RG1.172 核电厂安全系统中使用的数字计算机软件的软件需求规格书 1997

RG 核电厂安全系统中使用的数字计算机软件的验证、确认、审查和监查 (二)
- RG 核电厂安全系统中使用的数字计算机软件的验证
- 确认软件是否符合规范和要求
- 验证软件是否能够正常运行
- 确认软件是否能够处理各种异常情况
- 检查软件是否能够保障核电厂的安全
- RG 核电厂安全系统中使用的数字计算机软件的确认
- 确认软件是否符合设计要求
- 确认软件是否能够满足核电厂的需求
- 确认软件是否能够与其他系统协同工作
- 确认软件是否符合相关法律法规的要求
- RG 核电厂安全系统中使用的数字计算机软件的审查
- 审查软件的代码是否符合规范和标准
- 审查软件的设计是否合理
- 审查软件的测试结果是否可靠
- 审查软件的文档是否完整和准确
- RG 核电厂安全系统中使用的数字计算机软件的监查
- 监查软件的运行状态和性能
- 监查软件的日志和报警信息
- 监查软件的安全性和可靠性
- 监查软件的维护和更新情况
- 总体来说，RG 核电厂安全系统中使用的数字计算机软件的验证、确认、审查和监查是保障核电厂安全的重要措施，需要严格执行和监督，以确保软件能够稳定运行并及时发现和解决潜在问题。

