Multinational Design Evaluation Programme (MDEP)

MDEP Digital Instrumentation and Control Generic Common Positions

MDEP members recognise that digital I&C systems require additional design and qualification approaches than are typically employed for hardwired systems. The performance of analog systems can typically be well characterised by models that use physics principles and testing that validates these models. Digital I&C systems are fundamentally different from analog I&C systems in that behavior is not constrained by physical laws, thus minor errors in design and implementation can cause them to exhibit unexpected behavior. As a result, qualification for digital systems must give greater attention to confirming that they were developed according to a high-quality development process that incorporated disciplined specification and implementation of design requirements. In the development of digital systems inspection and testing are used to verify correct implementation and to validate desired functionality of the final product, but confidence that isolated, discontinuous point failures will not occur derives from the discipline of the development process.

In digital I&C safety systems, code, data transmission, data and hardware may be common to several functions to a greater degree than is typical in hardwired systems. Although this commonality is the basis for many of the advantages of digital systems, it also raises a key concern: a design using shared data or code has the potential to propagate a common-cause failure via software errors, thus defeating the redundancy achieved by the hardware architectural structure. Greater commonality or sharing of hardware among functions within a channel increases the consequences of the failure of a single hardware module and reduces the amount of diversity available within a single safety channel.

Nuclear regulatory agencies recognise these characteristics of digital systems and require that the digital systems be developed according to high-quality processes and to incorporate features that can cope with potential common cause failures.  While these principles are held in common, regulatory authorities have different expectations about the specific evidence that applicants must present to demonstrate these principles have been achieved.  Such differences unnecessarily impede the safety reviews and the sharing of safety review experience and safety insights between the various member states.

To reduce these barriers the MDEP Digital Instrumentation and Control Standards Working Group (DICWG) is developing generic common positions that describe methods and evidence that all DICWG member states find acceptable to support safety justification for digital I&C systems. MDEP has accepted the following generic common positions to provide more specific views on principles, concepts and approaches for addressing the use of digital I&C technologies in reactor systems important to safety to assure the safety and reliability of new reactor designs:

Last reviewed: 28 March 2011