Submittal of Requested Information Regarding Main Steam and Feedwater Isolation System (Msfis) Controls Modification

ML090440051
Person / Time
Site:	Wolf Creek
Issue date:	01/29/2009
From:	Garrett T Wolf Creek
To:	Document Control Desk, Office of Nuclear Reactor Regulation
References
ET 09-0005
Download: ML090440051 (71)
v • d • e

Text

W0LF CREEK NUCLEAR OPERATING CORPORATION Terry J. Garrett January 29, 2009 Vice President Engineering ET 09-0005 U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555

Reference:

1) Letter ET 07-0004, dated March 14, 2007, from T. J. Garrett, WCNOC, to USNRC

2) Letter WM 09-0001, dated January 16, 2009, from S. E.

Hedges, WCNOC, to USNRC

Subject:

Docket No. 50-482: Submittal of Requested Information Regarding Main Steam and Feedwater Isolation System (MSFIS) Controls Modification Gentlemen:

Reference 1 provided a license amendment request (LAR) that proposed revisions to Technical Specification (TS) 3.3.2, "Engineered Safety: Feature Actuation System (ESFAS)

Instrumentation," TS 3.7.2, "Main Steam Isolation -Valves (MSIVs),' and TS 3.7.3, "Main Feedwater Isolation Valves (MFIVs)." Reference 1 proposed changes to these specifications based on a planned modification to replace the MSIVs and associated actuators, MFIVs and associated actuators, and replacement of the Main Steam and Feedwater Isolation System (MSFIS) controls.

Reference 2 provided additional information identified from a second site visit to CS Innovations on December 10 and 11, 2008. During the site visit, the remaining information that the NRC Staff required to support the review of the LAR was identified. On December 12, 2008, Wolf Creek Nuclear Operating Corporation (WCNOC) sent to the NRC by electronic mail the list of the identified information needed for the NRC staff to complete its review. Subsequent to the submittal of Reference 2, a telecon was held with the NRC staff on January 22, 2009, in which the staff requested that WCNOC submit an updated WCNOC MSFIS Verification and Validation (V & V) Report including the Requirements Traceability Matrix. This was not provided in Reference 2, as it had not been identified as one of the documents that was required to be submitted for the staff to complete its review. A draft of the WCNOC MSFIS V & V Report was provided by electronic mail on January 23, 2009. The Enclosure provides the WCNOC MSFIS V & V Report, Revision 2.5. ",

.5. Box 411 / Burlington, KS 66839 E Phone: (620) 364-8831 An Equal Opportunity Employer M/F/HCNVET

ET 09-0005 Page 2 of 3 The documentation provided in the Enclosure does not impact the conclusions of the No Significant Hazards Consideration provided in Reference 1. In accordance with 10 CFR 50.91, a copy of the submittal is being provided to the designated Kansas State official.

This letter contains no commitments. If you have any questions concerning this matter, please contact me at (620) 364-4084, or Mr. Richard D. Flannigan at (620) 364-4117.

Sincerely, Terry J. Garrett TJG/rlt Enclosure cc: E. E. Collins (NRC), w/e T. A. Conley (KDHE), w/e V. G. Gaddy (NRC), w/e B. K. Singal (NRC), w/e Senior Resident Inspector (NRC), w/e

ET 09-0005 Page 3 of 3 STATE OF KANSAS )

COUNTY OF COFFEY )

Terry J. Garrett, of lawful age, being first duly sworn upon oath says that he is Vice President Engineering of Wolf Creek Nuclear Operating Corporation; that he has read the foregoing document and knows the contents thereof; that he has executed the same for and on behalf of said Corporation with full power and authority to do so; and that the facts therein stated are true and correct to the best of his knowledge, information and belief.

Terry J/,arrett Vice President Engineering

-SUBSCRIBEDand sworn to before me this oq "/dayof9A# A ,2009.

Notary Public J0-1£-wW Expiration Date _..// Z1,0J/7, 9

I - r

Enclosure to ET 09-0005 WCNOC MSFIS V & V Report, Rev. 2.5

ALS Class 1E Controls: MSFIS V&V Report ADVANCED LOGIC SYSTEM (ALS)

CLASS 1E CONTROLS MSFIS V & V REPORT REVISION 2.5 PROJECT MANAGER - GREGG CLARKSON MANAGEMENT SPONSOR - PATRICK GUEVEL EXECUTIVE SPONSOR - TERRY GARRETT Wolf Creek Nuclear Operating Corporation PO Box 411 1550 Oxen Lane, NE Burlington, KS 66839 Revision 2.5 1/25/2009 Page 1 of 29

ALS Class 1E Controls: MSFIS V&V Report Revision Control Rev # Apva Approval Dae < ( Dscriplion of Change(s) 0 GWC 9/16/2006 Requirements Analysis Report 1 GWC 4/6/2007 Design Analysis Report 2 GWC 1/16/2008 Implementation and Test Analysis Report 2.1 GWC 2/18/2008 Move Revision 2 of the report into the same format as the rest of the ALS Class 1E Controls documents.

2.5 GWC 1/25/2009 This revision incorporates the factory acceptance test (FAT) and the site acceptance test (SAT) performed by CS Innovations. This revision also incorporates the combined FAT/SAT performed by CS Innovations at Wolf Creek after implementation of the inherent diversity.

1/25/2009 Page 2 of 29 Revision 2.5 1/25/2009 Page 2 of 29

ALS Class 1E Controls: MSFIS V&V Report Table of Contents REV ISIO N 2.5 .......................................................................................................................................................................... 1 1 I Introduction ........................................................................................................................................................................ 5 1.1 Purpose ..................................................................................................................................................................... 5 1.2 Reference D ocum ents .............................................................................................................................................. 7 1.2.1 Wolf Creek Nuclear Operating Company (WCNOC) Specification J- 105A(Q) ..................................... 7 1.2.2 CMP - Configuration Management Plan for Class 1E Qualified ALS MSFIS ....................................... 7 1.2.3 W CN O C Procedure A P 05F-001 - D esign V erification ........................................................................ 7 1.2.4 WCNOC Procedure AP 05-002 - Dispositions and Change Packages ................................................... 7 1.2.5 WCNOC Procedure AP 05-005 Design, Implementation & Configuration Control of M odifications................................................................................................................................................ 7 1.2.6 M SFIS System Specification, CSI docum ent 6101-00002 ...................................................................... 7 1.2.7 M SFIS System Test Plan, CSI docum ent 6101-00004 .......................................................................... 7 1.2.8 A LS EQ Plan, CSI docum ent 6002-00004 ............................................................................................. 7 1.2.9 M SFIS V &V Report, CSI docum ent 6101-00200 ................................................................................. 7 1.2.10 EM C Test Surveillance Report, C SI docum ent 6002-00201 ................................................................... 7 1.2.11 N TS Tem perature Test Report, CSI docum ent 6002-00206 .................................................................... 7 1.2.12 CSI ESD Test Report, C SI docum ent 6002-00207 ................................................................................. 7 1.2.13 CSI Isolation Test Report, CSI docum ent 6002-00208 .......................................................................... 7 1.2.14 Q ualification Test Report, N utherm docum ent W CN -9715R ................................................................ 7 1.2.15 EMC Test Procedure, N utherm docum ent 9715-EM C-04 ..................................................................... 7 1.2.16 Seismic Test Procedure, N utherm docum ent S-128P ............................................................................ 7 2 V erification & V alidation O verview .................................................................................................................................. 8 2.1 Organization ............................................................................................................................................................. 8 2.2 Configuration M anagem ent Responsibilites ...................................................................................................... 12 2.2.1 V &V Staffing:............................................................................................................................................ 12 2.3 Tasks and Responsibilities ..................................................................................................................................... 12 2.3.1 Project Manager Responsibilities ......................................................................................................... 12 2.3.2 Verification and V alidation Engineer Responsibilities ........................................................................ 12 2.3.3 Q ualification and Q uality O versight Contractor Responsibilities .......................................................... 13 2.4 Tools, Techniques and M ethodology .................................................................................................................... 13 2.4.1 Tools .......................................................................................................................................................... 13 2.4.2 Techniques and M ethodologies ................................................................................................................. 14 3 Life Cycle V &V ............................................................................................................................................................... 16 3.1 M anagem ent ........................................................................................................................................................... 16 3.2 System Requirem ents V &V .................................................................................................................................... 16 3.2.1 O verview ................................................................................................................................................... 16 3.2.2 Inputs/O utputs ........................................................................................................................................... 17 Revision 2.5 1/25/2009 Page 3 of 29

ALS Class 1E Controls: MSFIS V&V Report 3.3 Hardware Requirem ents V& V ............................................................................................................................... 17 3.3.1 Verification and Validation Tasks ......................................................................................................... 19 3.3.2 M ethods and Criteria ................................................................................................................................. 19 3.4 Design Phase V &V ................................................................................................................................................ 19 3.5 Implementation and Test Phase V&V .................................................................................................................... 22 3.5.1 Implem entation Phase ............................................................................................................................... 22 3.5.2 Test Phase .................................................................................................................................................. 25 4 V&V Summ ary ................................................................................................................................................................ 28 5 EN CLOSURE (Requirem ents Traceability M atrix) .................................................................................................... 29 Revision 2.5 1/25/2009 Page 4 of 29

ALS Class 1E Controls: MSFIS V&V Report 1.1 Purpose The purpose of the MSFIS V&V Report (VVR) is to document the verification and validation processes and procedures that were used by Wolf Creek Nuclear Operating Company (WCNOC) to assure that the Advanced Logic System Main Steam and Feedwater Isolation System (ALS MSFIS) controls being developed meet the requirements for a safety related Class 1E qualified nuclear power plant safety system.

The VVR shall being issued in four (4) phases, as follows:

• Revision 0 -- Requirements Analysis Report

• Revision 1 -- Design Analysis Report

• Revision 2 -- Implementation and Test Analysis Report

• Revision 3 -- Validation Test Report This is Revision 2.5, the Implementation and Test Analysis Report. This revision includes Factory Acceptance Test (FAT), Site Acceptance Test (SAT), and an integrated FAT/SAT re-test to validate a significant design change.

The VVR is a living document that is prepared and updated periodically during the course of the project. Each phase of the project, e.g., System Requirements Phase, Hardware Requirements Phase, Design Phase, and others, shall be covered by a subsection that documents in detail the V&V efforts during that phase, and the results thereof, including anomalies discovered and their resolution and consequent re-work, re-verification and re-validation. The documentation that each phase has been completed in full compliance with the requirements of that phase with respect to the specifications shall be included or specifically referenced from among the other required project documentation. The final report will consist of these subsections, together with subsections providing an overview and a summary of the entire V&V effort. The Requirements Traceability Matrix shall be included as an Enclosure to the final VVR. The format of the report will generally follow the outline below:

Revision 2.5 1/25/2009 Page 5 of 29

ALS Class IE Controls: MSFIS V&V Report

1. Purpose/Applicability/Limits/Exclusions of this VVR

2. Summary/Overview of the Project V&V effort

3. System Requirements Phase V&V

4. Hardware Requirements Phase V&V

5. Design Phase V&V

6. Implementation Phase V&V (including Pre-Production Test Report)

7. Test Phase V&V (including Final Acceptance Test Report)

8. Installation and Checkout Phase V&V 1/25/2009 Page 6 of 29 Revision 2.5 1/25/2009 Page 6 of 29

ALS Class 1E Controls: MSFIS V&V Report 1.2 Reference Documents 1.2.1 Wolf Creek Nuclear Operating Company (WCNOC) Specification J-105A(Q) 1.2.2 CMP - Configuration Management Plan for Class 1E Qualified ALS MSFIS 1.2.3 WCNOC Procedure AP 05F-001 - Design Verification 1.2.4 WCNOC Procedure AP 05-002 - Dispositions and Change Packages 1.2.5 WCNOC Procedure AP 05-005 Design, Implementation & Configuration Control of Modifications 1.2.6 MSFIS System Specification, CSI document 6101-00002 1.2.7 MSFIS System Test Plan, CSI document 6101-00004 1.2.8 ALS EQ Plan, CSI document 6002-00004 1.2.9 MSFIS V&V Report, CSI document 6101-00200 1.2.10 EMC Test Surveillance Report, CSI document 6002-00201 1.2.11 NTS Temperature Test Report, CSI document 6002-00206 1.2.12 CSI ESD Test Report, CSI document 6002-00207 1.2.13 CSI Isolation Test Report, CSI document 6002-00208 1.2.14 Qualification Test Report, Nutherm document WCN-9715R 1.2.15 EMC Test Procedure, Nutherm document 9715-EMC-04 1.2.16 Seismic Test Procedure, Nutherm document S-128P Revision 2.5 1/25/2009 Page 7 of 29

ALS Class IE Controls: MSFIS V&V Report 2.1 Organization This section describes the organization for design/development and V&V of the subject system.

The V&V organization includes three independent groups, under the oversight of the ALS MSFIS Project Manager and WCNOC Design Change Process. The three groups are represented in Figure 2-1:

1. WCNOC - responsible for the design and implementation of modifications at WCGS using established WCNOC processes and procedures (AP 05-005, Design, Implementation & Configuration Control of Modifications and AP 05-002, Dispositions and Change Packages). Baseline Engineering is providing the function of a project V&V Engineer. The project V&V Engineer is responsible to provide independent oversight and direct actions to ensure that the V&V requirements for a Class 1E system are satisfied. The V&V Engineer shall review and credit all underlying V&V activities performed by the Class 1E Controls Supplier and/or the Qualification and Quality Oversight Contractor. In addition to the V&V Engineer, an independent V&V of the Design Change Package is performed by a qualified WCNOC Engineer. This independent V&V is in addition to the V&V activities performed by the Design Contractor/Class 1E Controls Supplier, the Qualification and Quality Oversight Contractor, and the project V&V Engineer. A summary of all V&V activities are shown in Figure 2-2.

2. Design Contractor/Class 1E Controls Supplier (CS Innovations) - responsible for the design, development, integration, and final delivery of the product. For this project, CS Innovations (CSI) is providing this function.

3. Qualification and Quality Oversight Contractor (Nutherm International) -

responsible to provide both oversight and direct actions to independently ensure that the requirements on qualification of safety related hardware for the Class 1E system, including its performance, integration, configuration control, and documentation, are satisfied. Nutherm International (NI) performed this function.

Revision 2.5 1/25/2009 Page 8 of 29

ALS Class lE Controls: MSFIS V&V Report Figure 2-1: V&V Organization 1/25/2009 Page 9 of 29 Revision 2.5 1/25/2009 Page 9 of 29

ALS Class 1E Controls: MSFIS V&V Report OA Report Nuthenn V&V Final w/Survey Activities Requirements Independent Reports Drawing SurWey Review Survey survfw Verification FAT CSI Traveler WCNOC V&V and Nutherm ALS Class El Engineer Review Review Drawing Controls:

V SFIS Actvit~es Requirements Review Design Test Test Verification Review FAT Final W&V Reporl V&V Plan Review Test Plans Reviews Results Results Review Results Perform SAT Perform PIT Review V&V WCNOC Design Activities to Review FAT Change Date, Review and SAT Ch"-"

Profts v&v Final Results, Dei~verabieL Review Design Drawings and Change 1 Documents I Pack___II Figure 2-2: Summary of V&V Activities for the ALS Class 1E Controls: MSFIS Project 1/25/2009 Page 10 of 29 Revision Revision 2.5 1/25/2009 Page 10 of 29

ALS Class 1E Controls: MSFIS V&V Report Subsequent to the issue of the VVR, Revision 1 (8/31/07), WCNOC implemented a revised procurement structure for the MSFIS equipment. As noted above, CSI is now the Class 1E supplier, and NI's role for the ALS MSFIS project is to provide environmental qualification (EQ) and supplemental, or "augmented," quality oversight., This results in some duplication of quality efforts on the project. CSI has independently performed some additional EMC testing (informally) and has also performed an additional Factory Acceptance Test (FAT). These activities are documented in the MSFIS V&V Report (CSI document 6101-00200).

