Forsmark asks critical questions about its I&C

3 November 2002

By 1995 it was clear that Forsmark's analogue I&C equipment would need to be replaced before 2005. But the plant needed a strategy to achieve integrated modernisation, to ensure it did not end up with a fragmented I&C architecture. By Johan Hallén, Ingemar Rydahl and Lennart Kloow

The major factors contributing to I&C problems in nuclear plants are ageing and obsolete equipment, technological obsolescence, and a loss of expertise in analogue equipment. These issues will become more important as the fleet ages and will be significant for plants considering life extension.

In the case of Forsmark 1 and 2, by 1994 Norsk Data (Norwegian Computer), which designed the plant's process computer around 1980, had shut down. The process computer's data acquisition system (old ABB equipment known as DS8) had reached maximum usage capacity. The control rod manoeuvering system was beginning to malfunction, and the system needed replacement. The old analogue I&C equipment was working, but it needed a huge amount of maintenance, and many components were becoming obsolete.

How should the replacement take place? The choice is between successive modernisation during several normal outages or one major modernisation during a prolonged outage. There are advantages and disadvantages with both approaches.

The main advantages of the single modernisation are that temporary hybrid solutions can be avoided in the control room and for the control equipment. It is also easier to ensure that system versions for hardware and software are consistent.

The main advantage of the step-wise approach is that outages need not be extended - with the associated financial and logistic benefits. This lessens the financial risk, thanks to smaller investments and lower risk of unforeseen problems that may prolong the outage. What is more, smaller projects are generally easier to manage, both for the utility and the supplier, because scope and specifications are more easily limited and predicted. Lessons learned during early steps can be applied in later outages and processes for continuous improvements can be applied by the utility and supplier.

At Forsmark, the successive modernisation approach was chosen, for two reasons. First, the utility's expertise and experience is in operating and maintaining the nuclear units. The organisation is not set up, nor trained, to execute major modernisation projects. If the utility were to take on the role of project co-ordinator and architect-engineer, there would be a financial risk associated with that role that could not be fully warranted. Second, an extended outage would not be cost-effective. Forsmark decided that the sum of outage periods for one unit may not exceed 73 days in 5 years, which on average means two short outages of 10 days followed by one long one of 20 days.


Throughout the 1990s, I&C upgrades were carried out through highly focused efforts that addressed near-term problems in a problem-specific manner. This strategy produced individual solutions that were not cost-effective in the long term. They resulted in a set of individual digital systems, each requiring custom support and training, many of them not compatible with each other or with the plant process computer.

An integrated solution avoids these problems. It should have the following characteristics:

• Integrating safety and non-safety information for plant operator.

• A shared I/O system between control and protection systems and process computer.

• A common standard human-system interface (HSI).

• A reduction in the requirements for hardwired I/O for inter-system communication.

• A common software and hardware platform for all plant applications, with diversification between safety and non-safety systems to allow for software common mode failures.

• Reducing the type and number of spare parts, failure rates and significantly improving fault tolerance due to standardised equipment. This will reduce manual testing during plant operation and outages, reducing labour costs and outage durations.

This will make it possible to reduce I&C to two product lines: safety and non-safety equipment. This will help reduce engineering costs because it will use common database and configuration tools and common HSI design tools, will allow easier maintenance and so on. It will also allow procedures to be computerised since all information will be available in one location.

Forsmark performed analyses to develop the modernisation vision and requirements, using a control room philosophy and design study. Conceptual studies for replacing analogue with digital I&C were ordered from different suppliers. The following goals were established:

• The number of different HSIs should be kept as low as possible.

• There should be a single HSI concept in the main control room (at the operators' request).

• There should be one platform for all future safety and non-safety I&C systems.

• The platform should be built such that it shall not fail to perform its functions due to any single failure.

• All old analogue I&C equipment on the reactor side will be replaced where it is deemed cost beneficial. This would primarily be the case where the existing equipment performs poorly.

• The process computer should be an integrated part of the new I&C platform and the same HSI should be used for both control and process computers.

