Regulatory Guide 1.22

From kanterella
(Redirected from ML083300530)
Jump to navigation Jump to search
Periodic Testing of Protection System Actuation Functions
ML083300530
Person / Time
Issue date: 02/29/1972
From:
Office of Nuclear Regulatory Research
To:
References
RG-1.022, Rev 0
Download: ML083300530 (4)


U.S. NUCLEAR REGULATORY COMMISSION February 1972 Revision 0

REGULATORY GUIDE

OFFICE OF NUCLEAR REGULATORY RESEARCH

REGULATORY GUIDE 1.22 (Draft was issued as Safety Guide 22)

PERIODIC TESTING OF

PROTECTION SYSTEM ACTUATION FUNCTIONS

A. INTRODUCTION

General Design Criterion 20 of Appendix A to 10 CFR Part 50, General Design Criteria for Nuclear Power Plants, requires that the protection system be designed to initiate the operation of systems and components important to safety. General Design Criterion 21 requires that the protection system be designed to permit periodic testing of its functioning when the reactor is in operation. In current designs the ability of the protection system to initiate the operation of safety systems depends on the proper performance of actuation devices; therefore, these devices are to be tested. This safety guide describes acceptable methods of including the actuation devices in the periodic tests of the protection system during reactor operation. It does not address the frequency of such testing.

B. DEFINITIONS

protection systemThe protection system, as defined in IEEE Std 279-1971,1 encompasses all electric and mechanical devices and circuitry (from sensors to actuation device input terminals) involved in generating those signals associated with the protective function.

1 Copies of IEEE Std 279-1971, Criteria for Protection Systems for Nuclear Power Generating Stations, may be obtained from the Institute of Electrical and Electronics Engineers, United Engineering Center, 345 East 47th Street, New York, New York 10017.

The NRC issues regulatory guides to describe and make available to the public methods that the NRC staff considers acceptable for use in implementing specific parts of the agencys regulations, techniques that the staff uses in evaluating specific problems or postulated accidents, and data that the staff needs in reviewing applications for permits and licenses. Regulatory guides are not substitutes for regulations, and compliance with them is not required. Methods and solutions that differ from those set forth in regulatory guides will be deemed acceptable if they provide a basis for the findings required for the issuance or continuance of a permit or license by the Commission.

This guide was issued after consideration of comments received from the public.

Regulatory guides are issued in 10 broad divisions: 1, Power Reactors; 2, Research and Test Reactors; 3, Fuels and Materials Facilities; 4, Environmental and Siting; 5, Materials and Plant Protection; 6, Products; 7, Transportation; 8, Occupational Health;

9, Antitrust and Financial Review; and 10, General.

Electronic copies of this guide and other recently issued guides are available through the NRCs public Web site under the Regulatory Guides document collection of the NRCs Electronic Reading Room at http://www.nrc.gov/reading-rm/doc-collections/ and through the NRCs Agencywide Documents Access and Management System (ADAMS) at http://www.nrc.gov/reading-rm/adams.html, under Accession No. MLXXXXXXXXX.

actuation deviceA component or assembly of components that directly controls the motive power (electricity, compressed air, etc.) for actuated equipment. The following are examples of an actuation device: a circuit breaker, a relay, and a valve (and its operator) used to control compressed air to the operator of a containment isolation valve.

actuated equipmentA component or assembly of components that performs or directly contributes to the performance of a protective function such as reactor trip, containment isolation, or emergency coolant injection. The following are examples of actuated equipment: an entire control rod and its release mechanism, a containment isolation valve and its operator, and a safety injection pump and its prime mover.

C. DISCUSSION

One function of the protection system is to initiate the operation of systems and components important to safety. It is required that the protection system be designed to permit periodic testing of its ability to perform these initiation functions when the reactor is in operation. Based on the review of several applications for construction permits and operating licenses, the regulatory staff has concluded that the preferable method of implementing this requirement is to design the protection system such that -

the actuation devices and actuated equipment are periodically tested with the protection system during reactor operation.

