Nuclear power plants traditionally have been designed for achieving a safe and reliable performance through resort to a studied redundancy, particularly with respect to functions and supportive components employed during emergency conditions. Emergency procedures will include such operations as water injection into the reactor core to lower heat values, the classic "SCRAM" procedure wherein control rods are elevated to rapidly reduce power, and the like. Redundancy for the safety related systems is developed through designated divisions, usually associated with distinct reactor regions and supporting monitoring and control components. These latter components are physically separated as by fire and shock barriers and the like, as well as electrically isolated. Thus, each of the divisions will include such components as pumps, valves, monitors and automated controls which are powered from separate and distinct power supplies. The safety related system components or instruments used for these divisions generally must be qualified so as to meet rigorous criteria of nuclear regulatory agencies such as the Nuclear Regulatory Commission (NRC). Such criteria are centered about operational reliability, including performance under seismic phenomena. For example, the NRC requires an electrical classification designated as 1E for these components.
Electrical control isolation typically is developed by opto-coupling procedures, the more recent of which are derived from fiber optic forms of communication. Some forms of electrically isolated inter-divisional communication typically are provided for certain monitoring functions. Additionally, some non-divisional intercourse with divisional systems may be permitted. For example, conventional boiling water reactors (BWR) incorporate core traversing probes which are mechanically driven along a reactor core to provide neutron flux distribution data used for computing calibration constants employed, in turn, by fixed, divisionally located monitors.
In contrast to the safety related systems of nuclear power plants, controls and instrumentation used in conjunction with their normal or nominal course of operation are not provided with the degree of redundancy nor with the rigorous structuring required of safety related or divisional systems. Such controls look, for example, to feedwater regulation, certain mechanical systems, pressure controls, power monitoring, and the like. Unless the system is challenged or a failure occurs causing the automated safety related systems to carry out their designated procedures, the nominal or non-safety controls perform, in conjunction with a man-machine interface. The interface is structured as a relatively large console located within a control arena. Space requirements for such control rooms are quite extensive because of the additional presence of mandated safety related instrumentation, readouts and controls for each of the physically separated and electrically isolated divisions. These safety related implements generally account for about 40% of the overall control instrumentation. Typically, the large operator interfacing control console for normal operation is positioned somewhat centrally within the control room, while the panels carrying safety related instrumentation are remotely located, for example, along walls and the like.
To assure that error or fault is not propagated into the divisions or safety related systems from the man-machine interface, verification procedures have been instituted. For example, the earlier-discussed neutron monitor calibration constants are computed by a computer which is not a part of the qualified safety system. Thus, such computed data can be inserted into the divisions only following operator verification. Similarly, any permissible operator directive inputs to the divisions must undergo operator verification procedures involving the need for operator presence at various locations about the control room. The result has been a requirement for a large number of attending operators and space necessitated man-machine inefficiencies.
Because of the extensive spatial requirements for control rooms and of the operator inefficiencies necessitated by the large number of redundency mandated instruments and controls, industry has sought to achieve a technique for concentrating necessary data at a singular man-machine interface location without compromising the necessary physical and electrical separation of divisions and the safety enhancement occasioned by verification procedures.