• Replace the control rod maneouvering system and integrate it into the platform.

• The long-term goal for the turbine modernisation is to replace all old analogue I&C equipment.

• The turbine protection should be upgraded from two to three-channel turbine protection.

• All changes, upgrades and modifications shall be made within the fixed outage periods.

A utility may not agree to upgrade its I&C systems until it is absolutely necessary and this may give very little time for planning, scheduling and implementation. If the upgrade is carried through too quickly it may be practicable for the supplier but without full involvement from the utility personnel. This could create problems. The importance of planning and agreeing on a proper schedule cannot be overemphasised.

However, if the upgrade is postponed there is a risk of availability problems in the safety systems or reactor protection system (RPS). As the analogue equipment gets older there may be risks of spurious trips and production losses.

A utility should avoid beginning an upgrade with the RPS - one of the most complicated systems. Successful completion of other steps will provide the utility with the necessary experience for this more complex job.

Forsmark's obsolescence issues meant it had to act fast to avoid performance and availability problems.

Forsmark chose integrated solutions instead of a stand-alone approach, due to the obvious benefits of integrated I&C systems.

The general development of a modernisation strategy involves following high level processes. First a vision and then a strategy for the I&C upgrades are developed, then the overall requirements and scope. An implementation plan for the next 5 to 10 outages is written based on scheduling considerations and cost-benefit analyses. The modernisation options are studied and an appropriate platform selected, with consideration of a long-term plan for platform support and potential supplier alliances or teaming relationships. Finally the requirements and scope and the standardisation guidelines for the work are developed.

Key members of the utility should be involved in the development to set up a common long-term vision of how your control room and control system infrastructure should look in the next 20 years.

From a technical point of view the order in which the replacement is done is not the only critical aspect. Other aspects to be considered are the need for replacement due to ageing, cost benefit analyses, physical layout, ergonomic requirements in the control room and potential new requirements from regulatory bodies.

As a start, it is important to build the infrastructure to which new systems will be connected. It is important to define the operator interface in the main control room, which will be used both for process control and for the process plant computer. The investment may seem large, but from the perspective of a 20-year modernisation plan, it will still be cost-beneficial.

The continuous learning process involved in developing the upgrade is valuable to the organisation. It is also important to be able to handle the new possibilities created by introducing a new control system into a control room so as not only to affect functional improvements but also make the best possible use of the operating staff's experience. Peripheral systems - radwaste control or condensate cleanup - with a good mixture of controlled components and monitoring are good systems training.

When an information and control platform is chosen, a long-term agreement with specified criteria should be established with the supplier. The fact that a platform is chosen should be used inside the organisation to force everyone to act accordingly, since any choice of equipment outside the platform may cause problems for maintenance, training and operational staff.

Forsmark established a contract with ABB in 1995 covering design and installation of the new platform, corresponding changes in the simulator and a long term modernisation alliance.


One of the key elements in achieving a successful integrated I&C upgrade is to obtain a high degree of system and equipment standardisation. It reduces equipment and maintenance costs and supports efficient error-free operation.

For an upgrade spanning several outages, standardising design and implementation will minimise unique solutions to common issues, as well as overall design and implementation costs. For example, type circuits used in the analogue equipment to control a certain type of pumps, fans, valves and so on, should where possible be converted to type circuits in the new digital information and control system.

Design rules should be developed successively. Developing them up front may create a very lengthy period before any actual work can be performed. However, certain fundamental rules and prerequisites should be defined at an early stage. The utility must be trained in the possibilities of digital systems and reasons for adaptation of design rules as the modernisation continues. When new rules are established, they must be adapted by the utility and the supplier.

A key issue is acceptance from operational staff in designing control room and soft control displays. Some important factors are:

• Modernise complete sections of the control desk or complete operational tasks. Follow the existing operational instructions and cover all steps, preferably on one screen. Operators do not like situations where both screen and mimics have to be used, especially if the information is geographically separated or contradictory.

