INTRODUCTION
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Conditions and strategy to cope with CCF
5.1 General
5.2 Characteristics of CCF
5.3 Principal mechanisms for CCF of digital I&C systems
5.4 Conditions to defend against CCF of individual
I&C systems
5.5 Design strategy to overcome CCF
6 Requirements to overcome faults in the requirements
specification
6.1 Deriving the requirements specification for the
I&C from the plant safety design base
6.2 Application of the defence-in-depth principle
and functional diversity
6.3 CCF related issues at existing plants
7 Design measures to prevent coincidental failure of
I&C systems
7.1 The principle of independence
7.2 Design of independent I&C systems
7.3 Application of functional diversity
7.4 Avoidance of failure propagation via
communications paths
7.5 Design measures against system failure due to
maintenance activities
7.6 Integrity of I&C system hardware
7.7 Precaution against dependencies from external dates or
messages
7.8 Assurance of physical separation and environmental
robustness
8 Tolerance against postulated latent software faults
9 Requirements to avoid system failure due to maintenance
during operation
Annex A (informative) - Relation between IEC 60880
and this standard