Forwards NRC Re Addl Info for NRC Staff Review of CESSAR-Design Certification

ML20092L064
Person / Time
Site:	05200002
Issue date:	02/18/1992
From:	Brinkman C ABB ATOM, INC. (FORMERLY ASEA ATOM, INC.), ABB COMBUSTION ENGINEERING NUCLEAR FUEL (FORMERLY
To:	NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM)
References
LD-92-022, LD-92-22, NUDOCS 9202260141
Download: ML20092L064 (51)
v • d • e

Text

m 1

, r

~

ABB ASEA BROWN BOVERI February 18,1992 LD 92 022 Docket No.52-002 U.S Nuclear Regulatory Commission Attn: Document Control Desk Washington, DC 20555

Subject:

Response to NRC Requests for Additional Information Refer:nce: Letter, Iluman Factors Assessment Branch RAls, T. V. Wambach (NRC) to E. II. Kennedy (C-E), dated September 19,1991.

Dear Sirs:

The Reference requested additional information for -the NRC staff review of the Combustion Engineering Standard Safety Anelysis Report - Design Certification (CESSAR-DC), Enclosure I to this letter provides responses to those questions and associated changes to CESSAR-DC.

As part cithe request for standardized procedures and training materials in the Reference, the NRC made the following statement:

"In your submittal dated April 12,1991, you stated in part that you intend 'to comply with the staff's ' training- and procedures' position by providing -

standardized training and operation procedures guidance. This guidance would  ;

then be input to the site-specific training program and operating procedures."

The C-E submittal failed to provide any additional detailed information on these procedural and training materials. C-E must provide this information for review as part of the design certification process."

It is C-E's intention to provide input to owner / operators for their detailed plant procedures and operational programs in the form of an Operational Support Information Program (OSIP). Ilowever, C-E has been cau_tioned by both the C-E_ System 80+ Executive Advisory Committee and the NUMARC Standardization Oversight Working Group that the issues

-addressed in RAl's 620.6 2 0.10 are _within the purview of the NPOC Strategic Plan Building Block #7 endtled," Enhanced Standardization Beyond Design " In the period since -

our April 12,1991 (esponse, NPOC has assigned _the industry lead for Block #7 to INPO.

A description of the Block #7 Action Plan (November 1991 Revision) is provided in -

Enclosure 11.

ABB Combustion Engineering Nuc. ear Power

-)

g q g go7)n Engineemg. w 0 Pros tH Road T* (203 88 1911 9202260141 920218 wmsor, connew 06095R40 h 99297 COMBEN WSOf1 )

PDR ADOCK 05200002 A PDR l

_o

2 In order to preclude undermining the extensive industry effort associated with standardization of plants during the operational phase, C-E tubmits that it would be inappropriate to include the OSIP within the design certification rule. This ;pic would be more apprcpriately reviewed on the COL application after Building Block #7 is complete.

Should you have any questions on the enclosed material, please contact me or Mr. Stan Ritterbusch of my staff at (203) 285 5206.

Very truly yours, COMBUSTION ENGINEERING, INC.

t kw-C. B. Brinkman Acting Director Nuclear Systems Licensing SER:MLS

Enclosure:

As Stated cc: J. Trotter (EPRI)

T. Wambach (NRC) 1 6

th.,

Enclosure I to

'_, LD 92-022 RESPONSE TO NRC REQUESTS FOR ADDITIONAL INFORMATION HUMAN FACTORS ASSESSMENT BRANCII

I e

4

/,

Ouestion: TASK ACTION PLAN ITEM B-17 CRITERIA FOR SAFETY-RELATED OPERATOR ACTIOJS, C-E did not address this item. An assessment of how the System 80+ design me ts Item B-17 is required to close out this issue.

Response

Task Action Plan Item B-17 is addressed in Table Al-1, CESSAR-DC, Appendix A, dated 12/15/89. Item D-17 was identified as a category le item which is defined on Page A-1 of Appendix A as follows: "The issue has been superseded by one or more USI's end GSI's.

TMI Action-Plan Item I.D.1, Control Room Design Review, will address this concern. Automated, redundant, safety grade controls will be employed to reduce the potential for operator error during accident conditions.

The Operational Support Information (OSI) Program will provide or reference the material necessary to determine what safety related operator actions may be necessary in the emergency procedure guides. A description of this plan will be submitted in the near future.

hk' Cuestion: HUMAN FACTORS ISSUE ITEM HF4.4 GUIDELINES FOR UPGRADING OTHER PROCEDURES C-E did not address this item. An assessnent of how the System 80+ design meets Item HF4.4 is required to close out this issue.

Response

Human Factors Issue Item HF4.4 is addressed in Table Al-1, CESSAR-DC, Appendix A, dated 12/15/89. Item HF4.4 was ident!fied as a category id item which is defined on Page A-1 ot Appendix A as follows: "The NRC identified the issue as either an operational, environmental, licensing or NRC internal issue. NUREG-0933 identifies this issue as being resolved with no new requirements established."

The documents reed by the owner / operator to develop the types of procedures addressed by this issue will be developed throughout the design, construction and start-up phases as discussed in the Operational Support Information (OSI) Plan.

9

ICE-459(PC/133)/ct-8 3.

Qgstion GSI HF 5.1:

HUMAN FACTORS ISSUE ITEM HF5.1: LOCAL CONTROL STATIONS The C-E response to this item states, "The resolution of GSI HF5.1 is identified in GSI HF 1.3.4 and is addresse'd and resolved in this Appendix. Since GSI HF5.1 is subsumed by the above GSI, this issue is resolved for the System 80+ Standard Design".

Paragraph (a) of HF 1.3.4 MAN-MACHINE INTERFACE addresses local control nations.

The C-E response states, "cach local coatrol station shall be designed to meet the intent of the guidance given in Reference 2,3,4, and 5."

References referred to in the HF 1.3.4 MAN-MACillNE INTERFACE are:

Reference 2 -

Human Engineering Guide to Equipment Design Reference 3 -

MIL-STD 1472C Human Engineering Design Critoria for Military Systems, Equipment and Facilities Reference 4 -

NUREG-CR-3696 Potential Human Factors Deficiendes in the Design of Local Control Stations and Operator Interfaco in Nuclear Power Plants Reference 5 -

NUREG-0700 Guidelines for C0htfol Room Design Reviews Under the subsection of HF.1.3.4 entitled RESOLUTION, the reader is referred to Section 18.7.1.6.2 Component Control Strategies, for the Nuplex 80+ local control station design philosophy and Section 18.7.1.6.2.10 Component Control Flashing Status Indication, for a discusrion of alarms. Section 18.7.1.6.2 deals exclusively with hardware and describes hardware design features such as the ESFAS Control Signals, Bypassed or inoperable Status Monitoring, ESF Actuation Status Monitoring, Interlocks and Actuation Signals, Operator Selected Automatic Control Signals, Standby Control Functions, Process Signal or Component Selection, and Subgroup Controls.

The regulatory guidance, NUREG-0933 ITEM HF5.1: LOCAL CONTROL STATIONS, states: "Information will be developed to determine if guidance on local control station design and auxiliary operator interfaces with these stations is r_equired. To accomplish this task, job / task analyses of control room crew activities will be conducted to identify and describe communication and control links between the control room and auxiliary control stations. In addition, the functions of auxiliary personnel will be analyzed from the task analyses to estimate tSe potentialimpact of auxiliary personnel job errors on plant safety "

The regulatory guidance provided for item HF5.1:, LOCAL CONTROL STATIONS addresses the man-machine aspects of the use oflocal control sMions. The CESSAR-DC documentation which addresses Item 5.1: LOCAL CONTROL L , ATIONS describes the -

hardware attributes of some of the components and systems that will be located at local control stations.

ICE-459(PC/133)/ct-9

-In order to meet the intent of NUREG-0933 ITEM HF5.1: LOCAL CONTROL STATIONS, the man-machine interface issues must be addressed. C-E must provide additional documentation showing the process that was used and the results of the analyses described in NUREG 09.13 ITEM HF5.1. An assessment of the results of the studies and their impact on contrbl room and auxiliary operator tasks must be provided in order to close out this item.

Ecmonse GSI HF 5.1:

C-E has not designed the majority of local workstations for certification submittal. This work will be performed primarily during first-of a kind engineering activities. C-E will perform human factors analysis for all local control stations and man machine interfaces which require operation or monitoring in relatien to executing the Emergency Procedure Guidelines. - This includes the equivalent to " job / task analyses of control room crew activities that will be conducted to identify and describe communication and control lin's described in NUREG-0933, in that such situations are those which involve emergency procedure operation. At this time there are no local control stations envisioned for this purpose.

The man-machine interfaces at EPG-required local control statibn's will be identical to that in the main control room. The type of hardware, panel layout conventions, display format,-

navigation through software, color coding, and all other salient aspects of the MMI shall be the same. This is assured through C-E's design review process, described in the HF program plan, and through the application of standard design basis documents such as the Nuplex 80+ Information Systems Description Document (NPX80+-IC-SD 791-01) and the Human Factors Standards and Guidelines. Additionally, C-E's team of human factors experts performs reviews of local control stations.

