EN IEC 60987:2021

SLOVENSKI STANDARD
01-november-2021
Nadomešča:
SIST EN 60987:2015
Jedrske elektrarne - Merilna in nadzorna oprema za zagotavljanje varnosti -
Zahteve za strojno opremo (IEC 60987:2021)
Nuclear power plants - Instrumentation and control important to safety - Hardware
requirements (IEC 60987:2021)
Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung -
Hardware-Anforderungen (IEC 60987:2021)
Centrales nucléaires de puissance - Systèmes d'instrumentation et de contrôle-
commande importants pour la sûreté - Exigences applicables au matériel (IEC
60987:2021)
Ta slovenski standard je istoveten z: EN IEC 60987:2021
ICS:
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN IEC 60987

NORME EUROPÉENNE
EUROPÄISCHE NORM
September 2021
ICS 27.120.20 Supersedes EN 60987:2015 and all of its amendments
and corrigenda (if any)
English Version
Nuclear power plants - Instrumentation and control important to
safety - Hardware design requirements for computer-based
systems
(IEC 60987:2021)
Centrales nucléaires de puissance - Systèmes Kernkraftwerke - Leittechnische Systeme mit
d'instrumentation et de contrôle-commande importants pour sicherheitstechnischer Bedeutung - Hardware-
la sûreté - Exigences applicables au matériel Anforderungen
(IEC 60987:2021) (IEC 60987:2021)
This European Standard was approved by CENELEC on 2021-08-16. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2021 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 60987:2021 E
European foreword
This document (EN IEC 60987:2021) consists of the text of IEC 60987:2021 prepared by IEC/TC 45
"Nuclear instrumentation".
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2022-08-16
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2024-08-16
document have to be withdrawn
This document supersedes EN 60987:2015 and all of its amendments and corrigenda (if any).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member
States are not prevented from taking more stringent safety measures in the subject-matter covered by
the Directive, in compliance with Community law.
In a similar manner, this European standard does not prevent Member States from taking more
stringent nuclear safety and/or security measures in the subject-matter covered by this standard.”
Any feedback and questions on this document should be directed to the users’ national committee. A
complete listing of these bodies can be found on the CENELEC website.
Endorsement notice
The text of the International Standard IEC 60987:2021 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
IEC 60671:2007 NOTE Harmonized as EN 60671:2011 (not modified)
IEC 61226 NOTE Harmonized as EN IEC 61226
IEC 62340:2007 NOTE Harmonized as EN 62340:2010 (not modified)
IEC 62645 NOTE Harmonized as EN IEC 62645
IEC 63046:2020 NOTE Harmonized as EN IEC 63046:2021 (not modified)
ISO 9001 NOTE Harmonized as EN ISO 9001

Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1  Where an International Publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
NOTE 2  Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60812 -  Failure modes and effects analysis (FMEA EN IEC 60812 -
and FMECA)
IEC 60880 -  Nuclear power plants - Instrumentation and EN 60880 -
control systems important to safety -
Software aspects for computer-based
systems performing category A functions
IEC 61000-1 series Electromagnetic compatibility (EMC) - PartE N 61000-1 series
1-2: General - Methodology for the
achievement of functional safety of
electrical and electronic systems including
equipment with regard to electromagnetic
phenomena
IEC 61025 -  Fault tree analysis (FTA) EN 61025 -
IEC 61513 2011 Nuclear power plants - Instrumentation and EN 61513 2013
control important to safety - General
requirements for systems
IEC 61709 -  Electric components - Reliability - EN 61709 -
Reference conditions for failure rates and
stress models for conversion
IEC 62003 -  Nuclear power plants - Instrumentation, EN IEC 62003 -
control and electrical power systems -
Requirements for electromagnetic
compatibility testing
IEC 62138 2018 Nuclear power plants - Instrumentation and EN IEC 62138 2019
control systems important to safety -
Software aspects for computer-based
systems performing category B or C
functions
IEC 62566 2012 Nuclear power plants - Instrumentation and EN 62566 2014
control important to safety - Development
of HDL-programmed integrated circuits for
systems performing category A functions
Publication Year Title EN/HD Year
IEC 62566-2 -  Nuclear power plants - Instrumentation and EN IEC 62566-2 -
control systems important to safety -
Development of HDL-programmed
integrated circuits - Part 2: HDL-
programmed integrated circuits for systems
performing category B or C functions
ISO 2859-0 -  Sampling procedures for inspection by - -
attributes_- Part_0: Introduction to the
ISO_2859 attribute sampling system
IEC/IEEE 60780--  Nuclear facilities - Electrical equipment EN 60780-323 -
323 important to safety - Qualification
IEC/IEEE 60980--  Nuclear facilities - Equipment important to EN IEC/IEEE-
344 safety - Seismic qualification 60980-344

