NUREG/CR-6090 UCRL-ID-112900 The Programmable Logic Controller and Its Application in Nuclear Reactor Systems Prepared by J. Palomar, R. Wyman Lawrence Livermore National Laboratory Prepared for U.S. Nuclear Regulatory Commission AVAILABILITY NOTICE Availability of Reference Materials Cited in NRC Publications Most documents cited In NRC publications wi, be available from one of the following sources: 1. The NRC Public Document Room. 2120 L Street, NW, Lower Level. WashIngton, DC 20555-0001 2. The Superintendent of Documents, U.S. Government Printing Office. Mail Stop SSOP, Washington. DC 20402-9328 3. The National Technical Information Service, Springfield, VA 22161 Although the listing that follows represents the majority of documents cited In NRC publications. It Is not Intended to be exhaustive. Referenced documents available for Inspection and copying for a fee from the NRC Public Document Room Include NRC correspondence and Internal NRC memoranda; NRC Office of Inspection and Enforcement bulletins, circulars, Information notices. Inspection and Investigation notices; Licensee Event Reports; ven- dor reports and correspondence; Commission papers; and applicant and licensee documents and corre- spondence. The following documents In the NUREG series are available for purchase from the GPO Sales Program: formal NRC staff and contractor reports, NRC-sponsored conference proceedings, and NRC booklets and brochures. Also available are Regulatory Guides, NRC regulations In the Code of Federal Regulations, and Nuclear Regulatory Commission Issuances. Documents available from the National Technical Information Service Include NUREG series reports and technical reports prepared by other federal agencies and reports prepared by the Atomic Energy Commis- sion, forerunner agency to the Nuclear Regulatory Commission. Documents available from public and special technical libraries Include all open literature items, such as books, journal and periodical articles, and transactions. Federal Register notices, federal and state legisla- tion, and congressional reports can usually be obtained from these libraries. Documents such as theses, dissertations, foreign reports and translations, and non-NRC conference pro- ceedings are available for purchase from the organization sponsoring the publication cited. Single copies of NRC draft reports are available free, to the extent of supply, upon written request to the Office of Information Resources Management. Distribution Section. U.S. Nuclear Regulatory Commission, Washington. DC 20555-0001. Copies of industry codes and standards used In a substantive manner In the NRC regulatory process are maintained at the NRC Library, 7920 Norfolk Avenue. Bethesda, Maryland, and are available there for refer- ence use by the public. Codes and standards are usually copyrighted and may be purchased from the originating organization or. If they are American National Standards, from the American National Standards Institute, 1430 Broadway, New York, NY 10018. DISCLAIMER NOTICE This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, or any of their employees, makes any warranty, expresed or implied, or assumes any legal liability of responsibility for any third party's use, or the results of such use, of any information, apparatus, product or process disclosed in this report, or represents that its use by such third party would not infringe privately owned rights. NUREG/CR-6090 UCRL-ID-112900 The- Programmable Logic Controller and Its Application in Nuclear Reactor Systems Manuscript Completed: August 1993 Date Published: September 1993 Prepared by J. Palomar, R. Wyman Lawrence Livermore National Laboratory P.O. Box 808 Livermore, CA 94550 Prepared for Division of Reactor Controls and Human Factors Office of Nuclear Reactor Regulation U.S. Nuclear Regulatory Commission Washington, DC 20555-0001 NRC FIN L1867 Abstract This document provides recommendations to guide reviewers in the application of Programmable Logic Controllers (PLCs) to the control, monitoring and protection of nuclear reactors. The first topics addressed are system-level design issues, specifically including safety. The document then discusses concerns about the PLC manufacturing organization and the protection system engineering organization. Supplementing this document are two appendices. Appendix A summarizes PLC characteristics. Specifically addressed are those characteristics that make the PLC more suitable for emergency shutdown systems than other electrical/electronic-based systems, as well as characteristics that improve reliability of a system. Also covered are PLC characteristics that may create an unsafe operating environment. Appendix B provides an overview of the use of programmable logic controllers in emergency shutdown systems. The intent is to familiarize the reader with the design, development, test, and maintenance phases of applying a PLC to an ESD system. Each phase is described in detail and information pertinent to the application of a PLC is pointed out. iii Contents 1. Introduction ............................................................................................................................................................... 1 1.1. Purpose ............................................................................................................................................................ 1 1.2.2 Scope .............................................................................................................................................. ............... 1 1.3. Recom m endation and G uideline D efinition ................................................................................................... 1 1A . Structure of This D ocum ent ............................................................................................................................ 1 1.5. M otivation for This G uidance .......................................................................................................................... 2 1.6. Special K now ledge Required ......................................................................................................................... 2 1.6.1. A cronym s and A bbreviations ......................................................................................................... 2 1.6.2. Specialized Term inology ...................................................................................................................... 3 2. Project M anagem ent Guidance Recom mendations ............................................................................................. 4 2.1. Project M anagem ent Plan ............................................................................................................................... 4 2.2. Configuration Management Plan ............................................... 4 3. Safety G uidance Recom m endations ......................................................................................................................... 5 3.1. Safety Plan ...................................................................................................................................................... 5 3.2. Features Required for Safe Operation ....................................................................................................... 5 3.3. H azard and Risk A nalysis ............................................................................................................................... 5 3A . Failure Analysis .............................................................................................................................................. 5 3.5. Q uantification of System Reliability .......................................................................................................... 6 3.6. Quantification of System Availability ............................................ 6 3.7. Quantification of System Hazard Rate ................................ ............ 7 3.8. Software Reliability Issues ............................................................................................................................. 7 4. PLC Q ualification G uidance Recom m endations..; ............................................................................................ 8 4.1. H ardw are Q ualification ................................................................................................................................... 8 4.1.1. Environm ental and Class lE Requirem ents .................................................................................. 8 4.1.2. Comm unication System s ...................................................................................................................... 8 4.1.3. D ownloading Configurations to I/O M odules ................................................................................ 8 4.1A . Battery Back-Up of RAM ..................................................................................................................... 8 4.1.5. Circuit Protection on O utput M odules ............................................................................................. 9 4.1.6. 1/0 M odule Term inations ..................................................................................................................... 9 4.2. Softw are Q ualification ...................................................................................................................................