The remote shutdown panels will receive a ftinctional task analysis and verification, the same as all control room panel designs. Additionally, the complete task analysis for the control room will include the MMI fo* local control stations having interface with the control room, precisely as described in the segment of NUREG 0933 indicated in the RAI question.

Other local control stations also receive man-machine interface design attention, although not to the level of the main control room or EPG-required local control stations, No formal human factors analyses have been conducted or are planned for non-EPG required local control stations. C-E uses review and design input by human-factors trained engineers as the primary method of assuring good man-machine interface at these local control stations. This is supplemented in several. ways. First, large sections of the Human Factors Standards and Guidelines pertain to the balance-of-plant (and MMI conventions do not differ from the control room to the balance of plant control stations). The Standards and Guidelines have been given to local control station designers for use in their design process, as have other project documents which pertain to the MMI (such as the Control Panel Layout Document).

Second, the C-E control room design team including human factors specialists, reviews all

ICE-459(PC/133)/cr-10 engineering documents, drawings and other System 80+ products to assure a consistent MMI with the control room. This, of course, ensures that an auxiliary operator moving between local control stations or a control room operator going to a local control station will have a consistent interface as well as one that meets regulatory requirements on a stand-alone basis.

Thus, negative transfer of training is avoided.

C-E does not intend to produce or document major analyses of non EPG required local control stations, since they follow the same guidance and design practice as the control room.

In order to review the local MMI conventions, a review of the control room design documents will provide the necessary details.

C-E is aware that job / task analyses for non-EPG required local control stations might result in improved inventory or arrangement of controls and indicators, liowever, due to the relatively uncomplicated nature of these interfaces, the designers and reviewas will be able to accomplish the task of developing an adequate local control station MMI without formal analysis. Further; given the lack of safety and time constraints in operation of these control stations, their detailed design will be conducted later in the design process and should not be required for certification submittal. t E does intend to control the interface format and review design of all aspects of the balance-of-plant man-machi~ne' interface, as described above.

m

ICE-459(PC/133)/cr-ll 4-Ouestion GSI HF 52 HUMAN FACTORS ISSUE ITEM HF5.2: REVIEW CRITERIA FOR HUMAN FACTORS ASPECTS OF ADVANCED INSTRUMENTATION AND CONTROLS (ANNUNCIATORST The C-E response to this item states, "The acceptance criteria for the resolution of GSI HF5.2 are encompassed in GSI HF1.3.4." Under RESOLUTION, the response states, "Since GSI HF5.2 is subsumed by the above GSI, this issue is resolved for the System 80+

Standard Design."

Under HF1.3.4: MAN-MACHINE INTERFACE paragraph (b) the C-E response states,

" annunciator systems shall be designed to incorporate the criteria in References 2 and 3, and meet the intent of References 5,6, and 7."

The reference referred to in the response are:

Reference 2 -

Human Engineering Guide for Equipment Design Reference 3 -

MIL-STD 1472C Human Engineering Design Criteria for Military Systems, Equipment and Facilities Reference 5 -

NUREG 0700 Guidelines for Control Room Design Reviews Reference 6 -

NUREG/CR-3217 Near-Te:m Improvements for Nuclear Power Plant Control Room Annunciator Systems Reference 7 -

NUREG/CR-3937 Computerized Alarm Systems Under RESOLUTION for this item, the C-E response states, "Tne Nuplex 80+ annunciator system meets the intent of the guidance and each of the basic functional criteria given in References 5 and 6...Of major importance is the reduction of stimulus overload which can occur during major transients. This reduction has been achieved by decreasing the number of alarm displays by using group alarm tiles with dynamic message windows and by including processing algorithms to generate the alarms." The reader is referred to Section 18.7.1.1.4 Alarm Philosophy, Section 18.7.1.5 Alarm Characteristics, Section 18.7.3.2.3 RCS Panel Alarms, and 18.7.3.2.4 Alarms on the CRT.

The C E response does not provide a systematic presentation of the human factors studies, evaluations and analyses that lead to the development of the System 80+ control room alarm scheme. No discussion is included in the description of the alarm system on how the specific criteria in the references were met by the System 80+ alarm design. No mention is made of human factors guidelines, derived from the reference documentation, to be provided to engineers to ensure consistency in the man-machine interface across the various components of the alarm system (IPSO, CRTs and panel alarms).

The paragraphs referenced describe the hardware aspects of the annunciator, alarm and operator aid systems. No discussion is presented on the human factors aspects of how the alarm system meets the informational requirements of the operators. Discussions are not

ICE-459(PC/133)/cr-12 presented to support such statements as: " reduction of overload stimulus" (page A-ll6);

" minimization of memory requirements on the operator" (page 18.7-27); " alarms are categorized by control room panels and operator furictions" (page 18.7-25); and " Fewer i annunciator tiles also makes it easier for the operator to distinguish important alarms during transients" (page 18.7-26).

To close out this issue, C-E must provide a compilation of the human factors studies and evaluations that influenced the current configuration of the alarm system. TI:e documentation should include how the cognitive and physical task analyses were performed. The documentation must also provide a human factors discussion detailing how the current configuration meets the informational needs of the operators for the command, control, and monitoring tasks they are expected to perform. A relationship should also be establi:hed between the findings of the original human engineering analyses, especially the critical task analysis, and the current configuration of the alarm system.

Response

e GSI HF 5.2:

C-E is in the process of providing a systematic presentation of the human factors studies, analyses, and evaluations that led to the Nuplex 80+ control r6cm alarm scheme. This will include a description of applicable guidelines and design criteria, such as those described by C-E in meetings with the NRC Human Factors Branch (11/17/91,12/4/91).

A description of the human factors aspects of the alarm system (current configuration),

including information needs, operating details, and other relevant factors will be provided to supplement the materials provided in CESSAR-DC, at the aforementioned meetings, and in previous RAI responses.

C-E will provide the consolidated alarm scheme details in a supplemental response to RAI 620.13, Question subsection A, as previously committed,

Attachment (1) to PFS-92-032 Page 1 of 1 OUESTION 5 TliI ACTION ITEM PLAN ITEM IIzL_1(5) SAFETY ILF1ATED VAIRE o POSIT.lOF DESCBIPTION h..

~

C-E did i.S address this item. An assessment of how the

~ ; System 80+ design meets ITEM II.K 1(5) is required to t - ]'y close out this issue.

• As k .

RESPON.SE 5 NUREG-0933, "A Status Report on Unresolved Safety Issues",

U.S. Nuclear Regulatory Commission, January 1989, Item II.K.1(5) of Task II.K states: "This NUREG-660 item was divided into two parts to: (a) review all valvo positions and positioning requirements and positive controls along with all related test and maintenance procedures to assure proper ESF functioning, if required; and (b) verify that AFW valves are in the open position. Part (a) affected all

} operating plants. For all OL applicants, it was determined that this part was covered by Items I.C.2 and I.C.6. Part (b) affected all B&W operating plants. For OL applicants with B&W reactors, this part was also determined to be covered by Items I.C.2 and I.C.6."

Part (a), which is covered by Items I.C.2 and I.C.6, is not required to be addressed as a plant design issue according to NUREG-1197, " Advanced Light Water Reactor Program,"

December 1986, and is therefore not included in CESSAR-DC.

Appendix A of NUREG-1197 identifies six categories of "not applicable issues" for use in the categorization of issues in the ALWR Program. Appendix A identifies items I.C.2 and I.C.6 as not applicable to plant design issues (Table A-le).

Part (b) does not affect C-E plants, and is therefore not included.

i l

{ '

9 h*

Ouestion: TMI ACTION PLAN ITEM II.K.1(10)

REVIEW AND MODIFY PROCEDURES FOR REMOVING SAFETY REIATRQ SYSTEMS FROM SERVICE C-E did not address this item. An assessment of how the System 80+ design meets ITEM II.K.1(10) is required to close out this issue.

Response

TMI Action Plan Item II.K.1(10) is addressed in Table Al-1, CESSAR-DC,' Appendix A, dated 12/15/89. Item II.K.1(10) was identified as a Category 1 item which is defined on Page Al-1 of Appendix A as follows: " Issue not relevant to the System 80+ standard design".

NUREG-0933 identifies Item II.K.1(10) as being resolved with new requirements issued. The issue is covered by Items I.C.2 and I.C 6. Items I.C.2 and I.C 6 are addressed in Appendix A of CESSAR-DC and are classified'as follows:

I.C.2: "Not applicable in the EPRI Regulatory Stabilization Program (see NUREG-1197)."

I.C.6: "The NRC identified the issue as either an operational, environmental, licensing or NRC internal issue."

NUREG-0933 also identifies this item in Appendix B as an issue that is resolved. Removing safety related' systems from service will be addressed in site specific procedures and will be developed by the owner / operator from information provided in the Operational Support Information (OSI)

Program. Site specific technical specification procedures will also address this concern.

a 4

4 7,

Ouestion - TMI Action Plan Item I.A.1.4 LONG TERM UPGRADE OF OPERATING PERSONNEL AND STAFP C-E did not address this item. An assessment of how the system 80+ design meets Item I.A.1.4 is required to close out this issue.

Epsponse TMI Action Plan Item I.A.1.4 is addressed in Table Al-1, CESSAR-DC, Appendix A, dated 12/15/89. Item I.A.1.4 was identified as a Category lg item which is defined on Page A-1 of Appendix A as follows: "The issue was classified as not applicable in the EPRI Regulatory Stabilization Program (See NUREG 1197)."