IEC 60987 ®
Edition 3.0 2021-02
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Nuclear power plants – Instrumentation and control important to safety –

Hardware requirements
Centrales nucléaires de puissance – Systèmes d’instrumentation et de contrôle-

commande importants pour la sûreté – Exigences applicables au matériel

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 27.120.20 ISBN 978-2-8322-9319-5

– 2 – IEC 60987:2021 © IEC 2021
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 9
2 Normative references . 9
3 Terms and definitions . 10
4 Symbols and abbreviated terms . 17
5 Hardware safety lifecycle . 17
5.1 General . 17
5.2 Hardware safety lifecycle for class 1 and class 2 . 20
5.2.1 Project structure for class 1 and class 2 . 20
5.2.2 Quality management for class 1 and class 2 . 20
5.2.3 Verification of hardware for class 1 and class 2 . 21
5.3 Hardware safety lifecycle for class 3 . 23
5.3.1 Project structure and quality management for class 3 . 23
5.3.2 Verification of hardware for class 3 . 24
6 Hardware aspects of system requirements specification . 24
6.1 Hardware aspects of system requirements specification for class 1 and
class 2 . 24
6.1.1 General requirements for class 1 and class 2 . 24
6.1.2 Functional and performance requirements for class 1 and class 2 . 25
6.1.3 Reliability requirements for class 1 and class 2 . 26
6.1.4 Environmental conditions requirements for class 1 and class 2 . 27
6.1.5 Manufacturing requirements for class 1 and class 2 . 27
6.1.6 Documentation requirements for class 1 and class 2 . 27
6.2 Hardware aspects of system requirements specification for class 3. 27
6.2.1 General requirements for class 3 . 27
6.2.2 Reliability for class 3 . 27
6.2.3 Environmental conditions requirements for class 3 . 28
6.2.4 Documentation requirements for class 3 . 28
7 Selection of pre-existing components . 28
7.1 Selection of pre-existing components for class 1 and class 2 . 28
7.2 Selection of pre-existing components for class 3 . 29
8 Hardware aspects of system detailed design and implementation . 29
8.1 Hardware aspects of system detailed design and implementation for class 1
and class 2 . 29
8.1.1 General requirement for class 1 and class 2 . 29
8.1.2 Design activities for class 1 and class 2 . 30
8.1.3 Reliability for class 1 and class 2 . 30
8.1.4 Maintenance for class 1 and class 2 . 31
8.1.5 Power failure for class 1 and class 2 . 32
8.1.6 Design documentation for class 1 and class 2 . 32
8.2 Hardware aspects of system detailed design and implementation for class 3 . 33
8.2.1 General requirement for class 3 . 33
8.2.2 Reliability for class 3 . 33
8.2.3 Maintenance for class 3 . 33
9 Equipment (component) manufacturing . 33