U.S. NUCLEAR REGULATORY COMMISSIONREGULATORY GUI OFFICE OF NUCLEAR REGULATORY RESEARCHREGULATORY GUIDE 1.171(Draft was DG-1057)SOFTWARE UNIT TESTING FOR DIGITAL COMPUTER SOFTWARE USED IN SAFETY SYSTEMS OF NUCLEAR POWER PLANTSA. INTRODUCTIONIn 10 CFR Part 50, "Domestic Licensing of Pro duction and Utilization Facilities," paragraph 55a(a)(1) requires, in part,1 that systems and components be de signed, tested, and inspected to quality standards commensurate with the safety function to be performed. Criterion 1, "Quality Standards and Records," of Ap pendix A, "General Design Criteria for Nuclear PowerPlants," to 10 CFR Part 50 requires, in part, 1 that a qual ity assurance program be established and implemented in order to provide adequate assurance that systems and components important to safety will satisfactorily per form their safety functions. Appendix B, "Quality As surance Criteria for Nuclear Power Plants and Fuel Re processing Plants," to 10 CFR Part 50 describes criteria that a quality assurance program for systems and com ponents that prevent or mitigate the consequences of postulated accidents must meet. In particular, besides the systems and components that directly prevent or mitigate the consequences of postulated accidents, the criteria of Appendix B also apply to all activities affect ing the safety-related functions of such systems and components as designing, purchasing, installing, test ing, operating, maintaining, or modifying. A specificl1n this regulatory guide, many of t he regulations have been paraphrased; see 10 CFR Part 50 for the full text.requirement is contained in 10 CFR 50.55a(h), which requires that reactor protection systems satisfy the cri teria of IEEE Std 279-1971, "Criteria for ProtectionSystems for Nuclear Power Generating Stations."2Paragraph 4.3 of IEEE Std 279-19713 states that quali ty of components is to be achieved through the specifi cation of requirements known to promote high quality, such as requirements for design, inspection, and test. Many of the criteria in Appendix B to 10 CFR Part 50 contain requirements closely related to testing activities. Criterion I, "Organization," requires the es tablishment and execution of a quality assurance pro gram. Criterion H, "Quality Assurance Program," re quires, in part, that the program take into account the need for special controls, processes, test equipment, tools, and skills to attain the required quality, as well as the need for verification of quality by inspection and test. Criterion III, "Design Control," requires, in part, that measures be established for verifying and checking the adequacy of design, such as by the performance of a2Revision I of Regulatory Guide 1.153, "Criteria for Safety Systems," en dorses IEEE Std 603-1991,"Criteria for S afety Systems for Nuclear Pow er Generating Stations," as a method acceptable to the NRC staff for satis fying the NRC's regulations with respect to the design, reliability, qualifi cation, and testability of t he power, instrumentation, and control portions of the safety systems of nuclear power plants.3IEEE publications may be obtained from the IEEE Service Center, 445 Hoes Lane, Piscataway, NJ 08854.7.USNRCREGULATORYGUIDESThe guides we Issued in the following ten broad divisions:Reglatory Guides are Issued to descibe and make avlable tothe public such Informslion as methods acceptable to the NRC staf for Implementing specific pans of the Com- 1. Power Reactors 6. Productsmission's regulations, techniques usedbythestaff inevaluating specific problems orpos- 2Z Research and Test Reactors7. Transportationtulated accdentsa and data needed by the NRC staff In Its review of ap:icationrs forper- 3& F uels and Materials Facilities8. Occupations! Healthmits and licensea. Regulatory guides are not sstitutes for regulations, and compiance 4. Environmental and Siting 9. Antitust and Financial Review with them Is not required. Methods and solutions different from those set out in theguides 5. Matrials and Plant Protection 10. Generalwill be acceptable If t hey provide a basis for the findings requisite to the Issuance or con linuance of a permit or license by the Commission.Single copies of regulatory guides may be obtained free of chrge bywrlfing te Printing. This guide was lesu after consideration of comments received from thre public. Com- Graphics anid Distribution Branch. Office of Administrtion, U.S. Nuclear Regulatory Com ments andsuggestions for inprovements Inthese guides wencosurged at all Imes, and mission, Washington, DC 2055-0001; or by fox at (301)415-5272gue will be revised, as appropriate, to accommodate comments and to reflect new in = on or aperience.Issued guides may also bepurchased! from me* N ational Technical Information Service on Whitten comments may be submitted to te Rules Review and Directives Branch, DFIPS,a standing order basis. Details on this service may be obtained by w riting NTIS, 5285 PortADM, U.S. Nuclear Regulatory Commission, Washington, DC 2055-0001.Royal Road, Springfield, VA 22161.DESeptember 1997suitable testing program, and that design control measures be applied to items such as the delineation of acceptance criteria for inspections and tests. Criterion V, "Instructions, Procedures, and Drawings," requires activities affecting quality to be prescribed by docu mented instructions, procedures, or drawings of a type appropriate to the circumstances and that these activi ties be accomplished in accordance with these instruc tions, procedures, or drawings. Criterion V further re quires that instructions, procedures, and drawings include appropriate quantitative or qualitative accep tance criteria for determining that important activities have been satisfactorily accomplished. Criterion XI, "Test Control," requires establishment of a test pro gram to ensure that all testing required to demonstrate that structures, systems, and components will perform satisfactorily in service is identified and performed in accordance with written test procedures that incorpo rate the requirements and acceptance limits contained in applicable design documents. Test procedures must include provisions for ensuring that all prerequisites for the given test have been met, that adequate test instru mentation is available and used, and that the test is per formed under suitable environmental conditions. Crite rion XI also requires that test results be documented and evaluated to assure that test requirements have been sat isfied. Finally, Criteria VI, "Document Control," and XVII, "Quality Assurance Records," provide for the control of the issuance of documents, including changes thereto, that prescribe all activities affecting quality and provide for the maintenance of sufficient records to furnish evidence of activities affecting quali ty. The latter requires test records to identify the inspec tor or data recorder, the type of observation, the results, the acceptability of the results, and the action taken in connection with any deficiencies noted.This regulatory guide endorses ANSI/IEEE Std 1008-1987, "IEEE Standard for Software Unit Test ing,"3 with the exceptions stated in the Regulatory Position. IEEE Std 1008-1987 describes a method ac ceptable to the NRC staff for complying with parts of the NRC's regulations for promoting high functional reliability and design quality in software used in safety systems.4 In particular, the method is consistent with the previously cited General Design Criteria and the criteria for quality assurance programs of Appendix B as they apply to software unit testing. The criteria of Appendices A and B apply to systems and related quali 4The term "safety systems" is synonymous with "safety-related systems." The General Design Criteria cover systems, structures, and components "important to safety." The scope of t his regulatory guide is, however, limited to "safety systems," which are a subset of "systems important to safety..ty assurance processes, and if those systems include software, the requirements extend to the software