The US Department of Energy has undertaken an initiative to improve the quality of software used to design andoperate their nuclear facilities across the United States. One aspect of this initiative is to revise or create newdirectives and guides associated with quality practices for the safety software in its nuclear facilities. Safetysoftware includes the safety structures, systems, and components software and firmware, support software anddesign and analysis software used to ensure the safety of the facility.DOE nuclear facilities are unique when compared to commercial nuclear or other industrial activities in terms of thetypes and quantities of hazards that must be controlled to protect workers, public and the environment. Because ofthese differences, DOE must develop an approach to software quality assurance that ensures appropriate riskmitigation by developing a framework of requirements that accomplishes the following goals:? Ensures the software processes developed to address nuclear safety in design, operation, construction andmaintenance of its facilities are safe? Considers the larger system that uses the software and its impacts? Ensures that the software failures do not create unsafe conditionsSoftware designers for nuclear systems and processes must reduce risks in software applications by incorporatingprocesses that recognize, detect, and mitigate software failure in safety related systems. It must also ensure that failsafe modes and component testing are incorporated into software design. For nuclear facilities, the consideration ofrisk is not necessarily sufficient to ensure safety. Systematic evaluation, independent verification and system safetyanalysis must be considered for software design, implementation, and operation.The software industry primarily uses risk analysis to determine the appropriate level of rigor applied to softwarepractices. This risk-based approach distinguishes safety-critical software and applies the highest level of rigor forthose systems. DOE has further defined a risk approach to nuclear safety system software consistent with theanalyses required for operation of nuclear facilities. This requires the grading of software in terms of safety classand safety significant structures, systems and components (SSCs). Safety-class SSCs are related to public safetywhere as safety-significant SSCs are identified for specific aspects of defense-in-depth and worker safety.Industry standards do not directly categorize nuclear safety software and DOE sites are not consistent in theirapproach to nuclear safety software quality assurance. DOE is establishing a more detailed graded approach forsoftware associated with safety class and safety significant systems. This paper presents the process and results thatDOE utilized to develop a detailed classification scheme for nuclear safety software.
展开▼
