EN IEC 61500:2019 pdf download.Nuclear power plants - Instrumentation and control systems
important to safety
5.3 Performance requirements
Data communication channels shall provide sufficient performance to ensure that any message sent from any communication node is received by the intended destination node within a predefined maximum period.
Data communication shall meet the performance requirements in terms of response time and data capacity which result from the functional requirements and the architectural design of the I&C systems. The mechanisms and protocols used shall guarantee that any delay which may occur during communication or during access to the communication equipment is known and bounded by design.
Communication channels shall be verified to meet the specified real time response requirements of the category A functions to be performed, under credible worst-case conditions. The specified values of the required real time response and the worst-case conditions shall be justified by analysis. Deterministic communication shall be used So that the communication load does not vary, irrespective of plant conditions.
Where communication equipment is used for manual plant control and indication through a control room, the time from operating the physical switch or soft control until the confirmation of the action by indication of the changed state in the control room should be assessed under all potential circumstances including worst-case conditions.
For monitoring functions and manually initiated functions that are needed in accident conditions to bring the plant back into a safe state, the worst-case time response and limited usage of resources shall be justified by analysis.
5.4 Communication within and between division
The data communication within a segregated division (train) shall be protected from adverse influences from outside of the division. Thus messages in a division shall be passed directly from the sending communication node to the receiving one without involvement of any communication equipment outside the division.
Data communication in a division shall be separated from the other divisions. However,communication between divisions may be acceptable for voting logic.
5.5 Interfaces to systems of lower importance to safety
Communication equipment of systems performing category A functions shall be adequately segregated from communication equipment of systems performing only lower category functions.
When plant systems performing functions of different categories are required to communicate over communication channels, then the plant data flow should be from category A functions to lower category functions only.
Data flow from lower categories to category A functions should be prevented unless the design of the communication channel is such that category A functions cannot be adversely affected by such a connection.
If communication equipment of systems performing category A functions is interfaced to systems of lower importance to safety then cybersecurity measures shall be applied in accordance with IEC 62645 and IEC 62859.EN IEC 61500 pdf download.