ML093310183
| ML093310183 | |
| Person / Time | |
|---|---|
| Site: | Oconee  |
| Issue date: | 11/19/2009 |
| From: | Baxter D Duke Energy Carolinas |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| Download: ML093310183 (60) | |
Text
Dmkuke ke a~
DAVE BAXTER e9Ene M Onegy Vice President Oconee Nuclear Station Duke Energy ON01 VP / 7800 Rochester Highway Seneca, SC 29672 864-873-4460 864-873-4208 fax dabaxter@dukeenergy.com November 19, 2009 U. S. Nuclear Regulatory Commission Attention: Document Control Desk Washington, D. C. 20555
Subject:
Duke Energy Carolinas, LLC Oconee Nuclear Station, Units 1, 2, and 3 Docket Numbers 50-269, 50-270, and 50-287 Duke Comments on Draft NRC Safety Evaluation for Acceptance of the Oconee Reactor Protective System and Engineered Safeguards Protective System Digital Upgrade The Nuclear Regulatory Commission (NRC) provided a draft Safety Evaluation (SE) for Acceptance of the Oconee Nuclear Station (ONS) Reactor Protective System (RPS) and Engineered Safeguards Protective System (ESPS) Digital Upgrade to Duke Energy Carolinas, LLC (Duke) by letter dated October 23, 2009. Duke submitted the License Amendment Request (LAR) associated with this SE by letter dated January 31, 2008.
The letter transmitting the draft SE states that Duke must identify any factual errors or clarity concerns contained in the draft SE within 20 working days of the letter. Enclosure 1 provides comments on factual errors or clarity concerns. Duke marked up a copy of the draft SE identifying editorial comments and provided to the NRC Staff electronically on November 18, 2009.
Enclosure 2 provides comments to the portions of Section 3.6 that were identified as security sensitive in a November 5, 2009, Duke Letter. These portions of the draft SE describe design features that secure the ONS RPS/ESPS from electronic vulnerabilities. As such, Duke considers Enclosure 2 to be sensitive information and requests that it be withheld from public disclosure pursuant to 10 CFR 2.390.
If there are any questions regarding this submittal, please contact Boyd Shingleton at (864) 873-4716.
Enclosure 2 contains Security Sensitive Information-Withhold under 10 CFR 2.390.
Upon removal of Enclosure 2, this letter is uncontrolled.
www. duke-energy. com
U. S. Nuclear Regulatory Commission November 19, 2009 Page 2 I declare under penalty of perjury that the foregoing is true and correct. Executed on November 19, 2009.
Sincerely, Dave axer, Vice President Oconee Nuclear Station Enclosures Enclosure 2 contains Security Sensitive Information-Withhold under 10 CFR 2.390.
Upon removal of Enclosure 2, this letter is uncontrolled.
U. S. Nuclear Regulatory Commission November 19, 2009 Page 3 cc: Mr. J. F. Stang, Project Manager Office of Nuclear Reactor Regulation U. S. Nuclear Regulatory Commission Mail Stop 0-14 H25 Washington, D. C. 20555 Mr. L. A. Reyes, Regional Administrator U. S. Nuclear Regulatory Commission - Region II Atlanta Federal Center 61 Forsyth St., SW, Suite 23T85 Atlanta, Georgia 30303 Mr. A. T. Sabisch Senior Resident Inspector (Acting)
Oconee Nuclear Station S. E. Jenkins, Manager Infectious and Radioactive Waste Management Section 2600 Bull Street Columbia, SC 29201 Enclosure 2 contains Security Sensitive Information-Withhold under 10 CFR 2.390.
Upon removal of Enclosure 2, this letter is uncontrolled.
Enclosure I Comments of Draft SE for Oconee RPSIESPS Digital Upgrade
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution I All All There were formatting, consistency, reference numbering, and section Revise document to correct identified problems/errors.
numbering problems/errors throughout the draft SER. For example: Duke provided a markup of the draft SER using the MS
- Upper Case vs lower case (for terminology not consistent) Word track change option that corrects problems/errors.
0 Use ESPS consistently rather than ESFAS, ESFS, or EPS Use this file and subsequent specific comments made
- Usee keyswitch rin rather than Key switch. this enclosure to improve the draft SER
- optocoupler rather than optocouplar
- statalarm rather than statealarm 2 All All AREVA NP, Inc was used. However, sometimes AREVA NP Inc was used. To be consistent, use AREVA NP Inc. Perform a global search, remove ","from AREVA NP, Inc.
3 1 1.0 2 3 Reference 24 is the same as Reference 18. Ref. 24 is used once on page 1 of Recommend changing Ref. 24 to "not used" and this SE. changing Ref. # to 18 on page 1.
4 2 1.0 3 3 The SER states "... and supporting information for the LAR insupplemental Revise to say "...(References 3 through 5) letters and documents (Reference 3 through 6)."
References 3 through 5 addressed the acceptance review issues. Reference 6 provided responses to the round 1 RAIs.
5 3 2.1 All The SER is based on the GDCs rather than the Oconee design criteria. The SER should be linked to the Oconee licensing basis design criteria 6 5 2.1 2 5 The references to 10 CFR 50.34(f) are not correct to Oconee, since these The applicable NUREG-0737 TMI action items are the regulations are not applicable based on the operating license date. appropriate references for Oconee. Need to refer to TMI action item or properly characterize the intent as a comparable requirement.
7 6 2.1 5 The description of requirements from 10 CFR 50.55a(h) is not consistent with the The description of requirements from 10 CFR 50.55a(h) regulation for a plant based on the Oconee license dates. should be based on the Oconee license dates, as noted inparagraph (2) of the regulation. Need to acknowledge that IEEE 279 also applies 8 8 2.2 1 8 The SER states "... and addressed the plant specific action items listed inthe The plant specific action items are addressed in Section NRC staff SE of the TXS system (see Section 3.1.6 of this SE)." 3.1.1.7.
The section referenced is incorrect.
9 8 2.2 The last sentence of this section is not a sentence Add "has been reviewed" to the end of the sentence or "has been approved."
