IEC TR 63084:2017

IEC TR 63084 ®
Edition 1.0 2017-06
TECHNICAL
REPORT
colour
inside
Nuclear power plants – Instrumentation and control important to safety –
Platform qualification for systems important to safety
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.

IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished

Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
IEC TR 63084 ®
Edition 1.0 2017-06
TECHNICAL
REPORT
colour
inside
Nuclear power plants – Instrumentation and control important to safety –

Platform qualification for systems important to safety

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 27.120.20 ISBN 978-2-8322-4316-9

– 2 – IEC TR 63084:2017 © IEC 2017
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 8
1.1 General . 8
1.2 Framework . 8
2 Normative references . 9
3 Terms and definitions . 9
4 Abbreviated terms . 13
5 I&C platform versus I&C system . 15
5.1 General – Structure of the platform qualification . 15
5.2 I&C platform as an object of qualification – Conceptual design . 16
5.3 Documentation of the I&C platform . 16
6 Platform qualification . 17
6.1 Organisation of the qualification . 17
6.1.1 General . 17
6.1.2 Parties involved . 18
6.2 Scope of the qualification . 19
6.2.1 Hardware modules . 19
6.2.2 Operational system software . 20
6.2.3 Application software . 21
6.2.4 Tools . 21
6.2.5 Integration to a representative system . 21
6.3 Methods of qualification . 22
6.3.1 General . 22
6.3.2 Type testing . 22
6.3.3 Operating experience . 23
6.3.4 Analyses . 23
6.4 Documentation of qualification results . 24
6.5 Maintenance of qualification . 24
7 Dependency on the platform through life-cycle of the I&C system . 26
7.1 General . 26
7.2 Models of cooperation between the parties of the I&C system project . 26
7.3 Platform environment for implementation of applications . 26
7.3.1 Platform supported procedures for I&C system implementation. 26
7.3.2 Tool-based implementation – Kind of tools required . 28
7.3.3 Application software development . 28
7.4 I&C system integration, validation and commissioning . 29
8 Conclusions . 30
Annex A (informative) Issues of the Finnish licensing approach . 31
Annex B (informative) Review of Areva's TELEPERM XS platform qualification . 35
Annex C (informative) Review of Westinghouse ALS platform qualification . 37
C.1 General . 37
C.2 Introduction and ALS-background . 37
C.3 Westinghouse’s life cycle management process . 38
C.4 Standards, guidelines and regulatory compliance . 38

C.4.1 Equipment qualification . 38
C.4.2 Environmental qualification . 38
C.4.3 Seismic qualification . 38
C.4.4 EMC qualification. 39
C.4.5 Fault/isolation qualification . 39
C.4.6 Software qualification . 39
C.4.7 Regulatory compliance . 39
C.4.8 Review by NRC . 39
C.4.9 Review of equipment qualification . 39
C.4.10 Review of regulatory compliance . 40
C.5 NRC conclusion . 41
Annex D (informative) Review of CTEC’s FirmSys platform qualification . 42
D.1 General . 42
D.2 IV&V procedure . 42
D.3 Assessment criteria. 43
D.4 Assessment scope . 43
Annex E (informative) Review of SOOSAN ENS’s POSAFE-Q platform qualification . 44
E.1 Presentation of POSAFE-Q PLC . 44
E.2 Equipment qualification . 44
E.3 Software verification and validation . 45
E.4 Reliability analysis . 46
E.5 Regulatory compliance . 46
Annex F (informative) Review of Rolls-Royce’s Spinline platform type approval . 47
F.1 Overview. 47
F.2 Type approval . 47
F.3 Type approval process . 48
Bibliography . 50

Figure 1 – Platform and application development process . 15
Figure 2 – General overview of a typical qualification process . 16
Figure 3 – Process for maintaining the platform qualification . 25
Figure 4 – Life cycle procedures/tasks of the I&C system implementation . 27
Figure 5 – Application development based on the project library (V-for vendor, O-for
owner) . 29
Figure B.1 – Software type test procedure . 35

Table D.1 – Standards applied . 43
Table F.1 – International IEC standards applied for the assessment . 48

– 4 – IEC TR 63084:2017 © IEC 2017
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
NUCLEAR POWER PLANTS – INSTRUMENTATION
AND CONTROL IMPORTANT TO SAFETY – PLATFORM
QUALIFICATION FOR SYSTEMS IMPORTANT TO SAFETY

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
The main task of IEC technical committees is to prepare International Standards. However, a
technical committee may propose the publication of a technical report when it has collected
data of a different kind from that which is normally published as an International Standard, for
example "state of the art".
IEC TR 63084, which is a technical report, has been prepared by subcommittee 45A:
Instrumentation, control and electrical systems of nuclear facilities, of IEC technical
committee 45: Nuclear instrumentation.
The text of this technical report is based on the following documents:
Enquiry draft Report on voting
45A/1106/DTR 45A/1141/RVDTR
Full information on the voting for the approval of this technical report can be found in the
report on voting indicated in the above table.

