SAFETY SYSTEM AND CONTROL SYSTEM SEPARATION REQUIREMENTS FOR ACR-1000TM AND OPERATING CANDU(R) REACTORS
Digital control and safety plus the complete functional and physical separation between control and safety and also between the safety systems have been key long standing principles of CANDU?,1 nuclear reactor technology. This paper presents a historical evolution of these principles that make CANDU reactors one of the safest technologies in the world today. The original Generation II CANDU 6 reactors started with complete separation of control from safety and the division of safety systems into two groups having strong physical separation such as opposite sides of the reactor or reactor building. Within each group a more moderate distance separation was employed. With the advent of distributed computer technology for control and display functions, key processing equipment is now moved out remote from the control rooms and distributed into channelized field equipment rooms around the reactor building as in the Four-Quadrant concept for ACR-1000TM,2. This new approach is immune to total unavailability of any control room or equipment room due to events such as fire with minimal impact to any of the safety systems regardless of their grouping. In addition to physical separation, appropriate functional partitioning, design rules to avoid communication cross links, and diversity principles are applied to computer based I&C systems as defences against common cause faults.
Sunil Tikku Gilbert Raiskums John Harber Phil Foster
ACR Development Atomic Energy of Canada Limited 2251, Speakman Drive, Mississauga, Ontario, Canada, L5K 1B2
国际会议
18th International Conference on Nuclear Engineering(第18届国际核能工程大会 ICONE 18)
西安
英文
1-10
2010-05-17(万方平台首次上网日期,不代表论文的发表时间)