Control System Architecture for a Modern Nuclear Power Plant

1
Control System Architecture for a Modern Nuclear
Power Plant

• Presented by J. Harber
• P. Foster, A. Xing
• Atomic Energy of Canada Limited
• IAEA Tech Meeting, Beijing China
• Nov 3-6, 2008

Unrestricted
2
Presentation Outline

• Modern IC Design Concepts
• Safety Categorization of Functions
• IC Platforms System Architecture
• Summary

CANDU, ACR-1000 and ACR are registered
trade-marks of Atomic Energy of Canada Limited
3
Modern IC Design Concepts

• IEC Standards for development of Programmable
  Electronic Systems (PESs)
• Concepts of system development based on safety
  significance of the functions being provided by
  programmable devices
• IEC 61226, IEC 61513, IEC 62138, IEC 60880, (IEC
  61508)
• Better understanding of human performance design
• Improved information presentation
• Alarm processing and prioritization
• Initial implementations in recent builds
• Increased emphasis on documenting the safety case
  for the design

4
Safety Categorization of Functions

• Based on principles of IEC 61226, safety
  functions in all systems are categorized and
  their importance to safety is identified
• Safety functions performed by each system are
  identified
• Safety functions are based on principles of IAEA
  NS-R-1
• Probabilistic safety assessments provide design
  assist and ensure that safety goals are met by
  the design (along with deterministic analysis).

5
ACR-1000 IC Design Features

• Safety Related systems across the station are
  divided into two functional groups
• Implementing 2 of 4 logic in ACR-1000 IC where
  reliable signals are required
• Limited sharing of measurement signals as
  permitted by Canadian regulations

6
Distributed Control System for Monitoring and
Control Functions

• Distributed Control System (DCS) consists of two
  subsystems
• Essential Control Subsystem (ECSS)
• Largely Category B functions
• Five safety systems are independent of the DCS
• Plant Control Subsystem (PCSS)
• Normal Process Control Functions
• Allocation of functions to DCS subsystems based
  on safety category

7
Operator Displays Control Interface Systems

• Safety System Monitoring Computers (SSMC)
• Displays for Category A and B functions
• Plant Display System (PDS)
• Displays and control interface for Category C
  (and non-safety) functions

8
ACR-1000 IC Platforms

• Trip computers used in two fully independent
  shutdown systems
• Combination of hardwired and qualified digital
  controllers used for Category A B safety
  functions
• Distributed control system (DCS) used for
  monitoring and control functions
• Safety System Monitoring Computers Plant
  Display System used for monitoring operator
  interface functions

9
Category A and B Functions
10
Category C and Non-safety
11
Overview of the Instrumentation and Control
Systems of the ACR-1000
12
Overview of ACR-1000 Monitoring and Control
Platforms
13
Field Control Equipment Rooms

• Distribution of monitoring and control functions

For shutdown and long term heatsink monitoring
when MCR unavailable
14
Summary

• Categorization of functions
• Supports IC system development, operator
  interface design, and Probabilistic Safety
  Assessment (PSA) studies
• Enhanced monitoring and control systems
• IC system development in accordance with safety
  significance
• Improved operator interface maintenance
  diagnostics
• Safety System Monitoring Computers
• Plant Display System
• Improved documentation to develop monitoring and
  control functions

15
(No Transcript)