A review of defences against common cause failures in reactor protection systems

Redundancy is essential for achieving fault tolerance and higher dependability attributes. Redundancy by means of replication of identical units is widely used and under the assumption of random failures, it proves to be beneficial also. But common cause failures (CCFs) are threat to such redundancy schemes. With the increasing use of computer-based/electronic programmable systems in critical applications, CCFs are becoming major contributors to systems failures. CCFs are becoming major contributors to systems failures. The paper briefly reviews the phenomena of CCFs, its potential sources, triggering mechanisms, propagation and defence measures. It also reviews CCF models and comments on their limitations. A reactor protection system (RPS) is one of the safety critical systems in a nuclear power plant (NPP). A computer based RPS of a new NPP is taken for CCF case study. The system design is analyzed for its capability in preventing/reducing potential sources, triggering mechanisms and barriers against propagation of CCFs. The paper compares the CCF defence mechanisms employed in the new RPS along with two other recent RPSs of two reputed NPPs - AP1000 and Areva.