EN IEC 62138:2019

This document specifies requirements for the software of computer-based instrumentation and

control (I&C) systems performing functions of safety category B or C as defined by

IEC 61226. It complements IEC 60880 which provides requirements for the software of

computer-based I&C systems performing functions of safety category A.

It is consistent with, and complementary to, IEC 61513. Activities that are mainly system level

activities (for example, integration, validation and installation) are not addressed exhaustively

by this document: requirements that are not specific to software are deferred to IEC 61513.

The link between functions categories and system classes is given in IEC 61513. Since a

given safety-classified I&C system may perform functions of different safety categories and

even non safety-classified functions, the requirements of this document are attached to the

safety class of the I&C system (class 2 or class 3).

This document is not intended to be used as a general-purpose software engineering guide. It

applies to the software of I&C systems of safety classes 2 or 3 for new nuclear power plants

as well as to I&C upgrading or back-fitting of existing plants.

For existing plants, only a subset of requirements is applicable and this subset has to be

identified at the beginning of any project.

The purpose of the guidance provided by this document is to reduce, as far as possible, the

potential for latent software faults to cause system failures, either due to single software

failures or multiple software failures (i.e. Common Cause Failures due to software).

This document does not explicitly address how to protect software against those threats

arising from malicious attacks, i.e. cybersecurity, for computer-based systems. IEC 62645

provides requirements for security programmes for computer-based systems.