Prior to implementation of the new procurement structure WCNOC performed a Part 50 Appendix B audit of CSI. This performance based supplier audit focused on the supplier's in-process activities that are needed to reach a conclusion about whether items produced by the supplier's process will perform their intended function. This audit relied, in part, on the confirmatory acceptance testing that was performed by N1. The audit results concluded that the CSI Quality Assurance Program was well implemented and satisfies the requirements of 10 CFR 50 Appendix B. WCNOC's audit of CSI's 10 CFR 50 Appendix B Quality Assurance Program and performance of the independent reviews and qualification testing by NI, combined with WCNOC quality and engineering personnel oversight surveillance activities, provided the basis for the approval of CSI's 10 CFR 50 Appendix B Quality Assurance Program to supply WCNOC with safety related material. Figure 2-3 provides a timeline depicting the activities associated with the ALS MSFIS controls.

ALS MSFIS Controls - Vendor QA Timeline h - -CS INNOVATIONS OA PROGRAM ALS PLATFORlM BUILD OUALUVENTI AL OF I OVAL DESIGH SI IMPLEMEIITI 1MSFIS FATSA MSFISj l C 1'P*APID"CYCLE cs1 Activities CT INIO"AT~iN . C, I*OVAT ICA ION.'fT PO -105,4(0) ISTUED FATCOMPLETE ECUIPI1OT RIY 4,14 411N TlORN SNTTALL Z]

42 ILT TNa. i ay T. .ex0iýoDjDe Jwt Ju Au mt Feb.M

ý. N1eT Tt .

n ,uApr w u A [an. , Fb M *Apr.

M. Mav. Jun. ful Aw 0 ~ Fb Fn p Mve 006 I20Io 2008

'II 'U "UiyET, SURJ INDEPENDENT yYCFME 6, 1 ENDED I ~VERIFICATION Z, OF iPRODUCTION Nutherm EQUIPMENT Activities F;-NUTHERM OA PROGRAM [DESIGN REVIEWS AND VENDOR SURVEYS S Figure 2-3: ALS MSFIS Controls - Vendor QA Timeline Revision 2.5 1/25/2009 Page 11 of 29

ALS Class 1E Controls: MSFIS V&V Report 2.2 Configuration Management Responsibilites 2.2.1 V&V Staffing:

The V&V Engineer has a broad background and experience in the design, development, test and operation of nuclear power plant instrumentation and control systems, and the standards and practices in this discipline, particularly regarding the experience in applying digital computer technology in these applications. The V&V Engineer shall perform and/or direct the performance of the V&V activities of the project.

2.3 Tasks and Responsibilities This section identifies the responsibilities of specific individuals and organizations within the framework of the VVR.

2.3.1 Project Manager Responsibilities The ALS MSFIS Project Manager is responsible either personally, or through the actions of others, for the performance of the entire ALS MSFIS Project, including all aspects of design, development, manufacture, testing, and shipping. The following elements of V&V related activities are included in these responsibilities:

Prepare System Specification Prepare Project Plan Coordinate subcontracted design, qualification and testing 2.3.2 Verification and Validation Engineer Responsibilities The V&V Engineer is an independent individual that is responsible to supervise and/or perform the System V&V Plan including the content of the documentation thereof. Responsibilities include:

Perform and/or supervise verification and validation activities for each project phase.

Prepare the following plans:

System V&V Plan MSFIS Configuration Management Plan (CMP)

Revision 2.5 1/25/2009 Page 12 of 29

ALS Class 1E Controls: MSFIS V&V Report Prepare the following documents:

MSFIS V&V Report (VVR)

Requirements Traceability Matrix (RTM)

System Reliability Analysis (SRA)*

Failure Modes and Effects Analysis (FMEA)*

• The SRA and FMEA, although not "traditional" V&V functions, are being performed by the V&V engineer. The reports will be included in the VVR, Revision 3, as significant factors in the total system V&V process.

2.3.3 Qualification and Quality Oversight Contractor Responsibilities The following elements of V&V related activities are included in these responsibilities:

Prepare the following plans:

Qualification Plan (Note: The Qualification and Quality Oversight Contractor (NI) was responsible for all aspects of the Class 1E qualification as the ALS MSFIS Controls procurement was originally structured. The Design Contractor/Class 1E Controls Supplier (CSI) is now providing the equipment under their own Appendix B program, so some of the dedication activities have been re-iterated. )

Prepare the Following Procedures:

Seismic Test Procedure EMC Test Procedure 2.4 Tools, Techniques and Methodology 2.4.1 Tools One special tool is used in the V&V process, as follows:

Revision 2.5 1/25/2009 Page 13 of 29

ALS Class 1E Controls: MSFIS V&V Report

1) A software tool (IBM Rational Pro) for tracking system requirements from the original specification through the various design documents, and generating the Requirements Traceability Matrix. The output of the software tool has been reformatted to a tabular format for ease of review.

2.4.2 Techniques and Methodologies The fundamental methodology is to verify and document that each phase of the system development life cycle resulted in a product that satisfies the requirements for that phase. It must be proven that all elements of the design conform to the requirements. Further, it must be demonstrated that the integrated product performs all of the required functions, with no unintended functions.

To assure adequacy of the design and to facilitate the performance of the V&V process the following steps were taken:

a. Detailed, well defined requirements were established and formatted to facilitate verification that each requirement is satisfied, e.g., to facilitate testing and tracking.

b. To the maximum practicable extent, requirements were specified in well defined mathematical language, such as logic diagrams, state tables, or other unambiguous forms.

c. A Requirements Traceability Matrix is maintained to facilitate verification that the requirements were correctly propagated forward through the design, testing and validation steps of the development process, and so that validation at each phase of the development process is related specifically to these requirements.

d. Testing is defined and derived from the established requirements.

e. Testing results are well documented.

f. Configuration management is enforced.

g. Changes in requirements are controlled through a process of approval, documentation, and verification and validation commensurate with the scope and criticality of the changes.

1/25/2009 Page 14 of29 Revision 2.5 1/25/2009 Page 14 of 29

ALS Class 1E Controls: MSFIS V&V Report

h. Software that has been procured for use in design and/or testing shall be controlled during all phases of MSFIS development.

i. Procedures assure configuration control, including verification that the configuration used during testing is the same as that used for the final system..

1/25/2009 Page 15 of29 Revision 2.5 1/25/2009 Page 15 of 29

ALS Class 1E Controls: MSFIS V&V Report The life cycle used in this project follows the "waterfall" model and includes the following phases:

1) System Requirements Phase

2) Design Phase

3) Implementation Phase

4) Test Phase

5) Installation and Checkout

6) Operation and Maintenance 3.1 Management The management of the V&V process for this project entails a close working relationship between the V&V Engineer and the ALS MSFIS Project Manager, to define the "fine structure" for the V&V work within the framework defined in this document. The VVR (this document) is prepared and maintained as a living ,document during the life of the project by updating and adding material as each phase of the project is completed and any necessary iterations are performed.

3.2 System Requirements V&V 3.2.1 Overview System requirements were established by WCNOC in Specification J-105A(Q). CSI used this document to base the preparation of the conceptual design. One V&V step was taken in this phase:

1) Critical review of WCNOC J-105A(Q) and resolution of comments and questions deriving there from.

1/25/2009 Page 16 of29 2.5 Revision 2.5 1/25/2009 Page 16 of 29

ALS Class 1E Controls: MSFIS V&V Report The principal V&V method used in this phase was the critical review of the WCNOC specification followed by discussions to resolve any comments or questions. The Requirements Traceability Matrix was initiated to provide a formalized database that provides item number by item number correlations. Particular attention was given to assuring that the requirements are amenable to demonstration by test of the completed system. Approval was obtained from the CSI Lead Design Engineer, Qualification and Quality Oversight Contractor (NI), V&V Engineer and the Project Manager following resolution of all comments resulting from the System Requirements Verification. The criteria for satisfactory completion of this phase were the agreement by all parties that closure was achieved on all comments and that each individual technical requirement could be demonstrated through either test or analysis.

3.2.2 Inputs/Outputs The input for this phase was the initial WCNOC J- 105A(Q) specification, Revision 1.

The output for this phase was the resolution of comments and issuance of Revision 2 of the WCNOC J- 105A(Q) specification.

3.3 Hardware Requirements V&V The hardware requirements phase consisted of one step:

1) The preparation of the System Requirements Document (SRD, CSI document 6101-00002, "MSFIS System Specification").

The SRD provides a structured delineation of the system requirements contained in the WCNOC J-105A(Q) specification that are satisfied by the design, and the manner and structure in which the design will function to satisfy those requirements. The SRD addresses:

a. Process inputs, including test inputs.

b. System logic required for operation of the MSFIS.

c. Process outputs, including ranges, accuracies, update interval, and human factors considerations of the operator interface.

d. Initialization requirements such as initial values and start-up sequence.

Revision 2.5 1/25/2009 Page 17 of 29

ALS Class 1E Controls: MSFIS V&V Report

e. Logic for response to detected failures.

f. Operator interfaces (control panels, displays).

g. Automated in-service test and diagnostic capabilities.

h. Timing requirements for all time dependent events, including overall system requirements.

i. Limitations on processing time.

j. Security requirements such as passwords.

k. Design features that provide administrative control of all devices capable of changing the content of stored setpoints and logic.

1. Initialization requirements such as power-up and power-down.

m. Design features for the detection of system failure.

n. Manually initiated in-service test or diagnostic capabilities.

o. Human factors engineering design features encompassing operator interfaces associated with operation, maintenance, and testing.

p. Mechanical and electrical interfaces with existing systems and structures.

q. Design features necessary to assure satisfaction of the seismic and electromagnetic interference design requirements for the system.

The SRD includes all of the technical requirements of the project in a form that facilitates tracking back to the statements of the WCNOC J-105A(Q) specification, and forward to the succeeding phases of the development program.

Revision 2.5 1/25/2009 Page 18 of 29

ALS Class 1E Controls: MSFIS V&V Report 3.3.1 Verification and Validation Tasks The V&V tasks for the requirements phase consisted of independent reviews of the documents prepared in this phase against the WCNOC J- 105A(Q) specification. All questions, comments or anomalies found during the reviews were documented and resolved before proceeding to the design phase of the development process.

3.3.2 Methods and Criteria The Requirements Traceability Matrix was updated to confirm that the complete set of WCNOC J- 105A(Q) specification requirements were covered by the SRD. This step included:

1. Tracing the requirements to the system requirements.

2. Review of identified relationships for correctness, consistency, completeness, and accuracy.

3. Review to assure the requirements are testable.

4. Assessment of how well system requirements were satisfied, and identification of key performance and critical areas of the design.

3.4 Design Phase V&V The tasks for the V&V of the design phase of the development process for the ALS MSFIS consisted of several activities as follows:

Review, approval, and issue of the CSI document 6101-00002, "MSFIS System Specification," prepared by the design team to satisfy the requirements of the WCNOC J-105A(Q) Specification. Revision 3 of WCNOC J-105A(Q) was issued on 6/29/07. This revision resolved several issues that were raised during the design phase and represents the "final" specification version moving forward from the design phase.

1/25/2009 Page 19 of29 2.5 Revision 2.5 1/25/2009 Page 19 of 29

ALS Class 1E Controls: MSFIS V&V Report

• Preparation and internal issuance of detailed documents by the Design Contractor/Class 1E Controls Supplier. Preparation and issuance of system drawings by the Design Contractor/Class 1E Controls Supplier.

• Review and approval of system drawings by WCNOC. The system drawings are listed below:

4101-008 Bill of Materials and Assembly Drawing, ALS Backpanel 4101-007 Schematic, Backpanel, MSFIS 4101-010 Bill of Materials and Assembly Drawing, ALS-101 4101-009 Schematic, ALS-101 4101-012 Bill of Materials and Assembly Drawing, ALS-201 4101-011 Schematic, ALS-201 4101-018 Bill of Materials and Assembly Drawing, ALS-201 Bypass Switch Board 4101-017 Schematic, ALS-201 Bypass Switch Daughterboard 4101-004 Bill of Materials and Assembly Drawing, ALS-301 4101-003 Schematic, ALS-301 4101-006 Bill of Materials and Assembly Drawing, ALS-401 4101-005 Schematic, ALS-401 4101-002 Bill of Materials and Assembly Drawing, ALS-411 4101-001 Schematic, ALS-411 4101-014 Bill of Materials and Assembly Drawing, ALS-905 4101-013 Schematic, ALS-905 4101-035 Drawing, Assembly Panel, SA075A 4101-036 Bill of Material and Wirelist, Assembly Panel, SA075A 4101-037 Drawing, Assembly Panel, SA075A 4101-038 Bill of Material and Wirelist, Assembly Panel, SA075A 4101-049 Drawing, SA075A, Vendor Wiring 4101-050 Drawing, SA075B, Vendor Wiring 4101-019/4101-021 Drawing, WC-MSFIS Cable, Cxx I (MS/MF) 4101-020/4101-022 Bill of Material and Wirelist, WC-MSFIS Cable, Cxxi 4101-023/4101-025 Drawing, WC-MSFIS Cable, Cxx2 (MS/MF) 4101-024/4101-026 Bill of Material and Wirelist, WC-MSFIS Cable, Cxx2 4101-027/4101-029 Drawing, WC-MSFIS Cable, Cxx3 (MS/MF)

Revision 2.5 1/25/2009 Page 20 of 29

ALS Class 1E Controls: MSFIS V&V Report 4101-028/4101-030 Bill of Material and Wirelist, WC-MSFIS Cable, Cxx3 4101-031/4101-033 Drawing, WC-MSFIS Cable, Cxx4 (MS/MF) 4101-032/4101-034 Bill of Material and Wirelist, WC-MSFIS Cable, Cxx4 4101-065 Drawing, MSFIS Logic Overview 4101-061 Drawing, SA075A MS One Line Drawing 4101-062 Drawing, SA075A MF One Line Drawing 4101-063 Drawing, SA075B MS One Line Drawing 4101-064 Drawing, SA075B MF One Line Drawing 9715-SA-71294-D Mounting Platform MSFIS Rack Sub-Assembly 9715-OD-71217-D MSFIS Cabinet Outline Dimensional 9715-SA-71216-D MSFIS Cabinet Shop Assembly 9715-PP-71215-D Mounting Platform Piece Parts

• Review and approval of the System Test Plan prepared by the Design Contractor/Class lE Controls Supplier, needed to accomplish the Implementation and Test Phases of the development process, including the following:

MSFIS System Test Plan (CSI document 6101-00004)

• Review and approval of the Electromagnetic/Radio Frequency Interference Test Procedure prepared by the Qualification and Quality Oversight Contractor, to confirm that the system will perform satisfactorily in the EMI environment typical of a power plant control room, and will not affect other equipment installed there.

EMC Test Procedure 9715-EMC-01

" Review and approval of the Seismic Test Procedure prepared by the Qualification Contractor, to confirm that the system will remain functional during and after the seismic disturbances specified for the plant site.

Seismic Test Procedure S-128P The Qualification and Quality Oversight Contractor completed a number of commercial grade surveys which included review of the Design Contractor/Class 1E Controls Supplier's design process/design architecture and found the controls and process to be adequate. The dates of the surveys are provided on the timeline diagram in Figure 2-3. The source surveillance and commercial grade survey were based on review of objective evidence of work performed by the Revision 2.5 1/25/2009 Page 21 of 29

ALS Class 1E Controls: MSFIS V&V Report Design Contractor/Class 1E Controls Supplier on the ALS MSFIS project. The Qualification and Quality Oversight Contractor included a detailed report of their reviews in the final Dedication Report.

(Note: The Qualification Contractor (NI) was responsible for several aspects of the Class 1E qualification as the ALS MSFIS procurement was originally structured. The Design Contractor/Class 1E Controls Supplier (CSI) is now providing the equipment under their own Appendix B program, so some of the dedication activities have been re-iterated. The dedication activities provided by NI will be utilized at WCNOC as augmented quality items and reports.)

The Design Contractor/Class 1E Controls Supplier issued a Safety Assessment of the ALS MSFIS. The Safety Assessment analyzes the Functional Failure Paths of the MSFIS and from this analysis determines the safety assurance levels for major components. The Safety Assessment provides both a qualitative and quantitative analysis of the ALS MSFIS reliability and availability.

MSFIS Safety Assessment (CSI document 6101-00006)

The methods employed in the V&V of the design phase consisted principally of visual review of documents and drawings against the preceding phase outputs and the engineering experience of the reviewers, and the writing of original documents to cover the required testing. The criteria for acceptance were the projections of the experienced personnel performing the work that the documents being reviewed and prepared would meet the requirements of the WCNOC specification and work properly after installation irrespective of the specification requirements.

