Reliability evaluation of standby safety systems due to independent and common cause failures

Standby redundant systems are often adopted in critical applications such as the emergency shutdown systems (ESDS) in nuclear power plants (NPPs). One failure mode of the standby redundant systems is that they are not available when there is a demand. This is a serious safety issue. Another failure mode of the standby safety critical systems is that they function spuriously when there is actually no need. Once this occurs, the normal plant operation will be interrupted; certain equipment could be damaged; and restarting the plant could be very costly. The objective of this paper is to evaluate the unavailability and the probability of spurious operation of k-out-of-n systems when they are subjected to both independent and common cause failures (CCFs). A load-strength interference model is adopted for CCF analysis. A data mapping technique is utilized when there is no data available for a specific system. It is concluded quantitatively that the k-out-of-n system has a lower unavailability but a higher probability of spurious operation than the k-out-of-(n-1) system, under both independent failure and CCFs. This result complies with common sense and practical experience. The two different configurations adopted in different types of NPPs, the 2-out-of-3 system and the 2-out-of-4 system, are used to demonstrate the theoretical analyses that are developed in this paper. However, due to the lack of relevant data, the analysis of probability of spurious operation under CCFs are only explained in a qualitative manner