Abstract: To solve the problems in current redundancy testing of nuclear safety Digital Control System (DCS), such as the lack of systemic technology, a testing method based on failure mode analysis was proposed for nuclear safety DCS redundancy function. The basic failure modes for redundancy testing were established through the analysis of the design mechanism, and were combined into different kinds of failure scenario. The overall testing method was then designed based on failure mode combinations and system state transition analysis under the failures, including the design of redundancy testing scenarios and testing environment. The validity of the testing method is validated through the successful application experience in a nuclear power station, which shows that the redundancy testing method proposed could effectively detect defects in product design and is valuable for the quality control of the redundancy function in nuclear safety DCS.