This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
A bilingual version of this publication may be issued at a later date.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 6 – IEC TR 63084:2017 © IEC 2017
INTRODUCTION
a) Technical background, main issues and organisation of the Technical Report
It is recommended that platforms are used for the development and implementation of I&C
systems. These platforms are understood here as a set of hardware and software
components that may work co-operatively in one or more defined architectures
(configurations).
Some I&C platforms were not conceived originally for the implementation of nuclear
specific, safety applications. These I&C platforms have been proven and certified for
industrial applications but the qualification for the nuclear safety application has to be
demonstrated.
There are standards within SC 45A and in particular WG A3 which cover the development
and qualification of computer-based systems and the corresponding application functions.
However, it is not clear how the standards from SC 45A can be used on the qualification of
I&C platforms.
Other relevant standards of SC 45A are in WG A7 (safety categories) and in WG A9
(qualification of electrical equipment).
Annexes are included to illustrate the approaches applied in different countries and their
experiences.
This Technical Report is written to support decision makers related to the issues, goals
and results of the platform qualification and the system qualification.
b) Situation of the current Technical Report in the structure of the IEC SC 45A standard
series
IEC 63084 as a technical report is a fourth level IEC SC 45A document.
For more details on the structure of the IEC SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of the Technical Report
It is important to note that a technical report is entirely informative in nature. It gathers
data collected from different origins and it establishes no requirements.
d) Description of the structure of the IEC SC 45A standard series and relationships with other
IEC documents and other bodies’ documents (IAEA, ISO)
The top-level documents of the IEC SC 45A standard series are IEC 61513 and
IEC 63046. IEC 61513 provides general requirements for I&C systems and equipment that
are used to perform functions important to safety in NPPs. IEC 63046 provides general
requirements for electrical power systems of NPP; it covers power supply systems
including the supply systems of the I&C systems. IEC 61513 and IEC 63046 are to be
considered in conjunction and at the same level. IEC 61513 and IEC 63046 structure the
IEC SC 45A standard series and shape a complete framework establishing general
requirements for instrumentation, control and electrical systems for nuclear power plants.
IEC 61513 and IEC 63046 refer directly to other IEC SC 45A standards for general topics
related to categorization of functions and classification of systems, equipment
qualification, separation, defence against common cause failure, control room design,
electromagnetic compatibility, cybersecurity, software and hardware aspects for
programmable digital systems, coordination of safety and security requirements and
management of ageing. The standards referenced directly at this second level should be
considered together with IEC 61513 and IEC 63046 as a consistent document set.
At a third level, IEC SC 45A standards not directly referenced by IEC 61513 or by
IEC 63046 are standards related to specific equipment, technical methods, or specific
activities. Usually these documents, which make reference to second-level documents for
general topics, can be used on their own.
A fourth level extending the IEC SC 45 standard series, corresponds to the Technical
Reports which are not normative.
The IEC SC 45A standards series consistently implements and details the safety and
security principles and basic aspects provided in the relevant IAEA safety standards and