The inputs for the V&V of the design phase were the WCNOC Specification J-105A(Q) and the MSFIS System Specification (CSI document 6101-00002). The outputs of the V&V of the design phase were the approvals of the several documents and drawings, and the approved test procedures. No iterations affecting the outputs of previous phases were required, affecting either the conceptual design or requirements phases.

3.5 Implementation and Test Phase V&V 3.5.1 Implementation Phase The implementation phase included the assembly of the first set of hardware. The first set of hardware included cables (cable harnesses for connecting MSFIS racks to field terminal blocks in the SA075A and SA075B cabinets), panels (Assembly panel for fusing and distribution of Class-lE 125V), ALS-boards (ALS-101, ALS-201, ALS-301, ALS-401, ALS-411, ALS-905, and backpanel), and MSFIS racks (include ALS boards and backpanel). The implementation phase also included preliminary tests of operability, performance of the Preproduction Test by CSI, and performance of the Seismic and EMC tests by NI. The assembly and testing of the Revision 2.5 1/25/2009 Page 22 of 29

ALS Class IE Controls: MSFIS V&V Report remaining production units was completed following satisfactory completion of the qualification testing.

3.5.1.1 Verification and Validation Tasks The V&V Engineer worked closely with the design and qualification teams throughout this phase to ensure that the project objectives, as defined in the various levels of specifications were satisfied. The V&V Engineer verified that anomalies were being recognized and resolved in accordance with controlled processes. These anomalies are documented in the MSFIS V&V Report (CSI document 6101-00200).

3.5.1.2 Methods and Criteria The implementation phase consisted of the performance of the following tests:

Seismic Test in accordance with Nutherm Seismic Test Procedure S-128P EMC Test in accordance with Nutherm EMC Test Procedure 9715-EMC-01 Preproduction Test in accordance with MSFIS System Test Plan (CSI document 6101-00004) 3.5.1.3 Inputs/Outputs Inputs to the V&V effort for this phase were the system design documents, the hardware, the Preproduction Test Procedure, the Seismic Test Procedure, and the EMC Test Procedure.

Outputs of the V&V effort for this phase were updates to the previously prepared V&V documentation, test procedure reviews and approvals, changes to the test procedures required as a result of any iterations initiated in this phase, and the test reports.

1/25/2009 Page 23 of 29 2.5 Revision 2.5 1/25/2009 Page 23 of 29

ALS Class 1E Controls: MSFIS V&V Report Details of the Implementation Phase tests are as follows:

The initial issue of the seismic test procedure was S-128P Rev.0, issued on 11/15/06. S-128P Rev.1 was issued on 12/22/06 for WCNOC review and comment, and S-128P Rev.2 was issued on 1/8/07 to incorporate the approval comments.

The seismic test was performed on 1/11/07 at Wyle Laboratories. The seismic testing was completed successfully as documented in NI Qualification Report WCN-9715R Rev.0.

The initial issue of the EMC Test Procedure was 9715-EMC-01 Rev.0, 11/26/06. Subsequently, Rev.1 was issued on 11/28/06 to incorporate clarifications and to add a "Safety Function Actuation Test." EMC Test Procedure 9715-EMC-01 Rev.2 was issued on 12/04/06 to include CSI equipment grounding recommendations. Rev.3 was issued on 12/14/06 to add a note regarding the rationale for power lead surge withstand level tests. The final EMC Test Procedure revision, 9715-EMC-01 Rev.4 was issued on 12/19/06 to add test levels for the IEC 61000-4-4 Ring Wave Immunity Test, add a re-test of the IEC 61000-4-4 Electrical Fast Transient/Burst Immunity Test, and to add re-test, pre-test, and post-test verification sheets.

CSI conducted several EMC "pre-tests" at a local National Technical Systems subsidiary in Phoenix, AZ from August 2006 through November 2006. These tests were performed to validate the ALS board designs against NRC Regulatory Guide 1.1 80/EPRI TR- 102323 Revision 2 and also EPRI TR-102323 Revision 3, prior to formal testing.

Formal EMC testing was performed 12/07 at Elite Electronic Engineering. Testing was satisfactorily completed, however anomalies that arose during IEC 61000-4-3 (Radiated Immunity, 26MHz to 10Ghz), IEC 61000-4-4 (Electrical Fast Transients), and IEC 61000-4-5 (Surge Immunity) resulted in minor modifications (grounding arrangement and surge suppression design) to the test specimen to achieve a satisfactory result. These modifications are detailed in the Nutherm EMC Test Report, WCN-9715ER Rev.0, dated 2/16/07 and in the following CSI Engineering Change Notices (ECN's):

ECN 101-0000 - Modification to ALS-411 boards due to MOV early clamping during Surge testing ECN 101-0001 - Modification to ALS-905 boards due to capacitor early clamping during Surge testing ECN 101-0002 - Modification to MSFIS Assembly Panel to avoid fuses blowing during surge testing Further details of the ECNs listed above can be found in the MSFIS V&V Report (CSI document 6101-00200).

Revision 2.5 1/25/2009 Page 24 of 29

ALS Class 1E Controls: MSFIS V&V Report EMI qualification testing was completed successfully as documented in NI Qualification Report WCN-9715R Rev.0. CSI revised the Bills of Material (BOM's) and equipment drawings to incorporate the surge suppression and grounding changes made during EMI qualification, and these changes were reflected in the production equipment.

The Preproduction Test was completed satisfactorily on the qualification unit, and the test report is contained in the MSFIS V&V Report (CSI document 6101-00200) and CSI equipment travelers.

3.5.1.4 Resources The Design Contractor/Class 1E Controls Supplier completed Field Programmable Gate Array (FPGA) programming and V&V activities, detailed in MSFIS V&V Report (CSI document 6101-00200), prepared the preproduction unit, completed preproduction testing and completed the production units The Qualification and Quality Oversight Contractor prepared the Seismic Test Procedure and the EMC Test Procedure and completed the seismic and EMI qualification.

3.5.2 Test Phase The test phase of this project consisted of: 1) performing the Factory Acceptance Test (FAT) on each set of deliverable equipment at the Design Contractor/Class 1E Controls Supplier facility,

2) performing the Site Acceptance Test (SAT) on each set of deliverable equipment at WCGS, and 3) re-performing both the FAT and SAT in an integrated fashion on each set of deliverable equipment at WCGS. The FAT and SAT was re-performed due to a significant platform level design change which provided inherent diversity within a particular ALS rack.

Additionally, while in the test phase of this project, it was discovered that additional equipment qualification testing was required. The additionally equipment qualification testing consisted of the following: 1) EMC Testing, 2) Temperature Testing, 3) ESD Testing, and 4) Isolation Testing.

3.5.2.1 Verification and Validation Tasks The V&V responsibility for this phase consisted of reviewing the MSFIS System Test Plan (CSI document 6101-00004), reviewing the FAT results, reviewing the SAT results, and reviewing the integrated FAT/SAT results. Details of the testing results are provided in MSFIS V&V Report (CSI document 6101-00200).

Revision 2.5 1/25/2009 Page 25 of 29

ALS Class 1E Controls: MSFIS V&V Report The V&V responsibility for this phase also included reviewing the additional equipment qualification testing as specified in ALS EQ Plan (CSI document 6002-00004), and test results provided in EMC Test Surveillance Report (CSI document 6002-00201), NTS Temperature Test Report (CSI document 6002-00206), CSI ESD Test Report (CSI document 6002-00207), and CSI Isolation Test Report (CSI document 6002-00208).

3.5.2.2 Methods and Criteria The test phase consisted of performance of the MSFIS System Test Plan (CSI document 6101-00004) for purposes of completing the FAT and SAT. Criteria for satisfactory completion of this phase were that the performance of each hardware set exactly satisfied the required performance set down in the MSFIS System Test Plan (CSI document 6101-00004), and that any anomalies were resolved, and that any rework or iterations were completed thoroughly and documented fully. Details of all anomalies and resolutions can be found in MSFIS V&V Report (CSI document 6101-00200).

The test phase also consisted of performance of additional equipment qualification testing.

Criteria for satisfactory completion of this testing was the performance of the equipment qualification testing in accordance with ALS EQ Plan (CSI document 6002-00004).

3.5.2.3 Inputs/Outputs The FAT, SAT, and integrated FAT/SAT were performed in accordance with the MSFIS System Test Plan (CSI document 6101-00004). The FAT testing was completed on 9/7/07. The SAT testing was completed on 2/8/2008, and the integrated FAT/SAT testing was completed on 12/4/2008.

The FAT, SAT, and integrated FAT/SAT was completed successfully on all of the deliverable equipment.

The test results for all the above testing sets is documented in the MSFIS V&V Report (CSJ document 6101-00200) and further detailed within the CSI equipment travelers. The CSI equipment travelers contain the complete build configuration and testing history. CSI utilizes travelers to track each ALS board, backplane, chassis/rack, assembly panel, and cable assembly.

They contain the associated drawings, schematics, Bill of Material's, material traceability, assembly procedures, configuration information (FPGA loading and setpoints), and test reports.

CSI performs a V&V 'review of the travelers at each stage of manufacturing and test, prior to release for the next stage.

Revision 2.5 1/25/2009 Page 26 of 29

ALS Class 1E Controls: MSFIS V&V Report 3.5.2.4 Resources The Design Contractor/Class 1E Controls Supplier prepared the MSFIS System Test Plan (CSI document 6101-00004), and completed the FAT, SAT, and integrated FAT/SAT testing on the deliverable equipment.

Revision 2.5 1/25/2009 Page 27 of 29

ALS Class IE Controls: MSFIS V&V Report The Verification and Validation of the implementation and test phase of the development program for the ALS MSFIS was successfully completed. The implementation and test phase included; the Factory Acceptance Testing (FAT) at CS Innovations facility, Site Acceptance Testing (SAT) at Wolf Creek Generating Station, and the integrated FAT/SAT at Wolf Creek Generating Station. WCNOC has determined the testing performed in. this phase was executed according to the applicable test procedure(s), and the results of the testing successfully validated that each set of deliverable equipment has met all of the requirements of the WCNOC J-105A(Q) and the MSFIS System Specification (CSI document 6101-00002).

The implementation and test phase included additional equipment qualification testing as specified inALS EQ Plan (CSI document 6002-00004), and test results provided in EMC Test Surveillance Report (CSI document 6002-00201), NTS Temperature Test Report (CSI document 6002-00206), CSI ESD Test Report (CSI document 6002-00207), and CSI Isolation Test Report (CSI document 6002-00208). WCNOC has determined the combined results of the previous equipment qualification testing performed by Nutherm International and the additional testing in this phase has successfully validated that the equipment meets the qualification requirements of WCNOC J- 105A(Q).

Open work items remaining include the following:

• Equipment Installation

• Post Installation Testing (Final Checkout)

This VVR was updated with a mid level revision of the Implementation and Test Analysis Report Revision 2. The next revision of this VVR is planned to be Revision 3 which will contain discussion for the Post Installation Testing (PIT).

1/25/2009. Page' 28 of 29.

Revision 2.5 1/25/20W9 Page, 28 of 29 '

ALS Class lE Controls: MSFIS V&V Report 1/25/2009 Page 29 of 29 Revision 2.5 2.5 1/25/2009 Page 29 of 29

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The replacement system will replace the existing The MSFIS provides 125 Volt DC outputs to energize hardware in both MSFIS cabinets, SA075A and or de-energize control solenoids to operate and test SA075B. After replacement, each cabinet will contain 5.2.1.a the plant MSIVs and MFIVs. 2.1-3 the following components: R-MSFIS.77 7.9, 8.7, 11.6 The MSFIS is divided into two actuation channels.

Each of the two independent actuation channels monitors system inputs and, by means of logic The replacement system will replace the existing matrices, energizes / de-energizes the required hardware in both MSFIS cabinets, SA075A and solenoids in the required sequence for the appropriate SA075B. After replacement, each cabinet will contain R-MSFIS.78, 5.2.1.b valve operations. 2.1-3 the following components: R-MSFIS.79 7.9, 8.7, 11.6 The scope of the MSFIS project is to replace the The MSFIS System is comprised of solid-state existing MSFIS controls, with a control system based 5.2.1.c components. 2.1-1 on the Advanced Logic System (ALS) technology. R-MSFIS.16 7.9, 8.7, 11.6 The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and SA075B. After replacement, each cabinet will contain 2.1-3 the following components: R-MSFIS.16 7.9, 8.7, 11.6 The replacement project will implement new digital control systems, new power supplies, new assembly panels and new vendor wiring. The full component list related to the MSFIS replacement project can be seen 2.1-4 in [2]. R-MSFIS.16 7.9, 8.7, 11.6 The replacement project will not re-use existing electronic boards, sub-racks, interconnecting wiring/cables, fuse blocks, circuit breakers, test panel, switches, indicators, power supplies, actuation relays, assembly panels etc. Nor will the replacement project include the actual installation of the replacement MSFIS components in the MSFIS Cabinets, the new system-medium MSIV / MFIV actuators or any of the 2.1-7 field cables. R-MSFIS.16 7.9, 8.7, 11.6 The Replacement MSFIS System shall not involve software such as an application program for a digital The scope of the MSFIS project is to replace the computer in the hardware in place during plant existing MSFIS controls, with a control system based 5.2.1.d operation. 2.1-1 on the Advanced Logic System (ALS) technology. R-MSFIS.16 7.9, 8.7, 11.6 The primary concept behind ALS is to provide a high integrity safety actuation system to ensure the plant system's safety function is always available on demand. The ALS achieves this by implementing distributed control where no single failure will result in an untimely actuation, which in most cases results in a plant trip, or fail to perform the safety function (fail to actuate on-demand). The distributed control is achieved by having multiple autonomous boards in the 12.1-2 system each controlling a part of the system. Each.. R-MSFIS.16 7.9, 8.7, 11.6 1 1 1/25/2009 Revision 2.5 1 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The ALS system has an advanced self test capability.

