搜索
1CopiesmaybepurchasedfromtheInstituteofElectricalandElectronicsEngineers,Inc.,445HoesLane,Piscataway,NJ08855.RegulatoryguidesareissuedtodescribeandmakeavailabletothepublicsuchinformationasmethodsacceptabletotheNRCstaffforimplementingspecificpartsoftheNRC’sregulations,techniquesusedbythestaffinevaluatingspecificproblemsorpostulatedaccidents,anddataneededbytheNRCstaffinitsreviewofapplicationsforpermitsandlicenses.Regulatoryguidesarenotsubstitutesforregulations,andcompliancewiththemisnotrequired.MethodsandsolutionsdifferentfromthosesetoutintheguideswillbeacceptableiftheyprovideabasisforthefindingsrequisitetotheissuanceorcontinuanceofapermitorlicensebytheCommission.Thisguidewasissuedafterconsiderationofcommentsreceivedfromthepublic.Commentsandsuggestionsforimprovementsintheseguidesareencouragedatalltimes,andguideswillberevised,asappropriate,toaccommodatecommentsandtoreflectnewinformationorexperience.WrittencommentsmaybesubmittedtotheRulesandDirectivesBranch,ADM,U.S.NuclearRegulatoryCommission,Washington,DC20555-0001.Regulatoryguidesareissuedintenbroaddivisions:1,PowerReactors;2,ResearchandTestReactors;3,FuelsandMaterialsFacilities;4,EnvironmentalandSiting;5,MaterialsandPlantProtection;6,Products;7,Transportation;8,OccupationalHealth;9,AntitrustandFinancialReview;and10,General.Singlecopiesofregulatoryguides(whichmaybereproduced)maybeobtainedfreeofchargebywritingtheDistributionServicesSection,U.S.NuclearRegulatoryCommission,Washington,DC20555-0001,orbyfaxto(301)415-2289,orbyemailtoDISTRIBUTION@NRC.GOV.ElectroniccopiesofthisguideandotherrecentlyissuedguidesareavailableatNRC’shomepageat(DraftwasissuedasDG-1118)APPLICATIONOFTHESINGLE-FAILURECRITERIONTOSAFETYSYSTEMSA.INTRODUCTIONSection50.55a,“CodesandStandards,”of10CFRPart50,“DomesticLicensingofProductionandUtilizationFacilities,”requiresin10CFR50.55a(h)thatprotectionsystemsforplantswithconstructionpermitsissuedafterJanuary1,1971,butbeforeMay13,1999,mustmeettherequirementsstatedineitherIEEEStd.279,“CriteriaforProtectionSystemsforNuclearPowerGeneratingStations,”1orIEEEStd.603-1991,“CriteriaforSafetySystemsforNuclearPowerGeneratingStations.”1FornuclearpowerplantswithconstructionpermitsissuedbeforeJanuary1,1971,protectionsystemsmustbeconsistentwiththeirlicensingbasisormaymeettherequirementsofIEEEStd603-1991.ThesafetysystemsforplantswithconstructionpermitsissuedafterMay13,1999,mustmeettherequirementsofIEEEStd.603-1991.IEEEStd.279-1971statesthata“protectionsystem”encompassesallelectricandmechanicaldevicesandcircuitry(fromsensorstoactuationdeviceinputterminals)involvedingeneratingthosesignalsassociatedwiththeprotectivefunction.Thesesignalsincludethosethatactuateareactortripandthat,intheeventofaseriousreactoraccident,actuateengineeredsafetyfeatures(ESFs),suchascontainmentisolation,corespray,safetyinjection,pressurereduction,andaircleaning.“Protectivefunction”isdefinedinIEEEStd.279-1971as“thesensingofoneormorevariablesassociatedwitha1.53-2particulargeneratingstationcondition,signalprocessing,andtheinitiationandcompletionoftheprotectiveactionatvaluesofthevariablesestablishedinthedesignbases.”IEEEStd.603-1991usestheterm“safetysystems”ratherthan“protectionsystems”todefineitsscope.A“safetysystem”isdefinedinIEEEStd.603-1991as“asystemthatisreliedupontoremainfunctionalduringandfollowingdesignbasiseventstoensure:(i)theintegrityofthereactorcoolantpressureboundary,(ii)thecapabilitytoshutdownthereactorandmaintainitinasafeshutdowncondition,or(iii)thecapabilitytopreventormitigatetheconsequencesofaccidentsthatcouldresultinpotentialoffsiteexposurescomparabletothe10CFRPart100guidelines.”A“safetyfunction”isdefinedinIEEEStd.603-1991as“oneoftheprocessesorconditions(forexample,emergencynegativereactivityinsertion,post-accidentheatremoval,emergencycorecooling,post-accidentradioactivityremoval,andcontainmentisolation)essentialtomaintainplantparameterswithinacceptablelimitsestablishedforadesignbasisevent.”Section4.2ofIEEEStd279-19711statesthatanysinglefailurewithintheprotectionsystemwillnotpreventproperprotectiveactionatthesystemlevelwhenrequired.Section5.1ofIEEEStd603-19911statesthatthesafetysystemmustperformallsafetyfunctionsrequiredforadesignbasiseventinthepresenceof(a)anysingledetectablefailurewithinthesafetysystemsconcurrentwithallidentifiablebutnondetectablefailures,(b)allfailurescausedbythesinglefailure,and(c)allfailuresandspurioussystemactionsthatcauseorarecausedbythedesignbasiseventrequiringthesafetyfunctions.Thesinglefailurecouldoccurpriorto,oratanytimeduring,thedesignbasiseventforwhichthesafetysystemisrequiredtofunction.Theinformationcollectionscontainedinthisregulatoryguidearecoveredbytherequirementsof10CFRPart50,whichwereapprovedbytheOfficeofManagementandBudget(OMB),approvalnumber3150-0011.TheNRCmaynotconductorsponsor,andapersonisnotrequiredtorespondto,arequestforinformationoraninformationcollect