Probabilistic risk assessment studies for digital I&C: detected failures and priority unit

Research output: Book/ReportReport

1 Downloads (Pure)


In this report, probabilistic risk assessment (PRA) modelling studies of digital I&C are conducted as complementary to the OECD/NEA WGRISK’s DIGMAP project. One goal is also to prepare for the PRA modelling work in the WGRISK’s DIGMORE project, which has recently started. In this report, first, the risk contribution of detected failures causing spurious off-signals are studied by extending the PRA model of a fictive reactor protection system (RPS) developed in the DIGMAP project. Second, a fault tree model is developed for a fictive priority unit, which is also connected to the DIGMAP model.

Detected hardware failures causing spurious off-signals for safety functions are added to the DIGMAP model, as they were not included in the original study, whereas they had been found important in the previous DIGREL study. In this case, the detected hardware failures have significance only with regard to spurious off-signals causing initiating event, whereas they have little importance with regard to safety function failures. The importance of detected failures with regard to digital I&C related risk is sensitive to detection coverage parameters and fail-safe behaviour. Also, the diversity (or lack of diversity) between subsystems has significance for this matter.

A fault tree model is developed for a priority unit based on some early design ideas from the DIGMORE project. The priority unit gets its input signals from an RPS, back-up I&C system and operating I&C system. The most important contributors to the analysed safety function failure are specific failures in the priority units, but also spurious off-signals caused by detected hardware and software failures in the RPS are important. Other contributors are almost negligible. Detected RPS failures dominate over undetected failures in this case, because the detected failures can alone cause the safety function failure through the spurious off-signals, whereas undetected RPS failures only “pass the control” to the back-up I&C. However, this depends on the definition of the voting logic and the priorities of signals.
Original languageEnglish
PublisherVTT Technical Research Centre of Finland
Number of pages25
Publication statusPublished - 14 Dec 2022
MoE publication typeD4 Published development or research report or study

Publication series

SeriesVTT Research Report


  • probabilistic risk assessment
  • digital I&C
  • priority unit
  • spurious signal


Dive into the research topics of 'Probabilistic risk assessment studies for digital I&C: detected failures and priority unit'. Together they form a unique fingerprint.

Cite this