All boards within the rack have the capability to However, software is permitted in portable test perform autonomously self test. Single event errors will equipment which is completely disconnected from the be detected with the use of redundant logic, BIST Replacement MSFIS System at the conclusion of engines and CRC-protected and redundant 5.2.1.d testing 4-2 communication links. R-MSFIS.16 7.9, 8.7, 11.6 5.2.1.e The Controls Seller shall configure the MSFIS control 12.4.6 2.4.6 Valve State Diagram R-MSFIS.141 7.9, 8.7, 11.6 R-MSFIS.1, R-MSFIS.15, R-5.2.2 Modular Design 4 4 ALS Rack MSFIS.16 7.9, 8.7, 11.6 R-MSFIS.1, R-Interchangeability shall be provided and demonstrated MSFIS.15, R-5.2.2 for all similar modules or components. MSFIS.16 7.9, 8.7, 11.6 Items designed to be removable from the equipment, such as assemblies, subassemblies, electrical parts, modules, and hardware, shall be replaceable physically and electrically with corresponding items R-MSFIS.1, R-without drilling, bending, filing, fabricating, or using MSFIS.15, R-5.2.2 undue force MSFIS.16 7.9, 8.7, 11.6 R-MSFIS.1, R-Hot swap capability shall be included for the MSFIS.15, R-5.2.2 logiccontroller-based system circuit cards 4.1 4.1 ALS Rack Physical MSFIS.16 7.9, 8.7, 11.6 R-MSFIS.1, R-Hot swap capability includes the requirement that the MSFIS.15, R-5.2.2 controlled equipment shall not cause a plant transient MSFIS.16 7.9, 8.7, 11.6 The replacement of parts, when accomplished in a manner prescribed by the Controls Seller, shall not R-MSFIS.1, R-cause the equipment to depart from the original MSFIS.15, R-5.2.2 specified performance. MSFIS.16 7.9, 8.7, 11.6 5.2.3 Response Time 5.6 5.6 MSFIS Input-to-Output Response Time R-MSFIS.138 7.9, 8.7, 11.6 5.2.3 The overall response time of the Replacement MSFIS 5.6 5.6 MSFIS Input-to-Output Response Time R-MSFIS.138 7.9, 8.7, 11.6 5.2.4 System Functional equirements 2.1 -1 2.2 System Overview R-MSFIS.138 7.9, 8.7, 11.6 5.2.4 System Input Signals 2.3-1 2.3 System Inputs/Outputs R-MSFIS.138 7.9, 8.7, 11.6 The Controls Seller shall determine the voltage and current ratings of the buffer input circuits based on the power supplies as required under Section 5.6.3 and also subject to the maximums of NEMA ICS-5 P300 ratings and the minimums required to keep the contacts clean and function in a nuclear plant instrument cabinet room with unshielded cables connecting the remotely located input contacts to the 5.2.4 system. 2.3-1 2.3 System Inputs/Outputs R-MSFIS.138 7.9, 8.7, 11.6 The MSFIS shall accept input signals (in the form of R-MSFIS.51, contact conditions) from control switches located on R-MSFIS.52, the Main Control Board and from output relays in the R-MSFIS.53, Engineered Safety Features Actuation R-MSFIS.54, System. Appendix A tabulates the inputs for each R-MSFIS.55, 5.2.4.a subsystem of the MSFIS. _R-MSFIS.56 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 2 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The ALS-301 board is designed to sense open/closed R-MSFIS.51, contacts with a high level of integrity. R-MSFIS.52, The System inputs from the control switches will all be Channel self-test is conducted at least once every R-MSFIS.53, momentary (>100mS), and shall be sealed-in as 15minutes or in the event of a state-change R-MSFIS.54, necessary inside the Replacement MSFIS System The ALS MSFIS implementation utilizes the board to R-MSFIS.55, 5.2.4.a.2 logic circuits 4.3.3 implement the 12 inputs. Filter Time 70ms R-MSFIS.56 7.9, 8.7, 11.6 The ALS-301 board is designed to sense open/closed R-MSFIS.51, contacts with a high level of integrity. R-MSFIS.52, Channel self-test is conducted at least once every R-MSFIS.53, 15minutes or in the event of a state-change R-MSFIS.54, The ALS MSFIS implementation utilizes the board to R-MSFIS.55, 5.2.4.a.2 4.3.4 implement the 12 inputs. Filter Time 70ms R-MSFIS.56 7.9, 8.7, 11.6 R-MSFIS.27, R-MSFIS.35, The contacts from ESFAS will be normally closed, R-MSFIS.31, and will open to cause an operation. The remaining R-MSFIS.39, input contacts will be normally open, and will close to Contact state is 'Normally Closed (NC)' - The contact R-MSFIS.43, 5.2.4.a.3 cause an operation 2.3.2 shall open to cause an actuation. R-MSFIS.47 7.9, 8.7, 11.6 R-MSFIS.27, R-MSFIS.35, The contacts from ESFAS will be normally closed, R-MSFIS.31, and will open to cause an operation. The remaining R-MSFIS.39, input contacts will be normally open, and will close to The ALS-301 board is designed to sense open/closed R-MSFIS.43, 5.2.4.a.3 cause an operation 4.3.3 contacts with a high level of integrity. R-MSFIS.47 7.9, 8.7, 11.6 The Controls Seller shall determine the voltage and current ratings of the buffer input circuits based on the power supplies as required under Section 5.6.3 and also subject to the maximums of NEMA ICS-5 P300 R-MSFIS.28, ratings and the minimums required to keep the R-MSFIS.32, contacts clean and function in a nuclear plant R-MSFIS.36, instrument cabinet room with unshielded cables R-MSFIS.40, connecting the R-MSFIS.44, 5.2.4.a.4 remotely located input contacts to the system. 2.3.2 R-MSFIS.48 7.9, 8.7, 11.6 The Controls Seller shall determine the voltage and current ratings of the buffer input circuits based on the power supplies as required under Section 5.6.3 and also subject to the maximums of NEMA ICS-5 P300 R-MSFIS.28, ratings and the minimums required to keep the R-MSFIS.32, contacts clean and function in a nuclear plant R-MSFIS.36, instrument cabinet room with unshielded cables R-MSFIS.40, connecting the R-MSFIS.44, 5.2.4.a.4 remotely located input contacts to the system. 4.3.3 R-MSFIS.48 7.9, 8.7, 11.6 Channel self-test is conducted at least once every 5.2.4.b System Logic Matrices 2.1 -2 15minutes or in the event of a state-change R-MSFIS.1 7.9, 8.7, 11.6 The logic matrices shall adhere to the requirements of channel independence and separation required by The ALS MSFIS implementation utilizes the board to 5.2.4.b Appendix A. 2.5 implement the 12 inputs. R-MSFIS.1 7.9, 8.7, 11.6 5.2.4.c System Output Signals 2.3 -1 2.3 System Inputs/Outputs I I I I 1/25/2009 Revision 2.5 3 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.16, R-MSFIS.65, R-MSFIS.66, 2.3.5 Solenoid Output (A, B, C) MSFIS provide output R-MSFIS.69, signals to control the valve actuator solenoids. There R-MSFIS.70, are three primary signals for controlling a particular R-MSFIS.73, 5.2.4.c.1 Actuation Outputs 2.3.5 actuator; A, B, and C. R-MSFIS.74 7.9, 8.7, 11.6 R-MSFIS.16, R-MSFIS.65, R-MSFIS.66, 2.3.5 Solenoid Output (A, B, C) MSFIS provide output R-MSFIS.69, The MSFIS shall energize/ de-energize the MSIV and signals to control the valve actuator solenoids. There R-MSFIS.70, MFIV actuator solenoids in accordance with the logic are three primary signals for controlling a particular R-MSFIS.73, 5.2.4.c.1 requirements of Sections 5.2.5 and 5.2.6. 2.3.5 actuator; A, B, and C. R-MSFIS.74 7.9, 8.7, 11.6 R-MSFIS.16, R-MSFIS.65, R-MSFIS.66, R-MSFIS.69, R-MSFIS.70, R-MSFIS.73, 5.2 5.2 Valve-Logic R-MSFIS.74 7.9, 8.7, 11.6 R-MSFIS.16, R-MSFIS.65, R-MSFIS.66, R-MSFIS.69, R-MSFIS.70, R-MSFIS.73, 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.74 7.9, 8.7, 11.6 R-MSFIS.16, The current channel separation scheme applied to the R-MSFIS.65, overall plant design will be maintained. The two R-MSFIS.66, redundant and equivalent MSFIS subsystems will be R-MSFIS.69, The output signals shall adhere to the requirements of located in separate cabinets: ? MSFIS Channel I R-MSFIS.70, channel independence and separation required by (Separation Group 1) located in MSFIS Cabinet R-MSFIS.73, 5.2.4.c.1 Appendix A. 2.1 -2 SA075A - also referred to as train A. R-MSFIS.74 7.9, 8.7, 11.6 R-MSFIS.16, R-MSFIS.65, R-MSFIS.66, R-MSFIS.69, R-MSFIS.70, R-MSFIS.73, 2.5 2.5 Separation / Isolation / Independence/ Diversity R-MSFIS.74 7.9, 8.7, 11.6 R-MSFIS.16, R-MSFIS.65, R-MSFIS.66, 2.3.5 Solenoid Output (A, B, C) MSFIS provide output R-MSFIS.69, The outputs shall provide sufficient voltage to signals to control the valve actuator solenoids. There R-MSFIS.70, energize the actuator solenoids. The specifications for are three primary signals for controlling a particular R-MSFIS.73, 5.2.4.c.1 Ithe actuator solenoids are as follows. 2.3.5 actuator; A, B, and C. R-MSFIS.74 7.9, 8.7, 11.6 1 1/25/2009 Revision 2.5 4 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 J5WCNOC Description of Requirement CS6Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 2.3.4.2 Status Information Output (STATUS) Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4-ALS Rack) Since there are eight valves in the system and 2 trains (A&B), the MSFIS will provide a total of 16 R-MSFIS.57, 5.2.4.c.2 Status Outputs 2.3.4.2 status outputs. R-MSFIS.58 7.9, 8.7, 11.6 R-MSFIS.57, 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.58 7.9, 8.7, 11.6 R-MSFIS.57, 5.3.1 5.3.1 STATUS Output R-MSFIS.58 7.9, 8.7, 11.6 2.3.4.2 Status Information Output (STATUS) Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4-In addition to the actuation outputs, one status output ALS Rack) Since there are eight valves in the system shall be provided for each actuation train for each and 2 trains (A&B), the MSFIS will provide a total of 16 R-MSFIS.57, 5.2.4.c.2 valve. 2.3.4.2 status outputs. R-MSFIS.58 7.9, 8.7, 11.6 R-MSFIS.57, 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.58 7.9, 8.7, 11.6 R-MSFIS.57, 5.3.1 5.3.1 STATUS Output R-MSFIS.58 7.9, 8.7, 11.6 2.3.4.2 Status Information Output (STATUS) Status Outputs - one status output shall be provided for each The MSFIS System status output will supply 125 Volt actuation train for each valve. The MSFIS status DC power to an input relay at the Status Panel if both output will supply 125 Volt DC power to an input relay of the following are true: a) 125 Volt DC power is in the SA066A Status Panel cabinet. (See Chapter 4-available downstream of the individual power supply ALS Rack) Since there are eight valves in the system fuses for solenoid MVI(2), and b) there is no test in and 2 trains (A&B), the MSFIS will provide a total of 16 R-MSFIS.57, 5.2.4.c.2 progress in the MSFIS System logic 2.3.4.2 Istatus outputs. R-MSFIS.58 7.9, 8.7, 11.6 R-MSFIS.57, 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.58 7.9, 8.7, 11.6 R-MSFIS.57, 5.3.1 5.3.1 STATUS Output R-MSFIS.58 7.9, 8.7, 11.6 R-MSFIS.57, 1 15.3.2 5.3.2 BYPASS Output R-MSFIS.58 7.9, 8.7, 11.6 1_1 2.3.4.2 Status Information Output (STATUS) Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4-ALS Rack) Since there are eight valves in the system The output to the Status Panel shall be able to handle and 2 trains (A&B), the MSFIS will provide a total of 16 R-MSFIS.57, 5.2.4.c.2 a 125VDC, <25mA load. 2.3.4.2 status outouts. R-MSFIS.58 7.9.8.7. 11.6 R-MSFIS.57, 5.3 15.3 STATUS and BYPASS Logic IR-MSFIS.58 17.9, 8.7, 11.61 1/25/2009 Revision 2.5 5 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 61014-0200 R-MSFIS.57, 5.3.1 5.3.1 STATUS Output R-MSFIS.58 7.9, 8.7, 11.6 2.3.4.1 Annunciator Output (ALARM) The ALARM output, also referred to as 'annunciator output' or

'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition. Each cabinet has two separate trouble alarm outputs - one alarm from the MS-rack R-MSFIS.23, 5.2.4.c.3 Annunciator 2.3.4.1 and one alarm from the FW-rack. In total the R-MSFIS.24 7.9,8.7,11.6 2.3.4.1 Annunciator Output (ALARM) The ALARM output, also referred to as 'annunciator output' or

'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition. Each cabinet has two separate The MSFIS shall provide outputs to the plant trouble alarm outputs - one alarm from the MS-rack R-MSFIS.23, 5.2.4.c.3 Annunciator system as described in section 5.6.7 2.3.4.1 and one alarm from the FW-rack. In total the R-MSFIS.24 7.9, 8.7, 11.6 2.3.4.1 Annunciator Output (ALARM) The ALARM output, also referred to as 'annunciator output' or

'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition. Each cabinet has two separate The annunciator outputs shall be able to handle a trouble alarm outputs - one alarm from the MS-rack R-MSFIS.23, 5.2.4.c.3 125VAC, <25mA load. 2.3.4.1 and one alarm from the FW-rack. In total the R-MSFIS.24 7.9, 8.7, 11.6 2.3.4.3 SSPS Testing Output (BYPASS) To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay provides a dry contact to the SSPS test circuitry used during slave relay testing. There are a total of 16 R-MSFIS.62, 5.2.4.c.4 ESFAS Test Circuits 2.3.4.3 outputs from MSFIS to SSPS. R-MSFIS.61 7.9, 8.7, 11.6 R-MSFIS.62, 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.61 7.9, 8.7, 11.6 R-MSFIS.62, 1 5.3.2 5.3.2 BYPASS Output R-MSFIS.61 7.9, 8.7, 11.6 2.3.4.3 SSPS Testing Output (BYPASS) To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay The MSFIS shall provide one output for each provides a dry contact to the SSPS test circuitry used actuation train for each valve to the ESFAS test during slave relay testing. There are a total of 16 R-MSFIS.62, 5.2.4.c.4 circuitry, as described in section 5.2.6. 2.3.4.3 outputs from MSFIS to SSPS. R-MSFIS.61 7.9, 8.7, 11.6 R-MSFIS.62, 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.61 7.9, 8.7, 11.6 R-MSFIS.62, 5.3.2 5.3.2 BYPASS Output R-MSFIS.61 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 6 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 2.3.4.3 SSPS Testing Output (BYPASS) To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay provides a dry contact to the SSPS test circuitry used These outputs shall be able to handle an 118VAC, during slave relay testing. There are a total of 16 R-MSFIS.62, 5.2.4.c.4 <500mA load. 2.3.4.3 outputs from MSFIS to SSPS. R-MSFIS.61 7.9, 8.7, 11.6 R-MSFIS.62, 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.61 7.9, 8.7, 11.6 R-MSFIS.62, 1 5.3.2 5.3.2 BYPASS Output R-MSFIS.61 7.9, 8.7, 11.6 The MSFIS shall accept input signals (in the form of contact conditions) from control switches located on the Main Control Board and from output relays in the Engineered Safety Features Actuation System.

Appendix A tabulates the inputs for each subsystem 5.2.4.a of the MSFIS 2.3-1 2.3 System Inputs/Outputs R-MSFIS.20 7.9, 8.7, 11.6 The existing MSFIS System configuration obeys the plant's separation criteria by use of two separate The current channel separation scheme applied to the MSFIS Cabinets, one for each Channel. The Controls overall plant design will be maintained. The two Seller shall use the existing MSFIS Cabinets and redundant and equivalent MSFIS subsystems will be Channels to continue adherence to these criteria, located in separate cabinets: ? MSFIS Channel I Incoming signal Channel assignments are specified in (Separation Group 1) located in MSFIS Cabinet R-MSFIS.1, R 5.2.4.a.1 Appendix A. 2.1 -2 SA075A - also referred to as train A. MSFIS.2 7.9, 8.7, 11.6 2.5 2.5 Separation / Isolation / Independence / Diversity

2) The System inputs from the control switches will all be momentary (>1OOmS), and shall be sealed-in as necessary inside the Replacement MSFIS System 5.2.4.a.1 logic circuits. 2.3-1 2.3 System Inputs/Outputs

3) The contacts from ESFAS will be normally closed, 5.2.4.a.1 and will open to cause an operation. 2.3 -1 2.3 System Inputs/Outputs R-MSFIS.1, R-MSFIS.17, R-5.2.5 System Operation 5.2 5.2 Valve-Logic MSFIS.18 7.9, 8.7, 11.6 The ALS system has an advanced self test capability.

All boards within the rack have the capability to perform autonomously self test. Single event errors will The Replacement MSFIS System shall measure be detected with the use of redundant logic, BIST R-MSFIS.1, R actual System outputs, compare the outputs to the engines and CRC-protected and redundant MSFIS.17, R-5.2.5 required output tates, and alarm any discrepancies. 4-2 communication links. MSFIS.18 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 7 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CS6Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be There must be no connection nor communication of located in separate cabinets: ? MSFIS Channel I R-MSFIS.1, R information within the MSFIS between the controls for (Separation Group 1) located in MSFIS Cabinet MSFIS.17, R-5.2.5 the two sides of any valve. 2.1 -2 SA075A - also referred to as train A. MSFIS.18 7.9, 8.7, 11.6 R-MSFIS.1, R-MSFIS.17, R-2.5 2.5 Separation / Isolation / Independence / Diversity MSFIS.18 7.9, 8.7, 11.6 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be This separation is accomplished by assigning the two located in separate cabinets: ? MSFIS Channel I R-MSFIS.1, R-

"sides" of each valve to opposite Channels MSFIS (Separation Group 1) located in MSFIS Cabinet MSFIS.17, R-5.2.5 Cabinets. 2.1 -2 SA075A - also referred to as train A. MSFIS.18 7.9, 8.7, 11.6 R-MSFIS.1, R-MSFIS.17, R-2.5 2.5 Separation / Isolation / Independence / Diversity MSFIS.18 7.9, 8.7, 11.6 R-MSFIS.1, R.

