|
| DOE-STD-6003-96
exposure, magnetic fields, temperature gradients, ion pulses, etc.). Unexpected failure
mechanisms within a single measurement technology could lead to erroneous actions.
i.
A task analysis should be conducted to determine functions that may be assigned to
the operator and those that are to be machine assigned. The operator should be pro-
vided with manual action-initiating capability for all safety functions, including auto-
matic functions. Manual initiation should be provided for actions not appropriate for
automatic initiation or for chosen automatic action interruption or adjustment. The
operator should also be provided with feedback information to confirm the occurrence
of the proper actuation and completion of the selected safety function.
j.
The control room and supporting local control and monitoring panels should be
designed for man/machine interface and local area or room habitability. Sufficient
central control room displays and command features should be provided to allow
monitoring and response to off-normal events, Adequate radiation and environmental
protection should be provided to permit access and occupancy of the control room
under accident conditions where the operator monitoring, mitigative, or response
actions are required during or following an off-normal event. A human factors analysis
of the control room and local operator interfaces should be performed consistent with
the safety analysis. The design of the control room should be implemented in accor-
dance with IEC 1989 with appropriate modifications for fusion technologies and
hazards.
k. Equipment at locations outside the control room should be provided if required to
achieve and/or maintain the facility systems in a safe or shutdown condition in the
absence of the control room functions designated for that purpose.
l.
The I&C system and components should be designed to provide the capability for
performance of periodic testing of all instruments, logic, interlocks, permissive fea-
tures, bypasses, and other facility systems. The safety system portion of the I&C
system should be capable of confirming the required calibration, setpoint, and time
responses with test frequencies that meet the uncertainty analysis requirements. Test
features of the safety-class system I&C should be able to detect failures of the system
that could degrade or prevent a safety function from occurring in the presence of a
single failure. The I&C system design should include the provision for sufficient
bypass or disable capability and test point access to allow for the valid performance
of necessary and adequate testing.
m. The I&C power system design should provide for the necessary redundant power
sources to ensure that the system will be capable of performing its required function
under all normal and off-normal conditions. Power sources that should be considered
for the I&C system include UPSs, critical instrument busses capable of being powered
from diesel generator backup power, and battery backup systems. The power supply
for safety-class instrumentation and controls should meet the IEEE Standard require-
ments for Class 1E power systems (IEEE 1980).
118
|
Privacy Statement - Press Release - Copyright Information. - Contact Us |