SIST EN IEC 62138:2019

SLOVENSKI STANDARD
01-december-2019
Nadomešča:
SIST EN 62138:2009
Nuklearne elektrarne - Instrumenti in nadzorni sistemi za zagotavljanje varnosti -
Značilnosti programske opreme računalniških sistemov, ki izvajajo funkcije
kategorij B ali C (IEC 62138:2018)
Nuclear power plants - Instrumentation and control systems important to safety -
Software aspects for computer-based systems performing category B or C functions (IEC
62138:2018)
Kernkraftwerke - Leittechnische Systeme mit sicherheitstechnischer Bedeutung -
Softwareaspekte für rechnerbasierte Systeme zur Realisierung von Funktionen der
Kategorien B oder C (IEC 62138:2018)
Centrales nucléaires de puissance - Systèmes d’instrumentation et de contrôle-
commande importants pour la sûreté - Aspects logiciels des systèmes informatisés
réalisant des fonctions de catégorie B ou C (IEC 62138:2018)
Ta slovenski standard je istoveten z: EN IEC 62138:2019
ICS:
27.120.20 Jedrske elektrarne. Varnost Nuclear power plants. Safety
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN IEC 62138

NORME EUROPÉENNE
EUROPÄISCHE NORM
September 2019
ICS 27.120.20 Supersedes EN 62138:2009 and all of its amendments
and corrigenda (if any)
English Version
Nuclear power plants - Instrumentation and control systems
important to safety - Software aspects for computer-based
systems performing category B or C functions
(IEC 62138:2018)
Centrales nucléaires de puissance - Systèmes Kernkraftwerke - Leittechnische Systeme mit
d'instrumentation et de contrôle-commande importants pour sicherheitstechnischer Bedeutung - Softwareaspekte für
la sûreté - Aspects logiciels des systèmes informatisés rechnerbasierte Systeme zur Realisierung von Funktionen
réalisant des fonctions de catégorie B ou C der Kategorien B oder C
(IEC 62138:2018) (IEC 62138:2018)
This European Standard was approved by CENELEC on 2019-09-09. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN IEC 62138:2019 E
European foreword
This document (EN IEC 62138:2019) consists of the text of IEC 62138:2018 prepared by SC 45A
"Instrumentation, control and electrical power systems of nuclear facilities" of IEC/TC 45 "Nuclear
instrumentation".
The following dates are fixed:
• latest date by which this document has to be (dop) 2020-09-09
implemented at national level by publication of an
identical national standard or by endorsement
• latest date by which the national standards (dow) 2022-09-09
conflicting with this document have to be
withdrawn
This document supersedes EN 62138:2009 and all of its amendments and corrigenda (if any).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.
As stated in the nuclear safety directive 2009/71/EURATOM, Chapter 1, Article 2, item 2, Member
States are not prevented from taking more stringent safety measures in the subject-matter covered by
the Directive, in compliance with Community law. In a similar manner, this European standard does
not prevent Member States from taking more stringent nuclear safety and/or security measures in the
subject-matter covered by this standard.
Endorsement notice
The text of the International Standard IEC 62138:2018 was approved by CENELEC as a European
Standard without any modification.
In the official version, for Bibliography, the following notes have to be added for the standards
indicated:
IEC 61508-3:2010 NOTE  Harmonized as EN 61508-3:2010 (not modified)
IEC 61508-4:2010 NOTE  Harmonized as EN 61508-3:2010 (not modified)
IEC 61511-1:2016
NOTE  Harmonized as EN 61511-1:2016 (not modified)
ISO 9001:2015
NOTE  Harmonized as EN ISO 9001:2015 (not modified)
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant

EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year
IEC 60880 2006 Nuclear power plants - Instrumentation EN 60880 2009
and control systems important to safety -
Software aspects for computer-based
systems performing category A functions
IEC 61226 -  Nuclear power plants - Instrumentation EN 61226 -
and control important to safety -
Classification of instrumentation and
control functions
IEC 61513 2011 Nuclear power plants - Instrumentation EN 61513 2013
and control important to safety - General
requirements for systems
IEC 62671 2013 Nuclear power plants - Instrumentation - -
and control important to safety - Selection
and use of industrial digital devices of
limited functionality
IEC 62138 ®
Edition 2.0 2018-07
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
Nuclear power plants – Instrumentation and control systems important to

safety – Software aspects for computer-based systems performing category

B or C functions
Centrales nucléaires de puissance – Systèmes d’instrumentation et de contrôle-

commande importants pour la sûreté – Aspects logiciels des systèmes

informatisés réalisant des fonctions de catégorie B ou C

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 27.120.20 ISBN 978-2-8322-5830-9