Item I.A.1.4 is also identified in NUREG-0933, Appendix B, as an issue that is resolved and since this item addresses only plant operations, it is not addressed in detail in CESSAR-DC.

The operator staf fing levels identified in 10 CFR 50.54 (m) are the responsibility of the owner / operator and are considered during the design process of the System 80+.

J'

__ _ a

I k?'

Ouestion - TMI ACTION PLAN ITEM I.C.9 LONG TERM PROGRAM PLAN FOR UPGRADING PROCEDURES C-E did not addresu this item. An assessment of how the-System 80+ design meets Item I.C.9 is required to close out this issue.

Responge TMI Action Plan Item I.C.9 is addressed in Table Al-1, CESSAR-DC, Appendix A, dated 12/15/89. Item I.C.9 was identified as a Category le item which is defined on Page A-1 of Appendix A as follows: "The issue has been superseded by one or more USI's or GSI's."

This action plan is also identified in NUREG-0933, Appendix B, as an issue that is resolved and since this item addresses procedures that will be developed by the operating staff, it is not addressed in detail in CESSAR-DC.

Per NUREG-0933, USI 1.C.1 supersedes the majority of the concerns of 1.C.9., Item 1.C.1 is addressed in Appendix A of CESSAR-DC. The remainder of 1.C.9 concerns were resolved with no now requirements by the NRC in 1985.

Normal and abnormal operating procedures, maintenance, test, surveillance and other procedures are beyond design certification scope and will be addressed by the owner / operator. As the plant designer, ABB-CE will provide necessary operation Support Information (OSI) to the owner / operator.

4

/

._- - ~

ICE-459(PC/133)/cr-13

(

9 Ouestion HFl.1 C-E did not address this item. An assessment of how the System 80+ design meets ITEM HFl.1 is required to close out this issue.

Response HFl.1 The Naplex 80+ staffing design bases are provided in CESSAR-DC Section 18.3.3. These bases concur with the minimum and maximum staffing levela for an ALWR provided in the EPRI ALWR Utility Requirements Document. The Nuplex 80+ control room is designed to accommodate'a variety of shift complements, as determined by the owner / operator.

Evaluations have been performed for the minimum and maximum operating staffs. These evaluations and the staffing approach are further discussed in the responses to RAl's _620.24 and 620.25.

l

_ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ _ _ . . - ]

-, a .

Ouestiort_LQ NUREG-0985 HUMAN FACTORS ISSUE ITEM HF1.3.4 MAN-MACilINE INTERFACF Several tasks in Section 4, llUMAN FACTORS ISSUES, of NUREG-0933 appear to have the same titles and technical content as the C-E designation IIF1.3.4 MAN-MAcilINE INTERFACE (see below) . Identify the source of item number 1;F1.3.4, its purpose and its relationship to the iluman Factors USIs and GSIs that appear in NUREG-0933. Provide clarification concerning which items are intended for review u ider the HF1.3.4 rather than the corresponding NUREG-0933 task. Identify the location of the source and review criteria for any items retaining the item number of liF1. 3.4.

CESSAR-DC TITLE NUREG-0933 TITLE 1.3.4a Local Control Stations liFS.1 Local Control Stations 1.3.4b Annunciator Systems liF5. 2 Review Critoria for Human Factors Aspects of Advanced Controls and Instrumentation 1.3.4c Operational Aids liFS.3 Eva1uation of Operational Aid Systems 1.3.4d Automation and/or HF4.5 App 1ication of Artificial Intelligence Automation and Systems Artificial Intelligence 1.3.4e Computers and Computer liFS . 4 Computers and Computer Display Technology D. splays Resnonce 10 The HF_ 1.3.4 number _ system was based on early documentation (1986) which was used at the time EPRI was evaluating the applicability of USIs/GSIs to the design of ALWRs. The HF 1.3.4 numbers correspond to liF 5.1 - HF 5.4 and !!F 4.5 as shown in this RAI. HF 5.1 and !!F 5.2. are applicable to the design process and are discussed questions 3 and 4 of this letter as well as in Appendix A of CESSAR-DC. Items HF 4.5, and HF 5.4 are considered not applicable to ALWR designs,

~

IIP 5.3, based on Appendix B of NUREG-0933, Supplement 13. Accordingly, the attached revisions will be made to CESSAR-DC in a future amendment.

j

CESSAR MRiricuion C

TABLE Al-1 (Cont'd)

(Sheet 32 of 55)

LISTING OF UNRESOINED SAFETY ISSUES AND GENERIC SAFETY ISSUES ISSUE NUMBER ISSUE ISSUE T1'TLE TYPE CATEGORY HF 1.3.2 11UMAN FACTORS PROGRAM GSI ld PLAN--LICENSING EXAMINATIONS HF 1.3.3 IlUMAN FACTORS PROGRAM CSI ld PLAN--PROCEDURES-OPERATING AND MAINTENANCE 11 ' l . 3 . 4 a llUMAN FACTORS PROGRAM GSI 2 PLAN - MAN MACilINE j INTERFACE - LOCAL CONTROL STATIONS -

HF 1.3.4b

[b llUMAN FACTORS PROGRAM GSI 2

~ N - MAN MACllINE It ' ?RFACE - ANNUNCIATORS HF 1.3.4c HUMAN 'sCTORS PROGRAd GSI 2 PLAN - F- 1 MACHIN INTERFACE OPF sTIONAL AIDS HF 1.3.4d HUMAN

'At' TORS PRO RSM GSI 2 PLAI - MAN MACIIINE I ERFACE - AUTOMATION ND ARTIFICIAL INTELLIGENCE HF 1.3 4e HUMAN FACTORS PROGRAM GSI 2 PLAN - MAN MACilINE INTERFACE - COMPUTERS AND COMPUTER DISPLAYS 3 l .

IIF 1.3.5 IlUMAN FACTORS PROGRAM 1 GSI ld PLAN--STAFFING AND QUALIFICATIONS Amendment F i

December 15, 1989 L

m  : .

CESSAR niMemon C

TABLE A2-1 (Cont'd)

(Sheet 6 of 9)

LIST OF UNRESOLVED SAFETY ISSUES AND IIIGil/ MEDIUM PRIORITY GENERIC ISSUES APPLICABLE TO TIIE SYSTEM 80t STANDARD DESIGN ISSUE ISSUE NUMBER ISSUE TITLE TYPE C-2 STUDY OF CONTAINMENT GSI DEPRESSURIZATION BY INADVERTENT SPRAY OPERATION C-4 STATISTICAL METilOD FOR ECCS GSI/RI ANALYSIS C-5 DECAY llEAT UPDATE GSI/RI G e C-10 EFFECTIVE OPERATION OF GSI j CONTAINMENT SPRAYS IN A LOCA C-12 PRIMARY SYSTEM VIBRATION GSI ASSESSMENT 3 TI ' .3.4a llUMAN FACTORS PROGRAM PLAN;- -C I MAN MACIIINE INTERFACE - LOCAL CONTROL STATIONS HF 1.3.4b N FACTORS PROGRAM PLANf GSI MA CIIINE INTERFACE -/

ANNUNC ,

HF 1.3.4c >

HUMAN FACTO )R ' RAM PLAN - GSI MAN MACHINE INTE(RFA -

OPERA IdNAL AIDS IIP 1.3.4d MAN FACTORS PROGRAM PLAN - GSI MAN MACIIINE INTERFACE -

AUTOMATION AND ARTIFICIAL INTELLIGENCE N

y, .

Amendment G April 30, 1990-

.CESSAR Ein% mon 1

(  ;

TABLE A2-1 (Cont'd)  !

l (Sheet 7 of 9)

LIST OF UNRESOLVED SAFETY ISSUES AND HIGH/ MEDIUM PRIORITY GENERIC ISSUES APPLICABLE TO TiiE SYSTEM 80+ STANDARD DESIGN ISSUE ISSUE NUMBIG3 -ISSUE TITLE TYPE HF 1.3.4e W AN FACTORS PRO LAN - GSI MAN MACliI L(T_ERFACE .

COMpP ' ERS AND COMPUTER y SPLAYS HF 5.1 LOCAL CONTROL STATIONS GSI HF 5.2 REVIEW CRITERIA FOR HUMAN GSI FACTORS ASPECTS OF ADVANCED-CONTROLS AND INSTRUMENTATION

~

I I.C.1 (1-4) SHORT TERM ACCIDENT -GSI AMALYSIS AND PROCEDURES REVISION

, I.D.2 CONTROL ROOM _ DESIGN REVIEWS ' - -

GSI/TMI PLANT SAFETY PARAMETER DISPLAY CONSOLE G

-I.D.4 . CONTROL ROOM DESIGN STANDARD GSI L

I I.D.5 .(1) CONTROL ROOM DESIGN --- GSI IMPROVED INSTRUMENTATION-RESEARCH ALARMS AND DISPLAY I.D.5~ (2) CONTROL ROOM DESIGN.'- -- .GSI' IMPROVED INSTRUMENTATION RESEARCH l

I.D.5 (3) CONTROL ~ ROOM DESIGN --: GSI/LI <

ON-LINE REACTOR SURVEILLANCE SYSTEMS kUN?