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 10 8 3.0 The SER states "...against the regulatory criteria listed in Section 2.2 of this SE." The regulatory criteria are listed inSection 2.1 Section referenced is incorrect.
11 8 3.1 6 1 The following documents' names do not match the actual documents: REPLACE "RPS Replacement Specification" with RPS Replacement Specification "Reactor Protective system (RPS) Replacement Project ESPS Replacement Specification Specifications." Also REPLACE "ESPS Replacement Specification" with "Engineered Safeguards Features Actuation System (ESFAS) Replacement Project Specification."
12 9 3.1 All The SER is based on the GDCs rather than the Oconee design criteria. The SER should be linked to the Oconee licensing basis design criteria 13 9 3.1 1 12 "Loss of Main Turbine Anticipatory Trip" needs to match the description of the Change to "Main Turbine Trip" for consistency with function provided inthe FRS. FRS and Oconee TSs 14 9 3.1 2 6 The parenthetical phrase "(manual backup)" inthe 2nd bullet "RB cooling and Delete "manual backup from the 2nd bullet.
Isolation (manual backup)" does not mean anything in the context of this discussion.
15 9 3.1 3 1 The references to 10 CFR 50.34(f) are not correct to Oconee, since these The applicable NUREG-0737 TMI action item is the regulations are not applicable based on the operating license date. appropriate reference for Oconee.
16 10 3.1 4 6 Typo - GDC 213 should be GDC 21 Correct 17 10 3.1 7 5 Last sentence of this paragraph states: "The existing channel separation will be NRC needs to clarify what they mean or delete the maintained." Does the statement in the SE mean that the existing separation of sentence here, as it is discussed indetail later.
the field cabling will be maintained? The separation inthe new system is not the same as the old system.
18 10 3.1 7 2 Reference 25 is somewhat confusing. The reference turns out to be the re- No change required.
issued approved TR with the NRC SE for the TR attached. So throughout the document, Ref. 25 may be referring to one or the other or both.
19 10 3.1 8 1 Reference is made to Section 2.1.1 to the TXS TR. This should be Section 2.1.1 Correct of the TXS TR SE.
20 11 3.1 1 The phrase "... RPS (Reference 52), ESPS/RPS (Reference 53)..." is incomplete. Correct Revise to state: "... RPS and ESPS Replacement Specifications (References 52 and 53)..."
21 11 3.1 1 8 The SER states "... single bay cabinet (cabinet No. 16) . This should be Revise to "....single bay cabinet (PPSCA00016) cabinet PPSCA0016.
22 11 3.1 1 8 The SER states "... for monitoring and serving interface (MSI)..." The correct name is Monitoring and Service Interface.
2
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 23 12 3.1 1 7 The SER states "... Hardwired connections to the cabinets are only for power, Revise to add: "and analog/binary output signals."
analog and digital input signals, RPS trip signals to output relays for trip logic, and ESPS voters Even and Odd output signals." Need to include analog/binary output signals.
24 13 3.1 1 6 SVE2 - The description of the component needs clarification. CHANGE to: SVE2 is a self-contained computer that performs the I &C monitoring and control functions of the system communicating via the K32 backplane bus.
25 13 3.1 1 10 SCP2 - The description of the component needs clarification. CHANGE to: SCP2 is a communication processor which provides the ability to communicate via Ethernet to the other main components external of the cabinet. The SCP2 communicates with the SVE2 processor across the K32 backplane bus and converts the data to Ethernet while transmitting the signal to the SHO1.
26 13 3.1 1 15 SL21 L2 - The description of the component needs clarification. CHANGE to: Communication Module used to transmit signals via PROFIBUS.
27 13 3.1 1 23 S430 - The description of the component needs clarification. CHANGE to: Digital Input Module which accepts 32 binary inputs (rated at 24VDC).
28 13 3.1 1 31 S451 -The description of the component needs clarification. CHANGE to: Digital Output Module which processes 32 binary outputs (rated at 24VDC).
29 13 3.1 1 33 " Delete discussion of S458. As noted in LAR Table 2-3, the S458 module is not DELETE used for the Oconee project.
30 14 3.1 2 1 SNV1 The 2nd sentence description of the component needs clarification. CHANGE to: The SNV1 module is designed to multiply one analog input up to four electrically isolated output channels.
31 14 3.1 3 1 Delete the FM430-1 description. FM430-1 is actually a designated hardware DELETE solution consisting of various components, as described in 51-5052833-08, Oconee Nuclear Station, Units 1, 2 &3 RPS/ESFAS Controls Upgrade -
Hardware Design Solutions (LAR Supplement 1).
32 14 3.1 4 1 Delete discussion of S460. As noted in LAR Table 2-3, the S460 module is not DELETE used for the Oconee project.
33 14 3.1 5 1 S466 - The description of the component needs clarification. CHANGE to: Analog Input Module designed with 16 ground referenced inputs or 8 differential Inputs.
34 14 3.1 6 1 S470 The description of the component needs clarification. CHANGE to: Analog Output Module which processes 8 3
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution analog outputs either by voltage or current. Each channel is configurable.
35 14 3.1 7 1 Delete discussion of S706. As noted in LAR Table 2-3, the S706 module is not DELETE used for the Oconee project.
36 14 3.1 8 1 SRB1 - The description of the component needs clarification. CHANGE to: The module converts control signals from the 24 volt control circuit to the power circuit, thus serving for the control of process equipment.
37 14 3.1 8 3 The SBG3 description states" ... backplane with 20 slots ... " There are 21 slots Revise to state" backplane with 21 slots ..."
38 14 3.1 9 6 The SBG3 description states "...The fan forces air to the bottom side and out the CHANGE to: "The fan draws air from the bottom side top of the racks. "Need to clarify this statement. and out the top of the racks. "
39 15 3.1 4 Bullet for DPS: Missing information on the Bipolar Power Supply (BPS) Revise to include information on the BPS as follows".
associated with the NI equipment. The Detector Power Supply (DPS) is The Bipolar Power Supply (BPS) supplies +/-15VDC addressed in the last bullet. There should be a 3rd bullet under power supply power to the DPS modules. A +- 1.364VDC analog signal representing the +/-, 15VDC power is sent to the S466 module".