Generally it has been industry practice to include the actuation devices in the periodic tests of that portion of the protection system used to initiate reactor trip. Early designs did not provide this same degree of testability in those portions of the protection system used to initiate the operation of engineered safety features, standby power supplies, and other supporting systems. It is recognized that providing the capability to test the actuation devices for these latter systems can present different design problems.

Nevertheless, General Design Criterion 21 requires the same high degree of inservice testability in all portions of the protection system.

In the case of some engineered safety feature systems, testing the operation of the entire group of actuated equipment associated with a protective function may damage plant equipment or disrupt reactor operation. In these cases, acceptable methods of including the actuation devices in periodic tests of the protection system, while avoiding the undesirable effects of operation of the actuated equipment, are:

(1) testing the actuation devices and the actuated equipment2 individually or in judiciously selected groups, (2) preventing the operation of certain actuated equipment during a test of their actuation devices, and (3) designing the system such that operation of the actuated equipment requires the operation of more than one actuation device, each actuation device being individually testable. Examples of utilization of these methods are, respectively: (1) testing the actuation device for a containment spray pump separately from the actuation devices for the containment spray valves, (2) moving the circuit breaker for an emergency coolant pump to a test position that prevents power being supplied to the pump during a test closure of its circuit breaker, and (3) testing individually the two solenoid operated valves that act in coincidence to control compressed air to an isolation valve.

Compared to a design that permits testing the operation of all devices associated with each protection system output signal, each of the methods discussed above can have two major disadvantages.

First, the ability of a system to respond to a bona fide accident signal may be partially or completely

2 The actuated equipment is included in the periodic tests to provide assurance that the protection system can initiate its operation, as required by General Design Criterion 21. This safety guide does not address the functional performance testing of actuated equipment required by other General Design Criteria; neither does it preclude a design that fulfills more than one testing requirement with a single test.

RG-1.22, Page 2

bypassed. In this case, the design should include provisions that prevent a complete bypass of any protective function and indicate the status of the protection system. The second major disadvantage is that certain actuated equipment may not be tested during reactor operation. In this case, it should be shown that there are compelling reasons for not testing the actuated equipment and the probability that the protection system will fail to initiate their operation is acceptably low.

D. REGULATORY POSITION

1. The protection system should be designed to permit periodic testing to extend to and include the actuation devices and actuated equipment.

a. The periodic tests should duplicate, as closely as practicable, the performance that is required of the actuation devices in the event of an accident.

b. The protection system and the systems whose operation it initiates should be designed to permit testing of the actuation devices during reactor operation.

2. Acceptable methods of including the actuation devices in the periodic tests of the protection system are:

a. Testing simultaneously all actuation devices and actuated equipment associated with each redundant protection system output signal;

b. Testing all actuation devices and actuated equipment individually or in judiciously selected groups;

c. Preventing the operation of certain actuated equipment during a test of their actuation devices;

d. Providing the actuated equipment with more than one actuation device and testing individually each actuation device.

Method a. set forth above is the preferable method of including the actuation devices in the periodic tests of the protection system. It shall be noted that the acceptability of each of the four above methods is conditioned by the provisions of regulatory positions 3 and 4 below.

3. Where the ability of a system to respond to a bona fide accident signal is intentionally bypassed for the purpose of performing a test during reactor operation:

a. Positive means should be provided to prevent expansion of the bypass condition to redundant or diverse systems, and b. Each bypass condition should be individually and automatically indicated to the reactor operator in the main control room.

4. Where actuated equipment is not tested during reactor operation, it should be shown that:

a. There is no practicable system design that would permit operation of the actuated equipment without adversely affecting the safety or operability of the plant;

RG-1.22, Page 3

b. The probability that the protection system will fail to initiate the operation of the actuated equipment is, and can be maintained, acceptably low without testing the actuated equipment during reactor operation, and c. The actuated equipment can be routinely tested when the reactor is shut down.

RG-1.22, Page 4