– 2 – IEC 62138:2018 © IEC 2018
CONTENTS
FOREWORD . 4
INTRODUCTION . 6
1 Scope . 8
2 Normative references. 8
3 Terms and definitions . 9
4 Symbols and abbreviated terms . 17
5 Key concepts and assumptions . 17
5.1 General . 17
5.2 Types of software . 17
5.3 Types of configuration data . 18
5.4 Software and system safety lifecycles . 19
5.5 Gradation principles . 21
6 Requirements for the software of class 2 and class 3 I&C systems . 22
6.1 Applicability of the requirements . 22
6.2 General requirements . 22
6.2.1 Software safety lifecycle – Software quality assurance . 22
6.2.2 Verification . 23
6.2.3 Configuration management . 24
6.2.4 Selection and use of software tools . 25
6.2.5 Selection of languages . 26
6.3 Selection of pre-developed software . 27
6.3.1 General . 27
6.3.2 Documentation for safety. 27
6.3.3 Evidence of correctness . 28
6.3.4 Functional suitability . 35
6.3.5 Selection and use of digital devices of limited functionality . 35
6.4 Software requirements specification . 35
6.4.1 General . 35
6.4.2 Objectives . 35
6.4.3 Inputs . 36
6.4.4 Contents . 36
6.4.5 Properties . 37
6.5 Software design . 38
6.5.1 Objectives . 38
6.5.2 Inputs . 38
6.5.3 Contents . 39
6.5.4 Properties . 40
6.6 Implementation of software . 40
6.6.1 General requirements . 40
6.6.2 Configuration of software and of devices containing software . 40
6.6.3 Implementation with application-oriented languages . 41
6.6.4 Implementation with general-purpose languages . 41
6.7 Software aspects of system integration . 43
6.7.1 General . 43
6.8 Software aspects of system validation . 43
6.8.1 General . 43

IEC 62138:2018 © IEC 2018 – 3 –
6.9 Installation of software on site . 45
6.9.1 General . 45
6.10 Anomaly reports . 45
6.11 Software modification . 46
6.11.1 General . 46
6.12 Defences against common cause failure due to software . 47
Annex A (informative) Typical list of software documentation . 48
Annex B (informative) Correspondence between IEC 61513:2011 and this document . 49
Annex C (informative) Relations of this document with IEC 61508 . 50
C.1 General . 50
C.2 Comparison of scope and concepts . 50
C.3 Correspondence between this document and IEC 61508-3:2010 . 51
Bibliography . 52

Figure 1 – Typical software parts in a computer-based I&C system . 18
Figure 2 – Activities of the system safety lifecycle (as defined by IEC 61513:2011) . 19
Figure 3 – Software related activities in the system safety lifecycle . 20
Figure 4 – Development activities of the IEC 62138 software safety lifecycle . 21
Figure 5 – Overview of the typical qualification process for pre-developed complete
operational system software . 30
Figure 6 – Overview of the typical qualification process for pre-developed software

components . 31

Table A.1 – Typical list of software documentation . 48
Table B.1 – Correspondence between IEC 61513:2011 and this document . 49
Table C.1 – Correspondence between this document and IEC 61508-3:2010 . 51

– 4 – IEC 62138:2018 © IEC 2018
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
NUCLEAR POWER PLANTS – INSTRUMENTATION
AND CONTROL SYSTEMS IMPORTANT TO SAFETY –
SOFTWARE ASPECTS FOR COMPUTER-BASED SYSTEMS
PERFORMING CATEGORY B OR C FUNCTIONS

