Conservative availability analyses including dependent failures in redundant I&C-systems with recurrent tests

In this paper analytic formulae are derived to estimate conservatively the unavailability of a two out of four digital safety Instrumentation and Control (I&C) system with recurrent tests. The analytic formulae disclose the influence of the different parameters on the system’s unavailability. In particular, the choice of a proper test interval is essential to guarantee the required low unavailability. The extraordinary self-checking capabilities of digital systems are taken into account by use of an appropriate failure model together with the treatment of dependent failures of the integrated software–hardware system. The underlying methodology is approved by licensing experts of nuclear facilities in Germany.