Cart (0)
- No items in cart.
Total
$0
There is a technical issue about last added item. You can click "Report to us" button to let us know and we resolve the issue and return back to you or you can continue without last item via click to continue button.
Not a subscriber? Register for a trial account.
Already a subscriber? 
MADCAD.com Free Trial
Sign up for a 3 day free trial to explore the MADCAD.com interface, PLUS access the
2009 International Building Code to see how it all works.
If you like to setup a quick demo, let us know at support@madcad.com
or +1 800.798.9296 and we will be happy to schedule a webinar for you.
| Email * | |
| Password * | |
| Confirm * | |
| First Name * | |
| Last Name * | |
| Title | |
| Company Name * | |
| Company Size * | |
| Industry * | |
| Address * | |
| Address 2 | |
| City * | |
| State * |
Zip *
|
| Country * | |
| Phone * | |
| How did you hear about MADCAD.com? * |
|
Reset password
Enter your personal account email address to request
a password reset:
a password reset:
Reset password
Enter your account email address to request
a password reset:
a password reset:
Security check
Please login to your authorized staff account to use this feature.
Are you sure you want to empty the cart?
Report To Us
Contact us for a custom quote
⨯To continue with accurate pricing,
please select your company type below:
⨯We need your input!
Are you a code official in a jurisdiction with less than 300,000 population?
⨯ We need your input!
⨯We need your input!
Are you an existing Madcad user?
If so, please login to continue with the free items in your cart.
⨯We need your input!
This bundle includes subscribed items.
eLibrary >
25/30509912 DC BS IEC/IEEE 62671. Nuclear power plants. Instrumentation and control important to safety. Selection and use of industrial digital devices of limited functionality >
25/30509912 DC BS IEC/IEEE 62671. Nuclear power plants. Instrumentation and control important to safety. Selection and use of industrial digital devices of limited functionality, 2025
- 45A_1585e_CD (1).pdf [Go to Page]
- 1 Scope [Go to Page]
- 1.1 General
- 1.2 Background
- 2 Normative references
- 3 Terms and definitions
- 4 Symbols and abbreviations
- 5 General requirements [Go to Page]
- 5.1 General
- 5.2 Application of this standard [Go to Page]
- 5.2.1 General
- 5.2.2 Applicability criteria for this standard [Go to Page]
- 5.2.2.1 The device is a pre-existing digital device that contains pre-developed software or programmed logic (e.g. an HPD) and is a candidate for use in an application important to safety (which includes Class 1E functions in the IEEE context).
- 5.2.2.2 The primary function(s) performed is/are well-defined and applicable to only one type of application within an I&C system, such as measuring a temperature or pressure, positioning a valve, or controlling speed of a mechanical device, or perfor...
- 5.2.2.3 The primary function(s) performed is/are conceptually simple and limited in scope (although the manner of accomplishing this internally may be complex ).
- 5.2.2.4 The device is not designed so that it is re-programmable after manufacturing nor can the device functions be altered in a general way so that it performs a conceptually different function: only pre-defined parameters can be configured by users.
- 5.2.2.5 If the primary device function(s) can be tuned or configured, then this capability is restricted to parameters related to the process (such as process range), performance (speed or timing), signal interface adjustment (such as selection of vol...
- 5.2.2.6 Where a system contains multiple DDLFs to achieve a limited function, these shall be assessed individually.
- 5.3 General requirements on the evaluation process [Go to Page]
- 5.3.1 Evaluation process [Go to Page]
- 5.3.1.1 The pre-requisite to the evaluation and application process shall be the documentation of all the functional and performance requirements that apply to the device in the target application. This may entail reconstructing the design basis of th...
- 5.3.1.2 Within the IEEE framework, an IEC classification must be identified for the candidate device to be used during the following evaluation process. The resulting IEC classification shall be used only in the context of this document. There are two...
- 5.3.1.3 Defining the requirements for the candidate device shall include addressing all the relevant aspects given below:
- 5.3.1.4 An Evaluation and Application Plan (EAP) shall be prepared that takes the documented functional and performance requirements into account according to 5.3.2 and 5.3.4, and where relevant defines the strategy to account for multiple uses of a c...
- 5.3.1.5 Each candidate device shall be evaluated according to the EAP (described in 5.3.2) and 5.3.4 to demonstrate that it complies with the requirements of this standard.
- 5.3.1.6 The results of the evaluation shall be documented in an Evaluation and Application Report (EAR) according to 5.3.3.
- 5.3.1.7 The EAR shall:
- 5.3.2 Evaluation and Application Plan (EAP) [Go to Page]
- 5.3.2.1 The EAP shall justify the applicability of this standard, in terms of the criteria given in 5.2.
- 5.3.2.2 The EAP shall identify the scope and applicability of the evaluation work in terms of:
- 5.3.2.3 The EAP should identify the human resources, and their qualification needed to execute the evaluation work, such as:
- 5.3.2.4 The EAP shall identify the criteria defined in the subclauses of Clause 6 that are relevant to the target application.
- 5.3.2.5 The EAP shall identify whether previous certification is applicable.