in the relevant documents of the IAEA nuclear security series (NSS). In particular this
includes the IAEA requirements SSR-2/1, establishing safety requirements related to the
design of nuclear power plants (NPP), the IAEA safety guide SSG-30 dealing with the
safety classification of structures, systems and components in NPP, the IAEA safety guide
SSG-39 dealing with the design of instrumentation and control systems for NPP, the IAEA
safety guide SSG-34 dealing with the design of electrical power systems for NPP and the
implementing guide NSS17 for computer security at nuclear facilities. The safety and
security terminology and definitions used by SC 45A standards are consistent with those
used by the IAEA.
IEC 61513 and IEC 63046 have adopted a presentation format similar to the basic safety
publication IEC 61508 with an overall life-cycle framework and a system life-cycle
framework. Regarding nuclear safety, IEC 61513 and IEC 63046 provide the interpretation
of the general requirements of IEC 61508-1, IEC 61508-2 and IEC 61508-4, for the
nuclear application sector. In this framework IEC 60880, IEC 62138 and IEC 62566
correspond to IEC 61508-3 for the nuclear application sector. IEC 61513 and IEC 63046
refer to ISO as well as to IAEA GS-R-3 and IAEA GS-G-3.1 and IAEA GS-G-3.5 for topics
related to quality assurance (QA). At level 2, regarding nuclear security, IEC 62645 is the
entry document for the IEC SC 45A security standards. It builds upon the valid high level
principles and main concepts of the generic security standards, in particular
ISO/IEC 27001 and ISO/IEC 27002; it adapts them and completes them to fit the nuclear
context and coordinates with the IEC 62443 series. At level 2, regarding control rooms,
IEC 60964 is the entry document for the IEC SC 45A control rooms standards and
IEC 62342 is the entry document for the IEC SC 45A ageing management standards.
NOTE It is assumed that for the design of I&C systems in NPPs that implement conventional safety functions
(e.g. to address worker safety, asset protection, chemical hazards, process energy hazards) international or
national standards would be applied.
NOTE 2 IEC SC 45A domain was extended in 2013 to cover electrical systems. In 2014 and 2015 discussions
were held in IEC SC 45A to decide how and where general requirement for the design of electrical systems
were to be considered. IEC SC 45A experts recommended that an independent standard be developed at the
same level as IEC 61513 to establish general requirements for electrical systems. Project IEC 63046 is now
launched to cover this objective. When IEC 63046 will be published this Note 2 of the introduction of
IEC SC 45A standards will be suppressed.

– 8 – IEC TR 63084:2017 © IEC 2017
NUCLEAR POWER PLANTS – INSTRUMENTATION
AND CONTROL IMPORTANT TO SAFETY – PLATFORM
QUALIFICATION FOR SYSTEMS IMPORTANT TO SAFETY

1 Scope
1.1 General
This Technical report provides an assessment framework and activities for efficient and
transparent qualification of I&C platforms for use in nuclear applications important to safety,
according to nuclear standards and state of the art. The assessment aims at a pre-
qualification of I&C platforms outside the framework of a specific plant design. Qualification is
assumed to be pre-requisite for allowing the particular I&C platform to be used for
implementation of the safety classified I&C system. It is to enable parties implementing
particular plant specific I&C systems to concentrate on application functions, while for basic
system functions to rely on platform qualification.
The I&C platform qualification is based on evaluation of the hardware and software functions
provided by the platform ensuring safe and cost-effective life-cycle support of I&C systems.
That would include tools for software engineering and software development (software module
libraries), code generation, validation, maintenance, etc.
Basic means of equipment qualification, as prescribed by the IEC/IEEE 60780-323, are
through analysis, type testing and documented operational experience. Other documents
applicable for qualification for nuclear use include IEC 61513, IEC 60880, IEC 62138,
IEC 62566, IEC 62671 and IEC 61226.
The features of the I&C platform to be qualified will be identified in requirements on the I&C
platform. The requirements can vary, but in essence are based on suppliers' claims on the
product scope and functionality. Those claims are normally given in platform documentation
such as system descriptions and supplier's requirements for design, implementation,
verification & validation. They are all based on the appropriate IEC SC 45A standards and
national regulations.
1.2 Framework
This document is organized as follows:
• Clause 5 addresses the role of the platform qualification, including the conceptual design
and the documentation constituting the basis for the process of platform qualification.
• Clause 6 is the main clause of this document addressing the process and methods of
platform qualification. Crucial aspects of documentation and maintenance of the
qualification are included.
• Clause 7 addresses platform elements necessary for safe and efficient implementation
and life cycle support of plant-specific I&C systems.
• Aspects of the I&C platform qualification are further developed and exemplified in
annexes. Annex A lists licensing issues of the Finnish licensing approach. Annex B
discusses the qualification of Areva's TELEPERM XS platform, actualized with notes on
qualification from the Finnish Olkiluoto 3 NPP. Annex C discusses the qualification of
Westinghouse's FPGA-based platform of modules type ALS (Advanced Logic System).
Annex D discusses the qualification of CTEC’s digital platform FirmSys for use in systems
important to safety in NPP. Annex E discusses the qualification of SOOSAN ENS’s
POSAFE-Q platform. Annex F discusses the qualification of Rolls-Royce’s digital safety
I&C platform Spinline in the framework of the type approval for the ELSA project. The five
examples given in Annexes B to F are all of platforms developed for nuclear application.

