Abstract
Compared with the operating life cycle of the digital I&C system in nuclear power plants, the start-up process of the control station is minimal and easily overlooked. A design that is too simple is not suitable for nuclear power applications. The complexity of the start-up design comes from three aspects: One is the diversity of start-up scenarios. In addition to the start of the normal plan, there are unexpected start-ups that cannot be ignored; the second is the complexity of data synchronization in the redundant system; the third is the consideration of human factors. The start-up process involves a lot of human-computer interaction, and how to reduce human risk is also an important design requirement. If the factors are not considered properly, the control station will easily cause disturbance of the controlled equipment when starting, and may even cause the malfunction of the engineered safety features actuation system. This article focuses on the nuclear safety-level parallel redundant control station, analyzes various scenarios of the control station start-up, and synthesizes the design requirements for the start-up phase. According to the requirements, the overall design plan of “initialization-synchronization-comparison-commissioning” is proposed, and the human operation risks involved in each stage are analyzed, and corresponding prevention plans are proposed. The FirmSys parallel redundant control station implemented according to this scheme has been successfully applied in ten commercial nuclear power units including Unit 5 and Unit 6 of Yangjiang Nuclear Power Plant.