IEEE 338:2012 pdf free download – IEEE Standard for Criteria for the Periodic Surveillance Testing of Nuclear Power Generating Station Safety Systems
4.System design requirements for testing
The safety systems shall be designed to be testable during operation of the nuclear power generating stationand/or during those intervals when the station is shut down.This testability shall permit the independenttesting of redundant channels and load groups while (1) maintaining the capability of these systems torespond to bona fide signals,(2)tripping the output of the channel being tested，if required,or (3)bypassing the equipment consistent with safety requirements and limiting conditions for operation.
The following issues further amplify these design requirements:
a)Design shall provide the capability for periodic surveillance testing that simulates, as closely as practicable, the required safety function performance with the exception of abnormal cnvironmentalconditions, such as seismic events,radiation fields, extreme pressures, temperatures, and moistureconditions that are covered by design qualification provided unexpected degradation has notoccurred. Testing of equipment for external environments is not within the scope of periodicsurveillance testing; therefore, the environments need not be simulated. Testing provisions shall bedesigned to demonstrate the functional capability of the items under test during normalenvironmental conditions.
b)Test equipment interfaces and installed test equipment shall not cause a loss of independence between redundant channels or load groups.Equipment included in the safety system for testpurposes shall be included in the determination of system availability， to the extent that it couldimpact the safety function.
c) Safety systems shall be designed with due consideration of the impact of testing on plantavailability，maintainability，operation，operational mode,and limiting conditions for operation.Coincidence logic may be provided where necessary to fulfill this provision.
d)Testability shall be considered in the selection of all components of the safety system.Sensors should be accessiblc and, where practicablc, installed such that their calibration can be verified inplace. When selecting actuation devices, their status indication capability shall be considered.
e)Design shall provide for the functional testing capability of the safety system. Simultaneous testing of the system from sensor to actuated equipment is the preferred method.However, where this isnot practical,the system design shall provide overlap testing capability.For example,testing aninstrument channel and logic circuits separate from their actuator devices is acceptable.Designconfigurations in accordance with item 2) or item 3) below shall have documented justification that the probability of failure of actuated equipment not tested during plant operation is acceptably lowand that the actuated equipment can be routinely tested when the plant is shut down.
Where it is not practicable to initiate the protective action as part of the periodic surveillance testingprocedure, the system shall be designed such that:
l)All actuation devices and actuated equipment can be tested individually or in judiciously selected groups，such as when testing the actuation device for a containment spray pumpseparately from the actuation device for the containment spray system valves.
2)The operation of certain actuated equipment is prevented during a test of their actuation devices, such as supplying alternative power to a normally energized solenoid while testing itscurrent interrupting device.
3)Operation of the actuated equipment requires the (coincident) operation of more than one actuation device, such as when individuaily testing the two solenoid-operated valves that actin coincidence to control compressed air to an isolation valve.
f) Interrelationship among the systems,components,and human factors in each phase of the testactivity shall be considered and reflected in the system design. Test points，test devices，andassociated test equipment should be located to facilitate performance of periodic surveillancetesting.
g)A means of communication shall be provided between personnel associated with the test and the main control room to ensure that control room operators and associated test personnel are cognizantof the status of those systems under test. In addition, a means of communication shall be providedso that personnel associated with the test can adequatcly communicate.
h) Automatic testing features should be considered when selecting the type of testing system.However,where a programmable digital computer is included in the design,whether integrated orportable, automatic testing features are subject to the provisions of this standard and IEEE Std7-4.3.2.