Technical Meeting on Evaluation and Dependability Assessment of Software for Safety Instrumentation and Control Systems at Nuclear Power Plants Hosted by the Government of the Republic of Korea through the Korea Atomic Energy Research Institute Daejeon, Republic of Korea 23 26 September 2014 Ref. No: 621-I2-TM-46952 Information Sheet A. Background Digital instrumentation and control (I&C) systems play an increasing role in nuclear power plants (NPPs). Most plants built before the 1980s 90s relied mostly on analogue I&C systems. Digital safety I&C systems were introduced gradually, either in the initial design or as upgrades. Nowadays, all new designs depend in large part on digital systems and their software, and most I&C upgrades of existing plants rely on digital technologies. The evaluation and dependability assessment of software important to safety is an essential and difficult aspect of the safety justification for digital systems. Software failure mechanisms are very different from those that lead to ageing-related hardware failure. The concern here is with residual
Page 2 design errors: system developers do their best to avoid, detect and remove design errors, but in practice it is impossible to claim and justify complete freedom from residual design errors. However, in case of incorrect behaviour, there might be a risk of common cause failure (CCF) that could defeat redundancy or defence in depth measures. To provide adequate confidence in digital systems, extensive work has been done by scientists and engineers on software verification and assessment techniques. This has resulted in steady progress and concrete achievements that can be put into practice. However, not all issues are completely resolved yet. There is still no scientific or regulatory consensus on the quantification of the software dependability of high quality digital systems, and even though formal verification can in some cases be used to justify freedom from certain types of errors, it cannot yet justify freedom from all errors, (e.g. faults can arise from hardware software interaction). Accordingly, the members of the Technical Working Group on Nuclear Power Plant Instrumentation and Control (TWG-NPPIC) at their 2013 meeting recommended to the International Atomic Energy Agency (IAEA) that it should initiate relevant activities to address these problems. In response, the IAEA is developing a new report entitled Evaluation and Dependability Assessment of Software for Safety Instrumentation and Control Systems at Nuclear Power Plants to provide guidance to Member States in this area. The objective of this report is to give an overview on the current knowledge, up-to-date best practices, experiences, benefits and challenges related to the evaluation and assessment of software used in safety I&C systems at NPPs. The report is intended to be used by Member States to support the design, development, verification, validation and assessment of software for such systems. Additionally, the IAEA is developing a new Safety Guide entitled Design of Instrumentation and Control Systems for Nuclear Power Plants. The preparation process for this new guide has taken account of developments in I&C systems since the publication of the predecessor guides Instrumentation and Control Systems Important to Safety in Nuclear Power Plants (IAEA Safety Standards Series No. NS-G-1.3, Vienna, 2002) and Software for Computer Based Systems Important to Safety in Nuclear Power Plants (IAEA Safety Standards Series No. NS-G-1.1, Vienna, 2000). The main changes are due to continued development of computer applications and evolution of the methods necessary for their safe, secure and practical use. B. Objectives The purpose of the meeting is to serve as a forum for interested Member States to discuss commonly encountered difficulties and to share best practices or strategies used in the evaluation and dependability assessment of software used in instrumentation and control systems important to safety at nuclear power plants, as well as to discuss the challenges and issues that need to be resolved in this area. An additional goal of the meeting is to disseminate information on the lessons learned through the work with the above-mentioned new report. The meeting has the following primary objectives: To provide an international forum for presentations and discussions on the subject of the meeting;
Page 3 To strengthen Member States capabilities for improved understanding of software dependability assessment; To disseminate the experience that has been captured while developing the new IAEA report entitled Evaluation and Dependability Assessment of Software for Safety Instrumentation and Control Systems at Nuclear Power Plants; To review the draft version of this report; and To support the IAEA in defining future activities in the field of software evaluation and dependability assessment. C. Topics Presentations are invited on all approaches that are related to the evaluation and dependability assessment of software used in safety I&C systems at NPPs. The following list provides examples of presentation topics that would be appropriate for the meeting: What is meant by software and software dependability? Software dependability goals for NPP I&C: integrity, availability of data and functions, errorfree operation Current knowledge, practices and experience (previous assessments, operating experience, practices in other industries, etc.) Software design philosophy Classification and potential effects of software errors Potential sources of common cause failure Existing guidance for reliable system software (error avoidance, error detection and removal by designers) Independent testing Independent inspections Formal verification Calculation of quantitative reliability figures (e.g. statistical testing) Assessment frameworks: how to organize the various elements of evidence into a structured argument that a claim is satisfied Qualitative vs. quantitative assessments
Page 4 D. Working Material The draft manuscript of the new IAEA report entitled Evaluation and Dependability Assessment of Software for Safety Instrumentation and Control Systems at Nuclear Power Plants will be provided to the participants prior to the meeting. This draft will serve as the basis for dialogues at the meeting. Participants will be requested to review selected parts of the document and to provide their remarks and comments. E. Participation Participation is solicited from representatives of NPPs and regulatory bodies, utilities, technical support organizations, developers, vendors, research organizations, and international organizations engaged in the field of software development for safety I&C systems at NPPs. To ensure maximum effectiveness in the exchange of information, participants should be persons actively involved in the subject matter of the meeting. F. Application Procedure Designations should be submitted using the attached Participation Form. Completed forms should be endorsed by the competent national authority (e.g. Ministry of Foreign Affairs, Permanent Mission to the IAEA, or National Atomic Energy Authority) and returned through the established official channels. They must be received by the IAEA not later than 31 July 2014. Designations received after that date or applications sent directly by individuals or by private institutions cannot be considered. Designating Governments will be informed in due course of the names of the selected candidates and at that time full details will be given on the procedures to be followed with regard to administrative and logistic matters. The meeting is, in principle, open to all officially designated persons. The IAEA, however, reserves the right to limit participation due to limitations imposed by the available facilities. It is, therefore, recommended that interested persons take the necessary steps for the official designation as early as possible. G. Visas Designated participants who require a visa to enter the Republic of Korea should submit the necessary application to the nearest diplomatic or consular representative of the Republic of Korea as soon as possible.