40 15 3.1 1 3 Bullet for SINEC L2 states "...is used as the communication medium SVE2 Revise to state: "... is used as the communication modules." Need to clarify that it is used as a communication medium between medium between SVE2 modules."
SVE2 modules.
41 15 3.1 1 7 Bullet for SINEC HI states "...is used between the MSI and the Service Unit." Change text to read "... is used between the MSI, Need to clarify that it is also used between Gateway. Service Unit, and Gateway."
42 15 3.1 2 8 This paragraph indicates that only one key for a function is issued at a time. Correct information- only the required type and number Don't think this is always true. What about voter keys? of keys will be issued. There are situations where two keys are required. See comment below.
43 15 3.1 2 7 This paragraph states "... mechanical key which is administratively controlled Revise to state" mechanical key which is (i.e. issuing only one key for a function at a time)". administratively controlled (i.e., issuing only one key for There are exceptions to this. One case is for testing the ES HPI BYP and ES LPI a function at a time. There are situations where two-BYP Annunciators via GSM Screens in which two keys will be used to enable keys are required."
both redundant ESPS channels (i.e. Al and A2, B1 and B2, C1 and C2) at the same time due to the wired "AND" configuration. Administrative controls will ensure only one redundant ESPS Channel will be enabled at any time and only for these ES HPI BYP and ES LPI BYP Annunciator tests via GSM Screens.
Also, 2 keys are needed to bypass a voter set.
Duke revised the Response to RAI 80 and RAI EICB 106 (Ref. 19 of SE) in Supplement 18, Enc. 1, to indicate that 2 keys are needed to test on ESPS 4
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution Channel. Also, placing RPS inshutdown bypass requires 4 shutdown bypass keys to be issued at one time.
44 15 3.1 2 6 Reference 57 is used for Supplement 5, Enclosure 1. While the ML# in Change to Reference 6 which is clearly Supp 5. Delete References list for Reference 57 is Supplement 5, Reference 57 refers to Reference 57, which is referred to from pages 15, 70, correspondence dated 5/28/2008 which is Supplement 4 (Reference 5). 92, 250, &260.
Reference to Supplement 5 was clearly intended.
45 15 3.1 5 1 The SER states "All of the RPS/ESPS key switch status information...." Revise to "All of the RPS/ESPS key switch enable The addition of the word "enable" is required as the "fault" status of the status information .......
parameter change enable key switch signal for Channels A thru E is sent to both the statalarm panels and the OAC via the TXS gateway The channel E "enable" status is not sent to the statalarm panels.
46 16 3.1 2 The SER states "...Change Enable key switch status information.." Revise to ".-Change Enable key switch enable status The addition of the word "enable" is required as the "fault" status of the information..."
parameter change enable key switch signal for Channels E is sent to both the statalarm panels and the OAC via the TXS gateway. The channel E "enable" status is not sent to the statalarm panels.
47 16 3.1 4 The SER states "...The switches, however, are different for each unit. Change to: The keys, however, are different for each Need to clarify that the keys are different for each unit. unit.
48 16 3.1.1 1 1 Section 3.1.1 says Section 2.0 of the TXS TR SE stated that the TXS Clarify to state that the TXS platform building blocks architecture basic building blocks can be grouped into four categories. Section can be grouped into three categories.
2.0 of the TXS TR SE actually states TXS architecture basic building blocks can be grouped into four categories, not 3.
49 17 3.1.1 Figure 3.1.1-1 is incorrect. The figure should add connections dots where the Use LAR Figure 2.1-2 here.
ESPS input Channels A, B, and C branch off to the redundant ESPS subsystems. Also, the diagram should depict the "1oo2 taken twice" relays for the ES Valve/Pump actuation relays.
50 18 3.1.1.1.1 4 2 The SER states "...Cooling fans are energized with Class 1E power." Need to Change to: Cooling fans are energized with Class 1E clarify that Cabinet 16 is not. power, except for Cabinet 16.
51 18 3.1.1.1.2 5 4 The description of the SVE2 chip contains specific manufacturer information in Revise parentheses. Delete the SVE2 chip manufacturer information in parentheses, since the SVE2 chip is manufactured with two variants (AMD and Pentium chips),
as noted on page 6 of LAR document 23 provided in LAR Supp 1.
52 18 3.1.1.1.2 6 4 The following sentence needs to be revised for clarification: CHANGE to: "All components of the application "All components of a function processor are always used inthe same way and software are always used in the same way and in a 5
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution in a recurring sequence." recurring sequence."
53 19 3.1.1.1.3 3 2 The SER states "...Each module is capable of handling 8 input variables." Revise to state" Each analog module is capable of Additional clarification is needed. handling 8 differential input variables or 16 inputs referenced to ground."
54 19 3.1.1.1.3 3 3 The SER states "Digital modules can handle 32 inputs." They can handle 32 CHANGE to: "Digital modules can handle 32 inputs or inputs or outputs. outputs."
55 19 3.1.1.1.4 5 2 The draft SER states "... interference free characteristics are provided in The correct reference is Section 2.4.3 rather than 3.4.3.
Sections 3.4.3 and 2.9 of the TXS topical report..." Section 3.4.3 should be There is no Section 3.4.3 inthe TXS Topical Report.
2.4.3.
56 20 3.1.1.2 1 9 The SER states "... can utilize 2.MIN or 2.MAX". Revise to state "...2.MIN (selection of the second This is the first instance of the 2.MIN or 2.MAX logic utilized inTXS. A brief lowest) or 2.MAX (selection of the second highest) description should be added. analog..."
57 20 3.1.1.2 2 8 The SER states "...This method will reject if a sensor fails and provides an Revise to state "...This method will exclude a signal erroneous signal thereby minimize inadvertent trips." There is some text missing from processing ifa sensor fails and provides an from this sentence. Clarify this statement as recommended. erroneous signal thereby minimizing inadvertent trips."