2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC/IEEE 60780-323:2016, Nuclear facilities – Electrical equipment important to safety –
Qualification
IEC 60880:2006, Nuclear power plants – Instrumentation and control systems important to
safety – Software aspects for computer-based systems performing category A functions
IEC 61226:2009, Nuclear power plants – Instrumentation and control important to safety –
Classification of instrumentation and control functions
IEC 61513:2011, Nuclear power plants – Instrumentation and control important to safety –
General requirements for systems
IEC 62138:2004, Nuclear power plants – Instrumentation and control important for safety –
Software aspects for computer-based systems performing category B or C functions
IEC 62566:2012, Nuclear power plants – Instrumentation and control important to safety –
Development of HDL-programmed integrated circuits for systems performing category A
functions
IEC 62645:2014, Nuclear power plants – Instrumentation and control systems – Requirements
for security programmes for computer-based systems
IEC 62671:2013, Nuclear power plants – Instrumentation and control important to safety –
Selection and use of industrial digital devices of limited functionality
IAEA SSG-39:2016, Specific Safety Guide: Design of Instrumentation and Control Systems for
Nuclear Power Plants
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
application software library
collection of software modules implementing typical application functions
Note 1 to entry: When using pre-existing equipment (here platform), such a library is considered to be part of the
system software and qualified as such.
[SOURCE: IEC 61513:2011, 3.3, modified – The parentheses "(here platform)" have been
added to Note 1 to entry.]
– 10 – IEC TR 63084:2017 © IEC 2017
3.2
assessment
systematic process that is carried out throughout the design process to ensure that all the
relevant safety requirements are met by the proposed (or actual) design
Note 1 to entry: See independent assessment in 3.10 below.
3.3
audit
planned and documented activity performed by qualified personnel to determine by
investigation, examination, or evaluation of objective evidence, the adequacy and compliance
with established procedures, or applicable documents, and the effectiveness of
implementation
Note 1 to entry: The term refers here to internal or external control of organisations on quality management,
project management, and all other issues concerning safety requirements on nuclear processes.
Note 2 to entry: It is further assumed that the audited organisation provides “auditable data”, i.e. technical
information which is documented and organized in a readily understandable and traceable manner that permits
independent review of the inferences or conclusions based on the information (see IEC/IEEE 60780-323).
3.4
automated code generation
function of automated tools allowing transformation of the application-oriented language into a
form suitable for compilation or execution
[SOURCE: IEC 60880:2006, 3.5]
3.5
commissioning
process by means of which systems and components of facilities and activities, having been
constructed, are made operational and verified to be in accordance with the design and to
have met the required performance criteria
Note 1 to entry: Commissioning may include both non-nuclear/non-radioactive and nuclear/radioactive testing.
[SOURCE: IAEA Safety Glossary, 2007 edition]
3.6
equipment platform
set of hardware and software components that may work co-operatively in one or more
defined architectures (configurations). The development of plant specific configurations and of
the related application software may be supported by software tools. An I&C platform usually
provides a number of standard functionalities (e.g. application functions library) that may be
combined to generate specific application software
Note 1 to entry: An I&C platform may be a product of a defined manufacturer or a set of products interconnected
and adapted by a supplier.
[SOURCE: IEC 61513:2011, 3.17, modified – The term “equipment family” has been replaced
by “equipement platform” and by “I&C platform” in the definition. Note 1 and 3 have been
removed and Note 2 has been adapted to I&C platform.]
3.7
Hardware Description Language
HDL
language used to formally describe the functions and/or the structure of an electronic
component for documentation, simulation or synthesis
Note 1 to entry: The most widely used HDLs are VHDL (IEEE 1076) and Verilog (IEEE 1364).
[SOURCE: IEC 62566:2012, 3.6]
3.8
HDL-Programmed Device
HPD
integrated circuit configured (for NPP I&C systems), with Hardware Description Languages
and related software tools
Note 1 to entry: HPDs are typically represented by ASICs, FPGAs, PLDs or similar micro-electronic technologies.
[SOURCE: IEC 62566:2012, 3.7, modified – Notes 1 and 2 have been removed and Note 3
has been modified.]
3.9
I&C System
system, based on electrical and/or electronic and/or programmable electronic technology,
performing I&C functions as well as service and monitoring functions related to the operation
of the system itself
The term is used as a general term which encompasses all elements of the system such as
internal power supplies, sensors and other input devices, data highways and other
communication paths, interfaces to actuators and other output devices (see Note 2). The
different functions within a system may use dedicated or shared resources.
Note 1 to entry: See also "system".
Note 2 to entry: The elements included in a specific I&C system are defined in the specification of the boundaries
of the system.
Note 3 to entry: According to their typical functionality, IAEA distinguishes between automation / control systems,
HMI systems, interlock systems and protection systems.
Note 4 to entry: In the scope of this technical report, the term I&C system is linked to the particular process, in
contrast to the generic term of I&C platform.
[SOURCE: IEC 61513:2011, 3.29, modified – The words "and I&C function" have been
removed from Note 1 and Note 4 has been added.]
3.10
independent assessment
assessments such as audits or surveillances carried out to determine the extent to which the
requirements for the management system are fulfilled, to evaluate the effectiveness of the
management system and to identify opportunities for improvement. They can be conducted by
or on behalf of the organization itself for internal purposes, by interested parties such as
customers and regulators (or by other persons on their behalf), or by external independent
organizations
Note 1 to entry: This definition applies in management systems and related fields.
Note 2 to entry: Persons conducting independent assessments do not participate directly in the work being
assessed.
Note 3 to entry: Independent assessment activities include internal and external audit, surveillance, peer
evaluation and technical review, which are focused on safety aspects and areas where problems have been found.
[SOURCE: IAEA Safety Glossary, 2007 edition]
3.11
item important to safety
item that is part of a safety group and/or whose malfunction or failure could lead to radiation
exposure of the site personnel or members of the public
[SOURCE: IAEA Safety Glossary, 2007 edition]