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62138 has been prepared by subcommittee 45A: Instrumentation,
control and electrical power systems of nuclear facilities, of IEC technical committee 45:
Nuclear instrumentation.
This second edition cancels and replaces the first edition published in 2004. This edition
constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) align the standard with standards published or revised since the first edition, in particular
IEC 61513, IEC 60880, IEC 62645 and IEC 62671;
b) merge Clause 5 and Clause 6 of the first edition into a single clause in order to avoid the
repetition of the vast majority of the text which proves to be extremely difficult to maintain
in consistency;
IEC 62138:2018 © IEC 2018 – 5 –
c) revise clause on the selection of pre-developed software based on experiences from the
application of the first edition of the standard on industrial projects. More precise criteria
are proposed for the evidence of correctness of pre-developed software;
d) introduce requirements on traceability in consistency with IEC 61513;
e) introduce an Annex A that gives a typical list of software documentation;
f) introduce an Annex B that establishes relationship between IEC 61513 and this document;
g) introduce an Annex C that establishes relationship between IEC 61508 and this document.
The text of this standard is based on the following documents:
FDIS Report on voting
45A/1201/FDIS 45A/1209/RVD
Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
In this document, the following print types are used:
• Requirements and recommendations applicable specifically to class 2 or to class 3
systems appear in italics in Clause 6.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
– 6 – IEC 62138:2018 © IEC 2018
INTRODUCTION
a) Technical background, main issues and organisation of this document
This International Standard provides requirements on the software aspects for computer-
based instrumentation and control (I&C) systems performing category B or C functions as
defined by IEC 61226. It complements IEC 60880 which provides requirements for the
software of computer-based I&C systems performing category A functions.
It is consistent with, and complementary to, IEC 61513:2011. Activities that are mainly
system level activities (for example, integration, validation and installation) are not
addressed exhaustively by this document: requirements that are not specific to software
are deferred to IEC 61513:2011.
This document takes into account the current practices for the development of software for
I&C systems, in particular:
– the use of pre-developed software, equipment and equipment families that were not
necessarily designed to nuclear industry sector standards;
– the use of application-oriented languages.
b) Situation of the current document in the structure of the IEC SC 45A standard series
IEC 61513 is a first level IEC SC 45A document and gives guidance applicable to I&C at
system level.
IEC 62138 is a second level IEC SC 45A document that supplements IEC 61513
concerning software development of computer-based I&C systems performing category B
or C functions.
For more details on the structure of the IEC SC 45A standard series, see item d) of this
introduction.
c) Recommendations and limitations regarding the application of this document
This document is not intended to be used as a general-purpose software engineering
guide. It applies to the software of I&C systems performing category B or C functions for
new nuclear power plants as well as to I&C upgrading or back-fitting of existing plants.
For existing plants, only a subset of requirements is applicable and this subset has to be
identified at the beginning of any project.
The purpose of the guidance provided by this document is to reduce, as far as possible,
the potential for latent software faults to cause system failures, either due to single
software failures or multiple software failures (i.e. Common Cause Failures due to
software).
This document does not explicitly address how to protect software against those threats
arising from malicious attacks, i.e. cybersecurity, for computer-based systems. IEC 62645
provides requirements for security programmes for computer-based systems.
To ensure that this document will continue to be relevant in future years, the emphasis
has been placed on issues of principle, rather than specific technologies.
d) Description of the structure of the IEC SC 45A standard series and relationships
with other IEC documents and other bodies documents (IAEA, ISO)
The top-level documents of the IEC SC 45A standard series are IEC 61513 and
IEC 63046. IEC 61513 provides general requirements for I&C systems and equipment that
are used to perform functions important to safety in nuclear power plants (NPPs).
IEC 63046 provides general requirements for electrical power systems of NPPs; it covers
power supply systems including the supply systems of the I&C systems. IEC 61513 and
IEC 63046 are to be considered in conjunction and at the same level. IEC 61513 and
IEC 63046 structure the IEC SC 45A standard series and shape a complete framework
establishing general requirements for instrumentation, control and electrical systems for
nuclear power plants.
IEC 61513 and IEC 63046 refer directly to other IEC SC 45A standards for general topics
related to categorization of functions and classification of systems, qualification,
separation, defence against common cause failure, control room design, electromagnetic
compatibility, cybersecurity, software and hardware aspects for programmable digital

