With one of the largest safety-related installed bases in the world, the Westinghouse Common Qualified — or Common Q™ — safety-grade instrumentation and control (I&C) platform is approved by the U.S. Nuclear Regulatory Commission (NRC) and other nuclear regulators worldwide for both new plant build applications and operating plant safety system upgrades. The Common Q platform is safe, reliable, easy to service and supported for long-term operations.
The Westinghouse Advant® Controller 160 (AC160) Programmable Logic Controller is the core of the Common Q platform with a safety qualified equipment serving as the human-machine interface. The Common Q platform is defined in NRC-approved Topical Report WCAP-16097.
With more than 30 years of I&C systems design, testing and implementation, Westinghouse understands the need for safe, efficient and cost-effective I&C safety systems. The Common Q platform reflects those basic requirements and offers other significant benefits.
Improved reliability is attained through utilization of extensive system diagnostics that reduce the Mean Time to Repair (MTTR).
greater than 70 years
MTTR Components: less than one hour
Internal self-diagnostics of the equipment and automated surveillance test applications are combined to enable the elimination of periodic surveillance testing. These self-diagnostics and test provisions have been reviewed and approved by the NRC as described in the Common Q safety evaluation report.
The self-test and diagnostic features eliminate input/ output (I/O) card calibrations which help to reduce technician maintenance. An advanced maintenance interface with a color touch screen improves the ability for the technician to determine the detailed status
of the system, including the ability to interact with the automated self-test features and diagnostics. This feature improves technician ability to perform troubleshooting of channel equipment failures.
The Safety Human Machine Interface (SHMI) provides an isolated uni-directional Ethernet connection to the plant computer. This feature allows the plant computer to monitor the status of the safety systems.
Westinghouse is uniquely qualified to support and comply with Nuclear Energy Institute (NEI) 08-09, NEI 13-10 and R.G. 5.71 cyber security requirements. Westinghouse has an information technology infrastructure maintaining compliance with the NRC cyber security for the Common Q product and has a long history of meeting such requirements for numerous systems provided to the nuclear industry.
Westinghouse remains committed to long-term support of the Common Q product line. Most recently, Common Q is the protection and monitoring system utilized for Westinghouse’s AP1000® power plants in China and the U.S.
As of 2023, the Common Q system is implemented in various systems in over 50 nuclear power plants in operation or under construction in Europe, the U.S. and Asia. With more than 1,300 cabinets and over 4,000 AC160 processors installed to date, Westinghouse has extensive experience supplying both small custom retrofit systems and large new cabinet installations. Westinghouse has the capability for complete product support including training, system installation and startup test services.
Common Q’s Advanced Design Features are Unmatched in the Nuclear Industry
Designed to operate in demanding industrial environments, the AC160 is a high-performance modular controller with multiprocessing capability for logic control. It can be used as a stand-alone or as an integrated controller in a distributed control system, communicating with other Advant equipment. The processor module used for Common Q applications is the PM646A (32 Bit Motorola MC68360). Its modular design allows process connections to be made to compression terminals on standardized connection units.
The AC160 allows expansion of processing capability by allowing up to six processor modules to be utilized in a single subsystem. This enables packing significant processing power in a small footprint.
Recognizing the importance of redundancy to satisfy the single-failure criterion, the AC160 utilizes several features to support redundant processing.
The redundant power supply subsystem can be powered by either AC or DC. The subsystem is universal (e.g., 90-350 VDC, 120/220 VAC 50/60 Hz).
The CPU redundancy consists of primary and standby processors. The primary processor is in control while the standby tracks the process. Upon failure of the primary, the secondary processor then assumes control.
In one out of two station redundancies, the two independent stations process acts in parallel and the outputs are voted either one of two or two of two to form the final output.
In two out of three station redundancies, the three independent stations process acts in parallel and the outputs are voted two of three to form the final output.
The AC160 controller supports fail-safe operation through the use of functional diversity, self-diagnostics, watchdog timers and a fail-safe configuration.
The application program is created using the AC160 Master Programming Language and software development environment. Key software tools that differentiate this development environment include a graphical function chart builder and a function block library for creating specific logic for the application.
Westinghouse’s function block library of reusable software modules specific to the nuclear industry contains more than 100 validated and configurable algorithms. This flexibility allows the same code base to be reused across different systems and plants which lowers costs, reduces risk and speeds development.
The S600 family of I/O modules contains traditional I/O functions such as analog input (including differential, thermocouple and resistance temperature detector), analog output, digital input, pulse input and digital output. S600 I/O modules typically contain eight, 16 or 32 input or output channels, depending on the module. The I/O modules are placed in the AC160 Controller subrack and extension subracks. The extension subracks communicate with the main AC160 subrack via a hardwired bus extension. Process signals are connected into the front of each I/O module via pre-fabricated cables from either field terminal blocks or termination units.
The S600 I/O family offers a high density I/O solution that, through expansion subracks, can support over 1,000 points in a single controller. All I/O modules provide galvanic isolation.
The AC160 supports communication over the Advant Field Bus (AF100) and a High-Speed Data Link (HSL) interface.
The AF100 is a high-performance fieldbus which is used for communication between AC160 controllers and display systems. It is possible to connect up to 80 stations within a total physical distance of up to 13,300 meters (43,300 feet) on a single AF100 data highway, which can be built with either a twisted pair or fiber optic transmission media.