Amendment I December 21, 1990-

CESSAR naric IiOu

(

TABLE A4-1 (Cont'd)

(Shnnt 5 of 8)

LIST OF TECIINICAL RESOIAfrIONS FOR USIs AND GSIs APPLICABLE TO THE SYSTEM 80+

STANDARD DESIGN INCLUDED IN SECTION 4.0 NRC ISSUE NUMBER ISSUE PITLE PAGE NO.

B-56 DIESEL RELIABILITY A-105d G B-60 LOOSE PARTS MONITORING SYSTEM A-106 3-61 ALLOWABLE ECCS EQUIPMENT OUTAGE A-107b PERIODS 7 B-63 ISOLATION OF LOW PRESSURE A-108a SYSTEMS CONNECTED TO TIIE G C, REACTO' COOLANT PRESSURE BOUNDAkr B-66 CONTROL ROOM INFILTRATION A-108c MEASUREMENTS I

C-2 STUDY OF CONTAINMENT DEPRESSURIZATION A'-108f ' _

BY INADVERTENT SPRAY OPERATION C-4 STATISTICAL METHODS FOR ECCS A-109 ANALYSIS C-5 DECAY HEAT UPDATE A-111-C-10 EFFECTIVE OPERATION OF CONTAINMENT A-112a SPRAYS IN A LOCA I C-12 PRIMARY SYSTEM VIBRATION ASSESSMENT A-113 HF 1.3.4a IUMAN FACTORS PROGRAM PLA1 - -A-115 LOCAI ROL STATION HF 1.3.4b HUMAN FACTOIIB- GRAM PLAN - A-116 I-ATOR SYST$MS

• p"t IIF 1.3.4c IlUMAN FACTORS PROGRAM PLAN A-117..

OPERATIONAL AIDS Amendment-I December- 21,-1990

CESSAR nn% mon O

f pilt.E A4-1 (Cont'd)

(Shoot 6 of 8) 1.1ST OF TEC11NICAL RESOI,UTIONS FOlt U!iin AND G!iln APPI.ICAHl.E 'IU Tile fiYST134 80 4-STANDARD DESIGN INCIAIDED IN llECTION 4.0 NRC 111 SUE NUNill:R Ifi!IUE TITI.E PAGE NO.

1.3.4d- i N FACTORS PROGRAM IMO A-117 'l AUTO ON AllD/OR)I IFICIAL INTELLI CE S WEMS liF 1.3.40  !!UMAll FA RS GRAM PLAll - A-117 COMPU L S AND COMI sR DISPLAY TEC/11 LOGY llF 5.1 LOCAL CONTROL STATIOlls A-120 ifF 5.2 REVIEW OF CRITERIA FOR llUMAll A-121 .J FACTORS ASPECTS TOP ADVAllCED ' d4 -

INSTRUMENTATION AND CONTROLS

( AN!1 UNCI ATORS)

I.C.1 SilORT TERM ACCIDENT ANAL *fdIS A-122 AllD PROCEFURES REVISIOh p

I.D.2 CONTROL ROOM DESIGN -- PLANT A-123a SAFETY PARAMETER DISPLAY

+

CONSOLE G

I.D.4 CO!1 TROL ROOM DESIGN STANDARD A-123d I.D.5= (1) CONTROL ROOM DESIGN.-- A-123h OPERATOR - PROCESS COMMUllICATIOli I.D.5 (2) CONTROL ROOM-DESIGN - - A-124 IMPROVED. INSTRUMENTATION RESEARCil - PLAliT STATUS AND POST-ACCIDENT MONITORING I.D.5 _(3) COllTROL ROOM DESIGN -- A-127 ON-LINE REACTOR SURVEILLANCE SYSTEMS.

I.D.5 (4) CONTROL ROOM DESIGN -- A-130 -

PROCESS MONITORING-INSTRUMENTATION Amendment G:

Anril-Mo. 199n

4

.C E S S A R n eiReuion v

)

R_.L3.4: MA M ACRI](E INTER AQJdi IME lluman Factors Issuo llF 1.3.4 in NUI.G-0985 (Reference 1),

addressos the nood to appropriately con guro several aspects of the man-machino interface design to educe the potential for human errors during normal and off- ormal operations. These aspects aros (a) local cont.ol stations, (b) annunciator systems, (c) operational aids, (d) automation and/or artificial ' ntelligenco systerns, and (c) computers and computer displ. > technology.

h1CXPIAEE_GRI.TJUilA The acceptanco criteria ror the resolut.lon of Iluman Factors Issue llF 1.3.4 are that:

(a) each local control stat' n shall be desigt.ad to meet the

(. intent of the guidanco g von in Hoferencon 2, 3, 4, and 5; (b) annunciator :.ystems ch 11 be designed to incorporate the critoria in referencer 2 and 3 , and meet the intent of References 5, 6 and 7; (c) operational aids shal be designed to meet too intent of the guidanco given in Ro rences 8 through 13; (d) automatic systems a o required to initiato and control all protectivo actions such that the control room operator is not required to ta o any action beforo plant conditions are such that manual .ction is permitted (IEEE Standard 603, Reference 14);

(a) computers and co'puter displays in the control room shall be designed to moet the intent of References 5, 15, and 16.

E80LETIQ1{

The System 80+ Star lard Design incorporates a NUPLEX 80+ Advanced Control Complex ;ee CESSAR-DC, Chapter 18). Details of the NUPLEX 80+ design relevant to the resolution of IIF 1.3.4 are as follows:

(a) All aspects of the local control stations in NUPLEX 80+ are

designed ta meet the intent of the guidance given in Amendment F A-115 December 15, 1989

C E S S A R H M e m ..

m

%./

Referencon 2, 3, 4, and 5. The man- hino intorfacon at the local control stations are e sistent with the information prenantation and control a .hodologion used in the NUPLEX 80+ main control room.

/he doulgn philosophy of the NUP? .X 80+ local control stations in doncribed in CESSAR-@,, Section 18.7.1.6.2.

Adoquato communications are provfdod betwoon the local I stations and the main control / room as discussed in CESSAR-DC, Soction 9.5.2. Becau o the actuittion of local controls in on a single comp ont basis, indication of locally repositioned component is provided in the main control room. A detailed dia union of abnormal component conditions which are indicated ay various alarma is given in CESSAR-DC, Seelion 18.7.1.6.2 10. It should be noted that in the NUPLEX 80+ donign, the ability to achiovo cold ahutdown during conditions f control room ovacuation in provided at the romoto utdown panel. Local control stations aro used only for maintenanco and tooting activitica. Consistent i .ormation presentation and control techniques roinforco dos; od operator performance behavior and reduco the chance of error during normal and off-normal operation situations. .

(b) The HUPLEX 80+ annunc: stor system moots the intent of thn V guidance and each of To basic functional critoria given in Rotoroncon 5 and 6. ho annunciator system in described in CESSAR-DC, Sections 18.7.1.1.4 and 18.7.1.5. Of major importance is the r duction of the stimulus overload which can occur during ma or transionta. This reduction has boon achioved by decrear ng the number of alarm displays by using group nlarm tile with dynamic nossage- windows and by including procour ng algorithms to generato the alarmo.

Stimulus overloa is further reduced by basing alarms on l validated param' tora instead of on individual sensor channels. Modo nd equipment statua dopondoncy are included in the alarm loc c to clininate ruisanco alarms. The alarms are functionall grouped (suo CESSAR-DC, Sections 18 7.3.2.3 and 18.7.3.2.4 . Also incorporated into the annunciator system are pr ritization; availability of firat-out alarm li. formation v the CRT's; implomontation of the darbbr.ard concept; and adhorenco to the accepted critoria for labeling, .lo ition, auditory signal intensity, flach ratos and The readabi ity. appropriato

• recommendations in Reference 7 avo also buon incorporated into the NUPLEX 80+

annunciator yatom.

N e4

/aondment F A-116 recomber 15, 1989

l CESSARW h o,. ,

s l

(c) The NUPLEX 80+ mar,-machino interface em oys operator aids ,

primarily to pro;oss data prior to esentation to the '

control room operators. The aids ar integrated into the prosentation hierarchy through appli tion programs of the Data processing System (DPS) and the iscrote Indication and

Alarm System (DIAS). Each of those systems conforms to the human factors critoria given in CEP AR-DC, Section 10.7.1.1.

Conformance of NUPLEX 80+ to forences 12 and 13 is described in CESSAR-DC, Sectio 7.5.1.1.5, 7.5.2.5, and 7.1.2.21. ,

The following operator aids o provided as part of the '

i NUPLEX 80+ man-machine inter aco (with the corresponding CESSAR-DC Sections indicated) '

(1) Signal reduction an / validation - 18.7.1.4 and 18.7.3.2.1.6, /

(2) Integrated process St us Overview (IPSO) - 18.7.1.2, (3) A) arm handling - 10. ' /.1. 5 and 18. 7. 2. 3, (4) Critical function a itoring - 18.7.1.8.2 and 7.7.1.10, (5) Success path monito ing - 18.7.1.8.2, (6) Coro limit monitori g - 7.7.1.8.1, and g (7) Computer aided su foillanco testing - 7.7.1.8.2.M.

