DCL-12-069, Diablo Canyon, Units 1 and 2 - Invensys Operations Management Document 993754-1-916, V10 Tricon Reference Design Change Analysis, Revision 0, Attachment 4
| ML12222A099 | |
| Person / Time | |
|---|---|
| Site: | Diablo Canyon  |
| Issue date: | 03/19/2012 |
| From: | McDonald G P Invensys/Triconex, Invensys Operations Management |
| To: | Office of Nuclear Reactor Regulation |
| References | |
| PG&E Letter DCL-12-069 993754-1-916, Rev 0 | |
| Download: ML12222A099 (13) | |
Text
Attachments 9-11 to the Enclosure contain Proprietary Information
-Withhold Under 10 CFR 2.390 Enclosure Attachment 4 PG&E Letter DCL-12-069 Invensys Operations Management Document "993754-1-916, V10 Tricon Reference Design Change Analysis, Revision 0" Attachments 9-11 to the Enclosure contain Proprietary Information When separated from Attachments 9-11 to the Enclosure, this cover sheet is decontrolled.
i n Ve. n s'.! s-o 0 TU)Operations Management i n V e. n s".Y s" Triconex Proj:ect:
PG&E: PROCESS PROTECTION
- SYSTEM REPLACEMENT Purchase Order NO,: '3500897372 Project Sales! Order:- 9937.54 PACIFIC GAS & ELECTRIC COMPANY NUCLEAR SAFETY-RELATED PROCESS PROTECTION SYSTEM REPLACEMENT DIABLO CANYON POWER PLANT V1O TRICON REFERENCE DESIGN CHANGE ANALYSIS Document No. 993754-1-916 Revision 0 March 19, 2012)-) I I Name ISig~ture
/"- , ý;I Title I Author: G. McDonald Application Engineer Reviewer K. Harris I Project Engineer Approvals:
R. Shaffer Project Manager i v v e. n- s.ý. s" YTM i n V'e. n s, Operations Management Triconex D 993754-1-916 Title: VI1 Tricon Reference Design Change Analysis -Revision:
0 Page: 2 of 12 Date: 03/19/2012 Document Change History Revision Date Change Author 0 03/19/12 Initial issue. G. McDonald i v" e. n s".s s" Operations Management in v e. n s " *y s Triconex Document:
993754-1-916 Title: VIO Tricon Reference Design Change Analysis Revision:
0 Page: 3 of 12 1 Date: 03/19/2012 Table of Contents List of Tables .......................................................................................................
4 1. Introduction
..............................................................................................
5 1.1 1.2 1.3 1.4 2.2.1 2.2 2.3 3.Purpose ............................................................................................................................................................
5 Background
.....................................................................................................................................................
5 References
.......................................................................................................................................................
5 Abbreviations and Acronym s ..........................................................................................................................
6 System Level Differences Between V10.5.1 and V10.5.3 ......................
7 Hardware Changes ..........................................................................................................................................
7 Software Changes ............................................................................................................................................
7 Triconex Processes
..........................................................................................................................................
7 Specific Software Changes -V10.5.1 to V10.5.3 .....................................
8 3.1 I/O module operating firmware ..............................................................................................................
9 3.1.1 M aintenance Release V 10.5.2 ........................................................................................................
9 3.1.2 M aintenance Release V 10.5.3 ........................................................................................................
9 3.2 TriStation 1131 Application Programming Software ...............................................................................
10 4. Impact of Differences on the Tricon Platform ......................................
11 5. Conclusion
...............................................................................................
12 i n v'e. n s*.y s" i MTM Operations Management i n. ve. n .s'Triconex°ocument:
993754-1-9161 Title: VI0 Tricon Reference Design Change Analysis I Revision:
0 Page: 4 of 12 1 Date: 03/19/2012 List of Tables Table 1. VI0.5.1 to V10.5.3 Software Module Revisions
.......................................................
8 n ve .n s* .9 s in v ve. n s-Operations Management Triconex Document:
993754-1-916 Title: Vl0 Tricon Reference Design Change Analysis Revision:
0 Page: 5 of 12 Date: 03/19/2012
- 1. Introduction 1.1 Purpose The purpose of this document is to address the impact of recent changes in the version of the Tricon platform used for the Diablo Canyon Power Plant (DCPP) Process Protection System (PPS) Replacement.