Page 5 H. Expenditure The costs of the meeting are borne by the host organization; no registration fee is charged to participants. Travel and subsistence expenses of participants will have to be borne in general by their designating Governments/organizations. The IAEA has, however, limited funds at its disposal to help meet the cost of attendance of certain participants. Such assistance may be offered upon specific request to normally one participant per country provided that, in the IAEA s view, the participant on whose behalf assistance is requested will make an important contribution to the meeting. The application for financial support should be made at the time of designating the participant. The organizers of the meeting do not accept liability for the payment of any cost or compensation that may arise from damage to or loss of personal property, or from illness, injury, disability or death of a participant while he/she is travelling to and from or attending the meeting, and it is clearly understood that each Government, in designating participants, undertakes responsibility for such coverage. Governments would be well advised to take out insurance against these risks. I. Presentations Presentations should be prepared as Microsoft PowerPoint (.ppt) or Portable Document Format (.pdf) files. Computer-based projection facilities will be provided. Authors are requested to provide the Scientific Secretaries with electronic copies of their presentation files in advance of their scheduled presentation slot so that the files can be duly uploaded. Electronic versions of the presentations are also necessary to ensure timely issuance of the proceedings to be prepared and distributed in electronic form. It is not mandatory for all participants to submit a presentation. However, the IAEA welcomes and encourages contributions in this format. Time for the presentations will be limited to 25 minutes followed by a 5-minute discussion period. The number of presentations may have to be limited so as to leave sufficient time for discussions and review of the draft IAEA report entitled Evaluation and Dependability Assessment of Software for Safety Instrumentation and Control Systems at Nuclear Power Plants. J. Working Language The working language of the meeting will be English; no interpretation will be provided. K. Local Arrangements The meeting will be held at the premises of the KAERI Nuclear Training Education Center (KNTC), Korea Atomic Energy Research Institute (KAERI) (989-111 Daedeok-Daero, Yuseong-Gu, Daejeon, Republic of Korea, 305-353), and will start on Tuesday, 23 September 2014 at 9.30 a.m. and end at 2.00 p.m. on Friday, 26 September 2014.
Page 6 The meeting agenda, together with information on local arrangements, will be sent to designated participants once the completed Participation Forms have been received. The local representative of KAERI will be Mr Kee-Choon Kwon. Contact details: Mr Kee-Choon Kwon Principal Researcher Korea Atomic Energy Research Institute (KAERI) 989-111 Daedeok-Daero, Yuseong-Gu DAEJEON, 305-353 REPUBLIC OF KOREA Tel.: +82 42 868 2926 Fax: +82 42 868 8916 Mobile: +82 10 9379 0412 Email: kckwon@kaeri.re.kr L. Accommodation The host organization, KAERI, will assist registered participants in making hotel room reservations. Accommodation is offered at the Yousung Hotel in Yuseong, at a special rate of *KRW 120 000 (**USD 115) per single room per night, including breakfast. The hotel provides a shuttle service to the meeting location. A Hotel Reservation Form is attached to this announcement. Information on the hotel can be found at: http://www.yousunghotel.com/eng/index.do. * 10% tax is included. ** The exchange rate for 10 March 2014 is applied. The exchange rate may be modified. M. IAEA Secretariat The IAEA Scientific Secretaries for the meeting are Mr Janos Eiler of the Department of Nuclear Energy and Mr Alexander Duchac of the Department of Nuclear Safety and Security. Their contact details are: Mr Janos Eiler Nuclear Power Engineering Section Department of Nuclear Energy International Atomic Energy Agency Vienna International Centre PO Box 100 1400 VIENNA AUSTRIA Tel.: +43 1 2600 21982 Fax: +43 1 2600 29598 Email: J.Eiler@iaea.org Mr Alexander Duchac Division of Nuclear Installation Safety Department of Nuclear Safety and Security International Atomic Energy Agency Vienna International Centre PO Box 100 1400 VIENNA AUSTRIA Tel.: +43 1 2600 22671 Fax: +43 1 26007 22671 Email: A.Duchac@iaea.org
Page 7 Administrative assistance: Ms Olga Arkhipova Tel.: +43 1 2600 22804 Email: O.Arkhipova@iaea.org Subsequent correspondence on scientific matters should be sent to either of the Scientific Secretaries and correspondence on other matters related to the meeting to the Administrative Secretary.