ele ments.In general, information provided by regulatory guides is reflected in the Standard Review Plan (NUREG-0800). The Office of Nuclear Reactor Regulation uses the Standard Review Plan to review applications to construct and operate nuclear power plants. This regulatory guide will apply to the revised Chapter7 of that document.The information collections contained in this regu latory guide are covered by the requirements of 10 CFR Part 50, which were approved by the Office of Management and Budget, approval number 3150-0011. The NRC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number.B. DISCUSSIONThe use of industry consensus standards is part ofan overall approach to meeting the requirements of10 CFR Part 50 when developing safety systems for nuclear power plants. Compliance with standards doesnot guarantee that regulatory requirements will be met. However, compliance does ensure that practices accepted within various technical communities will be incorporated into the development and quality assurance processes used to design safety systems. These practices are based on past experience and represent in dustry consensus on approaches used for developmentof such systems.Software incorporated into instrumentation and control systems covered by Appendix B will be referredto in this regulatory guide as safety system software.For safety system software, software testing is an im portant part of the effort to achieve compliance with the NRC's requirements. Software engineering practices rely, in part, on software testing to meet general qualityand reliability requirements consistent with Criteria 1and 21 of A ppendix A to 10 CFR Part 50, as well as Criteria I, II, III, V, VI, XI, and XVII of Appendix B.The consensus standard, IEEE Std 1008-1987 (reaffirmed in 1993), defines a method for planning, preparing for, conducting, and evaluating software unit testing. The method described is consistent with the previously cited regulatory requirements as they applyto safety system software.Current practice for the development of softwarefor high-integrity applications includes the use of a software life cycle process that incorporates software testing activities, e.g., IEEE Std 1074-1991, "IEEE Standard for Developing Software Life Cycle,Processes."3 Software testing, including software unittesting, is a key element in software verification andvalidation activities, as indicated by IEEE Std1012-1986, "IEEE Standard for Software Verificationand Validation Plans,"3 and IEEE Std 7-4.3.2-1993,"Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations." A common approach to software testing [NUREG/CR-6101,"Software Reliability and Safety in Nuclear ReactorProtection Systems" (November 1993); NUREG/CR-6263, "High Integrity Software for Nuclear PowerPlants: Candidate Guidelines, Technical Basis and Research Needs" (June 1995)]5 utilizes a three-level testprogram to help ensure quality in a complex softwareproduct or complex set of cooperating software products, i.e., unit-level testing, integration-level testing,and system-level testing such as system validation testsor acceptance tests. IEEE Std 1008-1987 delineates anapproach to the unit testing of software that is based onthe assumption of a larger context established by verification and validation (V&V) planning as well asgeneral planning for the full range of testing activitiesto be applied. Therefore, software unit testing performed in accordance with IEEE Std 1008-1987should be consistent with planning information established in V&V plans and higher-level software testplans, although that planning information is not withinthe scope of IEEE Std 1008-1987.C. REGULATORY POSITIONThe requirements in ANSI/IEEE Std 1008-1987, "IEEE Standard for Software Unit Testing," provide anapproach acceptable to the NRC staff for meeting therequirements of 10 CFR Part 50 as they apply to the unittesting of safety system software, subject to the provisions listed below. The appendices to IEEE Std1008-1987 are not endorsed by this regulatory guideexcept as noted below. Appendix A to this standard provides guidance regarding the implementation of thesoftware unit testing approach, and Appendix B to thestandard provides context regarding software engineering information and testing assumptions that underliethe software unit testing approach.To meet the requirements of 10 CFR 50.55a(h) and Appendix A to 10 CFR Part 50 as assured by complyingwith the criteria of Appendix B to 10 CFR Part 50 ap5Copies are available at current rates from the U.S. Government PrintingOffice, P.O. Box 37082, Washington, DC 20402-9328 (telephone(202)512-2249); or from the National Technical Information Service bywriting NTIS at 5285 Port Royal Road, Springfield, VA 22161. Copies are I available for inspection or copying for a fee from the NRC Public Document Room at 2120 LStreet NW., Washington, DC; the PDR's mailing address is Mail Stop LL-6, Washington, DC 20555-0001; telephone(202)634-3273; fax (202)634-3343.plied to the unit testing of safety system software, the following exceptions are necessary and will be consid ered by the NRC staff in the review of submittals from licensees and applicants. (In t his section, the cited crite ria are in Appendix B to 10 CFR Part 50 unless other wise noted.)1. SOFTWARE TESTING DOCUMENTATIONCriterion XI, "Test Control," requires that a test program be established to ensure that all testing re quired to demonstrate that systems and components will perform satisfactorily in service is identified and performed in accordance with written test procedures that incorporate requirements and acceptance limits contained in applicable design documents. Criterion I, "Organization," Criterion II, "Quality Assurance Pro gram," Criterion III, "Design Control," Criterion V, "Instructions, Procedures, and Drawings," Criterion VI, "Document Control," and Criterion XVIi, "Quality Assurance Records," contain requirements bearing on information associated with testing. IEEE Std 1008-1987, in section 1.1, mandates the use of the Test Design Specification and the Test Summary Report de fined by ANSI/IEEE Std 829-1983, "IEEE Standard for Software Test Documentation." In addition, IEEE Std 1008-1987 either incorporates additional informa tion into these two documents or indicates the need for additional documents. Regardless of whether these two documentation formats are used, the documentation used to support software unit testing (either documen tation used directly in the software unit testing activity or documentation of the overall testing effort) must in clude information necessary to meet regulatory re quirements as applied to software test documentation. As a minimum, this information includes:"* Qualifications, duties, responsibilities, and skills required of persons and organizations assigned totesting activities," Environmental conditions and special controls, equipment, tools, and instrumentation needed forthe accomplishment of testing," Test instructions and procedures incorporating the requirements and acceptance limits in applicabledesign documents," Test prerequisites and the criteria for meeting them,"* Test items and the approach taken by the testing program,"• Test logs, test data, and test results,"* Acceptance criteria,Test records indicating the identity of the tester, thetype of observation, the results and acceptability,and the action taken in connection with anydeficiencies.Any of the above information items that are not present in the documentation selected to support soft ware unit testing must be incorporated as additional items.2. TEST PROGRAMCriterion XI, "Test Control," requires establish ment of a test program to ensure that all testing required to demonstrate that structures, systems, and compo nents will perform satisfactorily in service is identified and performed in accordance with written test proce dures that incorporate the requirements and acceptance limits contained in applicable design documents. The two aspects of test coverage that