Revision 0

Acronyms

CBT

Computer Based Training

CDF

Core Damage Frequency

CEP

Control Effectiveness Profile

DEG

Digital Engineering Guide

DMG

Digital Maintenance Management Guide

DSE

Digital Systems Engineering

EMC

Electromagnetic Compatibility

EMCAM

Electromagnetic Compatibility Assessment Methodology

EMI

Electromagnetic Interference

EPRI

Electric Power Research Institute

HAZCADS

Hazards and Consequences Analysis for Digital Systems

IEC

International Electrotechnical Commission

I&C

Instrumentation and Control

M&D

Monitoring and Diagnostics

NEI

Nuclear Energy Institute

NRC

Nuclear Regulatory Commission

PRR

Plant Reliability and Resilience

RFI

Radiofrequency Interference

RRT

Risk Reduction Target

STPA

System-Theoretic Process Analysis

UCA

Unsafe Control Action

Definitions

Configuration Control

An element of configuration management, consisting of the evaluation, coordination, approval or disapproval, and implementation of changes to configuration items after formal establishment of their configuration identification (ISO/IEC/IEEE 24765-2017).

Configuration Management

1) The systematic approach for identifying, documenting, and changing the characteristics of a facility’s structures, systems, and components (SSCs) to ensure that conformance is maintained between the requirements, the physical configuration, and configuration information (EPRI 1022684); or

2) A discipline applying technical and management direction and surveillance to: identify and document the functional and physical characteristics of a configuration item, control changes to those characteristics, record and report change processing and implementation status, and verify compliance with specified requirements (ISO/IEC/IEEE 24765-2017).

Control Actions

command that a system controller can provide on a controlled process (STPA Handbook)

Control Methods

The technical, operational, or administrative features, functions, and capabilities for a component that can be implemented to mitigate risk. These technical, operational, or administrative control methods can be used to protect components. (Adapted from EPRI 3002012752)

Electromagnetic Compatibility

The ability of equipment to function satisfactorily in its electromagnetic environment without introducing unacceptable electromagnetic emissions to other equipment in that environment. (EPRI 3002015757 - TR 102323 Rev.5)

Electromagnetic Interference

A measure of electromagnetic radiation from equipment. (EPRI 3002015757 - TR 102323 Rev.5)

Functional Safety

part of the overall safety that depends on functional and physical units operating correctly in response to their inputs (IEC/TR 61508-0, Functional safety of electrical/electronic/programmable electronic safety-related systems – Part 0: Functional safety and and IEC 61508)

Hazard

A system state or set of conditions that, together with a particular set of worst-case environment conditions, will lead to an accident (loss). (STPA Handbook). This definition is broader than the scope of what constitutes a “hazard” in the PRA.

Hazards Analysis

(1) The process of identifying hazards and their potential causal factors. Conceptually, “hazard analysis” may be considered somewhat broader than “failure analysis” in the sense that it also considers situations in which there can be losses in the absence of any failures of systems, subsystems or components. (EPRI 3002000509);

(2) A process of examining a system to identify inherent hazards and incorporating appropriate requirements, design, and other constraints to eliminate, prevent, or control the identified hazard. (IEEE 7-4.3.2 – 2016)

Loss Scenario

A loss scenario describes the causal factors that can lead to the unsafe control actions and to hazards. (Adapted from STPA Handbook)

Reliability

1) The characteristic of an item expressed by the probability that it will perform a required mission under stated conditions for a mission time (IEEE Std. 577-1991 and IEEE Std. 352-1987); or 2) probability that a device, system, or facility will perform its intended functions satisfactorily for a specified time under stated operating conditions (IEC 61508-4, 2010).

Systematic Capability

measure (expressed on a scale of SC 1 to SC 4) of the confidence that the systematic safety integrity of an element meets the requirements of the specified SIL, in respect of the specified element safety function, when the element is applied in accordance with the instructions specified in the compliant item safety manual for the element. (IEC 61508-4, 2010)

Systems Engineering

1) The art and science of developing an operable system capable of meeting requirements within often opposed constraints. Systems engineering is a holistic, integrative discipline, wherein the contributions of structural engineers, electrical engineers, mechanism designers, power engineers, human factors engineers, and many more disciplines are evaluated and balanced, one against another, to produce a coherent whole that is not dominated by the perspective of a single discipline (NASA Systems Engineering Handbook, NASA/SP-2007-6105 Rev. 1); or 2) Interdisciplinary approach governing the total technical and managerial effort required to transform a set of stakeholder needs, expectations, and constraints into a solution, and to support that solution throughout its life (ISO/IEC/IEEE 24765-2017).

Random Capability

Probability of failure achieved in respect of the risk reduction target, measured in terms of the average probability of dangerous failure on demand (for a low demand mode of operation), the average frequency of a dangerous failure per hour (for a high demand mode of operation or a continuous mode of operation), or the spurious trip rate. (adapted from Clause 3.5.17 in IEC 61508-4, 2010)

Unsafe Control Actions

Control actions that could lead to losses (Adapted from STPA Handbook)

Record of Revisions