58 20 3.1.1.2 2 2 Delete "closed-loop control". Not correct Revise 59 20 3.1.1.2 3 1 The SER states "...In the RPS, the output module sends processed signal to Revise to state "...In the RPS, the output module sends the existing relay logic scheme for a .... " This sentence needs clarification, trip signals to the existing relay logic scheme for a ......
60 21 3.1.1.2.1 3 2 States that each RPS channel receives analog and binary process signals from Correct information. Use field devices its own transmitters and contact inputs. Analog signals are received from devices other than transmitters. Should use a different term than "transmitters";
maybe "field devices". Same problem exists in line 09 of this paragraph.
61 22 3.1.1.2.1 3 In Figure 3.1.1.2-1 there should be a box labeled "Linear Amp" between the Add linear amp box UCIC flux inputs block and the $466/SNV1 blocks 62 22 3.1.1.2.1 1 The reference to Fig 3.1.1-2 is incorrect, should be Fig 3.1.1.2-1. Change to Fig 3.1.1.2-1.
63 22 3.1.1.2.1 1 8 The draft SER states "... Figure 3.1.1.2-1 above, the analog 4-20 milliamp field CHANGE to: "... Figure 3.1.1.2-1 above, analog 4-20 signals are provided to Analog Signal Module SAA1 where the signal is milliamp field signals are provided to the Analog Signal conditioned and the current signal is converted to a voltage signal and Module SAA1 where the signal is conditioned. The provides a low pass filter. Voltage signals from the SAA1 module is SAA1 converts the current signal to a voltage signal supplied to two separate circuits. One circuit has the TXS S466 Analog and provides low pass filtering. The voltage signal Input Module which converts the voltage input signals to digital counts for from the SAA1 module is supplied to the TXS S466 processing by the TXS SVE2 Processing Module. TXS software Function Analog Input Module, which converts the voltage Blocks converts the input signal digital counts to engineering units. This input signal to digital counts for processing by the 6
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution circuit processes the field inputs and analyzes them to perform the reactor TXS SVE2 Processing Module. TXS software protective function. In the second circuit, the voltage output of the SAA1 Function Blocks convert the input signal's digital module is provided to the SNVI (Signal Multiplier Modules) ... " counts to engineering units. The Function Blocks process the field inputs and analyze them to perform the reactor protective function.
Additionally, the 4-20 mA field signal also passes through the SNVI (Signal Multiplier Module)..."
64 23 3.1.1.2.1 1 2 The draft SER states "...from the field to the base of an optocouplar FM430-1 to Revise to state "..from the field to the base of an be forwarded ..." The FM-430 is not the optocoupler but rather the design optocoupler to be forwarded solution for getting the 120VAC field signal to the S430 board.
65 23 3.1.1.2.1 1 3 The draft SER states" ... The optocoupler isolates and transforms the 120VAC Revise to state "...The binary inputs are both 120 VAC signal to 24 VDC prior to putting it to S430 ... " and 24 VDC. The 24 VDC binary inputs go directly into the S430. The optocoupler isolates and transforms the Change wording to acknowledge both inputs 120VAC signal to 24 VDC prior to putting it to S430 66 23 3.1.1.2.1 2 3 The draft SER states" ...These 24 VDC relays have replaced ..." This statement Revise to state "...These new Undervoltage relays needs clarification. (24VDC coils/1 20VAC contacts) have replaced..."
67 23 3.1.1.2,2 5 9 The draft SER states that "...the software will drive an output channel on a S451 Revise to state "...digital outputs are generated and the digital output module to zero that will de-energize the respective channel relays to four associated trip relays are de-energized (one in each place the channel in a trip condition." This statement needs clarification, channel)."
See LAR Figure 2.2-1.
68 23 3.1.1.2.2 4 4 The SER states "...manually initiated feature (Channel Trip Function Bypass)". Revise to state "... manually initiated feature (Channel This terminology is not consistent with the GSM Screens. Trip/Bypass Function)"
69 23 3.1.1.2.2-1 5" 11 The draft SER states "Software details and acceptability of bypasses using Delete sentence or provide appropriate reference.
keyswitch is discussed in Section 3.1.1.5.2.2 of this SE. Section 3.1.1.5.2.2 discusses the Parameter Change Enable key switch. It doesnot discuss the channel trip key switch.
70 24 3.1.1.2.2-2 1 10 The SER states"... Revise to state"...
- Function Test - for disabling the application function and forcing output signal
- Function Test - for disabling the application function for testing purposes (normally not used). and forcing output signal for testing purposes
" Diagnostics - for downloading new application software." (normally not used). Requires an additional parameter change to enable change to this Recommend adding clarifying information in bold text shown inthe Recommended mode.
Resolution column.
- Diagnostics - for downloading new application software. Requires an additional parameter change to enable change to this mode."...
7
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 71 24 3.1.1.2.2-2 2 Missing information on statalarm and OAC points when the keyswitch is inthe Add to the beginning of the 2nd paragraph (after bullets) enable position. This information is provided in the previous subsection (1) for "When the Parameter Change Enable keyswitch is in Channel Trip. the enable position, a statalarm (RPS/ESPS annunciator alarms located on the existing Statalarm Panels with lamp test push buttons on the control room unit boards to manually test the statalarm lamps) and OAC alarm will be received."
72 24 3.1.1.2.2-3 3 7 The draft SER states "... (status shall be indicated by a light)." This is actually CHANGE to: "(status shall be indicated by an alarm)"
an alarm.
73 24 3.1.1.2.2-3 3 9 The draft SER states "and inserts a new RCS High Pressure trip." Revise to "..., and inserts a new RCS High Pressure Added information is needed to reflect the true functionality in which a new trip setpoint lower than the normal operation RCS setpoint is added that is lower than the normal operation setpoint. High Pressure trip setpoint".
74 24 3.1.1.2.2-3 3 10 Th& draft SER states"... lowered to less than 5 percent ..." This should be less Correct than or equal to 5 percent.
