IEC 62340-2007 pdf Nuclear power plants – Instrumentation and control systems important to safety – Requirements for coping with common cause failure (CCF)

3.1 5 random fault non-systematic fault of hardware components NOTE Faults of hardware components are a consequence of physical or chemical effects, which may occur at any time. A good description of the probability of the occurrence of random faults can be given using statistics (fault rate). Increased fault rates may be the consequence of systematic faults in hardware design or manufacture, if these occur without temporal correlation, for example as a consequence of premature ageing. 3.1 6 signal trajectory time histories of all equipment conditions, internal states, input signals and operator inputs which determine the outputs of a system [IEC 60880, 3.33] 3.1 7 single failure a failure which results in the loss of capability of a system or component to perform its intended safety function(s), and any consequential failure(s) which result from it [IAEA Safety Glossary, Ed. 2.0, 2006] 3.1 8 single-failure criterion a criterion (or requirement) applied to a system such that it must be capable of performing its task in the presence of any single failure [IAEA Safety Glossary, Ed. 2.0, 2006] NOTE See also ”single failure”, “software failure”. 3.1 9 software failure system failure due to the activation of a design fault in a software component [IEC 61 51 3, 3.57] NOTE 1 All software failures are due to design faults, since software does not wear out or suffer from physical failure. Since the triggers which activate software faults are encountered at random during system operation, software failures also occur randomly. NOTE 2 See also ”failure, fault, software fault”.
For I&C systems that perform category A functions the appropriate application of redundancy combined with voting mechanisms has been proven to meet the single failure criterion. This design ensures that the likelihood of a failure of such I&C systems is very low. I&C systems with this design can fail if two or more redundant channels fail concurrently (CCF). The CCF can occur if a latent fault is systematically incorporated in some or all redundant channels and if by a specific event this fault is triggered to cause the coincidental failure of some or all channels. A redundant I&C system fails if the number of faulted channels exceeds its design limit.