IEC 60987:2021 © IEC 2021 – 3 –
9.1 Equipment (component) manufacturing for class 1 and class 2 . 33
9.1.1 Manufacturing quality management for class 1 and class 2 . 33
9.1.2 Training of personnel for class 1 and class 2 . 34
9.1.3 Planning and organisation of the manufacturing activities for class 1
and class 2 . 35
9.1.4 Input data for class 1 and class 2 . 35
9.1.5 Purchasing and procurement for class 1 and class 2 . 35
9.1.6 Manufacturing for class 1 and class 2 . 36
9.2 Equipment (component) manufacturing for class 3 . 41
9.2.1 Manufacturing quality management for class 3 . 41
9.2.2 Training of personnel for class 3 . 41
9.2.3 Input data for class 3 . 41
9.2.4 Purchasing and procurement for class 3 . 42
9.2.5 Assessment of electronic modules for class 3 . 42
9.2.6 Identification and traceability for class 3 . 43
9.2.7 Protection and storage of product for class 3 . 43
9.2.8 Manufacturing of electronic modules for class 3 . 44
10 Hardware aspects of system installation . 44
10.1 General . 44
11 Hardware aspects of system modification . 45
11.1 General . 45
12 Operation and maintenance . 45
12.1 General . 45
12.2 Operation and maintenance requirements . 46
12.3 Failure data . 46
12.3.1 Failure data acquired during equipment operation constitutes a major
source of information which can be used to improve: . 46
12.4 Operation and maintenance documentation . 47
Annex A (informative) Typical documentation. 48
Bibliography . 49

Figure 1 – System safety lifecycle (informative, as defined by IEC 61513) . 18
Figure 2 – Hardware related activities in the system safety lifecycle . 19

Table A.1 – Typical documentation . 48

– 4 – IEC 60987:2021 © IEC 2021
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
NUCLEAR POWER PLANTS – INSTRUMENTATION AND CONTROL
IMPORTANT TO SAFETY – HARDWARE REQUIREMENTS

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 60987 has been prepared by subcommittee 45A: Instrumentation,
control and electrical power systems of nuclear facilities, of IEC technical committee 45:
Nuclear instrumentation.
This third edition cancels and replaces the second edition published in 2007, and its
Amendment 1, published in 2013. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) Title modified;
b) Take account of the fact that hardware requirements apply to all I&C technologies,
including conventional hardwired equipment, programmable digital equipment or by using
a combination of both types of equipment;
c) Align the standard with the new revisions of IAEA documents SSR-2/1, which include as
far as possible an adaptation of the definitions;