75 24 3.1.1.2.2-3 3 14 The draft SER states "... Software details and acceptability of bypasses using Refer to correct section. The shutdown bypass key keyswitch is discussed inSection 3.1.1.5.2.2 of this SE. The section referred to switch is discussed in Section 3.4.3.6.1.
does not discuss the shutdown bypass key switch.
76 25 3.1.1.2.2-5 1 n/a Correct number title and description in text to read "Manual RPS Trip Function Suggested Rewording:
Trip/Bypass". Describe the feature as Trip/Bypass not just bypass. Feature "5. Manual RPS Trip Function Trip/Bypass uses the Keyswitch and GSM to implement. The text should describe this as An individual Manual RPS Trip Function TriplBypass such. allows an individual channel trip function inany RPS channel to be trippedibypassed for maintenance activities through the GSM screens which acts as an interactive user-interface for the maintenance and servicing of the digital RPS by operations and maintenance personnel. This allows the remaining trip functions inthe channel to remain operable while the channel input device for the affected channel is inoperable. Operation to put functions intriplbypass is administratively controlled since there is no interlock to prevent placing functions in multiple channels in trip/bypass. This bypass function requires the use of the Parameter Change Enable key switch.
Software details ... "
8
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 77 25 3.1.1.2.2-4 The draft SER states "Software details and acceptability of bypasses using The reference is not appropriate. Delete this sentence keyswitch is discussed in Section 3.1.1.5.2.2 of this SE. Section 3.1.1.5.2.2 it does not belong here.
discusses the Parameter Change Enable key switch. It does not discuss the manual bypass key switch.
78 25 3.1.1.2.2-4 3 Under Item 4. Manual Bypass there are two sentences combined into one. Put a Correct as recommended. As alternative the one long period after "TXS Gateway" and capitalize "manual." sentence could be rewritten as 3 sentences as follows:
". The RPS Manual Bypass status information is provided through hardwired output of the RPS Channel TXS computer inparallel with the hardwired signal from a keyswitch contact in case the TXS computer is powered down. This status information is sent to the plant Operator Aid Computer (OAC) via the TXS Gateway. Manual bypass of more than one channel of RPS is not allowed by the ONS TS and will be monitored using the TSs action item log."
79 25 3.1.1.2.3 2 10, The draft SER states "...One of the Odd and Even Voter sets (Voter 2) performs Correct 12 the two-out-of three voting for the actuation signals coming from the ESPS protective channels Al, B,C1 and the other independent and redundant Odd and Even Voter set (Voter 1) performs ..." The Voter correlation is incorrect. The Voter 2 is associated with Channels A2, B2, and C2; Voter 1 is associated with Channels Al, B1, and C1.
80 26 3.1.1.2.3 1 10 The draft SER states "...set point for one of the other three channels ..." This Revise section is for ESPS, which has only three channels, so this needs to be changed to "...set point for one of the other two channels 81 27 3.1.1.2.4 2 5 In Fig 3.1.1.2-2 the arrows going to ESPS Ch A1 and other systems and SNV1 to Correct figure.
ICS/OAC should come from the top of the SNV1 and SAA1 boxes instead of arrow coming off to the right to be functionally correct.
82 27 3.1.1.2.4 2 2 The terms "RB and RCP" are confusing and should be spelled out as "RB Revise. Also change inthe acronym list at the back of pressure and RC pressure." RCP is commonly used for reactor coolant pump. the SER 83 27 3.1.1.2.4 2 1 The draft SER states: "As shown inFigure 3.1.1.2-2 below and described in CHANGE to: "As shown in Figure 3.1.1.2-2 below and Section 2.3.1 of LAR Enclosure 1 (Reference 1), the RB and RCP 4-20 milliampere described in Section 2.3.1 of LAR Enclosure 1 current signals are transmitted to SAAI module through a signal multiplier (Reference 1), the RB pressure and RC Pressure 4-20 SNV1 module which converts the current signal to a voltage signal in the milliampere current signals are routed through an processing circuit of one ESPS channel in each ESPS subsystem (e.g. A2 in SNV1 (Signal Multiplier Module) which provides subsystem 2)." The latter part of this sentence needs clarification, isolated analog current outputs to the SAA1 modules. The SAA1 modules convert the current 9
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution signals to voltage signals for the S466 processing circuit of the respective ESPS channel."
84 27 3.1.1.2.4 2 6 There is a formatting problem with the figure number. The figure number shows Correct up behind and inthe center of the figure 85 27 3.1.1.2.4 3 2 The draft SER states "The same pressure signal from the SNV1 module is also CHANGE to: "The same pressure signal from the SNV1 supplied to the SAAM module in the respective channel signal processing module is also supplied to the other protective circuits circuit in subsystem1 vis-versa and other protective circuits such as to DLPIAS, such as to DLPIAS and DHPIAS as needed. (Note:
DHPIAS, ifneeded. (Note: SNV1 and SAA1 contain no software: see Section The SNV1 and SAM contain no software: see Section 3.12.1.3 for review and approval of these components.) Voltage signal from the 3.12.1.3 for review and approval of these components.)
SAA1 modules ineach subsystem for each channel is supplied to two separate The voltage signal from the SAA1 module ineach circuits. One circuit is with S466 module which converts the voltage input signals subsystem for each channel is supplied to the S466 to digital counts for processing by the TXS SVE2 processing module. This circuit module, which converts the voltage input signal to processes the field inputs and analyzes them to perform the safety related ESPS digital counts for processing by the TXS SVE2 function. The second circuit uses an SNV1 module to provide isolated analog processing module. This circuit processes the field outputs to recorders, ICS, etc. These analog outputs are independent of the TXS inputs and analyzes them to perform the safety related processors. Processing of binary signals of RB pressure and RCP (contact inputs) ESPS function. The 4-20 milliampere current signal processing in the ESPS subsystems goes through the same steps as RPS binary provided to the SAAM is also routed through an signal processing and has same components. Design includes comparison of the SNV1 module to provide isolated analog outputs to binary inputs for deviations and faults." recorders, ICS, etc. These analog outputs are independent of the TXS processors. Processing of This paragraph needs to be clarified. Re-write as indicated inthe Recommended binary signals of RB pressure (contact inputs) inthe Resolutions column. Also, this paragraph references processing of binary signals ESPS subsystems go through the same steps as RPS of RB pressure and RCP (contact inputs). The only binary input to ESPS is RB binary signal processing and has same components.
pressure. Remove "and RCP"; it's not a binary input. Design includes comparison of the binary inputs for deviations and faults."