are particularly impor tant for the unit testing of safety system software are coverage of requirements and coverage of the internal structure of the code.2.1 Coverage of RequirementsFor safety system software, those requirements identified as essential to the safety determination6 must be tested. Section 3.2.2(5) of IEEE Std 1008-1987 sug gests consideration of expected use of the unit in the de termination of features to be tested. All features and as sociated procedures, states, state transitions, and associated data characteristics essential to the safety de termination must be included in the testing.2.2 Coverage of Internal StructureSection 3.1.2(2) of IEEE Std 1008-1987 specifies statement coverage (covering each source language statement with a test case) as a criterion for measuring the completeness of the software unit testing activity. Statement coverage is a very weak criterion for meas uring test completeness [See Beizer7 and NUREG/ CR-62638]. Therefore, the staff does not endorse state ment coverage as a sufficient coverage criterion for software unit testing. For safety system software, the unit test coverage criteria to be employed should be identified and justified.6Regulatory Guide 1.172, "Software Requirements Specifications for Dig ital Computer Software Used in Safety Systems of Nuclear Power Plants,"endorses IEEE Std 830-1993, "IEEE Recommended Practice for Soft ware Requirements Specifications."7Boris Beizer, Software Testing T echniques, Van Nostrand Reinhold, 1990.8S. Seth et al., "High Integrity Software for Nuclear Power Plants: Candi date Guidelines, Technical Basis and Research Needs," NUREG/ CR-6263, June 1995.3. TEST PROGRAM RECORDSCriteria VI, "Document Control," and XVII, "Quality Assurance Records," as well as 10 CFR 21.51, require the control and retention of documents and records affecting quality. In addition, Criterion III, "Design Control," requires that design changes be subject to design control measures commensurate with those applied to the original design. Preservation of testing products is discussed in section 3.8.2(4) ofIEEE Std 1008-1987. Since design control measuresmust be applied to acceptance criteria for tests and since some software testing materials are frequently re-usedand evolve during the course of software developmentand software maintenance (for example, regression test materials), such materials should be configuration items under change control of a software configuration management system.9 Additional information on thistopic is provided in section A6 of Appendix A to IEEEStd 1008-1987.4. INDEPENDENCE IN SOFFWAREVERIFICATIONCriterion III, "Design Control," imposes an inde pendence requirement for the verification and checkingof the adequacy of the design, requiring that those persons who verify and check be different from those who accomplish the design. Therefore, independence is an additional requirement for software unit testing. Either those persons who establish the requirements-based elements for a software unit test must be different from those who designed or coded the software, or there must be independent review of the establishment of the requirements-based elements. The guidance in sectionA7 of Appendix Ato IEEE Std 1008-1987 provides ac ceptable ways to meet this requirement for softwareunit testing. These independent persons must be suffi ciently competent in software engineering to ensurethat software unit testing is adequately implemented.5. OTHER STANDARDSSection 1.3 of IEEE Std 1008-1987 references ANSI/IEEE Std 729-1983, "IEEE Standard Glossaryof Software Engineering Terminology," and ANSI/ IEEE Std 829-1983, "IEEE Standard for Software Test Documentation." These referenced standards should be treated individually.If a referenced standard has been incorporated sep arately into the NRC's regulations, licensees and appli cants must comply with that standard as set forth in the9Regulatory Guide 1.169 endorses IEEE Std 828-1990, "IEEE Standardfor Software Configuration Management Plans," and IEEE Std1042-1987, "IEEE Guide to Software Configuration Management," toprovide guidance for general software configuration management plansand their implementation.Kregulation. If the referenced standard has been endorsedin a regulatory guide, the standard constitutes a methodacceptable to the NRC staff of meeting a regulatory re > quirement as described in the regulatory guide. If a ref erenced standard has been neither incorporated into theNRC's regulations nor endorsed in a regulatory guide,licensees and applicants may consider and use the information in the referenced standard, if appropriatelyjustified, consistent with current regulatory practice.D. IMPLEMENTATIONThe purpose of this section is to provide informa tion to applicants and licensees regarding the NRCstaff's plans for using this regulatory guide. No backfit-ting is intended or approved in connection with the is suance of this proposed guide.Except in those cases in which an applicant pro poses an acceptable alternative method for complying with the specified portions of the NRC's regulations, the methods described in this guide will be used in the evaluation of submittals in connection with applica tions for construction permits and operating licenses. This guide will also be used to evaluate submittals from operating reactor licensees that propose system modifi cations voluntarily initiated by the licensee if there is a clear nexus between the proposed modifications and this guidance.BIBLIOGRAPHYBeizer, Boris, Software Testing Techniques, Van Nos trand Reinhold, 1990.Hecht, H., A.T. Tai, K.S. Tso, "Class 1E Digital Sys tems Studies," NUREG/CR-6113, USNRC, October 1993.1Institute of Electrical and Electronics Engineers, "Stan dard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations," IEEE Std 7-4.3.2, 1993.1Lawrence, J.D., "Software Reliability and Safety in Nuclear Reactor Protection Systems," NUREG/ CR-6101 (UCRL-ID-117524, Lawrence Livermore National Laboratory), USNRC, November 1993.11Copies may be purchased at current rates from the U.S. Government Prin ting Offuie, P.O. Box 37082, Washington, DC 20402-9328 (telephone (202)512-2249); or from the National Technical Information Service by writing NTIS at 5285 Port Royal Road, Springfield, VA 22161. Copies are availabl" for inspection or copying for a fee from the NRC Public Docu went Room at 2120 L Street NW., Washington, DC; the PDR's mailing ad dress is Mail Stop LL-6, Washington, DC 20555-0001; telephone (202)634-3273; fax (202)wrence, J.D., and G.G. Preckshot, "Design Factorsfor Safety-Critical Software," NUREG/CR-6294, USNRC, December 1994.1Seth, S., et al., "High Integrity Software for NuclearPower Plants: Candidate Guidelines, Technical Basisand Research Needs," NUREG/CR-6263, USNRC,June 1995.1USNRC, "Criteria for Digital Computers in Safety Systems of Nuclear Power Plants," Regulatory Guide1.152, Revision 1, January 1996.2USNRC, "Standard Review Plan," NUREG-0800, February 1984.12Single copies of regulatory guides maybe obtained free ofcharge by writing the Office of Administration, Printing, Graphics and DistributionBranch, U.S. Nuclear Regulatory Commission, Washington, DC20555-0001; or by fax at (301)415-5272. Copies are available for inspection or copying for a fee from the NRC Public Document Room at2120 L Street NW, Washington, DC; the PDR's mailing address is MailStop LL-6, Washington, DC 20555-0001; telephone (202)634-3273; fax(202)634-3343.1-.REGULATORY ANALYSISA separate regulatory analysis was not prepared for this regulatory guide. The regulatory analysis prepared for Draft Regulatory Guide DG-1057, "Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants," provides the regulatory basis for this guide. A copy of the regulatory analysis is available for inspection and copying for a fee at the NRC Public Document Room, 2120 L Street NW., Washington, DC; the PDR's mailing address is Mail Stop LL-6, Washington, DC 20555-0001; phone (202)634-3273; fax (202)634-3343.Federal Recycling Program。