The HSL is a RS422 multi-drop datalink that supports a connection of up to 15 receivers on a twisted pair link, or up to 40 receivers if fiber optic links are utilized.
The Flat Panel Display System (FPDS) is the human system interface for the Common Q safety system. It consists of a SHMI and a touch screen video display. The display is available in various screen sizes: 6.5 in (16.51 cm), 12 in (30.48 cm), 15 in (38.1 cm) and 19 in (48.26 cm).
The FPDS is typically used locally at the I&C cabinets for system maintenance and testing. This system can also be applied as a safety grade main control room operator module for functions such as post-accident monitoring and operation of permissives and controls.
Additionally, the SHMI can be used as a data highway gateway from a safety or safety-related AF100 data highway to a general purpose, non-safety plant information highway.
The CIM is a non-software-based, qualified safety-grade module that provides the complete interface between the safety system and the plant field components that it controls (e.g., valves, circuit breakers). The CIM provides prioritization between component control by the safety system, the control system, diverse actuation system and manual control, removing the need for separate safety and non-safety actuation devices.
The CIM can be positioned local to the AC160 controller or remote via fiber optic interface.
The Nuclear Instrumentation System Processing Assembly (NISPA) consists of one rack assembly and one connector panel.
The rack assembly contains up to seven modules:
All NISPA modules are sized to Eurocard standards and are positioned with card guides inside
a Eurocard frame. The use of mechanical keying ensures modules can only be inserted into their designated slots. These modules plug into two backplanes by means of interfacing connectors mounted on the rear of the module.
The backplanes are shared with the high voltage power supplies, Source Range Input Module, Power Range Input Module, Intermediate Range Input Module and the Test Interface Module. The modules are easily removable for troubleshooting or replacement. No rear access is required to remove or replace the module when positioned in the chassis. A separate panel is provided for terminating heavy gauge field cable.
Common Q has been reviewed and approved for use by global regulatory agencies in the U.S., Asia and Europe, meeting NRC, International Atomic Energy Agency (IAEA) and International Electrotechnical Commission (IEC) standards.
The Common Q Safety Platform is in in compliance with the following NRC standards:
Institute of Electrical and Electronics Engineers (IEEE) 603 – Standard Criteria for Safety Systems for Nuclear Power Generating Station, as augmented by RG 1.153, Rev. 01, 06/1996 and Branch Technical Positions 7-3, 9, 11, 12, 17, 19 and 21
IEEE 338 – Standard Criteria for the Periodic Surveillance Testing of Nuclear Power Generating Station Safety Systems, as augmented by RG 1.118 as augmented by RG 1.118
IEEE 379 – Standard Application of the Single-failure Criterion to Nuclear Power Generating Station Safety Systems, as augmented by RG 1.53
IEEE 384 – Standard Criteria for Independence of Class 1E Equipment and Circuits as augmented by RG 1.75 and Branch Technical Position 7-11
EPRI NP-5652 – Guideline for Utilization of Commercial Grade Items in Nuclear Safety Related Applications
EPRI Topical Report TR-106439 – Guideline on Evaluation and Acceptance of Commercial Grade Digital Equipment for Nuclear Safety Applications
WCAP-16096-NP-A – Software Program Manual for Common QTM Systems, as approved by the NRC. IEEE 7-4.3.2 – Application Criteria for Programmable Digital Computer Systems in Safety Systems of Nuclear Power Generating Stations, as endorsed by RG 1.152.
IEEE 828 – Software Configuration Management Plans, as endorsed by RG 1.169.
IEEE 829 – Software Test Documentation, as endorsed by RG 1.170.
IEEE 830 – Guide for Software Requirements Specifications, as endorsed by RG 1.172.
IEEE 1012 – Standard for Software Verification and Validation Plans, as endorsed by RG 1.168. IEEE 1028 – Standard for Software Reviews and Audits, as endorsed by RG 1.168.
IEEE 1074 – Standard for Developing Software Life Cycle Processes, as endorsed by RG 1.173.
IEEE 323 – Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations
IEEE 344 – Recommended Practice for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations as augmented by RG 1.100
Regulatory Guide 1.180 – Guidelines for Evaluating Electromagnetic and Radio Frequency Interference in Safety Related Instrumentation
Westinghouse provides a complete scope of instrumentation, control and automation products and services to enhance plant safety and reliability in a cost-effective way.
We enhance the reliability of plant control and safety systems through an integrated, plant-wide approach, offering a full range of world-class instrumentation and control solutions for operating and new nuclear power plant designs. With our local presence we adapt worldwide experience to regulatory and customer needs. This is comprised of product development, design, assembly and testing of advanced I&C products, including control system component services, outage support and training. We seek to minimize total plant life-cycle costs and disruption through maintenance, enhancements, single-point vulnerability elimination and upgrade strategies specific to each plant’s long-term support needs.
Common Q is a trademark or registered trademark of Westinghouse Electric Company LLC, its affiliates and/or its subsidiaries in the United States of America and may be registered in other countries throughout the world. All rights reserved. Unauthorized use is strictly prohibited. Other names may be trademarks of their respective owners. AC160, and other names used herein, may be trademarks of their respective owners.
Advant is a registered trademark of Westinghouse Electric Company LLC. Other names may be trademarks of their respective owners.