The reliability and integrity claimed from the pro­tection systems to support the safety case have been based on demonstrable high quality equipment designs, good techniques and good practice supplemented by comprehensive testing. This also applies to the soft­ware that forms an integral part of the PPS.

Rigid methods of software preparation have been established which result in very comprehensive docu­mentation at all stages. This enables every module to be assessed by a third party against the specification requirements and for construction error. Comprehen — soe verification of software documents and validation testing to pre-defined test specifications is performed. In addition, an independent design assessment is car­ried out on the completed system.

The fail safe design of hardware requires the selec­tion of components to give a predictable output on failure. The software includes self-test features for hardware tault detection to produce defined actions In an equivalent manner.

The overall system software follows the principle that a computer failure is detectable by the next com­

puter in the operational chain and by cross checking the data output by readback to the transmitting com­puter. The software also includes many of the estab­lished self-diagnostic and continuous error checking techniques in general use in the industry,