核安全级数字化仪控系统软件相关标准研究Study on the Related Standardsfor Nuclear Safety Level Digitized l&C System Software了义矜1各鷓％2毛从差3王斜起2(环境保护部核设施安全监管司1，北京100035;深圳中广核工程设计有限公司2，广东深圳518172;环境保护部核与辐射安全中心3，北京100082)摘要：针对核电厂安全级数字化仪控系统的特点，对其软件相关的标准进行了研究。

分析了安全级数字化仪控系统软件生命周期 的相关标准，以及在软件生命周期的开发阶段执行软件验证和确认（V&V)活动所应遵循的标准，以期为后续核电厂安全级数字化仪 控系统软件的设计审查提供技术参考。

关键词：核电厂数字化仪控系统安全软件生命周期验证和确认标准中图分类号：TH -3 ;TP27 文献标志码： A D O I：10.16086/j. cnki. issnlOOO -0380.201511017Abstract：According to the features of the safety level digitized I&C systems in nuclear power plant, the related standards for software are researched. The related standards about the life cycle of software for safety level digitized I&C system, and the standards to be followed by verification and validation ( V&V) activities in developing stage of software life cycle are analyzed. It is expected that these may provide technical reference for designing and examining such software in subsequence nuclear power plants.Keywords ：Nuclear power plant Digital I&C system Safety software Life cycle Verification and validation Standard〇引言从20世纪70年代开始，数字化仪控系统逐渐替 代传统的模拟仪控系统，数字化仪控系统不仅在常规工业领域得到了广泛应用，在核电厂安全级仪控系统中应用数字计算机亦有近10年的历史。