86 27 3.1.1.2.4 3 10 Create new paragraph for binary signal discussion. Add new paragraph:
"Processing of binary signals of RB pressure (contact input) inthe ESPS subsystems goes through the same steps as RPS binary signal processing and has same components. Design includes comparison of the binary inputs for deviations and faults."
87 28 3.1.1.2.4 1 2 1st bullet - The draft SER states "Ifpower to Channel A2 fails, the redundant CHANGE to: "Ifpower to Channel A2 fails, or a failure signal from Channel B2 automatically aligns to the circuit via a transfer relay. Or, if of the A2 RC Pressure signal is detected by preferred, the alternate Channel B2 signal can be selected manually." Channel A2, the redundant signal from Channel B2 automatically aligns to the circuit via a transfer relay.
Or, if preferred, the alternate Channel B2 signal can be selected manually."
10
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 88 2 3.1. .12.4 3 1 All channels have output contacts for HPl/LPi Bypass Enable statalarms. Only Correct Al &A2 send Degraded Containment signal to ICS.
89 28 3.1.1.2.5 3 Figure 3.1.1.2-3 has typo and formatting problems inthetop 2 of the right 4 Correct boxes 90 28 3.1.1.2.5 3 8 "e.g. (typical)" is out of place. Delete "e.g. (typical)"
91 29 3.1.1.2.6 2 1 The draft SER states "Besides these automatic features; the following manually CHANGE to: "Besides these automatic features, the initiated safety features are provided in the ONS design to control the ESPS in following manually initiated safety features are provided various modes of plant operation using Keyswitches as explained in Section in the ONS design to control the ESPS invarious 3.1 above:" modes of plant operation using Keyswitches, pushbuttons, and graphic service monitor (GSM)
This makes it look like RPS Manual Safety Function. functions as explained in the sections below.
Software details and acceptability of bypasses using keyswitch is discussed in Section 3.1.1.5.2.2 and permissive conditions for the operating bypasses are evaluated in Section 3.4.1.3 of this SE."
92 29 3.1.1.2.6.1 3 6 The draft SER states "Software details and acceptability of bypasses using Section 3.1.1.5.2.2 discusses the Parameter Change keyswitch is discussed in Section 3.1.1.5.2.2 of this SE. Enable key switch. Itdoes not discuss the channel trip key switch.
it does not fit here Delete this sentence, 93 29 3.1.1.2.6.1 3 1 The SER states "...keyswitch for the associated logic computer." Revise to add at the end of the first sentence "...logic The keyswitch signals for channels A2, B2, and C2 are also shared with their computer, the ESPS trip keyswitch signal for channels corresponding redundant channels Al, B1, and Cl respectively. This information A2, B2, and C2 are shared with their corresponding should be added. redundant channels Al, B1, and C1 respectively."
94 29 3.1.1.2.6.1 3 3 The draft SER states that "Ifrequired, one channel may be placed inthe trip Revise to state Ifrequired, one channel may be placed in position (i.e. all related ESPS channel safety functions). This action, however, the trip position (i.e. all related ESPS channel safety does not place the redundant ESPS subsystem channels providing the ESPS functions). The Keyswitch in..."
safety function-in a Trip state. The Keyswitch in..."
Delete sentence inbold text 95 29 3.1.1.2.6.1 3 4 The draft SER states "...The Keyswitch in the channel trip position sends signal CHANGE to: "The Keyswitch inthe channel trip position to the application software for all of the ESPS parameters for the applicable sends signal to the application software for all of the channel. A trip of any parameter in an additional ESPS channel will initiate an ESPS parameters for the applicable channel. This ESPS initiation." includes both the 2 ESPS Subsystem(A2, B2, or C2) and its associated channel in the 1 ESPS Additional information needs to be added to provide a complete description. Subsystem (Al, B1, or Cl) For instance, setting the Channel Trip keyswitch in Channel A2 to "Trip" will 11
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect,# Para Line Comment Recommended Resolution Insert the bolded textin the Recommended Resolution column. also provide a channel trip signal to channel Al. A trip of any parameter inan additional ESPS channel will initiate an ESPS initiation.
96 29 3.1.1.2.6.2 4 3 The draft SER states "Using administrative controlled "Parameter Change Enable" Add a sentence that states "Itis recognized that there keyswitches for each protective channel located inthat channel's cabinet and a are tests for some ESPS component annunciation that command from the TXS SU, the safety function processors can be placed in need Parameter Change Enable" keys for both different operating modes." subsystems of the same channel."
97 29 3.1.1.2.6.2 5 1 Need to mention that the ESPS Al, B1, and Cl processors can be placed in Add parenthetical phrase at the end of the 1st sentence:
parameter change enable mode as discussed in 3.1.1.2.2 Item 2 "(refer to Section 3.1.1.2.2 Item 2 for ESPS Al, B1,and C1 processors)"
98 29 3.1.1.2.6.2 5 4 The draft SER states "... keyswitch located inthat channel's cabinet pair." Delete the word "pair" at the end of the sentence.
99 30 3.1.1.2.6.2 5 The 3rd and 4th bullets state "... Revise to state "...
- Function Test - for disabling the application function and forcing output signal
- Function Test - for disabling the application function for testing purposes (normally not used). and forcing output signal for testing purposes
- Diagnostics - for downloading new application software." (normally not used). Requires an additional parameter change to enable change to this Recommend adding clarifying information inbold text shown inthe Recommended mode.
Resolution column. This is consistent with the change recommended for Section
- Diagnostics - for downloading new application 3.1.1.2.2.2 on page 24. software. Requires an additional parameter change to enable change to this mode."...
