First investigations on the safety evaluation of SMART sensors
S. Bousquet, O. Elsensohn, G. Benoit,
IAEA Specialists' meeting on effective management of NPP instrumentation and control ... Garching,
IPSN (Institute for Protection and Nuclear Safety) is the technical support for the French nuclear safety authority and thus involved in the safety evaluation of new I&C technologies and particularly of smart sensors. Smart sensors are characterized by the use of a microprocessor that converts the process variable into digital signals and exchanges other information with I&C control systems. There are two types of smart sensors : HART (Highway Addressable Remote Transducer) sensors, which provide both analogue (4 to 20 mA) and digital signals, and network sensors, which provide only digital signals. The expected benefits for operators are improved accuracy and reliability and cost savings in installation, commissioning, testing and maintenance. Safety evaluation of these smart sensors raises new issues : How does the sensor react to unknown commands ? How to avoid unexpected changes in configuration ? What is its sensitivity to electromagnetic interferences (EMI), to radiations …? In order to evaluate whether these sensors can be qualified for a safety application and to define the qualification tests to be done, IRSN has planned some functional and hardware tests (EMI, radiations) on "HART" and field bus sensors. During the functional tests, we were not able to disrupt the HART tested sensors by invalid commands. However, these results cannot be extended to other sensors, because of the use of different technology, of different versions of hardware and software and of constructors' specific commands. Furthermore, easy modifications of configuration parameters can cause additional failures. Environmental tests are in progress on HART sensors and will be followed by experiments on field bus sensors. These preliminary investigations and the latest incident initiated by an incorrect computing algorithm of digital switchgear at Ringhals NPP, clearly illustrate that testing and verification programmes for smart equipment must be meticulously designed and reviewed regarding global plant safety analysis and the risk of common cause failures. Careful attention should be paid to the commissioning and maintenance as well.