核电厂的软件开发需要遵循一系列国际标准和规范，以确保软件的安全性、可靠性和有效性。

以下是一些重要的核电厂软件开发标准：
1. IEC 60880：这是关于核电站安全系统用计算机软件的标准，包括对安全重要的仪器和控制系统形成A类功能的计算机系统的软件问题。

2. EN 62138：这是一个欧洲标准，规定了核电站中，对安全性重要的仪表与控制、计算机系统B类或C功能软件的运行要求。

3. IEEE 1012：这是关于软件验证和确认的标准，用于确保核电厂软件的安全性和可靠性。

4. ISO 26262：这是一个关于道路车辆安全的国际标准，但也可应用于核电厂的软件开发，特别是涉及到安全相关的功能。

5. CSA N26250：这是加拿大核安全委员会发布的关于核电厂软件安全的指南，其中包括对软件开发和维护的要求。

这些标准通常会要求软件开发人员遵循严格的安全实践，包括对软件的验证和确认、安全分析和风险评估、安全审查和测试等。

同时，这些标准也会要求软件开发人员与核电厂运营商和监管机构密切合作，以确保软件在整个生命周期内都满足所有安全要求。

核电厂数字化仪控系统配置管理浅析发布时间：2022-07-24T06:59:51.006Z 来源：《中国电业与能源》2022年5期3月作者： 1田青旺 2陈华[导读] 传统的核电厂控制系统配置管理关注于硬件，1田青旺 2陈华国核自仪系统工程有限公司上海 200241摘要：传统的核电厂控制系统配置管理关注于硬件，即关注点是保证设计输出和生产制造流程的变量能够追溯至可识别的成品；核电厂采用数字化仪控系统后，衍生出的软件配置管理更侧重设计流程（交付物是设计输出及中间设计输出）。

RG1.169特别明确配置管理审计包括功能配置审计和物理配置审计两部分。

核电厂数字化仪控系统配置管理的有效实施可以促进交付物的交付质量和及时交付，进一步促进核电厂安全和有效地运行，同时，配置管理的实施也面临着一些挑战[3]。

关键词：核电厂；配置管理；数字化仪控系统；配置项；Configuration Management of Digital I&C System of Nuclear Power plantsTian Qing-wang、Chen HuaState Nuclear Power Automation System Engineering Company, Shanghai 200241Abstract：The traditional Configuration management(CM) of nuclear power plant control systems focuses on hardware, that is, ensuring that the design output and manufacturing process variables can be traced back to identifiable end products. With the introduction of digital instrumentation and control systems in nuclear power plants, the resulting software configuration management focuses more on the design process (the deliverables are the design output and the intermediate design output). RG1.169 makes it clear that configuration management audit includes two parts: Functional Configuration Audit and Physical Configuration Audit.The CM of Nuclare Power Plant offers many benefits in terms of the quality and timely of the deliverable Digital I&C system,and also benefits in terms of the safety and efficiency of the facilities.Key words:Nuclear Power plant; Configuration Management; Digital Instrument and Control System; Configuration Management Item,but there are challenges that could affect the effective implementation of the CM.0 引言配置管理是核电厂工程活动的重要部分，针对安全重要的构筑物、系统和设备，国家核安全法规已经提出与配置管理相关的要求。

