Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

REDUNDANCY, DIVERSITY AND INDEPENDENCE

Interconnections and isolation capabihties and other appropriate design features (such as leak detection) shall be provided to fulfil the requirements of para. 6.33 with sufficient reliability, on the assumptions of a single failure and the loss of ofif-site power, and with the incorporation of suitable redundancy, diversity and independence. [Pg.33]

Systems with safety functions of especially high importance shall be designed with redundancy or diversity and independence considering their physical make-up, working principles, assigned safely functions, etc. (Guide 9(2)). [Pg.174]

De facto, the principles of redundancy, diversity and physical independence are incorporated in the designs of HTGRs, and various active systems or systems with actuators, such as shutdown or heat removal systems, as well as protection actions, such as stop of the primary helium blower, are provided for in all designs considered in this report. [Pg.44]

The initiation and operation of all special safety systems, if required, is fully automatic, based on diverse and redundant measurements. For example, two independent and diverse reactor trip (shutdown) signals are provided for each of the shutdown systems for every design basis accident requiring reactor shutdown. [Pg.163]

When getting the first graphite-uranium pile close to critical conditions in Chicago in December 1942, the scientists were prepared to take necessary countermeasures and return the pile to a safe condition. They even had redundant and independently diverse possibilities to do this (control rods and liquid neutron poison). Enrico Fermi, the scientist responsible also took the human factor seriously. He asked his crew to go for a lunch break just before the experiment was entering the most interesting phase. [Pg.39]

Similarly to LEMs, LIMs ensure sufficient negative reactivity feedback in unprotected transients. The role of LIMs is to provide a diversity and redundancy of performing this function in transients. Either LEMs or LIMs can terminate such transients independently. The difference between LEMs and LIMs is that the former can achieve both negative and positive... [Pg.474]

The design of the reactor protection system shall employ redundancy and independence sufficient to ensure that no single failure could result in the loss of automatic protective actions. Design techniques such as the use of failsafe behaviour and diversity shall be used to the extent practicable to prevent the loss of the reactor protection function. The appropriate protective actions shall be designed to be initiated automatically. [Pg.58]

Passive reactivity shutdown The plant control system (PCS) causes the reactor to follow load demand, and normally will maintain the core outlet sodium temperature within specified limits. If an emergency event develops too rapidly for the PCS to control it, then the safety-grade reactor protection system (RPS), located at the reactor module, will independently respond by causing a reactor scram (rapid insertion of the nine control rods). The RPS includes substantial internal diversity and redundancy and is expected to be Mghly... [Pg.492]

Independence in addition to an improvement of the separation between redundant channel sets through an extensive use of fiber optic communications, complete functional and electrical independence is provided within each channel set between sub-systems implementing functionally diverse actions or functions at different echelons of defense. The integration of functional diversity, defense-in-depth and independence makes the system extremely tolerant even to common mode failures. [Pg.107]

Requirements for safety system redundancy and unavailability Segregation for independence or diversity and Requirements for safety support systems ... [Pg.26]

Protection System Independence. The protection system shall be designed to ensure that the effects of normal operations, AOEs, maintenance, testing, and DBAs on redundant channels do not result in loss of the protection function. Design techniques, such as redundancy, physical separation, functional diversity, or diversity in component design and principles of operation, shall be used to prevent loss of the protection function. The protection shall be sufficient to ensure no single failure results in loss of protection and capability exists to test channels independently to determine failures and loss of redundancy. [Pg.15]

Sinale Failure Criterion Graded approach is dependent on SSC classification and operational mode (passive vs. active). Any of the following Fail safe. Redundancy or diversity. Separation or isolation (including interfaces and boundaries). Evaluate for common failure modes, independence, and reliability. Backfit only if risk/cost effective. [Pg.199]

The problematic, common aspect of using both classic redundancy and diversity is the difficulty of expression of failure potential of such systems. For common redundancy achieved by identical trains, a number of studies has been done, including (Mosleh ef a/., 1998), providing some quite general quantitative values of CCF probability parameters. For diversified systems, CCF potential is realistically estimated as much lower than for classic redundancy and sometimes, optimistically as close to a system with absolutely independent branches . [Pg.463]

Going through the various proposed approaches it is clear that few methods make a serious attempt at treating dependencies. In fact, (Goseva-Popstojanova and Trivedi 2001) concluded that all the models they reviewed assumed independence. Some of the published papers do discuss the problem, though usually limited to somewhat narrow problem definitions and consequently narrow solutions. There are, however, other research that more explicitly discuss the nature of dependence among software components, specifically research that has investigated the effect of redundancy and diversity on software reliability. [Pg.1275]

The core reactivity is controlled by control rods in the core and reflectors. A completely independent and redundant reserve shutdown system provides a diverse reactivity control capability using boron pellets stored in hoppers above special channels in the core. The inherent features that control reactivity and thus heat generation, include a strong negative temperature coefficient, and the single phase, neutronically inert cool. ... [Pg.318]

Therefore most plants are equipped with a four-train independent emergency feedwater system powered by four dedicated Diesel generators. In addition, these plants dispose of an auxiliary feedwater system (start-up and shut-down system) equipped with two pumps supplied by emergency power supply. As a result there are two diverse, redundant auxiliary/emergency feedwater systems available. [Pg.136]

Individual component failures are not significant contributors to shutdown core damage frequency, and there is no particular dominant contributor. This confirms the at-power conclusion that single independent component failures do not have a large impact on core damage frequency for the AP1000, and reflects the redundancy and diversity of protection at... [Pg.322]

Safety integrity level 1 equates to a simple non-redundant single path designed to fail safe with a typical availability of 0.99. Level 2 involves a partially redundant logic structure, with redundant independent paths for elements with lower availability. Overall availability is in the range of 0.999. Level 3 is composed of a totally redundant logic structure. Redundant independent circuits are used for the total interlock system. Diversity is considered an important factor and is used where appropriate. Fault tolerance is enhanced since a single fault of an ESD system component is unlikely to result in a loss of process protection. [Pg.198]

The external event category 1 and 2 structure, system or component should be soundly and conservatively constructed, evaluated, procured, operated and maintained in accordance with appropriate quality levels and engineering practices, such as the application of redundancy, independence and diversity . [Pg.20]

CCFs and CMFs are a form of dependent failures, created by dependencies built into the system design. In essence, CCF and CMF modes are SPFs that result in the elimination of intended design redundancy. Design diversity in redundant components can eliminate some CCF and CMF scenarios. A CMF occurs when events are not failure independent or statistically independent. [Pg.68]

See other pages where REDUNDANCY, DIVERSITY AND INDEPENDENCE is mentioned: [Pg.355]    [Pg.17]    [Pg.3]    [Pg.53]    [Pg.25]    [Pg.355]    [Pg.17]    [Pg.3]    [Pg.53]    [Pg.25]    [Pg.100]    [Pg.107]    [Pg.113]    [Pg.29]    [Pg.485]    [Pg.7]    [Pg.243]    [Pg.45]    [Pg.43]    [Pg.103]    [Pg.60]    [Pg.108]    [Pg.109]    [Pg.119]    [Pg.144]    [Pg.105]    [Pg.21]    [Pg.595]    [Pg.905]    [Pg.913]    [Pg.22]    [Pg.9]    [Pg.54]    [Pg.205]    [Pg.304]   


SEARCH



Redundancy

Redundant

© 2024 chempedia.info