IEC 60987:2021 © IEC 2021 – 5 –
d) Replace, as far as possible, the requirements associated with standards published since
the edition 2.1, especially IEC 61513, IEC 60880, IEC 62138, IEC 62566 and
IEC 62566‑2;
e) Review the existing requirements and update the terminology and definitions;
f) Extend the scope of the standard to all hardware (computerized and non-computerized)
and to all safety classes 1, 2 and 3;
g) Complete, update the IEC and IAEA references and vocabulary;
h) Check possible impact of other IAEA requirements and recommendations considering
extension of the scope of SC 45A;
i) Highlight the use of IEC 62566 and IEC 62566-2 for HPD development;
j) Introduce specific activities for pre-existing items (selection, acceptability and/or
mitigation);
k) Introduce clearer requirements for electronic module-level design, manufacturing and
control;
l) Complete reliability assessment methods;
m) Introduce requirements when using automated tests or control activities;
n) Complete description of manufacturing control activities (control process, assessment of
manufactured equipment, preservation of products);
o) Define and ensure the inclusion of a graded approach for dealing with the 3 different
classes of equipment and related requirements.
The text of this International Standard is based on the following documents:
FDIS Report on voting
45A/1365/FDIS 45A/1372/RVD
Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
– 6 – IEC 60987:2021 © IEC 2021
INTRODUCTION
a) Technical background, main issues and organization of the standard
This International Standard provides requirements on the hardware aspects of E/E/PE items
used in instrumentation and control (I&C) systems performing safety functions as defined by
IEC 61226.
It is consistent with, and complementary to, IEC 61513. Activities that are mainly system level
activities (for example, integration, validation and installation) are not addressed exhaustively
by this document: requirements that are not specific to hardware are deferred to IEC 61513.
The basic principles for the design of nuclear instrumentation, as specifically applied to the
systems important to safety of nuclear power plants, were first interpreted in nuclear
standards with reference to hardwired systems in IAEA Safety Guide 50 SG D3 which has
been superseded by IAEA Guide SSG-39.
IEC 60987 was first issued in 1989 to cover the hardware aspects of digital systems design
for systems important to safety.
Although many of the requirements within the original issue continue to be relevant, there
were significant factors which justified the development of this revised edition of IEC 60987, in
particular:
– the use of different technologies that may include conventional hardwired equipment,
programmable digital equipment or by using a combination of both types of equipment;
– IEC 61226 and IEC 61513 cover I&C systems performing 3 different categories of
functions (A, B and C) and 3 classes of systems (class 1, 2 and 3);
– the use of pre-existing components, rather than bespoke developments, has increased
significantly.
b) Situation of the current standard in the structure of the IEC SC 45A standard series
The first-level IEC SC 45A standard for I&C systems important to safety in nuclear power
plants (NPPs) is IEC 61513. IEC 60987 is a second-level IEC SC 45A standard which
addresses the generic issue of I&C systems hardware requirements.
IEC 60880 and IEC 62138 are second-level standards which together cover the software
aspects of computer-based systems used to perform functions important to safety in NPPs.
IEC 60880 and IEC 62138 make direct reference to IEC 60987 for I&C systems hardware
requirements.
IEC 62566 and IEC 62566-2 are second-level standards which together cover the
development of HPDs used to perform functions important to safety in NPPs. IEC 62566 and
IEC 62566-2 make direct reference to IEC 60987 for I&C systems hardware requirements.
The requirements of IEC/IEEE 60780-323 for equipment qualification are referenced within
IEC 60987.
For more details on the structure of the IEC SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of the standard
It is important to note that this standard establishes no additional functional requirements for
classified systems (see IEC 61226 for system classification requirements).