W (d) The control automati n of safety systems in NUPLEX 80+

l conforms to the requ oments of Reference 14, that is, the automatic systems ar designed to initiato and control all protectivo actions uch that the control room operator is not-required to tak any action beforo plant conditions are such that manual ac ion is permitted (soo CESSAR-DC, Section 7.1.2.13). The >vol of control automation for other systems is datorm: ed by the functional allocation of the task analysis whi 4 is described in CESSAR-DC, Section 18.5.

NUPLEX 80+ contr a for safo shutdown systems are discussed in CESSAR-DC, So ions 7.4.1 and 7.'4.2. The human factors related to the E incered Safety Features Actuation Systems and to automati e controls aco discussed in CESSAR-DC, Sections 18.7 ,1. 6 and 18.7.1.6.2,6, wheroin tho acceptability ' the automatic controls -. f o r safoty and non-safety syst 2ms is demonstrated. Automation in process control syster and non-safety component controls are discussed in C SSAR-DC, Sections 7.7.1.1 and 7.7.1.2. The Megawatt Doman' Sottor is discussed in CESSAR-DC, Sections 7.7.1.1.3 and /.7.1.2.3. NUPLEX 80+ omploys no artificial intelligenco a: stems.

(c) The philosoph of information presentation and the

. . omployment of {omputer technology in plant operations are (Is discussed in,CESSAR-DC, Section 18.7. .NUPLEX 80+ utilizos Amendment P d A-i.17 December-15, 1989

~ . _ . , _ _ ._ _ , _ , _ _ _ , . - . _ _ , .. -._,-_-, _ _ -._ _, _ _ _ __ _ _ . , _ , ,

l....

CESSAR nWiccion V

the computer's ability to process raw data .id to manipulato and arrango information to support offici .t data accoon by the oporator. Procono information in shich a o available logically structured hierarchical formd is basedinon a the results of functional task analys .

This format la designod to nupport monitoring, dia ostics and control tanks.

The Integrated Proccan Status arview dynamically updated (IPSO) la a computer aplay which presento information to the operator to able asoonsmont of the overall plant proconn performanc- IPSO has boon found to improyu operator performance validation experiments conduc d at the Italden Reactor dt ing transienta based upon Project. NUPf2X 80+ monta the intent of the human factors critoria identified in Hofore on 15 and 16.

Sinco all the acceptanco critori have boon mot, the man-machino interface issue in resolved for to System 80+ Standard Design.

REl'EEfdic1R

1. NUREG-0985, Rov. 02, "

.S. Nuclear Regulatory Comminnion Numan Factors Program P n", April 1986.

q

2. Vancott & Kincado, "Il Design", 19'.7. an Engincoring Design for Equipment

3. MIL-STD-1472C, 'Itu n Engincoring Desi Critoria Military Systems, E for ipment & Facilition",gnDocomber 1974.

4. NUT.dG/CR-3 696, "P ential Iluman Factors Deficienclos in the Design of Local C ntrol Stations and Operator Interfacon in Nuclear Power Pl. ts", April 1984.

5.

NUREG-0700, U.S. Nuclear R"Gu tolinen for Control Room Design Reviewa",

ulatory Commission, September 1981.

6. NUREG/CR-3217, "Near-Torm Improvementa Plant contro Room Annunciator for Nuclear Power Systems", U.S. Nuclear Regulatory C mission, April 1983.

7. NUREG/CR-390 ,

"Computorized Alarm Systems", U.S. Nuclear Rogulatory mmission, June 1985.

8. HUREG-0696, " Functional Critoria for Emergency Responso Facilition" U.S. Nuclear - Regulatory Comitission, 1981. February-V Amendment F A-118 December 183, 1989

[ _ , . . ... . . .

CESSAR Engicuion

(

9. NUREG-0737, Supplomont 1, "Requ unents for Emergency Responso Capability", Genoric Lo or 82-83, U.S. Nuclear Regulatory Commission, December l' 2.

10. NUREG-0800, " Standard Review P n for the Review of Safoty Analysis Reports for Nuclear over Plants -- LWR Edition",

U.S. Nuclear Regulatory Comm .sion.

11. Regulatory Guide 1.29, Rev. 03, " Seismic Design classification", U.S. uclear Regulatory Commission, September 1978.

12. Regulatory Guide 1. 9

• 5 Rev. 03, " Instrumentation for Light-Wator-Cooled Nuc car : Power Plants to Assess Plant and Environs Conditions ring and Following an Accident", U.S.

Nuclear Regulatory C mission, May 1983.

13. Regulatory Guido .47, " Bypassed and Inoperablo Status Indication for Nt lear Power Plant Safety Systems", U.S.

Nuclear Regulator Commission, May 1973.

14. IEEE Standard- 3, "IEEE Standard Critoria for Safety Systems for Nuc car Power Generating Stations", 1980.

15. EPRI NP-37 , " Computer-Generated Display System >

Guidelines", olumes 1 & 2, September 1984.

16. NUREG/CR-4 2' , "lluman Engineering Guidelinos for the Evaluation and Asnonsment of Video Display Units", U.S.

Nuclear Re ulatory rommicsion, July 1985.

I I?

Amendment F A-119 December 15, 1989

1 C E S S A R H E rie m .

MF 5. At LOC &L.00MIRO.L STATIONS .

l IBBNR t Gonoric Safety Issue (GSI) HP 5.1 in NUREG-0933 (Roforence 1),

addressos additional NRC guidance for the design of local control stations. ,

&Q9]PTANCE CRITIRIA The acceptance critori$t" for the resolution of GSI IIF 5.1 '

eneempassed-in-GG-I-HF-11-3. 4 - Rst ( gy-BIRQi&TJRM >

dire--reso-lublon-fo T 6' k ~l~isbidpndT1oa in usi Itr 1.3,4 11F :; . A ndl

. is addressed andp solved in this ppendix.

Sfnco GSI IIP .1 is subsumed by the abovo GSI,ft a issue is rhoWoCfof 6 tho Syatom Bt# Standard--Dosign. y i

U- ;Q

1. NUREG-0933, " A Status Report On Unronolved Safety Issues", Y U.S. Nuclear Regulatory Commission, April 1989.

l

2. VanCott & Kincado, "lluman'Engincoring Design for Equipment Design", 1972.

3. MIL-STD-1472C, "lluman Engineering Design Critoria for ,

Military-Systems, Equipment & Facilities", December 1974. '

4. NUREG/CR-3696, " Potential Iluman Factors Deficienclos in the Design of Local Control Stations and Operator Interfaces-in Nuclear Power Plants", April 1984.

5. NUREG-0700, " Guidelines for_ Control-Room Design Reviews",

U.S. Nuclear Regulatory Commisrion,-September 1981.

t AmendWnt F A-120. December.15, 1989

h s c ,-+ A

,each local cuntrol station shall be designed to meet tho'

. intent of the guidance given in Reforo_nces 2, 3, 4, and Sp 11 S c r- h 0 llo "ystem 894 g on fol C p exStandgrd eo C Depign 9AR-i /,cor o'.rates )to a NUPI 8). ;X )o 8,la+ Adf ance f !!P,p , , a r . a i ha p 10 y a d sig r .le n-the rc ol it n f 1 st All aspects of the local control stations in NUPLEX 80+ are designed to meet the intent of the guidance given in References 2, 3, 4, and S. The man-machino interfaces at the local control stations are consistent with the information presentation and control methodologies used in the NUPLEX 80+ main control room.

The design philosophy of the NUPLEX 80+ local control stations is described in CESSAR-DC, Section 18.7.1.6.2.

Adequato communications are provided between the local stations and the main control room as discussed in CESSAR-DC, Section 9.5.2. 13ccause the actuation of local controls is on a single component basis, indication of locally repositioned components is provided in the main control room. A detailed discussion of abnormal component conditions which are indicated by various alarus is given in CESSAR-DC, Section 18.7.1.6.2.10. It should be noted that in the NUPLEX 80+ design, the ability to achievo cold shutdown during conditions of control room evacuation is !

provided at the remoto shutdown panel. Local control stations are used only for maintenanco and testing activities. Consistent information presentation and control techniques reinforce desired operator performance behavior and reduce the chance of crror during normal and off-normal operation situations.

. C E S S A R in @icui. .

1 i

F'_5 2 t_REYIEW OF CRITIRIA FOR BUMAN .FACTQED_ASPECTA OF ADVANCED INil_IBHMENTATION AND CONTROLS QLWMUNCIETQRR). ,

l ZDDDR Generic Safety Issue (GSI) IIP 5.2 in NUREG-0933 (Referenco 1) ,

addresses additional NRC guidance for the design of advanced instrumentation and controls, in particular with respect to plant annunciators.

ACCEPTANCE CRITERIA The acceptance critori@ for the resolution of GSI !!F 5.2 b

-enoompassed in-4GI- HF-1,4,4,. -/M-( ,Tn 5,e/[ d,}

RESOLUTLQH YThtr resc1UtT6h'ior CI IIF S GSI IIF 1.3 4' contained in this Ap . e

~~

i utled---in-the- osulutiond x.

Since I IIP 5.2 is a Jasolv ti fgg the System 04-Standard ad by th bovo GSI, trigo. his issue if ,

RHDMECM

1. NUREG-0933, "A Status Report On Unrosolved Safety Issues",

U.S. Nuclear Regulatory Commission, April 198t'.

