking) - a set of operations provided for by the NPP design and specified in the operational documentation, transferring the USVB to a state in which protection (blocking) will be put into operation in the event of the subsequent occurrence of conditions for which, in accordance with the NPP project, her work.
6. Verification - confirmation based on the presentation of objective evidence that the result of activities at the stage of the life cycle of the NPP control system important for safety is obtained in compliance with the requirements for this system at this stage of the system life cycle.
7. Decommissioning of protection (blocking) - a set of operations provided for by the NPP design and specified in the operational documentation, transferring the USVB to a state in which protection (blocking) will not be put into operation in the event of the subsequent occurrence of conditions for which, in accordance with the NPP project her work is required.
8. Life cycle control system important to safety - a set of stages of development that a control system important to safety goes through during its existence, including the following stages: development of technical specifications, design, manufacture, testing, acceptance, installation, commissioning and operation.
9. Protection - a control function, the purpose of which is to prevent:
damage, failures, destruction of protected equipment or elements of control systems;
use of faulty equipment or elements of control systems;
undesirable actions of management personnel.
10. Measuring channel (control channel) - a functionally distinguished part of the system that performs a complete function - from the perception of the measured value to the receipt of the result of its measurements.
11. Human-machine interface - a set of technical measures provided for in the NPP design to provide the NPP operator with the necessary information and capabilities to control and manage the NPP systems and elements.
12. Information function - a set of actions of control systems that are important for safety (functional group), aimed at achieving a specific goal specified in the NPP design documentation (with the exception of actions performed for the own needs of these systems (functional group), realizing the presentation of information to NPP personnel on the state, characteristics (parameters) of systems, elements of the NPP or the NPP as a whole without direct control of the object.
13. Channel (of a system, functional group) - a part of a system (functional group) that performs the function of a system (functional group) in the scope established by the NPP project.
14. Comprehensive testing of the control system important to safety - testing of the control system important to safety in the modes of its operation provided for in the NPP design for normal operation and in case of violations of the normal operation of the NPP.
15. Controlled safe state of a nuclear power plant - the state of the NPP, maintained for an unlimited time, in which the main safety functions of the NPP are provided, established by the General Provisions for Ensuring the Safety of Nuclear Plants.
16. Unauthorized access - access to the equipment (elements) of the AU system that is not authorized in the established manner.
17. Trial operation of the control system important for safety - operation of the WWCS at the NPP in order to determine the actual characteristics of the WWCS, confirm their compliance with the requirements of the design documentation, assess the readiness of the NPP personnel to operate the WDCS.
18. Acceptance tests of the control system important to safety - tests carried out after the trial operation of the USBS at the NPP to determine the compliance of the parts of the SWTS with the technical design (task), to assess the quality of the trial operation.
19. Programmable digital devices - elements of control systems that use software, including hardware and software devices.
20. Single time system - accurate synchronization of the clocks of all computing nodes included in the control systems of the AU, important for safety.
21. Special technical means for beyond design basis accident management - control systems (elements) provided for in the NPP design for beyond design basis accident management.
22. Control system - an AU system that manages an object (objects) according to specified goals, criteria and restrictions.
23. Control system important to safety - a control system that is important to safety in terms of its impact on NPP safety.
24. Control function - a set of actions of control systems that are important for safety (functional group), aimed at achieving a specific goal specified in the design documentation of the NPP, which implements the control of an object (system or element of the NPP) according to specified goals, criteria and restrictions.
25. Security control systems (elements) - systems (elements) designed to initiate the actions of security systems, exercise control and manage them in the process of performing specified functions.
26. Control systems (elements) of normal operation - systems (elements) designed to initiate the actions of normal operation systems, monitor and control them in the process of performing specified functions.
27. Functional group - a set of elements of the USBS that performs the control or information function in the scope established by the NPP project.

page 1

page 2

page 3

page 4

page 5

page 6

page 7

page 8

federal Service
for Environmental, Technological and Nuclear Supervision

FEDERAL NORMS AND RULES
IN THE FIELD OF USE OF NUCLEAR ENERGY

REQUIREMENTS
TO CONTROL SYSTEMS IMPORTANT FOR
SAFETY OF NUCLEAR PLANT

NP-026-04

Moscow 2004

These federal norms and rules *) establish the purpose and scope of the document; general provisions; requirements for normal operation control systems important for NPP safety, and requirements for NPP unit safety control systems. The list of necessary terms and definitions is given.

These federal norms and rules take into account the changes made to the previously valid document "Requirements for control systems important for the safety of nuclear power plants" (NP-026-01).

_______________________

*) Developer - Scientific and Technical Center for Nuclear and Radiation Safety of Gosatomnadzor of Russia. Development Manager - Head of Control Systems Department, Ph.D. A.S. Alpeev.

This regulatory document takes into account the proposals of interested organizations and enterprises: the Rosenergoatom Concern, VNIIA, NIKIET, Atomenergoproekt, VNIIEM after their discussion at meetings and the development of agreed decisions.

I. TERMS AND DEFINITIONS

For the purposes of this document, the following terms and definitions are used.

1. Automated control- management carried out with the participation of personnel using automation tools.

2. Automatic control- management carried out by means of automation without the participation of personnel.

3. Blocking- a control function, the purpose of which is to prevent or stop the actions of personnel, automation equipment and equipment.

4. Diagnostics- control function, the purpose of which is to determine the state of operability (inoperability) or serviceability (malfunction) of the diagnosed object.

5. Remote control- object control at a distance, which can be implemented manually or automatically.

6. Protection- a control function whose purpose is to prevent:

a) damage, failure or destruction of protected equipment or automation equipment:

b) the use of faulty equipment or automation equipment;

c) undesirable actions of management personnel.

7. Indication- information function of the control system, the purpose of which is to display information to operational personnel on automation tools.

9. Control- part of the control function, the purpose of which is to evaluate the value (identification) of a parameter or determine the state of a controlled process or equipment.

10. Unauthorized access- unauthorized access to automation equipment or equipment.

11. Registration- information function, the purpose of which is to fix information on any medium that allows its storage.

12. Control system- a system that is a combination of a control object and a control system.

13. Automation tools- a set of software, hardware and software and hardware tools designed to create control systems.

14. Control system- a part of the management system that manages an object according to specified goals, criteria and restrictions.

15. Control systems (elements) of safety- systems (elements) designed to initiate the actions of security systems, to control them in the process of performing specified functions

16. Control systems important to safety— a set of safety control systems and normal operation control systems important to safety.

17. Control systems (elements) of normal operation- systems (elements) that form and implement, according to specified technological goals, criteria and restrictions, the control of process equipment of normal operation systems.

18. Functional group- part of the control systems adopted in the project, which is a set of automation tools that perform a given function of control systems

II. PURPOSE AND SCOPE

2.1. This regulatory document establishes:

general provisions;

· requirements for control systems of normal operation important for safety (hereinafter referred to as USNE VB) of a nuclear power plant (hereinafter referred to as NPP);

· requirements for control safety systems (hereinafter referred to as CSS) of the NPP;

terms and definitions in the regulated scope.

2.2. For NPP units designed and in operation prior to the entry into force of this regulatory document, the timing and scope of bringing the control systems important to safety (hereinafter referred to as the SCS) in accordance with this regulatory document are determined in each specific case in the prescribed manner.

2.3. The requirements of this regulatory document do not apply to the development and manufacture of automation equipment.

III. GENERAL PROVISIONS

3.1. The USBCS are designed to control the technological equipment of the NPP unit, which ensures safety in normal operation, in modes with deviations from normal operation, pre-emergency situations and accidents.