• Use the benefits of integrated digital systems, giving operators more added values; for example: task-oriented pictures, information from other process systems that may be affected by the operational task, information from surveillance testing, information from peripheral systems.

• The operations personnel need to participate in the modernisation tasks and the rest of the team should have confidence in the input provided by the operators. The entire team should feel involved.

• A formal control room modernisation process should be established, usually also required by the authorities. In Forsmark, the process is called "Manfred", and the main high-level checkpoints are: don't forget anything in the new design that existed in the old one; and ensure that all new functionality and equipment are needed and useful for the operators.

The modernisation goals and the role of each group in the organisation must be very clear:

• The board or steering committee is responsible for the investment decision and long term commitment.

• Management must be prepared to take unexpected economical or strategic decisions during the programme.

• All members of the organisation must work towards a common goal.

• When the modernisation decision is taken, bring all participants on board.

• Organise quick implementation of lessons learned.

• Plan and prepare for development of new competencies.

During the successive modernisation many separate projects will be performed, during different outages. Sometimes several projects will be underway simultaneously.

For each project, personnel from the utility should be assigned full time and released from their regular duties. Otherwise there is a risk of conflicts with other tasks and possible delays or undesired technical solutions. Early efforts will avoid problems or inconvenient solutions that may then impact the systems for the next 20 years.

Coordination between the successive projects is necessary but should be done in moderation - too much coordination will slow progress.

FORSMARK's experience

Some of the lessons learned during Forsmark's experience are listed in the Fact file below.

Looking back in late 2002, Forsmark's goals have all been met. An integrated platform has been achieved including one common operator interface for control and information systems and the process plant computer is integrated in the control architecture. The common platform will allow future upgrades.

Operators at Forsmark participated in the design of the human-system interface and appreciate the end result, even though there were challenging initial difficulties with the alarm philosophy after the first step of the work.

Fewer equipment types and lower failure rates have led to extremely cost-effective maintenance. The availability goals of the new systems have been reached, thanks to built in redundancy. All the work steps were performed within the time limits of planned outage periods, and never caused any outage delays.

Forsmark and Westinghouse have achieved this thanks to hard work and good cooperation, but also very importantly by listening to the other party, applying and learning from experience. Much effort has been put into documenting the experience gained for future use.

During the course of the modernisation programme the customer and supplier have developed a closer cooperation by working with a common set of documentation, and identifying documentation deliveries in each project.

Lessons learned

• Let different suppliers do a conceptual study on the upgrade, clearly showing how they would solve your requirements today and how the concept can be extended in the future. This gives you a better understanding of the supplier’s equipment and his way of integrating the equipment into your environment. • Use the old existing graphical HSI as a basis for the requirements concerning tools and base picture elements for what the new HSI should have. Define basic picture elements needed to create the desired pictures and the preferred dialogues. • The design of pictures for a system is an iteration process between the supplier and the customer. Our experience is that a good result requires good specifications. • Changing from analogue to digital I&C implies that maintenance personnel will take over work that previously was done by computer personnel. The importance of this change should not be underestimated and the necessary training of maintenance personnel should be considered. • Existing administrative rules should be considered, for example the focus on operations personnel in Forsmark. • The maintenance personnel should be aware that they are responsible for everything from process interface to operators HSI. • Ensure that the existing naming convention for pumps, fans, measuring points, etc, will be applied in the new system. Only one person or group should be allowed to assign names for new signals and objects. • Integrate new documents into the existing plant documentation structure. • Use all existing experience and knowledge of the plant status of utility personnel. • A new IT infrastructure should be able to manage new SW and HW versions, configuration control, compliance and so on. Strict control of upgrades should be applied. When upgrades are performed the supplier should be responsible for upgrading the whole platform. • During design of the new information and control system platform, Forsmark had three people participating in the Westinghouse project for two years. Direct participation is one of the best forms of training for operations and maintenance personnel. • Use simulator personnel to produce user documentation and for operator training.

Privacy Policy
We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.