12.17. The term redundancy refers to the use of two or more similar systems in parallel, so that the failure of one will not affect the plant operation. Redundant components and systems are commonly employed in nuclear power plants. They are of special importance in systems, such as instrumentation, shutdown controls, and emergency cooling, upon which safety depends.

12.18. The components of a redundant system could all be rendered inoperative by a common-mode failure, that is, when one failure leads to another or a number of failures result from a single cause. For example, duplicate components of the same design could conceivably fail simulta­neously when subjected to the same stress. Many potential common-mode failures can be foreseen and appropriate steps taken to circumvent them. In some cases, however, they are unpredictable and are revealed only after they have occurred. One way to minimize common-mode failure is by diversity, that is, by the use of two or more independent and dif­ferent methods for achieving the same result, e. g., reactor shutdown in an emergency.

12.19. The electric power supply system for a nuclear plant provides an illustration of redundancy and diversity. Instruments are operated by direct current which is available from two independent storage batteries. The alternating current required to operate pumps, valves, and air blowers is normally supplied by the plant’s generator connected to two separate bus­bar sets. In addition, two independent offsite power sources are available for use when the plant is shut down or the generator is not operating. If all the onsite and offsite electrical power should fail (“station blackout”), alternating current would be supplied by onsite diesel generators. The plant might then be without power for half a minute; this fact is taken into consideration in determining the conditions for safe operation.