国家标准《核电厂安全重要数字仪表和控制系统硬件设计要求》
正式发布
佚名
【期刊名称】《工业控制计算机》
【年(卷),期】2022(35)2
【摘要】经过近三年时间,由中核控制主编的国家标准GB/T 41142-2021 《核电
厂安全重要数字仪表和控制系统硬件设计要求》于2021年12月31日发布,并将
于2022年7月1日正式实施。

该标准是国家重点研发计划项目"三代核电关键技
术指标标准研究"的重要内容,它的发布填补了国内核电仪控领域的技术标准空白,明确了核电厂安全重要数字仪表和控制系统的基础性技术要求。

【总页数】1页(P154-154)
【正文语种】中文
【中图分类】TM6
【相关文献】
1.《工业自动化和控制系统网络安全》等6项国家标准正式发布
2.《实验室生物
安全通用要求》国家标准正式发布3.核电厂安全重要仪表和控制系统标准体系概
述4.核电厂安全相关仪表和控制系统的电磁兼容性要求及评价5.国家标准《信息
安全技术工业控制系统安全管理基本要求》正式启动
因版权原因，仅展示原文概要，查看原文内容请购买。

RG 核电厂安全系统中使用的数字计算机软件的验证、确认、审查和监查 (一)RG核电厂是一座重要的能源设施，它的安全系统对核电厂的安全运行起着至关重要的作用。

其中包括使用数字计算机软件来监控、管理和控制核反应堆的运转，保障核电站的稳定和安全。

而对于数字计算机软件的验证、确认、审查和监查，则成为了核电厂安全管理中的重要环节。

一、数字计算机软件的验证数字计算机软件是核电厂安全系统的重要组成部分，验证数字计算机软件的正确性和完整性，可以避免安全漏洞和风险。

数字计算机软件验证主要包括按照安全标准和规定的验证程序对软件进行检验，验证人员需要严格按照验收规定对软件进行逐一检测、测试和评估，并对检验结果进行记录、分析和总结。

同时，还需要将验证过程和结果通知给核电厂的管理人员和相关安全机构，确保数字计算机软件的安全性和可靠性。

二、数字计算机软件的确认数字计算机软件确认是指对数字计算机软件进行评估和确认，以保证其满足核电厂安全要求。

数字计算机软件确认需要对软件进行评估、审查和测试，以评估软件的安全性和可靠性。

确认的结果需要得到核电厂管理部门和相关安全机构的认可。

三、数字计算机软件的审查数字计算机软件审查是指对数字计算机软件进行评估和审查，以确认其能够满足核电厂安全要求。

数字计算机软件的审查是一个重要的过程，需要对软件的功能、性能以及安全性进行细致地检查和测试。

审查的结果需要得到相关的安全机构的认可。

四、数字计算机软件的监查数字计算机软件的监查是一个重要的过程，包括对数字计算机软件进行实时监控、检测和评估，以保证数字计算机软件的运行状态正常，并及时发现和处理软件运行过程中的异常情况。

数字计算机软件的监查需要设置相应的监控机制和安全机制，及时发现并处理运行环境异常、软件漏洞问题和安全威胁。

综上所述，数字计算机软件的验证、确认、审查和监查是核电厂安全管理中至关重要的环节，需要做到严谨、高效、可靠。

而对于数字计算机软件的验收、确认、审查和监查需不断改进和完善，以确保核电厂安全系统的安全性和可靠性。

核电站安全级DCS应用软件设计过程浅析郑伟智;张礼兵;刘静波;夏利民;谢志平【摘要】当应用数字化技术DCS对核电站安全重要系统进行设计时,为了保证安全级DCS应用软件的可靠性,对相关法规标准进行了研究.鉴于以IEEE标准为主的美国标准体系较为完整,认为可应用NRC认可的系列IEEE标准来指导应用软件的设计,并分析了各个软件相关IEEE标准间的关系以及设计时该如何应用这些标准.最后,依据标准要求对应用软件的设计方法进行了研究,初步得出了计划、需求、设计、实现、集成和确认、安装各个阶段的执行方法.【期刊名称】《自动化仪表》【年(卷),期】2014(035)002【总页数】5页(P53-57)【关键词】核电站;安全级DCS;应用软件;设计过程;安全审查【作者】郑伟智;张礼兵;刘静波;夏利民;谢志平【作者单位】北京广利核系统工程有限公司,北京100094;北京广利核系统工程有限公司,北京100094;北京广利核系统工程有限公司,北京100094;北京广利核系统工程有限公司,北京100094;北京广利核系统工程有限公司,北京100094【正文语种】中文【中图分类】TL362+.1;TP273+.50 引言目前,在新建核电站的安全重要系统中开始普遍采用数字化技术——安全级DCS对安全重要设备进行控制。