2. Vai1Cott & Kincado, " Human Engineering Design for Equipment Design", 1972.

3. MIL-STD-1472C, " Human Eng near ng sig Critoria for u

Military Systems, Equipman e f

Q NUREG-0700, " Guidelines for Control Room Design Reviews",

U.S. Nuclear Regulatory Commission, September 1981.

fe:[ NURPG/CR-3217, " Hear-Term Improvements for Nuclear Power Plant Control Room Annunciator Systems", U.S. Nuclear Regulatory Commission, April 1983.

M. NUREG/CR-39G7, " Computerized Alarm Systems", '

U.S. Nuclear Regulatory Commission, June 1985.

Amendment F A-121 -December 15, 1989

- - . _ , . . - . . -,.-,.....-.--.-_.,...-....-_._.-.-.u--.....-

,< .. \

/15 df d annunciator systems shall be designed to incorporate the Icriteria in 2 and 3 and moot the intent of goforences7,Koferencon

[and[p y r c S C r- _

,lf 5

,/ ,/

The liUPLEX 80+ anndclator system meets the intent of the guidance and each pf the basic functional critoria given in References . and 6 The annunciator system is described in CESSAR-DC, Sections 18.7.1.1.4 and 18.7.1.5. Of major importance in the reduction of the stimulus overload which can occur during major transients. This reduction has been ,

achieved by decreasing the number of alarm displays by using group alarm tiles with dynamic message windows and by including processing algorithms to generato the alarms.

Stimulus overload is further reduced by basing alarms on validated parameters instead of on individual sensor channels. Modo and equipment status dependency are included in tho alarm logic to eliminate nuisance alarma. The alarms are functionally grouped (son CESSAR-DC, Sections 18.7.3.2.3 and 18.7.3.2.4). Also incorporated into the annunciator system are prioritization; availability of first-out alarm information via the CRT's; implementation of the dark-board concept; and adherence to the accepted criteria for labeling, location, auditory signal intensity, flash rates !

and readability. The appropriate recommendations in Reference have also been incorporated into the ITUPIEX 80+

annunciato system.

G

ICE-459(PC/133)/cr 14

//.

Ouestion CSI I.D.2

11uman Factors Issue Item I.D.2

Plant Safety Parameter Display Console - The C E response provided for I.D.2 states that, "The SPDS functions shall be integrated into the overall contiol room' design.* In order to meet the intent of item 1.D.2, a focused discussion t

must be provided which specifically states how System 80+ meets the requirements for an SPDS, as identified in NUREG-0737 Supplement 1 Section 4, Safety parameter Display System and NUREG-0696 Functional Criteria for Emergency Response Facilities, Section 5, Safety Parameter Display System.

Et ponse GSI 1.D.2 The Nuplex 80+ advanced control complex design integrates the SPDS function ir.to the-man machine interface design. This response will address each of the ma,ior SPDS requirements in NUREG-0696 and NUREG 0737, Supplement 1.

NUREG-0696 Section 5.1 - 1 enetion The SPDS function in Nuplex 80+ is met by the critical functions CRT display hierarchy in the Data Processing System (DPS). This hierarchy displays the results of algorithme which monitor the status of nine critical safety fuactions (including those specided in NUREG-0696) and indicates alarms which allow rapid detection of challenges to the critical safety functions. Additional information is provided on a display page specifically designed for each critical safety function and on detailed success path pages.

Human factors considerations are incorporated in all aspects of the design as documented in CESSAR-DC and tne Human Factors Program Plan. As described in Section 18.7.1.4 of CESSAR-DC, the Nuplex 80+ design uses validated process representation ' values for display and alarm processing for al! man-machine int

rfaces, including the SPDS functionc as part of the normal CRT dayay system, the SPDS -

function is in operation during both normal and abnormal conditions and is'used to-monitor critical power production fractions normally in a similar manner to safety fractions. Parametcr trending is available for any monitored parameter in the DPS, Section 5.2 - Location i The SPDS function (i.e., critical function display) is available at all MCR CRTs' (one

! at each panel), in the control toom offices, in the TSC and at the EOF.

1. di ICli-459(PC/133)/ct 15 Section T 3 - Size CRTs for the DPS are sized to be integrated in the control room panels as shown in CESSAR DC, Figure 18.7.3 39. A control room supervisor (SRO) has access to CRT displays and, htnce, the SPDS function at the control room supervisor's console.

Section 5.4 - Staffing No additional operating personnel are required for DPS Cit f operation.

Section 5.5 - Display Considerations The single primary display presentiag critical function status and plant success path status is the IPSO. This is presented continuously (as discussed in GSI 125.1.3) on a big board overview and is available on any CRT. The important plant functions indicated in Section 5.5 are included in the Nuplex 80+ critical functions design.

Section 5.6 - Design Criteria The Nuplex 80+ DPS is a highly reliable non safety system which meets the operational unavailability goal of NUREG 0696.- It has redundant computers and multiple man machine interfaces. The availability of control room information from the DPS using the current reference design has been calculated as 99.98% with an MTTR of 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />. These numbers can vary depending on final hardware selection but the SPDS reliability goal will be met.

NUREG-0737. Supplement 1 Section 4.1.a As discussed in the section for NURiiG-0696, Section 5.5, the IPSO display provides a-concise, highly processed status of critical safety functions. In conjunction with the DPS critical functions hierarchy, it allows rapid determination of critical function and success path status, which are both indicative of plant safety status.

Section 4.1.b As discussed further in the response to question GSI 125.1.3, each control room panel has a CRT with access to all critical function information. The big board IPSO display also provides continuous display of critical function and success path status.

ICE-459(PC/133)/cr-16 Section 4.1.c The DPS design criteria is discussed under NUREG 0696. The DPS is independent of, and isolated from the Discrete Indication and Alarm System (DIAS) which provides spatially dediedted information to operators in Nuplex 80+.

Section 4.1.d ,

Information presented on critical function display pages (and throughout Nuplex 80+

hihils)is selected based on the requirements of operator's functions and tasks, making consideration of regulatory requirements such as those in Reg. Guide 1.97 for post-accident monitoring.

Section 4.1.c The DPS displays and all Nuplex 80+ hihils do incorporate human factors principles, as previously discussed.

Section 4.1.f As described under NUREG-0696, Section 5.5, information for all of these safety functions is provided in the DPS critical functions hierarchy.

Further detailed information on the integration of NUREG-0737 and NUREG-0696 SPDS functional requirements are provided in the following documents:

A. CESSAR DC (1) Chapter 7.5 Safety Related Display Instrumentation Section 7.5.1 Description Section 7.5.1.1.5 Post-Accident hionitoring Section 7.5.2.5 Analysis of PAhil (2) Chapter 7.7 Control Systems Not Required for Safety Section 7.7.1.4 Discrete Indication and Alarm-System Section 7.7.1.5 Integrated proecss Status Overview Section 7.7.1 Data Processing System Section 7.7.1.0 DPS Critical Functions hionitoring Program j

=_ _ = _

.._-a--,.-------_.. - - - - - - - - - ---- - - - --, -

ICli-459(PC/133)/ct 17 (3) Chapter 18 Iluman Factors lingineeriiig Section 18.7.1.2.2 Plant Functional Information on 1PSO Section 18.7.1.4 Discrete Indication Displays Section 18.7.1.8 Safety 1(elated Information in Nuplex 80+

11. Nuplex 80+ Reference Design Documentation (1) NPX80 IC SD710-00 System Description for the Rev. 00 Data Processing System-Section 4.1.3 Overview of Functions Section 6.11.5 Display information Organization -

(2)- NPX80 IC-SD790-02 System Description for Rev 00 Critical Function and Success Path Monitoring in Nuplex 80+

Section 4 Nuplex 80+ Critical Function and Success Path Information

ICE-459(PC/133)/cr 18

/h Ouestion GSI LD.4:

11UM AN PACTORS_J.SSUE ITliM 1.D.4: CONTROL ROOM _ DES]GN STANDARD For this item, NUREG-0933 states, "In accordance with 10 CFR 50.34(g) all future applications for LWRs shall include an evaluation of the proposed facility against SRP Section 18.1 which addresses control room design and references, NUREG 0700 as appropriate guidance for control room design." The Standard Review Plan 18.1 part IV EVALUATION FINDINGS states that the staff's conclusion should be based on the following:

"The applicant conducted and documented a systems analysis, using existing guidelines and good life practice, to identify man / machine interface requirements, using allocation of functions to man and machine (manual and automatic) and identification of information and controls provided to the operators. The applicant demonstrated that all the necessary ir, formation and controls needed fo; normal, abnormal, and emergency operations of the plant are identified and provided. The allocation of functions to man and machine were addressed and established that the systems have been optimized to take advantage of the strengths of human operators and automatic systems."

The C E response to ITEM 1.D.4 states, "The analysis detailed the operator's tasks involved in decision processing to ensure that: (a) only information needed is presented to the operator, (b) the amount of.information does not exceed human cognitive limitations, and (c)

Information is presented in usable form. The functional task analysis and its results are

, derrihed in CESSAR-DC Section 18.5."