100 30 3.1.1.2.6.3 3 5 The draft SER states "Software details and acceptability of bypasses using Section 3.1.1.5.2.2 discusses the Parameter Change keyswitch is discussed in Section 3.1.1.5.2.2 of this SE. Delete this sentence, the Enable key switch. Itdoes not discuss the ESPS voter reference is inappropriate. bypass key switch.
101 30 3.1.1.2.6.3 3 1 The SER states "...Both ESPS voter trains (Even and Odd) include two Revise to state "... Each ESPS Voter (Odd and Even)
Keyswitches for voters I and 2." of a subsystem includes a Keyswitch, for a total of 4"
102 30 3.1.1.2.6.5 5 7 The draft SER states "To avoid unintentional initiation, the override pushbuttons Sliding covers are being used rather than flip covers.
are equipped with flip covers." Recommend deleting "flip" and just say the pushbuttons are equipped with covers The draft SER describes that override pushbuttons are equipped with flip covers to prevent inadvertent operation.
103 31 3.1.1.2.6 2 9 Add 1 or 2 sections on GSM Manual Trip and Interchannel Trip at end of section Needs to be added for consistency with other sections.
3.1.1.2.6. These sections would be similar to the RPS GSM sections. Add new sections:
3.1.1.2.6.6. Manual ESPS Trip Function Trip 12
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution An individual Manual ESPS Trip Function Trip allows an iýndividual channel trip function in any RPS channel to be tripped for maintenance activities through the GSM screens which acts as an interactive user-interface for the maintenance and servicing of the digital ESPS by operations and maintenance personnel. This allows the remaining trip functions inthe channel to remain operable while the channel input device for the affected channel is inoperable. Operation to put functions intrip/bypass is administratively controlled since there is no interlock to prevent placing functions in multiple channels in trip/bypass. Software details and acceptability of this trip/bypass feature using Keyswitch is discussed inSection 3.1.1.5.2.2 of this SE."
.3.1.1.2.6.7. ESPS Interchannel Trip ESPS Interchannel Trip allows the setting of signal values coming from a failed ESPS channel into a tripped state. This function can be used on the remaining two (2) operating ESPS Subsystems. The ESPS Interchannel Trip function is used when one (1) entire set of ESPS Subsystems (e.g., Al, 81, &Cl) is placed into a maintenance mode and one (1) of the three (3) remaining operational channels (e.g., A2, B2, C2) becomes degraded or inoperable."
104 31 3.1.1.2.6.5 2 5 The draft SER states, "...which re-energizes the voter outputs." Revise to state "...which re-energizes the voter output modules."
105 32 3.1.1.3 5 5 The draft SER states "... evaluated inSection 3.1.1.5 of this SE." A more specific reference is 3.1.1.5.2.4.
106 33 3.1.1.3 1 4 This section indicates that the test machine will be available for testing to support Revise sentence to state: "Itwill beavailable for testing future design changes to the system. Duke also indicated [in the April 3, 2009 to support future design changes to the system and for Supplemental Cyber Security RAI Response and re-stated inSupplement 18, troubleshooting."
Enc. 1, 01 91 information] that the test machine may be used for troubleshooting.
107 33 3.1.1.4-6 2 18 The draft SER states "...6. One TXS Service Unit Revise to state "...6. One TXS Service Unit (including GSM)"
108 35 3.1.1.4.1 1 .6 The draft SER states "... As such, the class 1E MSI serves as an interface Revise to state "...As such, the class 1E MSI serves as between the computers of the automatic path and other nonsafety-related an interface between the computers of the automatic systems. Protection system ... " path and other nonsafety-related systems. The MSI is also programmed to communicate alarms and data to the TXS Gateway which makes them available to the OAC. Protection system.
109 35 3.1.1.4.1 1 12 The draft SER states "... application software runs on one of the four processors Revise to state "...application software runs on one of the used for MSI communications..." five processors used for MSI communications.
This section needs to be updated to reflect the system change discussed with NRC 13
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution during the April 2009 audit in Alpharetta.
110 35 3.1.1.4.2 1 10 The draft SER states "... this processor provides alarm information ... " Revise to state "...this processor provides alarm and data information ..."
111 35 3.1.1.4.2 1 9 The following provides a repeat of information provided in the 2nd sentence of this Delete the following parts of the two sentences:
paragraph: "Field signals are conditioned and converted and input into a SVE2 "where RPS Channel E application software runs on processor where RPS Channel E application software runs on one of the four one of the four processors used for MSI processors used for MSI communications. This processor provides alarm communications" and "The Channel E signals are also information related to the Channel E signals to the OAC via the MSI. The Channel supplied to indicators and to the ICS.
E signals are also supplied to indicators and to the ICS."
This section needs to be updated to reflect the system change discussed with NRC during the April 2009 audit in Alpharetta.
112 35 3.1.1.4.2 2 12 The draft SER states "...This processor provides alarm information related to the Revise to state "...A sixth processor provides alarm Channel E signals to the OAC via the MSI." information related to the Channel E signals to the OAC via the MSI."
This section needs to be updated to reflect the system change discussed with NRC during the April 2009 audit in Alpharetta.
113 37 3.1.1.4.7 3 9 The draft SER states "...Testing of the digital RPS/ESPS ... " Revise to state "...Maintenance of the digital RPS/ESPS 114 37 3.1.1.4.7 3 20 Add statement at end of bullets that "Modification to the online system can only be Revise as indicated for consistency with other sections.
performed when the Change Enable Keyswitch is utilized, as described on Section 3.1.1.5.2.2."
115 39 3.1.1.4.11 7 3 The draft SER states "... used on application software revision on he processor Revise to state "...used to load application software boards..." There are some words missing from this sentence that need to be revisions on the processor boards added.
116 39 3.4.1.4.11 6 2 The draft SER states that neither the TXS Topical Report nor its SER discuss the Revise to indicate that the maintenance laptop was not maintenance laptop. TXS Topical Report briefly discusses the use of a portable addressed in the LAR.
