ABSTRACT
One NPP design principle that can be used to deal with spurious actuation is diversity-adding another, different I&C system, and then voting on control actions. Still, aside from emphasizing good principles like defense in depth, single failure tolerance, quality, independence and qualification (IAEA 2015), there remains a challenge: How the ensure that I&C systems do not contain design errors that might lead to spurious actuation? Modern I&C systems are so complex, in terms of both hardware and software (platform and application), that 100% test coverage is practically impossible.
