HFC-6000 - Our Most Advanced Nuclear Qualified Control System


The HFC-6000 Safety Grade Control System represents theculmination of over 30 years of control system research and development efforts.
Specifically designed for control and monitoring of the most critical applications, the system is capable of functional operation even in the most intense physical, electrical, and seismic environments.

The field-proven architecture, coupled with rugged, robust system components combine to reduce installation, maintenance, and spare parts costs, while assuring a long operational life. The flexibility and scalability inherent in the overall system design provides a customizable solution capable of meeting the most rigorous system requirements, yet utilizes industrial standard interfaces to minimize impact to other plant systems and platforms. Based on these features, the HFC-6000 becomes the optimal choice for the functions being performed.

The HFC-6000 architecture (shown to the right) is based on a field-proven design which can be found in hundreds of fossil and nuclear power plant installations worldwide. The system is designed based on a thorough understanding of critical plant conditions, the ongoing events that trigger them, and the prompt resolution of such conditions. These enhancements in control and safety system functions provide significant economic advantages during commercial operation while maintaining the reliability and flexibility standards in the overall system design. By using standard applications software algorithms and communications protocols common to HFC control systems, the HFC-6000 is compatible with legacy control systems and is also capable of future upgrades, maximizing system longevity and return on investment. This emphasis on field-proven equipment and the preservation of future upgradeability avoids the costs associated with system obsolescence and new product development.

Capable of being implemented in a fully redundant configuration for both safety and non-safety applications, the HFC-6000 eliminates single point of failures for maximum fault-tolerant operation. HFC can structure the system to incorporate redundancy specific to certain critical areas and the segregation of functions provide a multitude of operational and maintenance benefits, reducing overall operating costs. The system architecture virtually precludes the propagation of failure modes and the advanced, system-wide diagnostics continuously monitor system hardware, software, and communications parameters in real-time, and have the ability to identify system anomalies all the way down to a single I/O channel.

Enhanced operator and maintenance functions are facilitated by a variety of Control Room strategies ranging from traditional, discrete Man-Machine Interfaces (MMI) to high-resolution, digital flat panel displays with touch screen capability. A safety qualified (Class 1E) flat panel display is available for environmental and seismic sensitive applications. The HFC-6000 has the flexibility to select high-level process displays for an overall, system status overview, or more detailed displays which are particular to a specific process operation, increasing operational and maintenance benefits.

The HFC-6000 Safety Grade Control System provides the reliability, flexibility and technology not available in traditional analog systems while significantly reducing operational and maintenance costs.


The HFC-6000 Safety Grade Control System overcomesthe deficiencies associated with traditional analog systems through the provision of the following features and benefits:

Dedicated Control Link

Users can use the redundant HFC-FPC08 as the gateway to isolate the Control Link within a bay/cabinet from the rest of the controllers even in the same train. In most configurations of safety bay/cabinet, it has a dedicated redundant Control Link to connect all controllers.   

Dedicated Data Link 

The Data Link by using HFC-FPC08 in the HFC-6000 rack provides Data Link among controllers. Each HFC-FPC08 has up to four (4) high speed Ethernet communication ports for point-to-point communication between any two controllers.   

Nuclear Safety Qualified One-Step Automate Logic Generation (One-Step ALG) tool

Users can use control and logic diagrams on CAD drawings and translate them directly into executable control code and operator interface graphics. It also provides the capability for defining the I/O and database configuration. It is the tool to maintain the single source of documents for an entire plant process control. It also provides the capability for users to create, modify, and maintain their own functional control blocks.  

Hardened Remote I/O Link

Users can configure I/O points either at the physically connected I/O racks or remotely connected I/O racks redundantly. The HFC-6000 controller connects its remote I/O racks via dedicated fiber optic cables.

Fully Redundant Hardware Configuration Provides System Availability

Users can use the standard redundancy features of the HFC-6000 to achieve overall system availability and reliability. HFC provides redundancy on controllers, power supply, communication link, and optional I/Os. The Maintenance Failover function permits manual verification of the working status of both the Primary and the Secondary controller to make sure it will be able to take over control in the event that the Primary controller fails.

Complete Cyber Security

All user’s non-safety OIS, EWS, and HAS are connected to Information Data Highway (IDH) which has control status monitoring capability. HFC’s gateway devices serve as the hardware and software firewall to provide segregation between IDH and the Communication Master Link (CM-Link) for safety trains. HFC’s proprietary Database Manager software is the only medium that can access the controller database through CM-Link.  This configuration plus the isolation between the CM-Link and safety Control Communication Link (C-Link) provides a control security zone and complete Cyber Security in order to avoid network hackers and virus attacks. 

Ability of Adopting Latest Proven Technologies

HFC possess safety I&C platforms (HFC-6000) built upon both microprocessor-based and FPGA-based technologies.  It has been HFC’s history to adopt the latest proven technologies to its platform development and refinement.  This adaption ability allows HFC to apply its platforms to any size of I&C projects, from the biggest Pressurized Water Reactors (PWRs) to modern Small Modular Reactors (SMRs) protection and controls. 


Automatic Logic Generation (ALG) Tool

Application logic design is an important activity in the HFC development lifecycle process.  The Application logic design details how the application logic will be structured to satisfy the requirements specified in the system requirements specification. 

The design is a translation of requirements into a description of logic structure, module components, interfaces, and data necessary for the implementation of the requirements. In essence, the application logic design becomes a detailed blueprint for the implementation activity, which is fulfilled through the One-Step logic automatic translation tool.

One-Step, as a proven and qualified Engineering WorkStation (EWS) software logic automatic translation tool, has been widely used in the safety Application logic design and implementation for more than 20 years. One-Step automates the logic translations, which eliminates human errors in logic translations, but also creates dynamic images of a logic drawing for display on the workstations so that logic drawings can be dynamically monitored with the system on-line.

Using System View of Using One-Step ALG Software

Increased System Performance

Controller computations and logic execution is performed utilizing a high-speed, dedicated Intel Pentium® class processor (64-bit), which provides extremely fast system response times. Communications functions are conducted through separate, dedicated processors (32-bit) for increased data communications throughput. The high performance processor and high-speed communications reduce the required amount of equipment, simplifying overall system design.

Field-Proven Architecture

The high-integrity system architecture is found in many fossil and nuclear power
installations worldwide. The simplification of the hardware and software design decreases system complexity, reducing maintenance and testing costs and minimizing the probability of system errors.

Unparalleled System Longevity

The system architecture permits future upgrades with minimal modifications as well as backwards compatibility to legacy HFC control systems. Unsurpassed system operating life provides an exceptional return on investment.

Improved Maintenance and Testing Facilities

A wide breadth of configuration, diagnostic, and maintenance tools assist operators and maintenance personnel in the identification and prompt resolution of system abnormalities. Corrective maintenance is also facilitated through the ability of ‘hot swapping’ failed modules, which can be performed without the disruption of other ongoing, critical processes.

Real-time system tests and diagnostics facilities continuously perform sanity analysis and monitor system-wide status parameters. Intelligent alarms can be generated upon detection of any kind of process/system anomaly. Maintenance personnel are able to observe detailed system status displays and perform various system tests through the Maintenance Subsystem.

Increased Reliability and Flexibility

The use of field-proven hardware and system-wide redundancy results in improved fault-tolerant operation. The system architecture effectively eliminates single point of failures and is designed to restrict such failures from compromising other system components. In its full, redundant form, a 99.997% system reliability rating is achieved.

System flexibility is exhibited through the capability of providing redundancy specific only to critical areas where it is required and the wide variety of Man-Machine interface configurations and displays available.