IEC 62138:2018 © IEC 2018 – 7 –
systems, coordination of safety and security requirements and management of ageing.
The standards referenced directly at this second level should be considered together with
IEC 61513 and IEC 63046 as a consistent document set.
At a third level, IEC SC 45A standards not directly referenced by IEC 61513 or by
IEC 63046 are standards related to specific equipment, technical methods, or specific
activities. Usually these documents, which make reference to second-level documents for
general topics, can be used on their own.
A fourth level extending the IEC SC 45A standard series, corresponds to the Technical
Reports which are not normative.
The IEC SC 45A standards series consistently implements and details the safety and
security principles and basic aspects provided in the relevant IAEA safety standards and
in the relevant documents of the IAEA nuclear security series (NSS). In particular this
includes the IAEA requirements SSR-2/1, establishing safety requirements related to the
design of nuclear power plants (NPPs), the IAEA safety guide SSG-30 dealing with the
safety classification of structures, systems and components in NPPs, the IAEA safety
guide SSG-39 dealing with the design of instrumentation and control systems for NPPs,
the IAEA safety guide SSG-34 dealing with the design of electrical power systems for
NPPs and the implementing guide NSS17 for computer security at nuclear facilities. The
safety and security terminology and definitions used by SC 45A standards are consistent
with those used by the IAEA.
IEC 61513 and IEC 63046 have adopted a presentation format similar to the basic safety
publication IEC 61508 with an overall life-cycle framework and a system life-cycle
framework. Regarding nuclear safety, IEC 61513 and IEC 63046 provide the interpretation
of the general requirements of IEC 61508-1, IEC 61508-2 and IEC 61508-4, for the
nuclear application sector. In this framework IEC 60880, IEC 62138 and IEC 62566
correspond to IEC 61508-3 for the nuclear application sector. IEC 61513 and IEC 63046
refer to ISO as well as to IAEA GS-R-3 and IAEA GS-G-3.1 and IAEA GS-G-3.5 for topics
related to quality assurance. At level 2, regarding nuclear security, IEC 62645 is the entry
document for the IEC SC 45A security standards. It builds upon the valid high level
principles and main concepts of the generic security standards, in particular ISO/IEC
27001 and ISO/IEC 27002; it adapts them and completes them to fit the nuclear context
and coordinates with the IEC 62443 series. At level 2, regarding control rooms, IEC 60964
is the entry document for the IEC SC 45A control rooms standards and IEC 62342 is the
entry document for the IEC SC 45A ageing management standards.
NOTE 1 It is assumed that for the design of I&C systems in NPPs that implement conventional safety functions
(e.g. to address worker safety, asset protection, chemical hazards, process energy hazards) international or
national standards would be applied.
NOTE 2 IEC SC 45A domain was extended in 2013 to cover electrical systems. In 2014 and 2015 discussions
were held in IEC SC 45A to decide how and where general requirement for the design of electrical systems were to
be considered. IEC SC 45A experts recommended that an independent standard be developed at the same level as
IEC 61513 to establish general requirements for electrical systems. Project IEC 63046 is now launched to cover
this objective. When IEC 63046 is published, this NOTE 2 of the introduction will be suppressed.

– 8 – IEC 62138:2018 © IEC 2018
NUCLEAR POWER PLANTS – INSTRUMENTATION
AND CONTROL SYSTEMS IMPORTANT TO SAFETY –
SOFTWARE ASPECTS FOR COMPUTER-BASED SYSTEMS
PERFORMING CATEGORY B OR C FUNCTIONS

1 Scope
This document specifies requirements for the software of computer-based instrumentation and
control (I&C) systems performing functions of safety category B or C as defined by
IEC 61226. It complements IEC 60880 which provides requirements for the software of
computer-based I&C systems performing functions of safety category A.
It is consistent with, and complementary to, IEC 61513. Activities that are mainly system level
activities (for example, integration, validation and installation) are not addressed exhaustively
by this document: requirements that are not specific to software are deferred to IEC 61513.
The link between functions categories and system classes is given in IEC 61513. Since a
given safety-classified I&C system may perform functions of different safety categories and
even non safety-classified functions, the requirements of this document are attached to the
safety class of the I&C system (class 2 or class 3).
This document is not intended to be used as a general-purpose software engineering guide. It
applies to the software of I&C systems of safety classes 2 or 3 for new nuclear power plants
as well as to I&C upgrading or back-fitting of existing plants.
For existing plants, only a subset of requirements is applicable and this subset has to be
identified at the beginning of any project.
The purpose of the guidance provided by this document is to reduce, as far as possible, the
potential for latent software faults to cause system failures, either due to single software
failures or multiple software failures (i.e. Common Cause Failures due to software).
This document does not explicitly address how to protect software against those threats
arising from malicious attacks, i.e. cybersecurity, for computer-based systems. IEC 62645
provides requirements for security programmes for computer-based systems.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 60880:2006, Nuclear power plants – Instrumentation and control systems important to
safety – Software aspects for computer-based systems performing category A functions
IEC 61226, Nuclear power plants – Instrumentation and control important to safety –
Classification of instrumentation and control functions
IEC 61513:2011, Nuclear power plants – Instrumentation and control important to safety –
General requirements for systems