Documents being submitted for NRC licensing review have been prepared based on Tricon version 10.5.1 (V1 0.5.1), which was initially expected to be the licensing basis version. The most current version qualified (and being sold) by Invensys Triconex is V10.5.3, which is now intended to be installed and licensed for the PPS Replacement instead of V10.5.1.The differences between V10.5.1 and V10.5.3 are discussed below.1.2 Background The Triconex Topical Report 7286-545-1, revision 4 [Ref. 1.3.1], and other Tricon platform documents prepared for the PPS Replacement describe use of the Tricon V 10.5.1 platform.
This is also the version for which the NRC is providing the baseline Tricon V10 SER for generic nuclear industry approval.As with any complex digital product, the Tricon platform continues to-undergo periodic changes as part of maintenance of the product line, evolutionary product enhancements, and resolution of platform software issues as they are identified.
As of the date of this document, the Tricon V1 0.5.3 is the most current nuclear qualified product, subsequent to two maintenance releases (VIO.5.2 and VIO.5.3).
This document identifies and characterizes the platform changes that have occurred since V10.5.1 and evaluates the significance of the changes as they relate to other documents under review for the. PPS Replacement System.1.3 References 1.3.1 Triconex Topical Report, 7286-545-1 1.3.2 Product Discrepancy Report (PDR) 1RTX#21105 1.3.3 Technical Advisory Bulletin (TAB) 183 1.3.4 Engineering Project Plan (EPP) V 10.5.2, 9100346-001 1.3.5 Tricon V10.5.2 V&V Test Report 1.3.6 Software Release Definition (SRD) VI10.5.2, 6200003-226 1.3.7 Nuclear Qualified Equipment List (NQEL), 9100150-001 1.3.8 PDR IRTX#22481 1.3.9 Product Alert Notice (PAN) 25 1.3.10 Engineering Project Plan (EPP) Tricon PAN 25 Fix, 9100428-001 1.3.11 Tricon PAN25 Master Test Report 1.3.12 Software Release Definition (SRD) VI 0.5.3, 6200003-230 1.3.13 Product Alert Notice (PAN) 22 1.3.14 Product Alert Notice (PAN) 24 1.3.15 Technical Advisory Notice (TAB) 147 i n- v" e. n s" .9 so v i n V e. n s-.!: s*Operations Management Triconex Document:
993754-1-916'1 Title: VI0 Tricon Reference Design Change Analysis Revision:
0 Page: 6 of 12 Date: 03/19/2012 1.3.16 Engineering Project Plan (EPP) TriStation V4.9 & Safety View Apps, 9100359-001 1.3.17 TriStation 1131 V4.9.0 Master Test Report 1.3.18 Software Release Definition (SRD) TriStation 1131 V4.9.0, 6200097-038 1.4 Abbreviations and Acronyms Al Analog Input AO Analog Output DCPP Diablo Canyon Nuclear Plant Dl Digital Input DO Digital Output EPP Engineering Project Plan 1/0 Input / Output MOL Maintenance of Line MP 3008N Main Processor NGAI Next-Generation I/O module -Analog Input NGDO Next-Generation I/O module -Digital Output NRC U.S. Nuclear Regulatory Commission NQEL Nuclear Qualified Equipment List PAN Product Alert Notice PDR Product Discrepancy Report PPS Plant Protection System SER Safety Evaluation Report SRD Software Release Definition TAB Technical Advisory Bulletin TR Topical Report i n v'e. n s'.> s" 0 TM i n Ve. n s9.5 s" Operations Management Triconex Document:
1993754-1-9161 Title: V1 Tricon Reference Design Change Analysis Revision:
0 Page: 7 of 12 Date: 03/19/2012
- 2. System Level Differences Between V10.5.1 and V10.5.3 No changes were made to the architecture of the Tricon system. As defined in Invensys Engineering Procedures, a change to the third digit in the Version number (e.g., V10.5.1 to V10.5.2) indicates a minor maintenance release that does not impact the architecture or Main Processor operating software.2.1 Hardware Changes Tricon system hardware is unchanged between V 10.5.1 and V10.5.3. No new hardware was added in either maintenance release V10.5.2 or V 10.5.3.2.2 Software Changes No new software modules were added to the Tricon system in maintenance release V 10.5.2 or VI 0.5.3. However, three existing software modules in Tricon VI 0.5.1 have revised versions in V10.5.3: 1) Al firmware used in the NGAI Analog Input Module (3721N)2) DO firmware used in the NGDO Digital Output Module (3625N)3) TriStation 1131 Programming Software (TS 1131)All other software remains unchanged from V10.5.1.For the PPS Replacement, the 3721 NGAI Analog Input Module is utilized for processing safety-related analog inputs, and TS 1131 is the engineering tool for developing the safety-related application program.2.3 Triconex Processes Tricon V10.5.3 was developed under the same IOCFR50 Appendix B Quality Program and development processes as V10.5.1. Basic processes previously reviewed by the NRC for V 10.5.1 remain unchanged.