– 12 – IEC TR 63084:2017 © IEC 2017
3.12
license
legal document issued by the regulatory body granting authorization to perform specified
activities related to a facility or activity
Note 1 to entry: Any authorization granted by the regulatory body to the applicant to have the responsibility for
the siting, design, construction, commissioning, operation or decommissioning of a nuclear installation. In IAEA
usage, a licence is a particular type of authorization, normally representing the primary authorization for the
operation of a whole facility or activity. The conditions attached to the licence may require that further, more
specific, authorization or approval be obtained by the licensee before carrying out particular activities.
[SOURCE: IAEA Safety Glossary, 2007 edition]
3.13
operating experience
accumulation of verifiable operational data for conditions equivalent to those for which
particular equipment is to be qualified
3.14
qualification
process of determining whether a system or component is suitable for operational use. The
qualification is performed in the context of a specific class of the I&C system and a specific
set of qualification requirements
Note 1 to entry: Qualification of I&C systems is always a plant- and application-specific activity while platform
qualification relies to a large degree on qualification activities performed outside the framework of a specific plant
design (these are called “generic qualification” or “pre-qualification”).
[SOURCE: IEC 61513:2011, 3.38, modified – Notes 1 and 2 have been removed and Note 3
has been revised.]
3.15
redundancy
provision of alternative (identical or diverse) structures, systems or components, so that any
one can perform the required function regardless of the state of operation or failure of any
other
[SOURCE: IEC 60880:2006, 3.29]
3.16
regulatory body
authority or system of authorities designated by the government of a State as having legal
authority for conducting the regulatory process, including issuing authorizations, and thereby
regulating nuclear, radiation, radioactive waste and transport safety
Note 1 to entry: For each Contracting Party any body or bodies given the legal authority by that Contracting Party
to grant licences and to regulate the siting, design, construction, commissioning, operation or decommissioning of
nuclear installations.
[SOURCE: IAEA Safety Glossary, 2007 edition]
3.17
system
set of components which interact according to a design, where an element of a system can be
another system, called a subsystem
Note 1 to entry: See also "I&C system".
Note 2 to entry: I&C systems are distinguished from mechanical systems and electrical systems of the NPP.
Note 3 to entry: This IEC SC 45A definition is totally compatible with the sub-definition of "system" given in the
frame of the 2007 edition of the IAEA Safety Glossary definition of "Structures, Systems and Components (SSC)".