MSFIS.17, R-5.2.5.a Output States and Commands 2.3-1 2.3 System Inputs/Outputs MSFIS.18 7.9, 8.7, 11.6 2.3.5 Solenoid Output (A, B, C) MSFIS provide output signals to control the valve actuator solenoids. There R-MSFIS.1, R-are three primary signals for controlling a particular MSFIS.17, R-2.3.5 actuator; A, B, and C. MSFIS.18 7.9, 8.7, 11.6 R-MSFIS.82, R-MSFIS.83, R-MSFIS.94, R-MSFIS.95, 2.3.5 Solenoid Output (A, B, C) MSFIS provide output R-MSFIS.96.

signals to control the valve actuator solenoids. There R-MSFIS.97, are three primary signals for controlling a particular R-MSFIS.99, 5.2.5.a.1 Output States 2.3.5 actuator; A, B, and C. R-MSFIS.110 7.9, 8.7, 11.6 R-MSFIS.82, R-MSFIS.83, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.99, 1 15.2.2 5.2.2 Valve FSM Outputs R-MSFIS.110 7.9, 8.7, 11.6 1 1 1/25/2009 Revision 2.5 8 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, R-MSFtS.99, 5.2.5.a.2 Commands 5.2 5.2 Valve-Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, R-MSFIS.99, 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, There are four commands; 1) All Close, 2) ESFAS, 3) R-MSFIS.99, 5.2.5.a.2 Close, and 4) Open. 5.2 5.2 Valve-Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, R-MSFIS.99, 15.2.2 5.2.2 Valve FSM Outputs R-MSFIS.100 7.9, 8.7, 11.6 1 1 1/25/2009 Revision 2.5 9 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.81, The ESFAS command is generated from the Solid R-MSFIS.82, State Protection System. The Solid State Protection R-MSFIS.89, System provides the inputs to the MSFIS from a R-MSFIS.90, separate slave relay for each the MSIVs and MFIVs. R-MSFIS.94, Each slave relay provides four contacts into the R-MSFIS.95, MSFIS, one contact for each valve. The four contacts R-MSFIS.96.

from a particular slave relay for either the MSIVs or R-MSFIS.97, MFIVs shall be evaluated using 2-out-of-4-voting. The R-MSFIS.98, 2-out-of-4 vote shall be required for a valid ESFAS R-MSFIS.99, 5.2.5.a.2 command 55 MSFIS Core Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, R-MSFIS.99, 5.1 5.1 ESFAS-Voter-Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, The ESFAS command shall place the CLOSE output R-MSFIS.98, state on all four valves of the particular system MSIV R-MSFIS.99, 5.2.5.a.2 or MFIV. 5 5 MSFIS Core Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, R-MSFIS.99, 1 5.1 5.1 ESFAS-Voter-Logic R-MSFIS.100 7.9, 8.7, 11.6 1 1 1/25/2009 Revision 2.5 10 of38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, The output state shall remain CLOSE for 60sec +/- R-MSFIS.99, 5.2.5.a.2 lsec after the ESFAS command was initiated. 5.1 5.1 ESFAS-Voter-Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, R-MSFIS.99, 5.2 5.2 Valve-Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, R-MSFIS.99, 5.2.2 Valve FSM Outputs R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, After the 60sec time delay the output shall be R-MSFIS.99, 5.2.5.a.2 changed to KEEP CLOSED. 5.1 5.1 ESFAS-Voter-Logic R-MSFIS.100 7.9,8.7, 11.6 1 1 1/25/2009 Revision 2.5 11 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, R-MSFIS.99, 5.2 5.2 Valve-Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, R-MSFIS.99, 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

The Close command is defined as a close signal to R-MSFIS.97, one valve, MSIV or MFIV, initiated by the valve's R-MSFIS.98, assigned individual NORMAL-CLOSE-OPEN R-MSFIS.99, 5.2.5.a.2 Iushbutton hand switch on the Main Control Board 2.3-1 2.3 System Inputs/Outputs R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

The Close command shall place the CLOSE output R-MSFIS.97, state for the particular valve associated with the R-MSFIS.98, NORMAL-CLOSE-OPEN pushbutton hand switch that R-MSFIS.99, 5.2.5.a.2 was actuated 2.3-1 2.3 System Inputs/Outputs R-MSFIS.100 7.9, 8.7, 11.6 1 1 1/25/2009 Revision 2.5 12 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, R-MSFIS.99, 5.2 5.2 Valve-Logic R-MSFIS.100 7.9, 8.7,11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, R-MSFIS.99, 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, The output state shall remain CLOSE for 60 sec +/- 1 R-MSFIS.99, 5.2.5.a.2 sec after the Close command was initiated. 5.2 5.2 Valve-Logic R-MSFIS.100 7.9, 8.7,11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, R-MSFIS.99, 1 15.2.2 5.2.2 Valve FSM Outputs R-MSFIS.100 7.9, 8.7, 11.6 1 1 1/25/2009 Revision 2.5 13 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSl Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, After the 60sec time delay the output shall be R-MSFIS.99, 5.2.5.a.2 changed to KEEP CLOSED. 5.2 5.2 Valve-Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, R-MSFIS.90, R-MSFIS.94, R-MSFIS.95, R-MSFIS.96.

R-MSFIS.97, R-MSFIS.98, R-MSFIS.99, 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.100 7.9,8.7,11.6 R-MSFIS.81, R-MSFIS.82, R-MSFIS.89, The Open command is defined as an open signal to R-MSFIS.90, one valve, MSIV or MFIV, initiated by the valve's R-MSFIS.94, assigned individual NORMAL-CLOSE-OPEN R-MSFIS.95, pushbutton hand switch on the Main Control Board. R-MSFIS.96.

The Open command shall place the OPEN output R-MSFIS.97, state for the particular valve associated with the R-MSFIS.98, NORMAL-CLOSE-OPEN pushbutton hand switch that R-MSFIS.99, 5.2.5.a.2 was 2.3-1 2.3 System Inputs/Outputs R-MSFIS.100 7.9, 8.7, 11.6 The ALS-401 is a solid state relay board, which is used to indicate status information (STATUS and BYPASS).

BYPASS Mode Initiation From a valve R-MSFIS.60, Upon initiation of BYPASS mode for a particular perspective the STATUS and BYPASS signals are R-MSFIS.64, actuation train for a particular valve, the following mutually exclusive - one will be energized, while the R-MSFIS.103, 5.2.6.a.3 must be accomplished: 4.3.5 other is de-energized. R-MSFIS.106 7.9, 8.7, 11.6 R-MSFIS.84, R-MSFIS.89, 5.2.5.b Command Priorities 5.2 5.2 Valve-Logic R-MSFIS.100 7.9, 8.7,11.6 The command priorities are as follows when the R-MSFIS.84, MSFIS system is in OPERATE mode (see section R-MSFIS.89, 5.2.5.b.1 5.2.6 for OPERATE mode). 5.2 5.2 Valve-Logic R-MSFIS.100 7.9,8.7, 11.6 R-MSFIS.84, R-MSFIS.89, 1 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.100 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 14 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.84, R-MSFIS.89, 5.2.5.b.1 All Close, Close, and ESFAS have equal priority. 5.2 5.2 Valve-Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.84, R-MSFIS.89, 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.100 7.9,8.7, 11.6 R-MSFIS.84, The Open command will be ignored while the All R-MSFIS.89, 5.2.5.b.1 Close, Close, or ESFAS command(s) are present. 5.2 5.2 Valve-Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.84, R-MSFIS.89, 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.84, Further the Open command will be ignored until the R-MSFIS.89, 5.2.5.b.1 CLOSE to KEEP CLOSE time delay has expired. 5.2 5.2 Valve-Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.84, R-MSFIS.89, 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.100 7.9, 8.7, 11.6 The command priorities are as follows when the R-MSFIS.84, MSFIS system is in BYPASS mode (see section 5.2.6 R-MSFIS.89, 5.2.5.b.2 for BYPASS mode). 5.2 5.2 Valve-Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.84, R-MSFIS.89, 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.84, R-MSFIS.89, 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.84, R-MSFIS.89, 1 5.3.2 5.3.2 BYPASS Output R-MSFIS.100 7.9, 8.7, 11.6 All Close, Close, ESFAS, and Open commands shall R-MSFIS.84, not cause a change in system outputs while the R-MSFIS.89, 5.2.5.b.2 system is in BYPASS mode. 5.2 5.2 Valve-Logic R-MSFIS.100 7.9, 8.7, 11.6 R-MSFIS.84, R-MSFIS.89, 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.100 7.9,8.7, 11.6 R-MSFIS.84, R-MSFIS.89, 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.100 7.9,8.7, 11.6 R-MSFIS.84, R-MSFIS.89, 5.3.2 5.3.2 BYPASS Output R-MSFIS.100 7.9, 8.7, 11.6 2.3.4.3 SSPS Testing Output (BYPASS) R-MSFIS.12, To support the SSPS slave relay testing, a NO dry- R-MSFIS.13, contact relay output - labeled BYPASS is provided. R-MSFIS.14, The relay provides a drycontact to the SSPS test R-MSFIS.19, circuitry used during slave relay testing. There are a R-MSFIS 21, 5.2.6 Provisions for System Test of the Safety Function 2.3.4.3 total of 16 outputs from MSFIS to SSPS. R-MSFIS.61 7.9, 8.7, 11.6 1 1/25/2009 Revision 2.5 15 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CS0 Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The existing MSFIS System includes provision to 2.3.4.3 SSPS Testing Output (BYPASS) R-MSFIS.12, permit complete testing of the safety function (ESFAS To support the SSPS slave relay testing, a NO dry- R-MSFIS.13, command) of each actuation train for each valve. The contact relay output - labeled BYPASS is provided. R-MSFIS.14, Replacement MSFIS System shall also have such The relay provides a dry-contact to the SSPS test R-MSFIS.19, provision for complete testing of the safety function of circuitry used during slave relay testing. There are a R-MSFIS 21, 5.2.6 each actuation train for each valve. 2.3.4.3 total of 16 outputs from MSFIS to SSPS. R-MSFIS.61 7.9, 8.7, 11.6 R-MSFIS.12, R-MSFIS.13, R-MSFIS.14, R-MSFIS.19, It shall be possible to conduct all tests during plant R-MSFIS 21, 5.2.6 operation 5.2 5.2 Valve-Logic R-MSFIS.61 7.9, 8.7, 11.6 R-MSFIS.12, R-MSFIS.13, R-MSFIS.14, R-MSFIS.19, R-MSFIS 21, 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.61 7.9, 8.7, 11.6 The primary concept behind ALS is to provide a high integrity safety actuation system to ensure the plant system's safety function is always available on demand. The ALS achieves this by implementing distributed control where no single failure will result in R-MSFIS.12, an untimely actuation, which in most cases results in a R-MSFIS.13, plant trip, or fail to perform the safety function (fail to R-MSFIS.14, Performance of fully automatic system tests shall not actuate on-demand). The distributed control is R-MSFIS.19, interfere with the system's operation during presence achieved by having multiple autonomous boards in the R-MSFIS 21, 5.2.6 of any actuation input. 2.1-2 system each controlling a part of the system. Each.. R-MSFIS.61 7.9, 8.7, 11.6 The ALS system has an advanced self test capability. R-MSFIS.12, All boards within the rack have the capability to R-MSFIS.13, perform autonomously self test. Single event errors will R-MSFIS.14, be detected with the use of redundant logic, BIST R-MSFIS.19, engines and CRC-protected and redundant R-MSFIS 21, 4-2 communication links. R-MSFIS.61 7.9, 8.7, 11.6 The ASU is a windows laptop equipped with the ASU R-MSFIS.12, software suite. The ASU is not connected during R-MSFIS.13, normal operation, but can R-MSFIS.14, be connected during maintenance. The ALS rack will R-MSFIS.19, issue an ALARM immediately when the ASU is R-MSFIS 21, 5.2.6.b 14 connected to the rack. R-MSFIS.61 7.9, 8.7, 11.6 1 1 1/25/2009 Revision 2.5 16 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 Means shall be provided to select BYPASS or OPERATE mode for each actuation train for each valve. The selection of BYPASS shall maintain the valve in the as found condition and shall not cause a change in system outputs.. The selection of BYPASS shall only impact the particular actuation train and particular valve for which the BYPASS is selected. Except asindicated in the Four dual-action SPDT toggle-switches referred to as following paragraph, each change in mode shall 'operator-switches' are available on the Rack (ALS-require a positive manual action such as pushing a 201) front-panel. Each switch is capable of switching button, flipping a switch, or turning a switch (releasing between two-positions: Left position (OPERATE) and a pushbutton right position (BYPASS). Each BYPASS switch is or switch is not considered to be positive action, and associated to a specific valve, i.e. BYPASS #1 relates R-MSFIS.3, R 5.2.6.a.1 shall cause no change in mode). 2.3.3 to AB-HV-14(MS) or AE-FV-39(FW). MSFIS.97 7.9, 8.7, 11.6 Selection Means shall be provided to select BYPASS or OPERATE mode for each actuation train for each R-MSFIS.3, R 5.2.6.a.1 valve 4.2 4.2 MSFIS Rack Configuration MSFIS.97 7.9, 8.7, 11.6 R-MSFIS.3, R

_____________________5 5 MSFIS Core Logic MSFIS,97 7.9, 8.7, 11.6 ______

maintain the valve in The selection of BYPASS shall the as found condition and R-MSFIS.3, R 5.2.6.a.1 shall not cause a change in system outputs 5.2.2 5.2.2 Valve FSM Outputs MSFIS.97 7.9, 8.7, 11.6 R-MSFIS.3, R 5.3 5.3 STATUS and BYPASS Logic MSFIS.97 7.9, 8.7, 11.6 R-MSFIS.3, R 5.3.2 5.3.2 BYPASS Output MSFIS.97 7.9, 8.7, 11.6 The selection of BYPASS shall only impact the particular actuation train and particular valve for which R-MSFIS.3, R 5.2.6.a.1 the BYPASS is selected. 2.5 2.5 Separation / Isolation / Independence / Diversity MSFIS.97 7.9, 8.7, 11.6 2.3.3 Operator Switch (OPERATE)

Four dual-action SPDT toggle-switches referred to as Except as indicated in the following paragraph, each Ioperator-switches' are available on the Rack (ALS-change in mode shall require a positive manual action 201) front-panel. Each switch is capable of switching such as pushing a button, flipping a switch, or tuming between two-positions: Left position (OPERATE) and a switch (releasing a pushbutton or switch is not right position (BYPASS). Each BYPASS switch is considered to be positive action, and shall cause no associated to a specific valve, i.e. BYPASS #1 relates R-MSFIS.3, R 5.2.6.a.1 change in mode). 2.3.3 to AB-HV-14(MS) or AE-FV-39(FW). MSFIS.97 7.9, 8.7, 11.6 2.3.3 Operator Switch (OPERATE)

Four dual-action SPDT toggle-switches referred to as

'operator-switches' are available on the Rack (ALS-201) front-panel. Each switch is capable of switching between two-positions:

Left position (OPERATE) and right position (BYPASS).