i n v'e. n TM i nv'e.n s'.: s" Triconex Operations Management Document:
993754-1-916 Title: V10 Tricon Reference Design Change Analysis Revision:
0 Page: 8 of 12 Date: 03/19/2012
- 3. Specific Software Changes -V10.5.1 to V10.5.3 Differences in the Tricon VI 0.5.3 software are discussed in more detail below. Table I shows the progression of software changes for the two maintenance upgrades that have been made to the Tricon system, i.e., V 10.5.2 and V10.5.3.Table 1. VI0.5.1 to V10.5.3 Software Module Revisions TYPE IDENTIFICATION VERSION VERSION VERSION USED IN (for V10.5.1) (for V10.5.2) (for VI0.5.3)Main Processor ETSX 6271 6271 6271 3008N IOCCOM 6054 6054 6054 3008N Communication TCOM 6276 6276- 6276 4352AN, 4325BN Module 1/0 Modules AI/NITC 5661 5661 5661 3701N2 EIAI/ITC 5916 5916 5916 3703EN (AI), 3708EN (TC)A] 6256 6285 6285 3721N DO 6255 6284 6293 3625N P! 5647 5647 5647 351 IN EDI 5909 5909 5909 3501TN2. 3502EN2, 3503EN2 EAO 5897 5897 5897 3805HN EDO 5781 5781 5781 3601TN,3607EN ERO 5777 5777 5777 3636TN TSDO/HVDO 6273 6273 6273 3603TN TSDO2 5940 5940 5940 3623TN RXM 3310 3310 3310 4200N,4201N Application TriStation 1131, TriStation Workstation Program Developer's 4.7.0, or 4.7.0, or 4.7.0, or Development Workbench Suite 4.9.0 4.9.0 4.9.0 Software Bold indicates changes from V1 0.5.1 version n nv'e. n s ".9*
- TM i n.v'e.n s .ý= s" Operations Management Triconex Document:
993754-1-916 Title: VI1 Tricon Reference Design Change Analysis Revision:
0 Page: 9 of 12 Date: 03/19/2012 3.1 I/O module operating firmware The Tricon operating software (firmware) in V 10.5.3 was revised in two 1/O modules, as follows: NGAI Analog Input Module (372 IN)* Al firmware version 6256 was replaced by Al version 6285 as part of the V10.5.2 maintenance release.NGDO Digital Output Module (3652N)" DO firmware version 6255 was replaced by DO version 6284 as part of the V10.5.2 maintenance release." The V10.5.3 maintenance release subsequently revised this module firmware, replacing version 6284 with DO version 6293.No other operating software was changed from V10.5.1 to 10.5.3.3.1.1 Maintenance Release V10.5.2 Purpose: The V 10.5.2 upgrade was initiated as a Maintenance-of-Line (MOL) project to resolve an internal diagnostic anomaly on selected I/O modules. The condition, noted in the field, caused random indication of a fault condition in the module that did not affect the safety function of the modules, but was a source of nuisance alarms. The condition was documented in Product Discrepancy Report (PDR) IRTX#21105
[Ref. 1.3.2] and Technical Advisory Bulletin (TAB)183 [Ref. 1.3.3].Engineering Project Plan (EPP) 9100346-001
[Ref. 1.3.4] was prepared to correct the problem and revise software for the 3625N (digital output module) and the 3721N (analog input module).Software modules Al 6285 and DO 6284 were developed and released in accordance with approved Triconex development process procedures.
Validation of V10.5.2 software changes is documented in the Tricon V10.5.2 V&V Test Report [Ref. 1.3.5].The V10.5.2 software was released in January 2011 with Software Release Definition (SRD)6200003-226
[Ref. 1.3.6]. Tricon version 10.5.2 was subsequently added to the Nuclear Qualified Equipment List (NQEL) 9100150-001
[Ref. 1.3.7] for safety related nuclear applications.
3.1.2 Maintenance Release V10.5.3 Purpose: The VI 0.5.3 upgrade was initiated as a result of a potential safety issue that was discovered in Tricon digital output modules. A condition of spurious output transitions in the 3625 series digital output modules was reported under certain circumstances.
