OCCURENCE OF COMMON-MODE FAILURE

In technical facilities, for example in nuclear power plants, redundan t systems are used to prevent random failures from deleting the comple te system function. However, although this redundancy concept is adequ ate to cope with random failures in single redundancies, its applicabi lity is limited in case of multiple failures due to a systematic failu re cause to which all redundancies are submitted due to their identica l features. Some general considerations have been formulated to rule o ut the occurrence of such common mode failure (CMF) in redundant syste ms under certain circumstances. CMF means that in more than one redund ancy the systematic failure cause is activated at the same time, or wi thin the same frame of time (e.g. during the mission time for an accid ent). It therefore has to be distinguished between the systematic caus e and the actual occurrence of CMF: a latently existing systematic cau se does not necessarily lead to simultaneous failure; it must be activ ated and therefore is only the prerequisite for CMF. A systematic caus e results in simultaneous failure if -the systematic cause is activate d by specific circumstances associated with the accident: a triggering effect to which the redundancies are subjected due to their identical features -previous failures have accumulated undetectedly before the accident. They now appear on demand due to the accident. For exclusion of CMF, both exclusion of a triggering effect and of accumulation is necessary. A trigger can be excluded, if the components are not affect ed by the accident at all, or are not submitted to any 'abnormal' oper ation. Accumulation can be ruled out by self annuciation. From this a matrix for excluding CMF-susceptibility has been derived.