In this paper, methodologies to perform triple modular redundancy (TMR) insertion to reduce single event upsets (SEUs) in digital instrumentation and control (I&C) in nuclear power plants (NPPs) are presented. Field programmable gate arrays (FPGAs) are being increasingly used for digital I&C in NPPs to perform various tasks, including plant control, monitoring and protection because of low cost, re-configurability and low design turn-around time. But the memory and logic in FPGAs are susceptible to SEUs. TMR has become a common SEU mitigation design technique. However, TMR introduces significant overhead because of its full hardware redundancy. For NPPs, the overheads are insignificant, especially compared to reliability requirements. Formulae derived in this paper indicate that the bound, i.e., the maximal probability, of two simultaneous errors [PE]max is inversely proportional to the number of logic partitions in a TMR design, when each redundant logic block in every logic partition has the same number of sensitive nodes. Although the maximum logic partitioning design cannot completely eliminate the possibility of two simultaneous upsets, for the example test circuit it is found that [P E]max is reduced dramatically from 66.67% for minimum logic partitioning to 4.44% for maximum logic partitioning. Results show that the overheads of the maximum logic partitioning TMR design are acceptable compared to its high reliability.