The nuclear qualified module 3625N was one of the affected modules. The condition was documented in PDR IRTX#22481
[Ref. 1.3.8]. As required by the Triconex Quality Assurance
- program, i IIn v" e. n" s.9 s 0 TM n V 'e. n .s '.!= s " Operations Management Triconex Document:
993754-1-916 Title: V10 Tricon Reference Design Change Analysis Revision:
0 Page: 10 of 12 Date: 03/19/2012 Product Alert Notice (PAN) 25 [Ref. 1.3.9] was issued to alert customers to the condition and propose appropriate actions pending a final fix. A revision to the digital output module firmware was required to eliminate the cause of the potential spurious transitions.
Engineering Project Plan (EPP) 9100428-001
[Ref. 1.3.10] was prepared to correct the problem and release revised software for the 3625 series digital output module, including the 3625N.Software module DO 6293 was developed and released in accordance with approved Triconex development process procedures.
Validation of VI 0.5.3 software changes is documented in the Tricon PAN25 Master Test Report [Ref. 1.3.11 ].The V10.5.3 software was issued in September 2011 with Software Release Definition (SRD)6200003-230
[Ref. 1.3.12]. Tricon version 10.5.3 was subsequently added to the Nuclear Qualified Equipment List (NQEL) 9100150-001 for safety related nuclear applications.
3.2 TriStation 1131 Application Programming Software Tricon version VI0.5.3 includes an updated version of the TriStation 1131 programming software.
The Tricon V10.5.1 system was originally released with TriStation 1131, version 4.7.0. This programming software suite has since been upgraded to correct performance issues" and has been made available as TriStation 1131 V4.9.0 for use in all VI0 Tricon systems.The TriStation version 4.9.0 upgrade was initiated as a Maintenance of Line (MOL) project to resolve accumulated PDRs and to add minor functional improvements to the TriStation and Safety Suite 'Applications product. The project included several high priority safety-significant PDRs for conditions noted in Product Alert Notices (PANs) 22 and 24 [Ref. 1.3.13 and 1.3.14], and Technical Advisory Bulletin (TAB) 147 [Ref. 1.3.15].TriStation 1131 V4.9.0 did not add any new features, but provided enhancements to existing features.
The V4.9.0 Engineering Project Plan, document 9100359-001
[Ref. 1.3.16], contains a complete list of deliverables for the project with regard to the software corrections (PDR resolutions) and enhancements.
Software module revisions were developed and issued in accordance with approved Triconex development process procedures.
Validation of TriStation 1131 V4.9.0 software changes is documented in the TriStation 1131 V4.9.0 Master Test Report[Ref. 1.3.17].The revised TriStation 1131 software suite (V4.9.0) was released in September 2011 with Software Release Definition (SRD) 6200097-038
[Ref. 1.3.18]. TriStation V4.9.0 was subsequently added to the Nuclear Qualified Equipment List (NQEL) 9100150-001 for safety related nuclear applications.
Vrn V e. n s".** s"" "TM n v'e.q n ', s ".-j Operations Management Triconex-Document:
993754-1-916 Title: VI10 Tricon Reference Design Change Analysis Revision:
0 Page: 11 of 12 Date: 03/19/2012
- 4. Impact of Differences on the Tricon Platform Tricon Operating Firmware Changes to modules 3625N and 372 IN None. Revision of the DO and Al module firmware resolved bug fixes and necessary operational enhancements.
While changes under V10.5.2 were relatively minor, the VI0.5.3 changes had potential safety significance that required correcting.
All existing functionality of the previous firmware was maintained.
No major changes in structure or functionality were introduced.
Revisions to the operating firmware forthe VI 0.5.3 system provide improved reliability and performance and have no adverse impact on the Tricon platform.TriStation 1131 Programming Software None. Revision of the TriStation programming software resolved numerous software bug fixes and made operational enhancements.
Most software performance issues were minor, but several were potentially safety significant.
All existing functionality of the previous TriStation version was maintained.
Adding the latest revision of TriStation software to the Tricon V 10.5.3 system provides improved performance and has no adverse impact on the Tricon platform.
n v e. n s" .j so TM Operations Management i n v e. n s'.w s" Triconex Document:
993754-1-916 Title: VI0 Tricon Reference Design Change Analysis Revision:
0 Page: 12 of 12 Date: 03/19/2012
- 5. Conclusion Based on the nature of the maintenance changes to the software modules, Tricon VI 0.5.3 is considered equivalent to Tricon V10.5.1 and is fully represented by all previous documentation submitted for Tricon V10.5.1.