- 5.3.2.6 The EAP shall identify measures indicated with "R" defined in the subclauses of Clause 7, which are considered necessary. Omission of measures indicated with "R" defined in the subclauses of Clause 7 shall be justified. A previous certificatio...
- 5.3.2.7 The EAP shall identify the selection criteria and their relative importance which may influence the selection of candidate devices, such as:
- 5.3.2.8 The EAP shall identify the review requirements for the EAR.
- 5.3.3 Evaluation and Application Report (EAR) [Go to Page]
- 5.3.3.1 The EAR shall document the results of the evaluation.
- 5.3.3.2 The EAR shall document the reasons why applying this standard is justified in terms of the applicability criteria in 5.2.2.
- 5.3.3.3 The EAR shall define the scope and applicability of the evaluation work and of the evaluation reported in the EAR, in terms of:
- 5.3.3.4 The EAR shall summarize or reference the key functional and performance requirements (including those that may have had to be reconstituted) that impact the acceptability of the device, the target class, safe failure mode(s), and environmental...
- 5.3.3.5 The EAR should document the reliability limits that are achievable by the device either alone or in a redundant configuration.
- 5.3.3.6 The EAR shall document the selection criteria identified in the EAP.
- 5.3.3.7 The EAR shall include (or reference if they are available for inspection) all documents used to verify each development phase of the device, including verification strategy and tests performed; or alternatively include references to these docu...
- 5.3.3.8 The EAR shall document how the criteria defined in the subclauses of Clauses 6 through 10 have been applied according to 5.3.4, and provide the justification of the relative ranking of importance or omission of these criteria.
- 5.3.3.9 The EAR shall document the required compensatory measures for the target application(s) under consideration to cover the case where either the candidate device does not meet all compliance requirements or the original evidence of compliance is...
- 5.3.3.10 The EAR shall identify all modifications required to the device or the target system subject to 9.3 and 9.4 to enable the candidate device to be integrated into the target system(s) and retain the acceptability. Any such modifications to the ...
- 5.3.3.11 The EAR shall identify all restrictions on the use of the device in each application and class for which it is acceptable.
- 5.3.3.12 The EAR shall identify the measures (and their adequacy) recommended to ensure that application of the candidate device observes all restrictions and recommendations provided in the EAR.
- 5.3.3.13 The EAR shall state the final conclusion as to the acceptability of the candidate device(s) for use in each of its target applications, expressed in terms of:
- 5.3.4 Application of clauses of this standard [Go to Page]
- 5.3.4.1 The evaluation of the candidate device shall be performed based on the intended function and its category or the intended application and its class.
- 5.3.4.2 Evidence shall be documented to demonstrate functional and performance suitability of the candidate device as defined in Clause 6 based on all of the applicable criteria in that clause.
- 5.3.4.3 Evidence shall be documented to demonstrate correctness, based on a combined qualitative assessment of all the applicable criteria in Clause 7, according to the EAP.
- 5.3.4.4 The evaluation shall identify all of the restrictions that shall be applied so that its use is constrained within the bounds of the evidence documented under Clause 7.
- 5.3.4.5 The evaluation may include compensatory measures as laid out in Clause 8.
- 5.3.4.6 The evaluation shall identify all of the restrictions that shall be applied for the safe use of the candidate device in the target application (see Clause 9).
- 5.3.4.7 The evidence shall demonstrate that the results of the evaluation can be preserved for an adequate length of time, considering the life of plant and corresponding plans for equipment replacement, based on all of the applicable criteria in Clau...
- 5.3.4.8 In case the device does not meet one or more of the mandatory requirements and no compensatory measure is available (either not proposed by the standard, or not possible to implement) or there a recommendation is not met with no justification,...
- 6 Criteria for functional and performance suitability [Go to Page]
- 6.1 General
- 6.2 Functional suitability of the primary function
- 6.3 Ancillary functions
- 6.4 Configurability
- 6.5 Superfluous functions
- 6.6 Reliability, maintainability and testability
- 6.7 Hardware robustness
- 6.8 Cybersecurity
- 6.9 User documentation for safety
- 7 Criteria for dependability – Evidence of correctness [Go to Page]
- 7.1 General
- 7.2 Previous certification [Go to Page]
- 7.2.1 General
- 7.2.2 Previous Certification to IEC 61508 [Go to Page]
- 7.2.2.1 The safety integrity level (SIL) to which the device is certified shall be commensurate with the classification of the device in its proposed application.
- 7.2.2.2 The certification shall be current and pertain to the specific hardware and software version(s) of the device under assessment.
- 7.2.2.3 The scope of the certification shall address all aspects of the device including hardware and software.
- 7.2.2.4 The supporting evidence material for the certification shall be available for review. This evidence shall include all elements needed to independently assess the scope and boundaries of the certification, in particular:
- 7.2.2.5 The device Safety Manual (as defined in IEC 61508) shall be available and assessed to ensure the constraints of the device can be achieved in the application.
- 7.2.2.6 The conditions of use assumed in the certification shall be relevant to the conditions of use in the intended nuclear application.