Each BYPASS switch is associated to a specific valve, The actuation train for a particular side of a particular i.e. BYPASS #1 relates to AB-HV-14(MS) or AE-FV- R-MSFIS.3, R 5.2.6. a.1 valve shall enter BYPASS mode upon command. 2.3.3 39(FW). MSFIS.97 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 17 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.3, R 5.3 5.3 STATUS and BYPASS Logic MSFIS.97 7.9, 8.7, 11.6 R-MSFIS.3, R 5.3.1 5.3.1 STATUS Output MSFIS.97 7.9, 8.7, 11.6 R-MSFIS.3, R 5.3.2 5.3.2 BYPASS Output MSFIS.97 7.9, 8.7, 11.6 There shall be one exception to this, which is the situation where the output state is CLOSE and the 60 sec delay is active, in this situation the CLOSE state must be completed and the 60 sec time complete prior to entering the BYPASS R-MSFIS.3, R 5.2.6.a.1 mode. 5.2 5.2 Valve-Logic MSFIS.97 7.9, 8.7, 11.6 R-MSFIS.3, R 5.2.2 5.2.2 Valve FSM Outputs MSFIS.97 7.9, 8.7, 11.6 R-MSFIS.3, R 5.3 5.3 STATUS and BYPASS Logic MSFIS.97 7.9, 8.7, 11.6 The output state shall remain CLOSE for 60sec +/-

1sec after All Close command was initiated. After the 60sec time delay the output shall be changed to 5.2.6.a.2 KEEP CLOSED. 5.2 5.2 Valve-Logic R-MSFIS.64 7.9, 8.7, 11.6 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.64 7.9, 8.7, 11.6 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack) Since there are eight valves in the system and 2 trains (A&B), the MSFIS will provide 5.2.6.a.2 Indication 2.3.4.2 a total of 16 status outputs. R-MSFIS.64 7.9, 8.7, 11.6 5.3.2 5.3.2 BYPASS Output R-MSFIS.64 7.9, 8.7, 11.6 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack)

Since there are eight valves An indicating light / LED shall be provided for each in the system and 2 trains (A&B), the MSFIS will 5.2.6.a.2 actuation train for each valve. 2.3.4.2 provide a total of 16 status outputs. R-MSFIS.64 7.9, 8.7, 11.6 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack)

Since there are eight valves This light/ LED shall be "ON" whenever BYPASS in the system and 2 trains (A&B), the MSFIS will 5.2.6.a.2 mode is in effect. 2.3.4.2 orovide a total of 16 status outputs. R-MSFIS.64 7.9, 8.7, 11.6 1 1 5.2.6.a.3 BYPASS / OPERATE Mode Selection 4.2 4.2 MSFIS Rack Configuration R-MSFIS.101 17.9. 8.7. 11.6 1/25/2009 Revision 2.5 18 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 5 5 MSFIS Core Logic R-MSFIS.101 7.9, 8.7, 11.6 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.101 7.9, 8.7, 11.6 5.3.2 5.3.2 BYPASS Output R-MSFtS.101 7.9, 8.7,11.6 2.3.3 Operator Switch (OPERATE)

Four dual-action SPDT toggle-switches referred to as

'operator-switches' are available on the Rack (ALS-201) front-panel. Each switch is capable of switching between two-positions: Left position (OPERATE) and right position (BYPASS). Each BYPASS switch is associated to a specific valve, i.e. BYPASS #1 relates 5.2.6.a.3 BYPASS Mode Initiation 2.3.3 to AB-HV-14(MS) or AE-FV-39(FW). R-MSFIS.101 7.9, 8.7, 11.6 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.101 7.9, 8.7, 11.6 5.3.2 5.3.2 BYPASS Output R-MSFIS.101 7.9, 8.7, 11.6 Upon initiation of BYPASS mode for a particular actuation train for a particular valve, the following 5.2.6.a.3 must be accomplished: 5.2 5.2 Valve-Logic R-MSFIS.101 7.9, 8.7, 11.6 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.101 7.9, 8.7, 11.6 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.101 7.9, 8.7, 11.6 5.2.6.3.a a) Latch the actuation outputs to the as found state. 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.101 7.9, 8.7, 11.6 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack)

Since there are eight valves in the system and 2 trains (A&B), the MSFIS will 5.2.6.a.3 b) De-energize the status output. 2.3.4.2 provide a total of 16 status outputs. R-MSFIS.101 7.9,8.7, 11.6 5.2 5.2 Valve-Logic R-MSFIS.101 7.9, 8.7, 11.6 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.101 7.9, 8.7, 11.6 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.101 7.9, 8.7, 11.6 5.3.1 5.3.1 STATUS Output R-MSFIS.101 7.9, 8.7, 11.6 5.3.2 5.3.2 BYPASS Output R-MSFIS.101 7.9, 8.7, 11.6 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack)

Since there are eight valves in the system and 2 trains (A&B), the MSFIS will 5.2.6.a.3 c) Light the BYPASS mode indicator light / LED 2.3.4.2 provide a total of 16 status outputs. R-MSFIS.101 7.9, 8.7, 11.6 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.101 7.9, 8.7, 11.6 15.3.2 5.3.2 BYPASS Output R-MSFIS.101 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 19 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5

-WCNOC Description of Requirement CS6Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The scope of the MSFIS project is to replace the existing MSFIS controls, with a control system based d) Close the test contacts described in Section 5.2.6 on the Advanced Logic 5.2.6.a.3 to enable the test circuits in ESFAS. 2.1-1 System (ALS) technology. R-MSFIS.101 7.9, 8.7, 11.6 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided.

The relay provides a drycontact to the SSPS test circuitry used during slave relay testing. There are a 2.3.4.3 total of 16 outputs from MSFIS to SSPS. R-MSFIS.101 7.9,8.7, 11.6 5.2 5.2 Valve-Logic R-MSFIS.101 7.9, 8.7, 11.6 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.101 7.9, 8.7, 11.6 To prevent accidental valve operation, "a" must occur 5.2.6.a.3 prior to "d." 5.2 5.2 Valve-Logic R-MSFIS.101 7.9, 8.7, 11.6 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.101 7.9, 8.7, 11.6 5.3.1 5.3.1 STATUS Output R-MSFIS.101 7.9, 8.7, 11.6 5.3.2 5.3.2 BYPASS Output R-MSFIS.101 7.9, 8.7, 11.6 The scope of the MSFIS project is to replace the R-MSFIS.60, existing MSFIS controls, with a control system based R-MSFIS.64, Upon return to OPERATE mode, the following must on the Advanced Logic R-MSFIS.102, 5.2.6.a.4 be accomplished: 2.1-1 System (ALS) technology. R-MSFIS.104 7.9, 8.7, 11.6 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. R-MSFIS.60, The relay provides a drycontact to the SSPS test R-MSFIS.64, circuitry used during slave relay testing. There are a R-MSFIS.102, 2.3.4.3 total of 16 outputs from MSFIS to SSPS. R-MSFIS.104 7.9, 8.7, 11.6 R-MSFIS.60, R-MSFIS.64, R-MSFIS.102, 5.2 5.2 Valve-Logic R-MSFIS.104 7.9, 8.7, 11.6 R-MSFIS.60, R-MSFIS.64, R-MSFIS.102, 5.2.2 5.2.2 Valve FSM Outputs R-MSFIS.104 7.9, 8.7, 11.6 R-MSFIS.60, R-MSFIS.64, R-MSFIS.102, 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.104 7.9, 8.7, 11.6 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. R-MSFIS.60, The relay provides a drycontact to the SSPS test R-MSFIS.64, circuitry used during slave relay testing. There are a R-MSFIS.102, 5.2.6.a.4 a) Open the test contacts (see Section 5.2.6). 2.3.4.3 total of 16 outputs from MSFIS to SSPS. R-MSFIS.104 17.9, 8.7, 11.6 1 1 1/25/2009 Revision 2.5 20 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CS6Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.60, b) Unlatch the actuation outputs, extinguish the R-MSFIS.64, BYPASS mode indicating light/LED, R-MSFIS.102, 5.2.6.a.4 and release the status output 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.104 7.9, 8.7, 11.6 The ALS-401 is a solid state relay board, which is used to indicate status information (STATUS and BYPASS).

From a valve R-MSFIS.60, Return to OPERATE Mode perspective the STATUS and BYPASS signals are R-MSFIS.64, Upon return to OPERATE mode, the following must mutually exclusive - one will be energized, while the R-MSFIS.102, 5.2.6.a.4 be accomplished: 4.3.5 other is de-energized. R-MSFIS.104 7.9, 8.7, 11.6 2.3.3 Operator Switch (OPERATE)

Four dual-action SPDT toggle-switches referred to as

'operator-switches' are available on the Rack (ALS-201) front-panel. Each switch is capable of switching between two-positions: Left position (OPERATE) and R-MSFIS.60, right position (BYPASS). Each BYPASS switch is R-MSFIS.64, associated to a specific valve, i.e. BYPASS #1 relates R-MSFIS.102, 5.2.6.a.4 Return to OPERATE Mode 2.3.3 to AB-HV-14(MS) or AE-FV-39(FW). R-MSFIS.104 7.9, 8.7, 11.6 R-MSFIS.60, R-MSFIS.64, R-MSFIS.102, 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.104 7.9, 8.7, 11.6 R-MSFIS.60, R-MSFIS.64, R-MSFIS.102, 5.3.2 5.3.2 BYPASS Output R-MSFIS.104 7.9, 8.7,11.6 The ALS system has an advanced self test capability.

All boards within the rack have the capability to perform autonomously self test. Single event errors will R-MSFIS.1 11, be detected with the use of redundant logic, BIST R-MSFIS.112, engines and CRC-protected and redundant R-MSFIS.119, 5.2.6.3.b b. Testing of Replacement MSFIS System 4-2 communication links. R-MSFIS.120 7.9, 8.7, 11.6 The replacement project will not re-use existing electronic boards, sub-racks, interconnecting wiring/cables, fuse blocks, circuit breakers, test panel, switches, indicators, power supplies, actuation relays, R-MSFIS.30,

1) Controls Seller may modify or replace the existing assembly panels etc. Nor will the replacement project R-MSFIS.34, Manual Test Panel as necessary to include the actual installation of the replacement R-MSFIS.38, effectively interface with the Replacement MSFIS MSFIS components in the MSFIS Cabinets, the new R-MSFIS.42, System logic-controller-based system and meet all system-medium MSIV / MFIV actuators or any of the R-MSFIS.46, 5.2.6.b.1 specified requirements. 2.1-7 field cables. R-MSFIS.50 I7.9 8.7 11.6

. I 87 79 . I 116. I I 1/25/2009 Revision 2.5 21 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The ALS system has an advanced self test capability. R-MSFIS.30, All boards within the rack have the capability to R-MSFIS.34, perform autonomously self test. Single event errors will R-MSFIS.38, be detected with the use of redundant logic, BIST R-MSFIS.42, engines and CRC-protected and redundant R-MSFIS.46, 4 -2 communication links. R-MSFIS.50 7.9, 8.7, 11.6 The ALS system has an advanced self test capability.

All boards within the rack have the capability to R-MSFIS.12,

2) Provisions for testing of the Replacement MSFIS perform autonomously self R-MSFIS.13, may include portable test equipment and capability to test. Single event errors will be detected with the use R-MSFIS.14, temporarily connect the of redundant logic, BIST engines and CRC-protected R-MSFIS.19, portable test equipment to the Replacement MSFIS and redundant R-MSFIS 21, 5.2.6.b.2 System during performance of testing. 4 -2 communication links. R-MSFIS.61 7.9, 8.7, 11.6 The ALS system has an advanced self test capability.

All boards within the rack have the capability to R-MSFIS.12, perform autonomously self R-MSFIS.13, Controls Seller shall provide three test types or test. Single event errors will be detected with the use R-MSFIS.14, detection capabilities to verify the proper operation of of redundant logic, BIST engines and CRC-protected R-MSFIS.19, the Replacement MSFIS System and redundant R-MSFIS 21, 5.2.6 to perform the intended safety function. 4 -2 communication links. R-MSFIS.61 7.9, 8.7, 11.6 The ALS system has an advanced self test capability.

All boards within the rack have the capability to R-MSFIS.12, perform autonomously self R-MSFIS.13, test. Single event errors will be detected with the use R-MSFIS.14, Manual System Test: of redundant logic, BIST engines and CRC-protected R-MSFIS.19,

a. Ability to manually test required inputs and/or and redundant R-MSFIS 21, 5.2.6.1 outputs required to perform the safety function 4-2 communication links. R-MSFIS.61 7.9, 8.7, 11.6 The ALS system has an advanced self test capability.

All boards within the rack have the capability to R-MSFIS.12, Manually Initiated Automatic Test: perform autonomously self R-MSFIS.13,

a. Ability to manually initiate automatic test(s) and/or test. Single event errors will be detected with the use R-MSFIS.14, detection capabilities which monitor or test the ability of redundant logic, BIST engines and CRC-protected R-MSFIS.19, of the system to perform the and redundant R-MSFIS 21, 5.2.6.2 required safety function. 4 -2 communication links. R-MSFIS.61 7.9, 8.7, 11.6 The ALS system has an advanced self test capability.

Automatic Exception Detection: All boards within the rack have the capability to R-MSFIS.12,

a. The system shall be designed such that the system perform autonomously self R-MSFIS.13, is fully deterministic and shall automatically detect test. Single event errors will be detected with the use R-MSFIS.14, improper operation of the of redundant logic, BIST engines and CRC-protected R-MSFIS.19, system's ability to perform the required safety and redundant R-MSFIS 21, 5.2.6.3 function. 4-2 communication links. R-MSFIS.61 7.9, 8.7, 11.6 R-MSFIS.12, R-MSFIS.13, R-MSFIS.14, R-MSFIS.19, The MSFIS test circuits shall provide one contact set R-MSFIS 21, 5.2.6.3 for each actuation train for each valve. 5.3.2 5.3.2 BYPASS Output R-MSFIS.61 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 22 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.12, R-MSFIS.13, The scope of the MSFIS project is to replace the R-MSFIS.14, The contacts shall be open for normal operation and existing MSFIS controls, with a control system based R-MSFIS.19, shall close at the appropriate test step as described on the Advanced Logic R-MSFIS 21, 5.2.6.3 below. 2.1-1 System (ALS) technology. R-MSFIS.61 7.9, 8.7, 11.6 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry- R-MSFIS.12, contact relay output - labeled BYPASS is provided. R-MSFIS.13, The relay provides a drycontact R-MSFIS.14, to the SSPS test circuitry used during slave relay R-MSFIS.19, testing. There are a total of 16 outputs from MSFIS to R-MSFIS 21, 2.3.4.3 SSPS. R-MSFIS.61 7.9, 8.7, 11.6 R-MSFIS.12, R-MSFIS.13, R-MSFIS.14, R-MSFIS.19, R-MSFIS 21, 5.3 5.3 STATUS and BYPASS Logic R-MSFIS.61 7.9, 8.7, 11.6 R-MSFIS.12, R-MSFIS.13, R-MSFIS.14, R-MSFIS.19, R-MSFIS 21, 5.3.1 5.3.1 STATUS Output R-MSFIS.61 7.9, 8.7, 11.6 R-MSFIS.12, R-MSFIS.13, R-MSFIS.14, R-MSFIS.19, R-MSFIS 21, 5.3.2 5.3.2 BYPASS Output R-MSFIS.61 7.9, 8.7, 11.6 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry- R-MSFIS.12, contact relay output - labeled BYPASS is provided. R-MSFIS.13, These contacts will be used to enable test circuits in The relay provides a drycontact R-MSFIS.14, the Safeguards Test Cabinets to verify proper to the SSPS test circuitry used during slave relay R-MSFIS.19, transmission and to verify the testing. There are a total of 16 outputs from MSFIS to R-MSFIS 21, 5.2.6.3 response to the ESFAS command. 2.3.4.3 SSPS. R-MSFIS.61 7.9, 8.7, 11.6 The primary concept behind ALS is to provide a high integrity safety actuation system to ensure the plant system's safety function is always available on demand. The ALS achieves this by implementing distributed control where no single failure will result in an untimely actuation, which in most cases results in a plant trip, or fail to perform the safety function (fail to actuate on-demand). The distributed control is achieved by having multiple autonomous boards in the 5.2.7.b b.Replacement MSFIS System Configuration 2.1-2 system each controlling a part of the system. Each.. R-MSFIS.16 7.9, 8.7, 11.6 1 1 1/25/2009 Revision 2.5 23 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Decito Description offRqieetCSl Requirement Req ClestPlaC__Reort Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The primary concept behind ALS is to provide a high integrity safety actuation system to ensure the plant system's safety function is always available on demand. The ALS achieves this by implementing distributed control where no single failure will result in The replacement MSFIS System shall be an an untimely actuation, which in most cases results in a advanced-hardware-based solid-state control system plant trip, or fail to perform the safety function (fail to which will receive defined actuate on-demand). The distributed control is inputs and develop defined outputs as specified to achieved by having multiple autonomous boards in the 5.2.7.b control the valves 2.1-2 system each controlling a part of the system. Each.. R-MSFIS.16 7.9, 8.7, 11.6 The Replacement MSFIS System shall include the The replacement system will replace the existing overall electronic functions of input buffers, system hardware in both MSFIS cabinets, SA075A and logic, and then output relay SA075B. After replacement, each cabinet will contain 5.2.7.b drivers. 2.1-3 the following components: R-MSFIS.16 7.9, 8.7, 11.6 The replacement project will implement new digital control systems, new power supplies, new assembly panels and new vendor wiring. The full component list related to the MSFIS 2.1-4 replacement project can be seen in [2]. R-MSFIS.16 7.9, 8.7, 11.6 However, the Controls Seller shall configure the system, logic elements, circuit cards, and The replacement system will replace the existing interconnections to perform the required hardware in both MSFIS cabinets, SA075A and system functions and meet all requirements such as SA075B. After replacement, each cabinet will contain 5.2.7.b sufficient drive capacity for the actuator solenoids. 2.1-3 the following components: R-MSFIS.16 7.9, 8.7, 11.6 The replacement project will implement new digital control systems, new power supplies, new assembly panels and new vendor wiring. The full component list related to the MSFIS 2.1-4 replacement project can be seen in [2]. R-MSFIS.16 7.9, 8.7, 11.6 The replacement project will modify the functionality of the current MSFIS (per J-105A (Q) Rev. 2 requirements) [1]. This will include changes to the functions by which the Replacement MSFIS controls the replacement MSIVs and MFIVs. These changes account for the differences in the function of the existing and replacement MSIVs and MFIVs, that is, electro-pneumatic-hydraulic actuators, replaced by 2.1-6 system-medium actuators. R-MSFIS.16 7.9, 8.7, 11.6 2.3.5 Solenoid Output (A, B, C)