CESSAR DC Section 18.5 does not address the breadth and level ot detail required by the Standard Review Plan for a human factors effort. From the description provided in Section 18.5, Functional Task Analysis, it does not appear that the human engineering effort was conducted within the framework of a systems analysis, or according to an established human factors program plan. Section 18.5.1.5 Analysis of Operator Tasks refers to event sequences being reviewed by experts in operations. However, no mention is made of the contribution provided by human factors expertise. Section 18.5.1.8.3 Estimated Cognitive Processing Time for Task Element List states, " Operations anc cognitiv experts reduced all complex decisions into simple decisions. Cognitive processing time estimates were assigned to all simple decisions." Reducing the decision making process of the control room operator to simple decisions does not account for the complex nature of the tasks actually encountered in an operating control room. Control room operators must routinely take into account the power mode, plant status, maintenance and surveillance activities, any special information conveyed during shift turnover, conformance with plant technical specifications, and utility operating conventions. Comparisons between pieces of data that are not co-located must also be frequently made. Variables such as these contribute to making simple decisions complex ones.

ICE-459(PC/133)/cr 19 In order to meet the rcquirements of ITEM 1.D.4: CONTROL ROOM DESIGN STANDARD C E must provide documentation showing that the human factors program was conducted within the context of a systems analysis, in accordance with a prescribed humaa factors program plan, and that human factors guidance such as NUREG-0700 was implemented knowledgeably and consistently. Documentation must also be provided that demonstrates that the task analysis and function allocation performed took into consideration the complex nature of the tasks performed by control room operators.

Rupmse G31 LD 4:

C E has addressed the issue of a liuman Factors Program Plan in meetings with the NRC lluman Factors Branch (11/17/91 and 12/4/91) as well as in the response to RAI 620.1, C E is currently in the process of preparing a detailed lluman Factors Program Plan, based on content requirements of MIL li-4685511, tailored to the System 80+ design program. This document includes a description of design basis, organization and level of human factors engineering effort for the System 80+ ALWl1 Standard Design as well as a description of all past, present, and planned human factors engineering analyses, reviews and design efforts.

C-E believes that this document will meet the NRC's requirements for documentation of the iluman Factors program at C-E. '

l-E believes that reference documentation provided previously, namely the Nuplex 80+

Function and Task Analysis Report and the Nuplex 80+ Verification Report provide suitable documentation "that demonstrates that the task analysis and function allocation performed took into consideration the complex nature of the tasks performed by control room a

operators." Additional details on function and task analyses aru provided in the response to RAI 620.2. C-E further points out that the operating sequences for System 80+ are largely based on existing, licensed System 80 plants as noted in the afore-referenced meetings with the NRC 11uman Factors Branch, Thus, C-E's human factors team and other designers are aware of, and have given due consideration to, the complex nature of the tasks performed by control room operators. The full time presence of two licensed PWR operators on the design team further assures that the complex nature of real operational practice is given constant consideration during the design of the man machine interface.

___ m __mm__.-i__. -- --+"--- - """'---- ^^---

ICE-459(PC/133)/er 20 13.

Question GSI I.D.5 (D; IIUhi AN FACTORS ISSUE ITEhi 1.D.5(1) OPERATOR PROCESS COMhiUNICATION The C-E response to this item states, "The ace (ptance criteria for the resolution of GSI 1.D.5(1) are included in GSI liFl.3.4b." Under RESOLUTION, the respo'ise states, "The resolution for GSI 1.D.5(1)is subsumed by the above GSI, this issue is tesolved for the System 80+ Standard Design.*

Under liF1.3.4: MAN hi AClllNE INTERFACE paragraph (b) the C E response states,

" Annunciator sy tems shall be designed to incorporate the criteria in References 2 and 3, and meet the intent of References 5, 6, and 7."

The reference referred to in the tesponse are:

Reference 2 -

11uman Engineering Guide for Equipment Design Reference 3 -

MIL-STD 1472C Human Engineering Design Criteria for Military Systems, Equipment and Facilities Reference 5 -

NUREG 0700 Guidelines for Control Room Design Reviews Reference 6 -

NUREG/CR-3217 Near-Term Improvements for Nuclear Power Plant Controi Room Annonblator Systems Reference 7 -

NUREG/CR-3987 Computerized Alarm Systems Under RESOLUTION for this item, the C E response states, "The Nuplex 80+ annunciator system meets the intent of the guidance and esh of the basic functional criteria given in References 5 and 6...Of major importance is tne reduction of stimulus overload which can occur during niajor transients. This reduction has been achieved by decreasing the number of alarm displays by using group alarm tiles with dynamic message windows and by including processing algorithms to generate the alarms." The reader is referred to Section 18.7.1,1.4 Alarm Philosophy, Section 18.7.1.5 Alarm Characteristics, Section 18.7.3.2.3 RCS Panel Alarms, and 18.7.3.2.4 Alarms on the CRT.

The C E response c'ocs not provide a systematic presentation of the human factors studies, evaluations and analyses that lead to the development of the System 80+ control room alarm scheme. No mention is made in the description of the alarm system on how the specific-criteria in the references were met by the System 80+ alarm design. No mention is made of' a set ;f !.uman factors guidelines, derived from the reference documentation, that was used to ensure consistency in the man-machine interface across the various components of the alarm system (IPSO, CRTs and panel alarms).

The paragraphs referenced in Chapter 18 describe the hardware aspects of the annunciator, alarm and operator aid systems. No discussion is presented on the human factors aspects of how the alarm system meets the informational requirements of the operators. Discussions are not presented to support such statements as: " reduction of overload stimulus" (page A-116); " minimization of memory requirements on the c<perator" (page 18.7-27); " Alarms are

__,_____o,_.mm _- _ _ _ _ . . --

ICE-459(PC/133)/cr 21 categorized by control room panels and operator functions...' (page 18.7 25); and

• Fewer annunciator tiles also makes it caster for the operator to distinguish important alarms during transients" (page 18.7-26).

C-E must provide background human factors studies and evaluations that innuenced the current configuratiol or the alarm system. A discussion must also be provided concerning how the current configuration meets the informational needs of the operators for the command, control, ad monitoring tasks they are expected to perform. An auditable human factors path should also be established between the findings from the original human factors ,

analyses and the final con 0guration of the System 80+ alarm system.

Runonse GSI 1.D.5 (1);

C E agrees to provide additional information on the basis of the alarm scheme for Nuplex 80+ in RAI 620.13, with content as alluded to in the response to llF 5.2.

W -

ICil-459(PC/133)/cr-22 l 1

I%

Qunlion GSI 125.1.3  ;

In NUREG-0933, item 125.1.3: SPDS AVAILAlllLITY, the paragraph OTillIR CONSIDERATIONS cites two important factors to be considered in the design of an SPDS  :

system. They are thit (1) 'The SPDS is used in addition to the control room instrumentation system to aid and augment the control room system," and (2) "The SPDS addition provides a diverse and improved diagnostic system but in itself is redundant to the plant  !

Instrumentation..." TMI Action Plan item 1.D.2 Safety Parameter Display System (SPDS) required that licensecs install a system to continuously display information from which the i

plant safety status can be readily assessed. The SPDS should be a continuously available, consolidated display of, at a minimum, reactivity control, reactor core cooling and primary system heat removal, reactor coolant system integrity, radioactivity control, and containment i conditions.

The C E response to this item states, "In the ACC, SPDS functions are implemented by threc distinct information display systems regularly used by the operator: the Integrated Plant >

Status Overview (IPSO) panel, the Data Processing System (DPS), and the Discrete Indication and Alarm System (DIAS).*

In order to close out GSI 125.1,03 a detailed description needs to be provided of how the System 80+ control roam design meets the intent of a continuously available consolidated display of the plant parameters, as required, for an SPDS.

Ennonse GSI 125.1.I.3 The TM! Action Plan item 1.D.2 SPDS provides requirements for adding a system to an existing contro' room. Since it is a new design, Nuplex 80+ does not employ an SPDS that is added to an existing control room, but meets SPDS requirements by integrating SPDS functions into the Nuplex 80+ Advanced Control Complex deiri. Critical functions ,

monitoring and post accident monitoring requirements are integrated into the DPS and DIAS designs.

The continuously displayed SPDS infor' nation is provided on the big board overview display or IPSO. This non selectable display continuously provides status of the critical safety functions including key plant parameter values or trends and status of all success paths for safety functions. The 1PSO display and additional SPDS critical function information is ,

~

continuously available (if selected) at any DPS CRT (one located on each MCR panel). This combination of a continuously displayed overview, with highly processed SPDS information, and continuously available CRT critical function display pages, of increasing detail, meets the intent of the GSI.

See the response to GSI1.D.2.

r .ew, ---%.,,-vu,-s-.m.,-my,-.g- , .,y,-.~ e .y..y __

,,.%,.,,..yw .w,_,, . . . - -, . ,.,p.n,.mm.,. p,,9.w..%y.,_,,g-.,,nw.,,,,g...p.,-.. ,.,

j i

1:,nclosure 11 to i LD 92 022  !

i b

i k

i l

i r

}

t t

I NPOC 13 LOCK #7 ACTION PLAN

. 1 -

i i

i i I

s I

?