Note 4 to entry: The term “system” is a very general term that is used for different objects. Examples are Reactor
Trip Systems, Engineered Safety Actuation Systems, etc. But also Core Cooling systems, ventilation systems, etc.
are systems. The IEC SC 45A standards provide requirements and recommendations for such systems.
Note 5 to entry: Systems can be built from equipment platforms.
[SOURCE: IEC 61513:2011, 3.56, modified – Notes 4 and 5 have been added.]
3.18
type test
demonstration of the capability of a type of equipment to meet specified requirements by
subjecting a representative item, or number of items, of the type to a set of physical,
chemical, environmental or operational conditions
3.19
validation
process of determining whether a product or service is adequate to perform its intended
function satisfactorily. Validation is broader in scope, and may involve a greater element of
judgement, than verification
[SOURCE: IAEA Safety Glossary, 2007 edition]
3.20
vendor
design, contracting or manufacturing organization supplying a service, component or facility
Note 1 to entry: The organization able and capable to provide required services and accepting contracted
responsibilities bound to those services.
Note 2 to entry: An alternative term which may be used in this report is “contractor”, referring to the supplier
quoting, contracting, manufacturing and installing the I&C equipment for systems important for safety. It means as
well that contractor is a certified vendor.
[SOURCE: IAEA Safety Glossary, 2007 edition]
3.21
vendor qualification
process of determining whether a vendor is suitable for delivery, technical support and
maintenance of the equipment and services contracted formally by the nuclear plant operating
organization
Note 1 to entry: Formal contracting means in this context as being able and competent to fulfil all by contract
defined responsibilities.
3.22
verification
confirmation by examination and by provision of objective evidence that the results of an
activity meet the objectives and requirements defined for this activity
[SOURCE: IEC 62138:2004, 3.35, modified – The reference to ISO 12207 at the end of the
definition has been removed.]
4 Abbreviated terms
ALS Advanced Logic System® Platform
ASIC Application Specific Integrated Circuit
BTP Branch Technical Position
CFR Code of Federal Regulations
CPLD Complex Programmable Logic Device

– 14 – IEC TR 63084:2017 © IEC 2017
CPU Central Processing Unit
CTEC Company Profile-China Techenergy Co., Ltd.
DI&C Digital Instrumentation and Control
EMC Electromagnetic Compatibility
EMI Electromagnetic Interference
EPR European Power Reactor
EQ Equipment Qualification
FPGA Field Programmable Gate Array
GDC General Design Criteria
GRS Gesellschaft für Anlagen- und Reaktorsicherheit (Association for plant and
reactor safety)
HDL Hardware Description Language
HPD HDL Programmed Device
I&C Instrumentation and Control
IAEA International Atomic Energy Agency
IEC International Electrotechnical Commission
IEEE Institute of Electrical and Electronic Engineers
ISG Interim Staff Guidance
ISO International Organization for Standardization
ISSN International Standard Serial Number
ISTec TÜV Rheinland ISTec GmbH – Institut für Sicherheitstechnologie
IV&V Independent Verification and Validation
KTA Nuclear Safety Standards Commission (Kerntechnischer Ausschuss)
LOP List of Open Points
NIST SP National Institute of Standards and Technology, Special Publication
NPIC&HMIT Nuclear Plant Instrumentation, Control & Human-Machine Interface
Technologies
NPP Nuclear Power Plant
NRC Nuclear Regulatory Commission
OBE Operating Basis Earthquake
PLC Programmable Logic Controller
PLD Programmable Logic Device
POSAFE-Q Qualified Poscon Safety PLC
PSAR Preliminary Safety Analysis Report
QA Quality Assurance
RFI Radiofrequency Interference
RG Regulatory Guide
SC Sub-Committee
SSC Structures, Systems and Components
SFS-EN European standard implemented in Finland
SRP Publication under Systematic Review
SSE Safe Shutdown Earthquake
TXS TELEPERM XS
V&V Verification and Validation

WG Working Group
5 I&C platform versus I&C system
5.1 General – Structure of the platform qualification
The subject of this document is the qualification of platforms to obtain a pre-qualification that
can be credited for the implementation in I&C systems important to safety. The pre-
qualification will still require that application-specific qualification for an I&C system is
performed. The aim is to confirm the compliance of the evidence of pre-qualification with the
requirements for nuclear use of the existing I&C system, and the engineering processes for
generation of the application specific aspects of the I&C system. The qualification process will
identify and repair the gaps identified.
When a platform is used on an application, the properties of the pla
...