MSFIS provide output signals to control the valve actuator solenoids. There are three primary signals for controlling a particular 2.3.5 actuator; A, B, and C. R-MSFIS.16 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 24 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC J.0AQ Description of Requirement CSI Req CSI Test Plan CSI Reports CSI Req Description of Requirement CSI Test EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The replacement project will not re-use existing electronic boards, sub-racks, interconnecting wiring/cables, fuse blocks, circuit breakers, test panel, switches, indicators, power supplies, actuation relays, assembly panels etc. Nor will the replacement project include the actual installation of the replacement Controls Seller may choose to re-use the existing card MSFIS components in the MSFIS Cabinets, the new racks and interconnecting wiring to any extent feasible system-medium MSIV / MFIV actuators or any of the 5.2.7.b or to replace it all. 2.1-7 field cables. R-MSFIS.16 7.9, 8.7, 11.6 In each Cabinet, Controls Seller shall place the The replacement system will replace the existing operating logic for the four MSIVs on a separate hardware in both MSFIS cabinets, SA075A and system from the system where the MFIV logic is SA075B. After replacement, each cabinet will contain 5.2.7.b placed. 2.1-3 the following components: R-MSFIS.16 7.9, 8.7, 11.6 The MSFIS cabinets are located in the Control Room equipment cabinet area, which will normally be air conditioned; however, the system and components shall be selected to function continuously at ambient temperatures ranging from 65F to 84F at a relative 5.4 humidity from 20 to 70 percent. 2.8 2.8 Environmental Requirements R-MSFIS.6 5.5.2 5.5.2 Seismic Requirements 2.7 2.7 Seismic Requirements R-MSFIS.5 The existing MSFIS System is contained in two independent cabinets, one cabinet for each separation Customers existing NEMA-12 cabinet arrangement is 5.5.1 group. 3.1 reused as-is R-MSFIS.7 MSFIS replacement complies with EMI/RFI requirements of EPRI TR-102323 rev. 2, as modified by Regulatory Guide 1.180. No exceptions are taken to the EPRI TR-102323 rev.2. It is further required that 5.6.1 5.6.1 Noise Rejection and Tolerance 2.6 requirements in EPRI TR-102323 rev. 3 is met as well. R-MSFIS.4 5.6.2 5.6.2 Electrical Wiring 6.6 6.6 Assembly Panel wiring R-MSFIS.143 7.9, 8.7, 11.6 Wiring within the cabinet enclosure shall be suitable 5.6.2.a for a general-purpose, non-hazardous location. 6.6 6.6 Assembly Panel wiring R-MSFIS.143 7.9, 8.7, 11.6 Wiring shall be so arranged that instruments or devices may be removed and / or serviced without 5.2.6.b undue disturbance. 6.6 6.6 Assembly Panel wiring R-MSFIS.143 7.9, 8.7, 11.6 No wiring shall be routed across the face or rear of an instrument, junction box, or other device in a manner that will prevent or hinder the opening of covers or obstruct access to leads, terminals, devices, 5.6.2.c or instruments. 6.6 6.6 Assembly Panel wiring R-MSFIS.143 7.9, 8.7, 11.6 All wiring to field terminal blocks, except coaxial and triaxial, shall be made with solder-less ringtongue, 5.6.2.e compression-type connectors with insulated ferrules. 6.6 6.6 Assembly Panel wiring R-MSFIS.143 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 25 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 Where wiring must cross sharp metal edges, protection in the form of grommets or similar devices 5.6.2.f shall be provided. 6.6 6.6 Assembly Panel wiring R-MSFIS.143 7.9,8.7, 11.6 Wires shall be grouped in bundles and secured with 5.6.2.f nonflammable, nonmetallic tie bands. 6.6 6.6 Assembly Panel wiring R-MSFIS.143 7.9, 8.7, 11.6 Wiring shall not cross a panel door opening or be 5.6.2.g fixed to a panel door. 6.6 6.6 Assembly Panel wiring R-MSFIS.143 7.9, 8.7, 11.6 Internal wiring shall be identified with the Controls Seller's wire number at each termination to field terminal blocks by means of a plastic sleeve or similar 5.6.2.h permanent-type marker. 6.6 6.6 Assembly Panel wiring R-MSFIS.143 7.9, 8.7, 11.6 The replacement project will implement new digital control systems, new power supplies, new assembly panels and new vendor Wiring shall be installed as shown on the Controls wiring. The full component list related to the MSFIS 5.6.2.d Seller's wiring diagrams. 2.1-4 replacement project can be seen in [2]. R-MSFIS.143 7.9, 8.7, 11.6 2.5 2.5 Separation / Isolation / Independence / Diversity R-MSFIS.143 7.9, 8.7, 11.6 3.1 3.1 Existing MSFIS Cabinet R-MSFIS.143 7.9, 8.7, 11.6 6 6 MSFIS Assembly Panel R-MSFIS.143 7.9, 8.7, 11.6 R-MSFIS.77, R-MSFIS.78, 5.6.3 5.6.3 Power Supply 4.3.9 4.3.9 ALS-905: Power Supply Board R-MSFIS.79 7.9, 8.7, 11.6 R-MSFIS.77, R-MSFIS.78, 13.10 13.10 ALS-905: Power Supply Unit Board R-MSFIS.79 7.9, 8.7, 11.6 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be R-MSFIS.77, located in separate cabinets: ? MSFIS Channel I R-MSFIS.78, (Separation Group 1) located in MSFIS Cabinet R-MSFIS.79, 5.6.3.a a. Sources 2.1 -2 SA075A - also referred to as train A. R-MSFIS.144 7.9, 8.7, 11.6 The incoming voltage level on all power supply modules will be a nominal 125 Volts DC, normally R-MSFIS.77, operated at 135 Volts DC. The designed operating R-MSFIS.78, range of the existing 125 Volt DC System is 140 R-MSFIS.79, 5.6.3.a Volts DC to 105 Volts DC. 4.3.9 4.3.9 ALS-905: Power Supply Board R-MSFIS.144 7.9, 8.7, 11.6 R-MSFIS.77, R-MSFIS.78, 5.6.3.b b. Replacement Power Supply Modules 4.3.9 4.3.9 ALS-905: Power Supply Board R-MSFIS.79 7.9, 8.7, 11.6 For the Replacement MSFIS System, the Controls Seller shall provide replacement power supply modules rated at DC voltage level(s) appropriate to feed all of the electrical loads in the Replacement R-MSFIS.77, MSFIS System plus any components retained from R-MSFIS.78, 5.6.3.b the existing design 4.3.9 4.3.9 ALS-905: Power Supply Board R-MSFIS.79 7.9, 8.7, 11.6 R-MSFIS.77, The replacement power supplies shall have an input R-MSFIS.78, 5.6.3.b voltage operating range of 105VDC - 140VDC. 4.3.9 4.3.9 ALS-905: Power Supply Board R-MSFIS.79 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 26 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The Controls Seller shall also determine whether any separate supplies are required at a given voltage level R-MSFIS.77, to separate electronic circuits from the effects of high- R-MSFIS.78, 5.6.3.b current switched loads. 4.3.9 4.3.9 ALS-905: Power Supply Board R-MSFIS.79 7.9, 8.7, 11.6 The existing 125 Volt DC System has the capability to deliver a short circuit current of 11,070 Amperes. All electrical protective devices provided by R-MSFIS.77, the Controls Seller shall be capable of clearing R-MSFIS.78, 5.6.3.b this short circuit current 6.3 6.3 Fuses and Fuseholders R-MSFIS.79 7.9, 8.7, 11.6 R-MSFIS.77, R-MSFIS.78, 6.3.2 6.3.2 Fuses R-MSFIS.79 7.9, 8.7, 11.6 Each voltage level in each cabinet shall have a pair of redundant and parallel power supply modules R-MSFIS.77, and capability to shift all load to one module in case of R-MSFIS.78, 5.6.3.b failure of the other one 4.3.9 4.3.9 ALS-905: Power Supply Board R-MSFIS.79 7.9, 8.7, 11.6 Each pair of redundant power supply modules shall have provision for hot replacement "swapping" of one R-MSFIS.77, module while the other R-MSFIS.78, 5.6.3.b continues in service. 4.3.9 4.3.9 ALS-905: Power Supply Board R-MSFIS.79 7.9, 8.7, 11.6 Hot replacement by front-pull-out is preferred, but R-MSFIS.77, other configurations R-MSFIS.78, 5.6.3.b may be considered 4.3.9 4.3.9 ALS-905: Power Supply Board R-MSFIS.79 7.9, 8.7, 11.6 The replacement project will not re-use existing electronic boards, sub-racks, interconnecting wiring/cables, fuse blocks, circuit breakers, test panel, switches, indicators, power supplies, actuation relays, Controls Seller may choose to modify or totally assembly panels etc. Nor will the replacement project replace the existing power supply rack. Final include the actual installation of the replacement configuration of the power supply rack and final MSFIS components in the MSFIS Cabinets, the new R-MSFIS.77, configuration of the provisions for hot replacement are system-medium MSIV / MFIV actuators or any of the R-MSFIS.78, 5.6.3.b subject to Buyer's approval 2.1-7 field cables. R-MSFIS.79 7.9, 8.7, 11.6 R-MSFIS.77, R-MSFIS.78, 4.3.9 4.3.9 ALS-905: Power Supply Board R-MSFIS.79 7.9, 8.7, 11.6 Each replacement power supply module shall have sufficient capacity to supply all assigned loads with R-MSFIS.77, 15% spare capacity while the redundant power supply R-MSFIS.78, 5.6.3.b module is out of service 4.3.9 4.3.9 ALS-905: Power Supply Board R-MSFIS.79 7.9, 8.7, 11.6 The system shall have the capability ("health") to detect loss of each power supply module's capability R-MSFIS.77, to assume the full load R-MSFIS.78, 5.6.3.b assigned to the redundant pair. 5.4 5.4 Alarm-Logic R-MSFIS.79 7.9, 8.7, 11.6 Loss of any power supply module's capability

("health") shall be one of the inputs to the R-MSFIS.77, Replacement MSFIS System's new summary trouble R-MSFIS.78, 5.6.3.b alarm circuit. 5.4 15.4 Alarm-Logic R-MSFIS.79 7.9, 8.7, 11.6 1 1/25/2009 Revision 2.5 27 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 Each pair of redundant power supply modules shall have provision for load sharing whenever both are in R-MSFIS.77, service and both have no R-MSFIS.78, 5.6.3.b failure detected 4.3.9 4.3.9 ALS-905: Power Supply Board R-MSFIS.79 7.9, 8.7, 11.6 5.6.3.c c. Outputs 6.3 6.3 Fuses and Fuseholders R-MSFIS.142 7.9, 8.7, 11.6 R-MSFIS.77, R-MSFIS.78, 5.6.3.d d. Operation R-MSFIS.79 7.9, 8.7, 11.6 The MSFIS shall operate as required with the stated power supply without producing spurious actuation or R-MSFIS.77, failure to produce a required R-MSFIS.78, 5.6.3.d response to accident conditions. R-MSFIS.79 7.9, 8.7, 11.6 Controls Seller shall provide wiring harnesses as 5.6.4 required to interconnect all equipment provided. 6.6 6.6 Assembly Panel wiring R-MSFIS.145 7.9, 8.7, 11.6 Wrap-type terminals are not permitted on new 5.6.4 connectors /wiring harnesses. 6.6 6.6 Assembly Panel wiring R-MSFIS.145 7.9, 8.7, 11.6 If Controls Seller uses new connectors, the connectors shall be a type which will meet seismic and noise requirements as specified 5.6.4 elsewhere in the specification. 6.6 6.6 Assembly Panel wiring R-MSFIS.145 7.9, 8.7, 11.6 2.3.4.1 Annunciator Output (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs - R-MSFIS.23, one alarm from the MS-rack and one alarm from the R-MSFIS.25, 5.6.7 5.6.7 Trouble Alarm 2.3.4.1 FW-rack. In total the R-MSFIS.124 7.9, 8.7, 11.6 R-MSFIS.23, R-MSFIS.25, 5.4 5.4 Alarm-Logic R-MSFIS.124 7.9, 8.7, 11.6 2.3.4.1 Annunciator Output (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs - R-MSFIS.23, Controls Seller shall develop a summary trouble alarm one alarm from the MS-rack and one alarm from the R-MSFIS.25, 5.6.7.a in each system cabinet. 2.3.4.1 FW-rack. In total the R-MSFIS.124 7.9, 8.7, 11.6 R-MSFIS.23, R-MSFIS.25, 1 5.4 5.4 Alarm-Logic R-MSFIS.124 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 28 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 2.3.4.1 Annunciator Output (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs - R-MSFIS.23, The alarm shall provide a normally-open, open-to- one alarm from the MS-rack and one alarm from the R-MSFIS.25, 5.6.7.a alarm dry contact or equivalent. 2.3.4.1 FW-rack. In total the R-MSFIS.124 7.9, 8.7, 11.6 R-MSFIS.23, R-MSFIS.25, 5.4 5.4 Alarm-Logic R-MSFIS.124 7.9, 8.7, 11.6 2.3.4.1 Annunciator Output (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs - R-MSFIS.23, The alarm shall be wired to spare points on an one alarm from the MS-rack and one alarm from the R-MSFIS.25, 5.6.7.a existing terminal block in each cabinet. 2.3.4.1 FW-rack. In total the R-MSFIS.124 7.9, 8.7, 11.6 R-MSFIS.125, R-MSFIS.126, R-MSFIS.127, R-MSFIS.128, R-MSFIS.129, R-MSFIS.130, R-MSFIS.131, The following items are suggested as a minimum list R-MSFIS.132, 5.6.7.b of conditions which should be alarmed: 5.4 15.4 Alarm-Logic R-MSFIS.133 7.9, 8.7, 11.6 1 1 1/25/2009 Revision 2.5 29 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CS1Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.125, R-MSFIS.126, R-MSFIS.127, R-MSFIS.128, R-MSFIS.129, R-MSFIS.130, R-MSFIS.131 R-MSFIS.132, 5.6.7.b Any DC power supply module loss of capability 5.4 5.4 Alarm-Logic R-MSFIS.133 7.9, 8.7,11.6 R-MSFIS.126, R-MSFIS.127, R-MSFIS.128, R-MSFIS.129, R-MSFIS.130, R-MSFIS.131, R-MSFIS.132, 5.6.7.b Any circuit card removed 5.4 5.4 Alarm-Logic R-MSFIS.133 7.9, 8.7,11.6 R-MSFIS.125, R-MSFIS.126, R-MSFIS.127, R-MSFIS.128, R-MSFIS.129, R-MSFIS.130, R-MSFIS.131, Any external test apparatus is connected to the R-MSFIS.132, 5.6.7.b system 5.4 5.4 Alarm-Logic R-MSFIS.133 7.9,8.7,11.6 1 1 1/25/2009 Revision 2.5 30 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.125, R-MSFIS.126, R-MSFIS.127, R-MSFIS.128, R-MSFIS.129, R-MSFIS.130, R-MSFIS.131 R-MSFIS.132, 5.6.7.b Any output sequence incomplete 5.4 5.4 Alarm-Logic R-MSFIS.133 7.9, 8.7, 11.6 R-MSFIS.125, R-MSFIS.126, R-MSFIS.127, The ALS system has an advanced self test capability. R-MSFIS.128, All boards within the rack have the capability to R-MSFIS.129, perform autonomously self test. Single event errors will R-MSFIS.130, be detected with the use of redundant logic, BIST R-MSFIS.131, engines and CRC-protected and redundant R-MSFIS.132, 4-2 communication links. R-MSFIS.133 7.9, 8.7, 11.6 The trouble alarm logic shall include a means to 5.6.7.c indicate which trouble condition caused the alarm. 5.4 5.4 Alarm-Logic R-MSFIS.26 7.9, 8.7, 11.6 2.3.4.1 Annunciator Output (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs -

The indication shall be displayed at the MSFIS one alarm from the MS-rack and one alarm from the 5.6.7.c Cabinet. 2.3.4.1 FW-rack. In total the R-MSFIS.26 7.9, 8.7, 11.6 1 1 1/25/2009 Revision 2.5 31 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The replacement system will replace the existing R-MSFIS.141, hardware in both MSFIS cabinets, SA075A and RMSFIS.142 SA075B. After replacement, each cabinet will contain , R-5.6.8 5.6.8 Fuses and Fuse Blocks 2.1-3 the following components: MSFIS.143 7.9, 8.7, 11.6 R-MSFIS.141, R-MSFIS.142, 6.2 6.2 Power Distribution Blocks R-MSFIS.143 7.9, 8.7, 11.6 R-MSFIS.141, R-MSFIS.142, 6.3 6.3 Fuses and Fuseholders R-MSFIS.143 7.9, 8.7, 11.6 R-MSFIS.141, R-MSFIS.142, 6.3.2 6.3.2 Fuses R-MSFIS.143 7.9, 8.7, 11.6 Distribution of 125 Volt DC power to the output solenoid valves is shown in Appendix B. The distribution scheme includes separate assigned fuses for each output solenoid valve in the field. Additional R-MSFIS.141, nominal 3.2 ampere fuses R-MSFIS.142, 5.6.8 and fuse blocks are required to meet this requirement 6.3 6.3 Fuses and Fuseholders R-MSFIS.143 7.9, 8.7, 11.6 R-MSFIS.141, R-MSFIS.142, 1 6.3.2 6.3.2 Fuses R-MSFIS.143 7.9, 8.7, 11.6 The scope of work The replacement system will replace the existing includes procurement, location, seismic qualification, hardware in both MSFIS cabinets, SA075A and R-MSFIS.141, and all other pertinent factors for the additional fuses SA075B. After replacement, each cabinet will contain R-MSFIS.142, 5.6.8 and fuse blocks. 2.1-3 the following components: R-MSFIS.143 7.9, 8.7, 11.6 R-MSFIS.141, R-MSFIS.142, 6.2 6.2 Power Distribution Blocks R-MSFIS.143 7.9, 8.7, 11.6 R-MSFIS.141, R-MSFIS.142, 6.3 6.3 Fuses and Fuseholders R-MSFIS.143 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 32 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5

-WCNOC Description of Requirement CS6Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 R-MSFIS.141, R-MSFIS.142, 6.3.2 6.3.2 Fuses R-MSFIS.143 7.9, 8.7, 11.6 5.6.9 5.6.9 EMI / RFI Requirements 2.6 2.6 EMI Requirements R-MSFIS.4 7.9, 8.7, 11.6 The Replacement MSFIS System shall comply with the EMI / RFI requirements of EPRI TR-1 02323 as 5.6.9 modified by Regulatory Guide 1.180 2.6 2.6 EMI Requirements R-MSFIS.4 7.9, 8.7, 11.6 The Controls Seller's scope of work includes any 5.6.9 required corrective action 2.6 2.6 EMI Requirements R-MSFIS.4 7.9, 8.7, 11.6 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets: ? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A - also referred to 5.9 5.9 Redundancy, Separation, and Diversity 2.1 -2 as train A. R-MSFIS.1 7.9, 8.7, 11.6 2.5 2.5 Separation / Isolation / Independence / Diversity R-MSFIS.1 7.9, 8.7, 11.6 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets: ? MSýFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A - also referred to 5.9.1 5.9.1 Independence 2.1 -2 as train A. R-MSFIS.1 7.9, 8.7, 11.6 1 2.5 2.5 Separation / Isolation / Independence / Diversity R-MSFIS.1 7.9, 8.7, 11.6 The current channel separation scheme applied to the overall plant design will be maintained. The two Separation Groups (trains) are be electrically and redundant and equivalent MSFIS subsystems will be physically isolated from each other so that events located in separate cabinets: ? MSFIS Channel I (including faults) affecting one element do not affect (Separation Group 1) located in MSFIS Cabinet 5.9.1 the others in any way 2.1 -2 SA075A - also referred to as train A. R-MSFIS.1 7.9, 8.7, 11.6 The Controls Seller shall provide electrical isolation and physical separation to develop the required 5.9.1 independence on the Replacement MSFIS System 2.5 2.5 Separation / Isolation / Independence / Diversity R-MSFIS.1 7.9, 8.7, 11.6 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets: ? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A - also referred to 5.9.3 5.9.3 Separation 2.1 -2 as train A. R-MSFIS.1 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 33 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets: ? MSFIS Channel I (Separation Group 1)

a. Physical separation shall be in accordance with located in MSFIS Cabinet SA075A - also referred to 5.9.3.a IEEE 384 as modified by Regulatory Guide 1.75. 2.1 -2 as train A. R-MSFIS.1 7.9, 8.7, 11.6 CSI 6002-00004 CSI 6002-00208 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent

b. Equipment for one actuation channel or one MSFIS subsystems will be located in separate measurement channel shall be separated physically cabinets: ? MSFIS Channel I (Separation Group 1) by a barrier from any other located in MSFIS Cabinet SA075A - also referred to 5.9.3.b actuation channel or measurement channel. 2.1 -2 as train A. R-MSFIS.1 7.9, 8.7, 11.6 CSI 6002-00004 CSI 6002-00208 The wiring and terminal block arrangement within a given cabinet or isolated compartment shall allow for The current channel separation scheme applied to the a minimum physical separation of six inches or use of overall plant design will be maintained. The two This is the current design of the plant, and left to Wolf Creek's fireproof barriers. Suitable means to implement IEEE redundant and equivalent responsibility 384 are contained in IEEE 420. Wiring MSFIS subsystems will be located in separate separated by barriers shall maintain a 1-inch cabinets: ? MSFIS Channel I (Separation Group 1) separation (or an equivalent of thermal insulation) located in MSIIS Cabinet SA075A - also referred to 5.9.3.b between the barrier and the wire. 2.1 -2 as train A.

The current channel separation scheme applied to the

c. Wiring of any separation group shall be separated overall plant design will be maintained. The two from any other group except as permitted by IEEE redundant and equivalent Standard 384 and except that MSFIS subsystems will be located in separate Group 5 and Group 6 wiring do not have to be cabinets: ? MSFIS Channel I (Separation Group 1) separated from each other, but must be separated located in MSFIS Cabinet SA075A - also referred to 5.9.3.c from the other groups. 2.1 -2 as train A. R-MSFIS.1 7.9, 8.7, 11.6 CSI 6002-00004 CSI 6002-00208 Due to the specialized nature of the equipment supplied under this Specification, the following provisions are required: a. Per Section 1.1 item 9, the initial stock of spare parts included in the basic scope Contractual Requirement (WCNOC PO 734448) shall be the quantity of each item reasonably estimated as necessary for twenty years' consumption. The initial stock of spare parts is the 6.1.1.a responsibility of the Controls Seller. 10 10 Appendix B: Spare Parts

b. Controls Seller shall maintain the documentation, tooling, personnel expertise, access to materials, and any other necessary factor to enable the Controls Seller to produce additional spare parts items, within a Contractual Requirement (WCNOC PO 734448) reasonable lead time and at a reasonable price. Parts shall be provided as Commercial Grade items.

Controls Seller shall maintain this capability for the 6.1.1.b foreseeable future. 10 10 Appendix B: Spare Parts I 1/25/2009 Revision 2.5 34 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The ALS system has an advanced self test capability.

All boards within the rack have the capability to perform autonomously self test. Single event errors will R-MSFIS.8, R be detected with the use of redundant logic, BIST MSIFS.12, R-engines and CRC-protected and redundant MSFIS.13, R-6.2.1 6.2.1 Test Regime 4-2 communication links. MSFIS.14 7.9, 8.7, 11.6 The ALS system has an advanced self test capability.

All boards within the rack have the capability to perform autonomously self test. Single event errors will R-MSFIS.8, R-be detected with the use of redundant logic, BIST MSFIS.9, R-engines and CRC-protected and redundant MSFIS.10, R-6.2.2 6.2.2 Other Special Tools 4-2 communication links. MSFIS.11 7.9, 8.7, 11.6 Execution of CSI Test Plan Prior to shipment, the assembled and wired 6101-00004 equipment shall be tested at the factory in the at CSI's 10 presence of the Buyer. facility CSI 6101-00200(

10.1 Seismic Required seismic tests are specified in Section 5.5.2 and the Attachments. Test documentation is specified 10.1 in Section 13.6. NI 9715-S-128P NI: WCN-9715 R NI: WCN-9715R, CSI 6101-00200, NI 9715-S-128P, CSI 6002-00200, 10.3.1 Replacement MSFIS System components shall NI 9715-EMC- CSI 6002-00206, be tested in accordance with the Controls Seller's and 01, CSI 6002- CSI 6002-00207, 10.3.1 Qualification Seller's standard test procedure. 00004 CSI 6002-00208 10.3.2 All Controls Seller wiring outside of the card rack shall be given a dielectric test in accordance with NI 9715 TPS-10.3.2 NEMA Standard Publication ICS-1-2000 9064 NI: WCN-9715R The dielectric testing shall be performed by the NI 9715 TPS-10.3.2 Qualification Seller. _9064 NI: WCN-9715R 10.3.3 Wiring tests shall include point-to-point CSI 6101- NI 9715 TPS-10.3.3 continuity tests. 00004 CSI 6101-00200 9064 NI: WCN-9715R 10.3.4 The Controls Seller shall be responsible for proper preparation of instruments and devices that CSI 6101- NI 9715 TPS-10.3.4 may be damaged by high-voltage tests 00004 CSI 6101-00200 9064 NI: WCN-9715R 10.4.1 The Qualification Seller shall submit, for Buyer's approval, the proposed factory acceptance test procedures to demonstrate compliance with the CSI 6101-10.4.1 functional requirements of this Specification 00004 NI 9715-S-128P, NI 9715-EMC-The procedures shall be approved by Buyer prior to CSI 6101- 01, CSI 6002-10.4.1 the completion of system fabrication and assembly. 00004 00004 10.4.2 The MSFIS equipment shall undergo a CSI 6101-10.4.2 complete functional test that shall prove the correct 1 100004 CSI 6101-002001 1/25/2009 Revision 2.5 35 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 Tests shall be initiated in manual mode, applying CSI 6101-10.4.2 simulated signals at the input terminals. 00004 CSI 6101-00200 10.4.3 The MSFIS equipment shall be tested at the input terminals by applying all possible trip combinations as input signals for all possible system CSI 6101-10.4.3 states 00004 CSI 6101-00200 10.4.4 Each actuation interface shall be individually tested through manual inputs and through the relative CSI 6101-10.4.4 actuation logic. 00004 CSI 6101-00200 Testing shall be conducted to demonstrate compliance with the EMI / RFI requirements of EPRI NI 9715-EMC- NI: WCN-9715R, TR-102323 as modified by Regulatory 01, CSI 6002- CSI 6101-00200, 10.7 Guide 1.180. 100004 CSI 6002-00200, The Controls Seller's scope of work focuses on selection and production of new items for replacement of existing items, the Controls Seller is also responsible for system selection to perform the Contractual Requirement (WCNOC PO 734448) required system functions. The Qualification Seller is responsible for factors such as seismic qualification, The scope of the MSFIS project is to replace the etc., applied to the final integrated system and cabinet existing MSFIS controls, with a control system based 1.1.1 configuration. 2.1-1 on the Advanced Logic System (ALS) technology.

Replacement of the existing MSFIS system components in the form of circuit cards. The existing system includes input buffer cards, valve controller module cards, and relay driver cards. These components shall be replaced by a logic-controller- The replacement system will replace the existing based system which performs the required functions hardware in both MSFIS cabinets, SA075A and of the replacement MSIVs and MFIVs. Replacement SA075B. After replacement, each cabinet will contain 1.1.2 of the racks which contain and support these 2.1-3 the following components: R-MSFIS.1 7.9, 8.7, 11.6 The replacement project will implement new digital control systems, new power supplies, new assembly panels and new vendor wiring. The full component list related to the MSFIS replacement project can be seen

_2.1-4 in [2]. R-MSFIS.1 7.9, 8.7, 11.6 The ALS system has an advanced self test capability.

Appropriate test capability for the replacement All boards within the rack have the capability to system. The existing system's Manual Test Panel perform autonomously self test. Single event errors will may be re-used as is, modified as appropriate, or be detected with the use of redundant logic, BIST completely replaced as required by the replacement engines and CRC-protected and redundant 1.1.3 system configuration. 4-2 communication links. R-MSFIS.12 7.9, 8.7, 11.6 1 1 1/25/2009 Revision 2.5 36 of 38

Enclosure to MSFtS V and V Report (Requirements TraceabituiW Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 2.3.4.1 Annunciator Output (ALARM) The ALARM output, also referred to as 'annunciator output' or

'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition. Each cabinet has two separate Provide an output dry contact or equivalent in each trouble alarm outputs - one alarm from the MS-rack 1.1.4 MSFIS Cabinet for a new summary trouble alarm. 2.3.4.1 and one alarm from the FW-rack. In total the R-MSFIS.16 7.9, 8.7, 11.6 Replacement of the existing system power supply modules with redundant hot-swappable power supply R-MSFIS.77, 1.1.5 modules. 4.3.9 4.3.9 ALS-905: Power Supply Board R-MSFIS.79 7.9, 8.7, 11.6 The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and R-MSFIS.141, Replacement of output relays and bases and supply SA075B. After replacement, each cabinet will contain R-MSFIS.142, 1.1.6 of new surge suppressors. 2.1-3 the following components: R-MSFIS.143 7.9, 8.7, 11.6 2.3.5 Solenoid Output (A, B, C) MSFIS provide output signals to control the valve actuator solenoids. There R-MSFIS.141, are three primary signals for controlling a particular R-MSFIS.142, 2.3.5 actuator; A, B, and C. R-MSFIS.143 7.9, 8.7, 11.6 R-MSFIS.141, R-MSFIS.142, 16.5 6.5 Surge Protection R-MSFIS.143 7.9, 8.7, 11.6 1 1 The primary concept behind ALS is to provide a high integrity safety actuation system to ensure the plant system's safety function is always available on demand. The ALS achieves this by implementing distributed control where no single failure will result in an untimely actuation, which in most cases results in a plant trip, or fail to perform the safety function (fail to Mounting hardware and wiring devices as necessary actuate on-demand). The distributed control is R-MSFIS.141, to mount the replacement components and achieved by having multiple autonomous boards in the R-MSFIS.142, 1.1.7 interconnect them to each other and existing circuits. 2.1-2 system each controllina a Dart of the system. Each.. R-MSFIS.143 7.9. 8.7. 11.6 The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and R-MSFIS.141, SA075B. After replacement, each cabinet will contain R-MSFIS.142, 2.1-3 the following components: R-MSFIS.143 7.9, 8.7, 11.6 1/25/2009 Revision 2.5 37 of 38

Enclosure to MSFIS V and V Report (Requirements Traceability Matrix) Rev. 2.5 WCNOC Description of Requirement CSI Req Description of Requirement CSI Test Plan CSI Reports EQ Plans EQ Reports J-105A(Q) 6101-00002 6101-00004 6101-00200 The replacement project will not re-use existing electronic boards, sub-racks, interconnecting wiring/cables, fuse blocks, circuit breakers, test panel, switches, indicators, power supplies, actuation relays, assembly panels etc. Nor will the replacement project include the actual installation of the replacement MSFIS components in the MSFIS Cabinets, the new R-MSFIS.141, system-medium MSIV / MFIV actuators or any of the R-MSFIS.142, 2.1-7 field cables. R-MSFIS.143 7.9, 8.7, 11.6 The ALS system has an advanced self test capability.

All boards within the rack have the capability to perform autonomously self test. Single event errors will R-MSFIS.8, R be detected with the use of redundant logic, BIST MSFIS.9, R-engines and CRC-protected and redundant MSFIS.1O, R-1.1.8 Required new portable test equipment. 4-2 communication links. MSFIS.11 7.9, 8.7, 11.6 1 1/25/2009 Revision 2.5 38 of 38