DIN EN 61226:2010-08

I&C systems in nuclear power plants (NPPs) perform functions with different levels of importance to safety. The importance to safety of each I&C function depends upon its role for achieving and maintaining safety, the potential consequence of failure of the function to operate when required, and the probability of these consequences. The severity of the potential consequences in the case of a postulated failure of an I&C function defines the level of assurance that is required for the attributes of the various systems and equipment which deliver this function, most notably that of functionality, performance and reliability. This standard extends the classification strategy presented in IAEA Safety Guide NS-G-1.3, and establishes the criteria and methods to be used to assign the I&C functions of NPPs to one of the three categories A, B and C, depending on their importance to safety, or to another unclassified category for functions with no direct safety role. Category A denotes the functions that play a principal role in the achievement and maintenance of NPP safety as they prevent design basis events leading to unacceptable consequences. Category A also contains functions whose failure could directly lead to accident conditions which may cause unacceptable consequences if not mitigated by other category A functions. Category A functions have high reliability requirements. Consequently, it can be necessary to limit their functionality and complexity. Category B denotes functions that play a complementary role to the category A functions in the achievement or maintenance of NPP safety. This includes especially the functions required to operate after the non-hazardous stable state has been achieved, to prevent design basis events (DBE) from leading to unacceptable consequences, or to mitigate the consequences of DBE. Category B also contains functions whose failure could initiate a DBE or worsen the severity of a DBE. Because of the presence of category A functions which represent the ultimate threshold for the prevention or mitigation of the consequences of a DBE, the safety requirements for the Category B function need not be as high as those for the category A function. This allows, if necessary, the category B function to be of higher functionality than category A functions in their method of detecting the need to act or in their subsequent actions. Category C denotes functions that play an auxiliary or indirect role in the achievement or maintenance of NPP safety. Category C includes functions that have some safety significance, but are not category A or B. They can be part of the total response to DBA but are not be directly involved in mitigating the physical consequences of the accident, or these are functions necessary for beyond design basis accidents. The responsible Committee is Subcommittee UK 967.1 "Leittechnik für kerntechnische Anlagen" ("Instrumentation for nuclear facilities") of the DKE (German Commission for Electrical, Electronic and Information Technologies) at DIN and VDE.