- 7.2.2.7 The certifying authority shall be identified and be independent of the device designer and manufacturer.
- 7.2.2.8 The certifying authority shall be competent for the properties and / or measurements certified, and its competence shall be judged based on all available information regarding its experience and qualifications.
- 7.2.3 Previous certification to other non-nuclear standards [Go to Page]
- 7.2.3.1 Where the certification is used to support compliance with a subclause of this standard to a standard other than IEC 61508, this use shall be justified.
- 7.2.3.2 Where the certification is used to support compliance with a subclause of this standard, the certification shall provide evidence of correctness that directly addresses the subclause.
- 7.2.3.3 The supporting evidence material for the certification shall be available for review. This evidence shall include all elements needed to independently assess the scope and boundaries of the certification, in particular:
- 7.2.3.4 The certification shall be current and shall apply to the candidate device as follows:
- 7.2.3.5 The conditions of use assumed in the certification shall be relevant to the conditions of use in the intended nuclear application (see also 8.3).
- 7.2.3.6 The certifying authority shall be identified and be independent of the device designer and manufacturer.
- 7.2.3.7 The certifying authority shall be competent for the properties and / or measurements certified, and its competence shall be judged based on all available information regarding its experience and qualifications.
- 7.3 Avoidance of systematic faults
- 7.4 Evidence of quality in the design process [Go to Page]
- 7.4.1 General
- 7.4.2 Product designer’s QA program
- 7.4.3 Design and development process
- 7.4.4 Design configuration management
- 7.4.5 Design change control
- 7.4.6 Design documentation
- 7.5 Evidence of quality in manufacturing
- 8 Compensating measures [Go to Page]
- 8.1 General
- 8.2 Product stability
- 8.3 Operating experience
- 8.4 Complementary testing and/or analysis (verification)
- 8.5 Documentation improvement
- 9 Criteria for integration into the application – limits and conditions of use [Go to Page]
- 9.1 General
- 9.2 Restrictions on use
- 9.3 Modifications of the device required for the application
- 9.4 Modifications to the system to accommodate the device
- 9.5 Integration and commissioning of the device in the plant safety systems
- 10 Considerations for preserving acceptability [Go to Page]
- 10.1 General
- 10.2 Notifications by the device designer and manufacturer
- 10.3 Manufacturing and support lifetime of the current version
- 10.4 Preservation of maintenance tools and documentation
- 10.5 Recommendations for the end-user
- Annex A (informative) Possible design features of a software system that could impact the dependability of the device
- Annex B (informative) Recommended Competencies for Personnel Assessing Candidate Devices
- Annex C (informative) AFCEN method for the qualification of DDLFs with IEC 61508 [Go to Page]
- C.1 General
- C.2 Objective of the method
- C.3 Method of evaluation
- C.4 Device selection [Go to Page]
- C.4.1 Respect of the definition of a DDLF [Go to Page]
- C.4.1.1 The evaluated device shall be a DDLF as defined in chapter C.4.1.
- C.4.1.2 The compliance with criteria a) to e) of the definition shall be given in detail for each criterion,
- C.4.1.3 For the response to criteria b), the principal function shall be described in terms of the service provided within the l&C architecture, for example:
- C.4.2 Development and certification according to the requirements of the standard IEC 61508 [Go to Page]
- C.4.2.1 The DDLF shall have been developed according to the requirements of the standard IEC 61508.
- C.4.2.2 The development of the device shall be certified by an independent organisation.
- C.4.2.3 The certification shall be current and shall concern exactly the same version as the evaluated device.
- C.4.2.4 An IEC 61508 certification based on « proven-in-use » method shall not be accepted.
- C.4.2.5 The IEC 61508 certification report shall be made available to the evaluator.
- C.4.3 Compatibility of the safety function [Go to Page]
- C.4.3.1 The certification report shall allow verification, without ambiguity, that the safety function for which the device was developed is compatible with the requirements of the generic safety function considered (the primary function of the DDLF).
- C.4.4 Required SIL [Go to Page]
- 10.5.6.1 The minimum Safety Integrity Level (SIL) to carry out the evaluation shall be the following:
- C.4.4.1 If the device has several SIL levels shown on the certificate, the SIL representative of the device's robustness with respect to systematic faults shall be the one taken into account.
- C.5 General process for audits
- C.6 Audit guidelines [Go to Page]
- C.6.1 Class 3
- C.6.2 Class 2
- C.6.3 Class 1
- C.6.4 Summary
- C.7 Evaluation and application report (EAR)
- C.8 Modification management
- Annex D (informative) US requirements for use of IEC 61508 certifications as laid out by NEI 17-06 and RG 1.250
- Annex E (informative) Canadian Standards Association qualification methodologies for digital items [Go to Page]
- E.1 Canadian Regulatory Implications
- E.2 Overview of CSA N290.14-15
- E.3 CSA N290.14-15 Recognized Program method
- E.4 Methodology for qualification of digital items
- E.5 Qualification concerns [Go to Page]
Copyright 2025 Compu-tecture, Inc.
All Rights Reserved.
About Us /
Careers /
support@madcad.com /
1.800.798.9296