IEC 60987:2021 © IEC 2021 – 7 –
Aspects for which special recommendations have been produced (so as to assure the
production of highly reliable systems), are:
– a general approach to the hardware safety lifecycle;
– an approach from the requirements specifications down to on-site operation and
maintenance activities.
It is recognized that I&C technology is continuing to evolve and that it is not possible for a
standard such as this to include references to all modern design technologies and techniques.
To ensure that the standard will continue to be relevant in future years the emphasis has been
placed on issues of principle, rather than specific hardware design technologies. If new
design techniques are developed then it is possible to assess the suitability of such
techniques by adapting and applying the design principles contained within this standard.
The scope of this document covers I&C systems hardware for all classes of systems important
to safety. This includes conventional hardwired equipment, programmable digital equipment
or by using a combination of both types of equipment; it covers the assessment and use of
pre-existing items, for example, commercial off-the-shelf items (COTS), and the development
of new hardware.
This document does not explicitly address how to protect systems against those threats
arising from malicious attacks, i.e. cybersecurity, for programmable digital item. IEC 62645
provides requirements for security programmes for programmable digital item for all their
development phases and on-site operation.
d) Description of the structure of the IEC SC 45A standard series and relationships
with other IEC documents and other bodies documents (IAEA, ISO)
The top-level documents of the IEC SC 45A standard series are IEC 61513 and IEC 63046.
IEC 61513 provides general requirements for I&C systems and equipment that are used to
perform functions important to safety in NPPs. IEC 63046 provides general requirements for
electrical power systems of NPPs; it covers power supply systems including the supply
systems of the I&C systems. IEC 61513 and IEC 63046 are to be considered in conjunction
and at the same level. IEC 61513 and IEC 63046 structure the IEC SC 45A standard series
and shape a complete framework establishing general requirements for instrumentation,
control and electrical systems for nuclear power plants.
IEC 61513 and IEC 63046 refer directly to other IEC SC 45A standards for general topics
related to categorization of functions and classification of systems, qualification, separation,
defence against common cause failure, control room design, electromagnetic compatibility,
cybersecurity, software and hardware aspects for programmable digital systems, coordination
of safety and security requirements and management of ageing. The standards referenced
directly at this second level should be considered together with IEC 61513 and IEC 63046 as
a consistent document set.
At a third level, IEC SC 45A standards not directly referenced by IEC 61513 or by IEC 63046
are standards related to specific equipment, technical methods, or specific activities. Usually
these documents, which make reference to second-level documents for general topics, can be
used on their own.
A fourth level extending the IEC SC 45 standard series, corresponds to the Technical Reports
which are not normative.
– 8 – IEC 60987:2021 © IEC 2021
The IEC SC 45A standards series consistently implements and details the safety and security
principles and basic aspects provided in the relevant IAEA safety standards and in the
relevant documents of the IAEA nuclear security series (NSS). In particular this includes the
IAEA requirements SSR-2/1, establishing safety requirements related to the design of nuclear
power plants (NPPs), the IAEA safety guide SSG-30 dealing with the safety classification of
structures, systems and components in NPPs, the IAEA safety guide SSG-39 dealing with the
design of instrumentation and control systems for NPPs, the IAEA safety guide SSG-34
dealing with the design of electrical power systems for NPPs and the implementing guide
NSS17 for computer security at nuclear facilities. The safety and security terminology and
definitions used by SC 45A standards are consistent with those used by the IAEA.
IEC 61513 and IEC 63046 have adopted a presentation format similar to the basic safety
publication IEC 61508 with an overall life-cycle framework and a system life-cycle framework.
Regarding nuclear safety, IEC 61513 and IEC 63046 provide the interpretation of the general
requirements of IEC 61508-1, IEC 61508-2 and IEC 61508-4, for the nuclear application
sector. In this framework IEC 60880, IEC 62138 and IEC 62566 correspond to IEC 61508-3
for the nuclear application sector. IEC 61513 and IEC 63046 refer to ISO as well as to IAEA
GS-R part 2 and IAEA GS-G-3.1 and IAEA GS-G-3.5 for topics related to quality assurance
(QA). At level 2, regarding nuclear security, IEC 62645 is the entry document for the
IEC/SC 45A security standards. It builds upon the valid high level principles and main
concepts of the generic security standards, in particular ISO/IEC 27001 and ISO/IEC 27002; it
adapts them and completes them to fit the nuclear context and coordinates with the
IEC 62443 series. At level 2, IEC 60964 is the entry document for the IEC/SC 45A control
rooms standards and IEC 62342 is the entry document for the ageing management standards.
NOTE It is assumed that for the design of I&C systems in NPPs that implement conventional safety functions (e.g.
to address worker safety, asset protection, chemical hazards, process energy hazards) international or national
standards would be applied.
IEC 60987:2021 © IEC 2021 – 9 –
NUCLEAR POWER PLANTS – INSTRUMENTATION AND CONTROL
IMPORTANT TO SAFETY – HARDWARE REQUIREMENTS

