IEEE Std 379-2014 pdf free download – IEEE Standard for Application of the Single-Failure Criterion to Nuclear Power Generating Station Safety Systems.
5.1 Independence and redundancy
The principle of independence is basic to the effective utilization of the single-failure criterion. The design of a safety system shall be such that no single failure of a component will interfere with the proper operation of an independent redundant component or system.
5.2 Nondetectable failure
The detectability of failures is implicit in the application of the single-failure criterion. Detectability is a function of the system design and the specified tests. A failure that cannot be detected through periodic testing or revealed by an alarm or anomalous indication is nondetectable. An objective in an analysis of safety systems is to identify nondetectable failures. Nondetectable failures should be identified by performing an evaluation of the safety system design that includes postulated component level failures and evaluating the effects of these failures including the ability to detect them. Some designs include redundant components to mitigate the effects of a failure, to improve system availability, or to support maintenance without impacting system availability. When evaluating the effects of a failure in such a configuration, care shall be taken to identify components whose failure will not be revealed by periodic test, alarm or anomalous indication. When nondetectable failures are identified, one of the following courses of action shall be taken:
Preferred course: The system or the test scheme shall be redesigned to make the failure detectable
Alternative course: When analyzing the effect of each single failure, all identified nondetectable failures shall be assumed to have occurred.
5.3 Cascaded failures Whenever the design is such that additional failures could be expected from the occurrence of a single failure, these cascaded failures shall be included in the single-failure analysis.
5.4 Design basis events
A design basis event that results in the need for safety functions may cause consequential failures of system components, modules, or channels. In order to provide protection from these failures, the safety equipment is designed, qualified and installed to provide protection from such anticipated challenges. An analysis shall be performed to determine the consequences of safety system failures resulting from design basis events. For a system to meet the single-failure criterion, it shall be shown that the required safety function can be performed in the presence of these event-caused failures, all identifiable nondetectable failures, and any other single failure.
5.5 Common-cause failures
The requirement for a safety system to function in the presence of common-cause failures (CCFs) is beyond the scope of the application of single-failure criterion and, therefore, this standard. However, it is important to screen out the potential CCFs when performing a single-failure analysis. As part of evaluating the overall reliability of safety systems, IEEE Std 352 extends the qualitative analysis beyond that which is done for failure modes and effects analysis (FMEA), or fault tree analysis, by considering CCFs. Therefore, an extended qualitative analysis described in IEEE Std 352 should be used to identify and screen out common-cause failure mechanisms not normally considered in an analysis of independent component failures.IEEE Std 379 pdf download.