I l.,., , . _ . , . ~ , , . . . ~ . . . . . , _ . , . . . . _ .- . - . . ., , _ _ . . _ . . . . . . _ . . _ , . . . , . _ , . . . . . . . . . . . . . _ _ , _ . , _ _ , . _ . . .....-._,_,,-.,_.._,._,m., . . . . . . . _ . - . , , . ,y_,

D '

I ';.

Figure 1 1: lillil.1) LNG llLOCK Si1M M Ain' l'RiillEQUISJIliS lM0h15GNGOING PitoGIMMS Current Nuclear Imv 1xvel Plant Perfonnance 1(adioactive W.:ste (Uti" ties) (eel ACOl(D) liigh !xvel Adc< unte. Economic ltadioactive Waste uel Supply (eel-ACOl(D) (EEI) .

GENERIC S AFETYENViltQNMENTAl,1(EGULNilqN_& INDUSTRESTANDARDS Predictable 1.icensing & AI,WR Utility Requirements Stable Regulation (NUMARC)

I!ROJECliSl'ECIElCACDXlIIEfi NRC Design Certi0 cation Siting (Plant Designers) (EPRl-USC/NUMARC)

First-of-a-Kind Engineering' pl linhanced Standardization

= =. Beyond Design (ARC-EPRI) (INPO)

INS:U:11ED.ONAlcSIrfS

Enhanced Public Clari0 cation of Ownership &

Acceptance Financing (USCEA) (EEI)

State Economic Enhanced Governmental l Regulatory issues Support 4

(EEI) (ANEC) ;4

.7 :

l N-I l4 Executive Summary .s@

A.CTION PLAN FO.1LilllRDING_ULOCK #7:

I! Nil ANCED STANDAltDIZATION llEYOND DESIGN I. GoaltamLResponsthilities Goal:

~

1. listablish an institutional framework and approach to implement and ,

oversee a model for operational standardization of a family of plants. '

2. Develop standardized operational elements to provide a basis for uniformity in a}ipropriate aspects of the organizational structure, l

administrative controls, and startup, operating and maintenance practices.

3. Develop an approach to maintain the standard design and design

, intent in all units of a family of plants over their lifetimes.

ikFpn1Lsibililins Industry Lead INPO Primary Utilities Industry Supporting NUM ARC /l!PRI USC/l!El

11. Sitrun1My_Actioni'lan llackground:

lluilding lilock 7, entitled " Enhanced Standardization liefond Design" in the initial November 1990 issue of the NPOC Strategic Plan, encompassed the following goal:

" Develop and enhance standardization concepts and coopeiauve arrangements as a means to increase the predictability of construction costs and schedules, and to improve operational reliability and cost."

The NPOC Position Paper on Standardization published in April 1991 addresses the concept of standardization as follows:

" Nuclear power plant standardization is a life-cycle commitment to uniformity in the design, construction, and operation of a family of nuclear power plants. Rigorous implementation of standardization is

' i expected to achieve the efficiency and economy typically associated with increases in scale or breakthroughs in technology."

Finalization of NPOC's Position Paper on Standardization completed a significant milestone toward the original ;oal t of this building block and necessitated a restatement of the goal in more specific terms as provided in Section I above.

tilock 7 111-4 7

=

This building block is based on Section 5 of the position paper and addresses standardized elements for operation of a family of plants, regulatory acceptance of appropriate aspects of these elements, and resolution of related issues that impact the standardized operational elements.

Standarsiired Opnational Elements

'r -

Standardization beyond design is intended to foster uniformity in startup, opera. {,

tion, maintenance, training, and quality assurance practices that provide a clear A benefit in terms of effective operational performance, rehability, efficiency, or .

economy. To realize the full benefits of standardization beyond design, a set of y$

essential elements consistent with this goal needs to be defined for a family of standaidized plants. These elements will include areas such as:

M j;$

.g

a. Organization Structtue y)

b. Administrative Procedures

_ ff j

c. Technical Procedures M d.

e.

Operating Procedures Maintenance Procedures 4-f.

l'ersonnel Qualification 3

g. Training i

h. 1 erformance Standards i,

i. Logistics Support Operating Experience

[

J.  ;

k. Configuration Management

1. Quality Programs g-

m. Emergency Planning j

n. Information Data Processing and Records Management @

o. Regulatory / Licensing / Engineering Interface f 4

oppnEld1: r.

9:

?

It is expected that the approach to development of the standardized operational M elements will involve the formation of a steering group and appropriate expert $

working groups selected from nuclear utilities. It is also anticipated that the actual owner / operators will be heavily involved as this effort proceeds to the i

, level of detailed procedure development. T l

Interface with the NRC on appropriate aspects of the standardized operational ele.

g' ments will be necessary to achieve regulatory acceptance and to ensure that the regulatory process and associated regulatory decision making does not impact L ..

standardization beyond design. In addition, it is recognized that through this l effort, elements may be identified that may be directly linked to the regulatory 't process and/or that may extend beyond the mission of INPO. Such elements may {

include:

i

..i h

.s 111-4 8 Block 7 ,'

.y h,

t . . . o I

, l a Technical Specifications

b. Security i

c. Operator Licensing  ;

d. Severe Accident Management 1

e. Cost lienefit Analyses / Applications

f. Probabilistic Risk Assessment Application L

g. Equipment Procurement / Qualification

h. Access Authorization t-t u t l The regulatory interface and regulatory acceptance of appropriate aspects of the standardized operational elements, as well as the development of elements that l [

extend beyond the mission of INPO, will be addressed by NUM ARC, EPRI, or other appropriate industry organizations on a cooperative basis.

c q(

m(

y llL_.hblclonn f 7hil Develop a mechanism to address the fundamental issues k!

6/92 1 assonated with the approach to startup and operation of a y family of standardized plants.

i 7hi2 Utilizing the NPOC Position Paper on Standardization as a 8/92 basis, review the policies and underlying principles as well as the ALWR Utility Requirements Document VolumeI ,

4 Policies and recommend any adjustments. { I 7hi3 Assess the experience with standardization beyond design 9/92 in selected current plants both domestically and  !

internationally.

t.

d 7hi1 Review the summary listing of Standardized Operational '

12/92 .

Elements included in this action plan and recommend I adjustments.

7h15 Using the adjusted listing of Standardized Operational Ele- 3/93 I ments as a basis, define the interfacing requirements for standardization beyond design with all phases of plant

)f design, construction and startup leading to operations. This ylf activity should consider all of the operational user's needs including design bases, as-built data, equipment specifica-  !

i tior, md test results.

'h  !

7ht6 k L Assess the extent of standardization beyond design to be 3/93 il[

pursued on the basis of expected benefus in terms of opera-tional performance reliability, efficiency, and economy.

M st  :

r p; a

b ',

j Block 7

{ j 111 49 1

t ,m... . .. .

,u.,o y a

7M7 List appropriate guidelines and practices to be developed foi 3/93 a model family of plants consistent with the above.

7M8 Formulate an action plan for prioritization, development, 6/93 review, validation and finalization of the guidelines and ,

practices.

7M9 Develop a model mechanism for maintaining standardiza- 12/93 .,

tion within a family of plants throughout the operational  ;

life of the plants. 7

,i i ILlldns i ;'

C 7T1 From filock 2 -Stable regulatory environment that encourages industry G, self-improvement initiatives. 5 7 4 7T2 From Block 2--Mechanisms for regulatory interface and regulatory .

acceptance of appropriate aspects of the standardized operational 1i elements. ;f, Tr3 From/to Block 3-livolutionary and passive ALWR Utility Requirements i. [,

Document submitted to NRC and plant designers as a foundation for the ,

,pY design basis for standardization beyond design. .f y

B 7T4 From Block 4-Design input to approaches taken in standardization beyond design. [j'a n 7T5 From/to Block 6--Exchange information on the design basis to support 'pgj enhanced standardization beyond design. ,

7T6 To lilocks 2,3 and 4--Frovide input to the ITAAC process. [,;

l 7T7 From/to Blocks 9 and 10 -Enhance the basis for assessment of financial h

issues. .

4

{. 7 x.

I*e i

na,.

. s1,; .

y-

@s u 111-5 0 Block 7 i, y.,_. .

=

Er

?-

" Schedule Display for Block 7 1

1992 1993 1994 1995 1991 l .

. , t

~ 632 l

j 7f.11 .

i  ; 8 8 t 8  ; s i g g t

g i

5 I 3 8 g ,

g $ e

$ 8 '

7M2 .

832 e . . .

e i e e i , e

• ; e i e

- e

=

l

' l 7M3 9/9d l g I 8

9 'g

• i  : i i e

e i ,

s  ! 8 l ' I 12/92 '

!a i 7M4 -.

e i a , e t

i  ; i , j . .

e i e i i

e .!  !

I  :

e I e e i ,

7M5, i i e , e e

3Si: * '

I 6, 7 i 8 i *

• s e  !

I e j l 1 8 l e  :

i .  ;

i . 1 .  : ,

. j .

j i j i 7M8 633 i e

i e i e i . i 5 e j i e , t i .  ; e i e t

8 ' t l

l

• 12S3

• 1, 7M9 i e i e  : ,

• 8 8  !. 8 i t l

l ,

=

7 s

ua

.-.-_-..c-;m__.

-. AhE __

y

, _ _ _ .