1 Scope
I&C systems important to safety may be implemented using conventional hardwired
equipment, programmable digital equipment or by using a combination of both types of
equipment.
This document provides requirements and recommendations for the hardware aspects of I&C
systems whatever the technology and applies for all safety classes in a graded manner (as
defined by IEC 61513).
The requirements defined within this document guide, in particular, the selection of pre-
existing components, hardware aspects of system detailed design and implementation and
equipment manufacturing.
This document does not explicitly address how to protect systems against those threats
arising from malicious attacks, i.e. cybersecurity, for programmable digital item. IEC 62645
provides requirements for security programmes for programmable digital item for all their
development phases and on-site operation.
Pre-existing items may include microcontrollers or HPDs and, where firmware or programming
files are deeply-embedded, be effectively "transparent" to the user. In such cases, this
document can be used to guide the assessment process for such components. An example of
where this approach is considered appropriate is in the assessment of modern processors
which contain a microcode. Such code is generally an integral part of the "hardware", and it is
therefore appropriate for the processor (including the microcode) to be assessed as an
integrated hardware component using this document.
Software which is not deeply-embedded, as described above, is developed or assessed
according to the requirements of the relevant software standard (for example, IEC 60880 for
class 1 systems and IEC 62138 for class 2 and 3 systems).
In the same manner, HPDs which are not deeply-embedded, as described above, are
developed or assessed according to the requirements of the relevant HPD standard (for
example, IEC 62566 for class 1 systems and IEC 62566-2 for class 2 and 3 systems).
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC/IEEE 60780-323, Nuclear facilities – Electrical equipment important to safety –
Qualification
IEC 60812, Failure modes and effects analysis (FMEA and FMECA)
IEC 60880, Nuclear power plants – Instrumentation and control systems important to safety –
Software aspects for computer-based systems performing category A functions

– 10 – IEC 60987:2021 © IEC 2021
IEC/IEEE 60980-344, Nuclear facilities – Equipment important to safety – Seismic
qualification
IEC 61000 (all parts), Electromagnetic compatibility (EMC)
IEC 61025, Fault tree analysis (FTA)
IEC 61513:2011, Nuclear power plants – Instrumentation and control important to safety –
General requirements for systems
IEC 61709, Electrical components – Reliability – Reference conditions for failure rates and
stress models for conversion
IEC 62003, Nuclear power plants – Instrumentation, control and electrical power systems –
Requirements for electromagnetic compatibility testing
IEC 62138:2018, Nuclear power plants – Instrumentation and control systems important to
safety – Software aspects for computer-based systems performing category B or C functions
IEC 62566:2012, Nuclear power plants – Instrumentation and control important to safety –
Development of HDL-programmed integrated circuits for systems performing category A
functions
IEC 62566-2, Nuclear power plants – Instrumentation and control systems important to safety
– Development of HDL-programmed integrated circuits – Part 2: HDL-programmed integrated
circuits for systems performing category B or C functions
ISO 28590, Sampling procedures for inspection by attributes — Introduction to the ISO 2859
series of standards for sampling for inspection by attributes
IPC-A-610, Acceptability of Electronic Assemblies
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
class of an I&C system
one of three possible assignments (1, 2, 3) of I&C systems important to safety resulting from
consideration of their requirement to implement I&C functions of different safety importance
Note 1 to entry: An unclassified assignment is made if the I&C system does not implement functions important to
safety.
Note 2 to entry: See also "category of an I&C function", "items important to safety", "safety systems".
[SOURCE: IEC 61513:2011, 3.6, modified – last sentence of definition turned into Note 1 to
entry.]
IEC 60987:2021 © IEC 2021 – 11 –
3.2
common cause failure, CCF
failure of two or more structures, systems or components due to a single specific event or
cause
Note 1 to entry: Common causes can be internal or external to an I&C system.
[SOURCE: IAEA Safety Glossary: 2018, modified – Note 1 to entry has been added.]
3.3
component
one of the parts that make up a system
Note 1 to entry: A component can be hardware, software or HPD and can be subdivided into other components.
Note 2 to entry: See also "I&C system", "equipment".
Note 3 to entry: The terms "equipment", "component", and "module" are often used interchangeably. The
relationship of these terms is not yet standardised.
Note 4 to entry: This IEC SC 45A definition is in principle compatible with the sub-definition of "Component" given
in the frame of the 2018 edition of the IAEA Safety Glossary definition of "Structures Systems and Components
(SSC)". Nevertheless, as only examples of hardware components are given, this can mislead the reader and IEC
SC 45A prefer to use a definition which explicitly covers software components.
[SOURCE: IEC 61513:2011, 3.10, modified – last sentence of definition turned into Note 1 to
entry and edition 2007 of IAEA Safety Glossary has been updated to edition 2018.]
3.4
computer-based item
item that relies on software instructions running on microprocessors or microcontrollers
Note 1 to entry: In this term and its definition, the term item can be replaced by the terms: system, or equipment,
or device.
Note 2 to entry: A computer-based item is a kind of programmable digital item.
Note 3 to entry: This term is equivalent to software-based item.
Note 4 to entry: The definitions for the following terms: E/E/PE item, Electrical item, I&C systems, Programmable
digital item, Computer-based item, Hardwired item, Programmable Logic Device, HPDs have to be considered in
conjunction and are totally consistent and coherent. They are totally consistent and coherent with the general
requirements established by IEC 61513 and IEC 63046 for instrumentation, control and electrical systems for
nuclear power plants.
[SOURCE: IEC 62138:2018, 3.8, modified – Note 4 to entry has been added.]
3.5
electrical / electronic / programmable electronic item
E/E/PE item
item based on electrical (E) and/or electronic (E) and/or programmable electronic (PE)
technology
Note 1 to entry: In this term and its definition, the word "item" can be replaced by the words: system, or
equipment, or device.
Note 2 to entry: The definitions for the following terms: E/E/PE item, Electrical item, I&C systems, Programmable
digital item, Computer-based item, Hardwired item, Programmable Logic Device, HDL Programmed Device (HDL
Hardware Description Language), have to be considered in conjunction and are totally consistent and coherent.
They are totally consistent and coherent with the general requirements established by IEC 61513 and IEC 63046
for instrumentation, control and electrical systems for nuclear power plants.
[SOURCE: IEC 62138:2018, 3.15, modified – Note 2 to entry has been added.]

