United States Nuclear Regulatory Commission - Protecting People and the Environment

Method for Performing Diversity and Defense-in-Depth Analyses of Reactor Protection Systems (NUREG/CR–6303, UCRL–ID–119239)

On this page:

Download complete document

Publication Information

Manuscript Completed: December 1994
Date Published: December 1994

Prepared by:
G. G. Preckshot

Lawrence Livermore National Laboratory
University of California
Livermore, CA 94551

Prepared for:
Division of Reactor Controls and Human Factors
Office of Nuclear Reactor Regulation
U.S. Nuclear Regulatory Commission
Washington, DC 20555-0001
NRC Job Code L1867

Availability Notice


The purpose of this NUREG is to describe a method for analyzing computer-based nuclear reactor protection systems that discovers design vulnerabilities to common-mode failure. The potential for common-mode failure has become an important issue as the software content of protection systems has increased. This potential was not present in earlier analog protection systems because it could usually be assumed that common-mode failure, if it did occur, was due to slow processes such as corrosion or premature wear-out. This assumption is no longer true for systems containing software. It is the purpose of the analysis method described here to determine points of a design for which credible common-mode failures are uncompensated either by diversity or defense-in-depth.

Page Last Reviewed/Updated Monday, December 15, 2014