IEC 62138:2018 © IEC 2018 – 9 –
IEC 62671:2013, Nuclear power plants – Instrumentation and control important to safety –
Selection and use of industrial digital devices of limited functionality
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
animation
process by which the behaviour defined by a specification is displayed with actual values
derived from the stated behaviour expressions and from some input values
[SOURCE: IEC 60880:2006, 3.1]
3.2
application function
function of an I&C system that performs a task related to the process being controlled rather
than to the functioning of the system itself
[SOURCE: IEC 61513:2011, 3.1]
3.3
application software
part of the software of an I&C system that implements the application functions
Note 1 to entry: Application software contrasts with system software.
Note 2 to entry: Application software is plant specific, so it is not to be considered pre-developed software.
[SOURCE: IEC 61513:2011, 3.2 modified (modified notes to entry)]
3.4
application-oriented language
computer language specifically designed to address a certain type of application and to be
used by persons who are specialists of this type of application
Note 1 to entry: Equipment families usually feature application-oriented languages so as to provide easy to use
capability for adjusting the equipment to specific requirements.
Note 2 to entry: Application-oriented languages may be used to specify the functional requirements of an I&C
system, and/or to specify or design application software. They may be based on texts, on graphics, or on both.
Note 3 to entry: Examples: function block diagram languages, languages defined by IEC 61131-3.
Note 4 to entry: See also general-purpose language.
[SOURCE: IEC 60880:2006, 3.3 modified (addition of note 4 to entry)]
3.5
common cause failure
CCF
failure of two or more structures, systems or components due to a single specific event or
cause
– 10 – IEC 62138:2018 © IEC 2018
Note 1 to entry: Common causes may be internal or external to an I&C system.
[SOURCE: IAEA Safety Glossary, 2016 edition]
3.6
complexity
degree to which a system or component has a design, implementation or behaviour that is
difficult to understand and verify
[SOURCE: IEC 61513:2011, 3.9]
3.7
computer program
set of ordered instructions and data that specify operations in a form suitable for execution by
a computer
Note 1 to entry: This includes traditional programs written in general-purpose languages. This also includes
programs written in application-oriented languages.
[SOURCE: IEC 60880:2006, 3.10, modified (addition of note 1 to entry)]
3.8
computer-based item
item that relies on software instructions running on microprocessors or microcontrollers
Note 1 to entry: In this term and its definition, the term item can be replaced by the terms: system or equipment or
device.
Note 2 to entry: A computer-based item is a kind of programmable digital item.
Note 3 to entry: This term is equivalent to software-based item.
3.9
configuration management
process of identifying and documenting the characteristics of a facility’s structures, systems
and components (including computer systems and software), and of ensuring that changes to
these characteristics are properly developed, assessed, approved, issued, implemented,
verified, recorded and incorporated into the facility documentation
[SOURCE: IAEA Safety Glossary, 2016 edition]
3.10
cybersecurity
set of activities and measures whose objective is to prevent, detect, and react to digital
attacks that have the intent to cause:
• disclosures that could be used to perform malicious acts which could lead to an accident,
an unsafe situation or plant performance degradation (confidentiality),
• malicious modifications of functions that may compromise the delivery or integrity of the
required service by I&C CB&HPD systems (including loss of control) which could lead to
an accident, an unsafe situation or plant performance degradation (integrity),
• malicious withholding or prevention of access to or communication of information, data or
resources (including loss of view) that could compromise the delivery of the required
service by I&C systems which could lead to an accident, an unsafe situation or plant
performance degradation (availability).
Note 1 to entry: This definition is tailored with respect to the IEC 62645 scope, focusing on the prevention of,
detection of and reaction to malicious acts by digital means on I&C CB&HPD systems. It is recognized that the
term “cybersecurity” has a broader meaning in other standards and guidance, often including non-malevolent
threats, human errors and protection against natural disasters, which are all out of the scope of IEC 62645.