– 12 – IEC 60987:2021 © IEC 2021
3.6
electrical power system
EPS
system performing electrical power generation, transmission and distribution; performing
supply functions to operate plant equipment (pumps, valves, heaters, etc.)
Note 1 to entry: An electrical system can integrate E/E/PE items to perform its internal electrical control and
protection.
[SOURCE: IEC 63046:2020, 3.12]
3.7
equipment
one or more parts of a system
Note 1 to entry: An item of equipment is a single definable (and usually removable) element or part of a system.
Note 2 to entry: See also "component", "I&C system".
Note 3 to entry: Equipment may include software.
Note 4 to entry: The terms "equipment", "component", and "module" are often used interchangeably. The
relationship of these terms is not yet standardised.
[SOURCE: IEC 61513:2011, 3.16, modified – last sentence of definition turned into Note 1 to
entry and Note 4 to entry of IEC 61513 has been removed.]
3.8
firmware
software which is closely coupled to the hardware characteristics on which it is installed
Note 1 to entry: The presence of firmware is generally "transparent" to the user of the hardware component and,
as such, can be considered to be effectively an integral part of the hardware design (a good example of such
software being processor microcode).
Note 2 to entry: Generally, firmware can only be modified by a user by replacing the hardware components (for
example, processor chip, card, EPROM) which contain this software with components which contain modified
software (firmware). Where this is the case, configuration control of the hardware components by the users of the
equipment effectively provides configuration control of the firmware. Firmware, as considered by this document, is
effectively software that is built into the hardware
3.9
function
specific purpose or objective to be accomplished, that can be specified or described without
reference to the physical means of achieving it
[SOURCE: IAEA Safety Glossary, 2018]
3.10
hardwired item
item that relies on relays, on analogue electronic or on discrete digital logic
Note 1 to entry: In this term and its definition, the term item can be replaced by the terms: system, or equipment,
or device.
Note 2 to entry: This term used by IEC SC 45A is roughly equivalent to electronic item used by IEC 61508. Relays
are electro-mechanical items, not electronic items, but they are included in the term hardwired-based item.
Note 3 to entry: Hardwired item are also usually called conventional items.
Note 4 to entry: The definitions for the fol
...