DCS通过微处理器运行软件实现控制功能，和传统的模拟技术相比，DCS具有不易老化、便于变更和维护、可对故障自诊断等优点，但同时可能会因为发生微小软件错误而造成系统出现不可预期的响应，或因为采用共享的数据、代码的设计而通过软件错误传播共因故障，使硬件体系构建出现多重性失效[1]。

为了降低数字化仪控系统的软件设计风险，使系统达到足够的可信度，软件设计过程须遵循核安全相关法规、导则和标准的相关要求[2]。

DCS中运行的软件主要包括系统软件和应用软件两大部分[3]，本文通过对应用软件设计相关标准进行分析，进而探索应用软件的设计过程和方法。

核电厂DCS安全级应用软件的集成测试方法徐展;夏丹阳【摘要】核电厂DCS安全级系统是整个DCS系统的重要组成部分,确保核电厂DCS安全级系统应用软件的安全可靠性是至关重要的,软件验证和确认活动给核电厂安全可靠性提供了重要保障,这其中包括一些相关测试活动,软件集成测试是验证和确认活动的重要环节.本文遵循标准IEEE-1012软件验证与确认,针对安全级平台Tricon系统,给出了一套完整的软件集成测试方法.%The safety-level system is the most important part of the whole distributed control system (DCS) in nuclear power plant. It's important to ensure the safety and reliability of safety-level system application software for nuclear power plant. Software verification and validation provide the important protection for the safety and reliability of nuclear power plant, which include several related test activities. Software integration test is an important part of verification and validation activities. A useful and powerful method of the software integration test on Tricon system for safety related system is given in this article based on IEEE standard 1012 software verification and validation.【期刊名称】《自动化博览》【年(卷),期】2015(000)006【总页数】3页(P103-105)【关键词】软件集成测试;验证和确认;DCS安全级应用软件【作者】徐展;夏丹阳【作者单位】中核控制系统工程有限公司,北京100176;中核控制系统工程有限公司,北京100176【正文语种】中文【中图分类】TM623.8数字化技术已经在各工业领域得到了广泛成功的应用。

国家核安全局关于印发核安全导则《核动力厂安全分析用计算机软件开发与应用（试行）》的通知
文章属性
•【制定机关】国家核安全局
•【公布日期】2017.12.20
•【文号】国核安发〔2017〕323号
•【施行日期】2017.12.20
•【效力等级】部门规范性文件
•【时效性】现行有效
•【主题分类】核与辐射安全管理
正文
关于印发核安全导则《核动力厂
安全分析用计算机软件开发与应用（试行）》的通知
国核安发〔2017〕323号能源局、国防科工局，环境保护部各核与辐射安全监督站、核与辐射安全中心，中国核工业集团公司，中国华能集团公司，国家电力投资集团公司，中国广核集团有限公司:
为进一步完善我国核与辐射安全法规体系，规范和促进我国核动力厂安全分析用计算机软件的开发与应用，我局组织制定了核安全导则《核动力厂安全分析用计算机软件开发与应用（试行）》，现印发给你们，自印发之日起施行。

附件：核动力厂安全分析用计算机软件开发与应用（试行）
国家核安全局
2017年12月20日。

核电厂模拟器使用的小型计算机数据库的开发及应用
方向
【期刊名称】《核工业自动化》
【年(卷),期】1991(000)001
【总页数】4页(P18-21)
【作者】方向
【作者单位】无
【正文语种】中文
【中图分类】TL365
【相关文献】
1.核电厂安全重要物项修改审评系统开发及应用 [J], 张国庆; 邹象; 赵鸿斌; 丁珊珊
2.小型计算机在图书馆的应用(一)——小型计算机系统与系统配置 [J], 董丽琴
3.驾驶模拟器三维场景自动生成系统的开发及应用 [J], 曾纪国;熊坚;万华森
4.利用核电厂模拟器进行操纵员可靠性研究 [J], 方向;赵炳全
5.核电厂DCS闭环测试平台的开发及应用 [J], 侯东;林萌;杨宗伟;刘鹏飞;杨燕华因版权原因，仅展示原文概要，查看原文内容请购买。