IEC 62138:2018 © IEC 2018 – 11 –
[SOURCE: IEC 62645:2014, 3.6 modified (removal of note 2 to entry)]
3.11
dedicated functionality
property of devices that have been designed to accomplish only one clearly defined function
or only a very narrow range of functions, such as, for example, capture and signal the value of
a process parameter, or invert an alternating current power source to direct current. This
function (or narrow range of functions) is inherent in the device, and not the product of
programmability by the user
Note 1 to entry: Ancillary functions (e.g., self-supervision, self-calibration, data communication) may also be
implemented within the device, but they do not change the fundamental narrow scope of applicability of the device.
Note 2 to entry: “Dedicated” in the sense in which it is used in IEC 62671 refers to design for one specific function
that cannot be changed in the field.
[SOURCE: IEC 62671:2013, 3.7]
3.12
design specification
document or set of documents that describe the organisation and functioning of an item, and
that are used as a basis for the implementation and the integration of the item
3.13
documentation for safety
document or set of documents that specifies how a product can be safely used for
applications important to safety
Note 1 to entry: This definition is used in the context of pre-developed software (see 6.3).
3.14
dynamic analysis
process of evaluating a system or component based on its behaviour during execution. In
contrast to static analysis
[SOURCE: IEC 60880:2006, 3.15]
3.15
electrical/electronic/programmable electronic item
E/E/PE item
item based on electrical (E) and/or electronic (E) and/or programmable electronic (PE)
technology
Note 1 to entry: In this term and its definitions, the word “item” can be replaced by the words: system or
equipment or device.
[SOURCE: IEC 61508-4:2010, 3.2.13, modified ("item" added and note to entry modified)]
3.16
equipment family
set of hardware and software components that may work co-operatively in one or more
defined architectures (configurations). The development of plant specific configurations and of
the related application software may be supported by software tools. An equipment family
usually provides a number of standard functionalities (e.g. application functions library) that
may be combined to generate specific application software
Note 1 to entry: An equipment family may be a product of a defined manufacturer or a set of products
interconnected and adapted by a supplier.
Note 2 to entry: The term “equipment platform” is sometime used as a synonym of “equipment family”.

– 12 – IEC 62138:2018 © IEC 2018
[SOURCE: IEC 61513:2011, 3.17 modified (removal of note 1 to entry)]
3.17
error
discrepancy between a computed, observed or measured value or condition, and the true,
specified or theoretical value or condition
Note 1 to entry: See also human error, fault, failure.
[SOURCE: IEC 61513:2011, 3.18, modified (addition of note 1 to entry)]
3.18
executable code
software that is included in the target system
Note 1 to entry: Executable code usually includes instructions to be executed by the hardware of the target
system, and associated data.
3.19
failure
loss of the ability of a structure, system or component to function within acceptance criteria
Note 1 to entry: Equipment is considered to fail when it becomes incapable of functioning, whether or not it is
needed at that time. A failure in, for example, a backup system may not be manifest until the system is called upon
to function, either during testing or on failure of the system it is backing up.
Note 2 to entry: A failure is the result of a hardware fault, software fault, system fault, or operator or maintenance
error, and the associated signal trajectory which results in the failure.
Note 3 to entry: See also human error, fault, error.
[SOURCE: IAEA Safety Glossary, edition 2016]
3.20
fault
defect in a hardware, software or system component
Note 1 to entry: Faults may be originated from random failures, that result e.g. from hardware degradation due to
ageing, and may be systematic faults, e.g. software faults, which result from design errors.
Note 2 to entry: A fault (notably a design fault) may remain undetected in a system until specific conditions are
such that the result produced does not conform to the intended function, i.e. a failure occurs.
Note 3 to entry: See also human error, error, failure.
[SOURCE: IEC 61513:2011, 3.21, modified (note 3 to entry modified)]
3.21
firmware
software which is closely coupled to the hardware characteristics on which it is installed. The
presence of firmware is generally “transparent” to the user of the hardware component and,
as such, may be considered to be effectively an integral part of the hardware design (a good
example of such software being processor microcode). Generally, firmware may only be
modified by a user by replacing the hardware components (for example, processor chip, card,
EPROM) which contain this software with components which contain modified software
(firmware). Where this is the case, configuration control of the hardware components of the
equipment effectively provides configuration control of the firmware. Firmware, as considered
by IEC 60987, is effectively software that is built into the hardware
[SOURCE: IEC 60987:2007, 3.4]
IEC 62138:2018 © IEC 2018 – 13 –
3.22
functional validation
verification of the correctness of the application functions specifications against the top level
plant functional and performance requirements. It is complementary to the system validation
that verifies the compliance of the system with the functions specification
[SOURCE: IEC 61513:2011, 3.23]
3.23
general-purpose language
computer language designed to address all types of usage
Note 1 to entry: The system software of equipment families is usually implemented using general-purpose
languages.
Note 2 to entry: Examples: Ada, C, Pascal.
Note 3 to entry: See also application-oriented language.
[SOURCE: IEC 60880:2006, 3.20 modified (note 3 to entry added)]
3.24
human error (or mistake)
human action that produces an unintended result
Note 1 to entry: See also
...