(i.e., laptop) computer inSection 2.5.5.1 and Figure 2.11. The Interface software for the boot loading via the serial interface port on the SVE2 module is described in Topical Report Section 3.2.1.3 and the TXS Topical Report SER (on page 18).
117 40 3.1.1.5 2 16 The draft SER references DI&C-ISG-04 September 28, 2007. Itwould be better to reference the current version (revision 1) dated March 06, 2009.
118 41 3.1.1.5 2 4 The draft SER states "...second type of communications is with the interchannel Revise communications used for the 2ndMinimum/2ndMaximum functions described in this SE inSection 3.1.1.5.3,"
14
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution Add the following text to the end of the sentence: "and communication between safety-related processors, and safety-related processors and the MSI."
119 41 3.1.1.5 6 3 The draft SER states "... between safety-related processors, the L2 PROFIBUS is Revise to state "...between safety-related processors, used." and safety-related processors and the MSI, the L2 PROFIBUS is used."
120 42 3.1.1.5 1 4 The draft SER references EMF-2110 dated September 1999 as Reference 25. Reference 25 is the approved version of EMF-2110, The approved version is dated May 2000, which is dated May 2000. Change to "dated May 2000" 121 42 3.1.1.5 1 4 The draft SER states "...The PROFIBUS is an industry standard bus structure Revise intended for field bus communication in automation technology. AREVA has adopted this standard bus to use fiber optic, and as implemented in the digital RPS/ESPS, is a two station token passing Ethernet bus."
Delete the word "Ethernet" from this sentence as this is not an Ethernet bus.
122 42 3.1.1.5 2 1 The draft SER states "...The H1 Ethernet (IEEE 802.3) LAN also uses a token Revise.
passing architecture H1 uses the Ethernet 802.3 standard, and as such is The H1 Ethernet (IEEE 802.3) LAN uses CSMAICD communication protocol CSMAICD rather than token passing. This is evidenced by the use of the 82596 Ethernet Controller IClisted in the TR.
123 42 3.1.1.5.1 4 2 The draft SER references EMF-2110 dated September 1999 as Reference 25. Reference 25 is the approved version of EMF-2110, The approved version is dated May 2000. which is dated May 2000. Change to "dated May 2000" 124 42 3.1.1.5.1 6 11 The draft SER states "...The use of a single MSI also requires the connection of CHANGE to: "...The connection of the nonsafety the nonsafety gateway and service units to be connected to all safety function gateway and service units to a single MSI allows processors, and this connection could allow a failure of these nonsafety units to access to all safety function processors by these affect all safety function processers." nonsafety units, which could allow a failure of these nonsafety units to affect all safety function processors if The TXS TR talks about the MSIs as being redundant for purposes of preventing not properly protected.
single failure of data connection to the safety computers. The ONS single MSI does not lead to an increased failure possibility of the safety processors.
125 43 3.1.1.5.1 1 12 The draft SER references an April 15-17 audit. The reference should be April 15-17, 2009.
15
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 126 43 3.1.1.5.1 1 5 The draft SER states "...Therefore, one SVE2 is required for each four Revise sentence - delete "as well as the nonsafety communications links, and since the MSI communicates with each set of safety Channel E" channels, each voter and status processor, as well as the nonsafety Channel E, multiple SVE2/SL21 boards are required."
The RPS Channel E functions take place on an SVE2 that is inthe same subrack as the MSI SVE2s. Therefore communications take place over the SBG3 Backplane.
127 43 3.1.1.5.1 2 11 The draft SER states "...and transferred to the MSI SVE2/SL2 module." CHANGE to: "... and transferred to the MSI SVE2/SL21 module."
128 43 3.1.1.5.1 2 5 The paragraph below Figure 3.1.1.5-1 uses the term DI-RAM 3 times; this should Use one term for dual port RAM. Recommend you be DP-RAM. Also generically throughout the SER several terms are used, e.g., search and replace each of these with a consistent DPRAM, dual port RAM, dual-port RAM, DP-RAM (which is defined inthe term.
acronym list as dual-ported random access memory).
129 44 3.1.1.5.1 1 3 Reference 60 is incorrect- should be Reference 90. Reference 61 is incorrect- Correct all references throughout the SER. Duke has should be reference 6. There are numerous problems throughout the SER with done this on the MS Word markup of this document duplicate references, confusing references and reference number problems. provided electronically to NRC on [November 18, 2009]
There are 165 references listed inSection 5 yet there are reference numbers higher than that, for example pointing to References 528 and 529.
130 44 3.1.1.5.1 2 4 The draft SER refers to Section 3.1.3.3.2. There is no Section 3.1.3.3.2. Relevant material is discussed in Sections 3.1.1.2.3, 3.1.1.2.4, and 3.1.1.2.5.
131 44 3.1.1.5.1 2 1 The draft SER states "...Other communications between the RPS/ESFS system This sentence is incomplete. Add "exists" after "other and other safety-related equipment sends sensor data to the RPS/ESPS, and from communications. Sentence still doesn't read well.
the RPS/ESFS system voters to the actuation components." Revise for clarity.
132 44 3.1.1.5.2 1 4 The draft SER states "...with four communication processors handling the Revise to state "...with five processors handling the communication data links..." communication data links .
This section needs to be updated to reflect the system change discussed with NRC during the April 2009 audit inAlpharetta.
133 45 3.1.1.5.2 2 5 Reference 62 is the certificate, Reference 71 is the report. Itappears like the text Correct reference number.
is referring to the report not the certificate. Additionally, the report name inthis section does not match Reference 71. Report name here is correct.
134 46 3.1.1.5.2.1 2 2 The last three sentences of the paragraph provide unnecessary detail. Add the Revise.
following phrase to the end of the first sentence: "and confirmed the device was 16
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution not capable of two way communication." Then delete the last 3 sentences.
135 46 3.1.1.5.2.1 3 3 Clarify 2nd sentence to indicate info was provided in a supplemental response for Revise RAI 5 dated November 25, 2008. Use Reference 22 - Reference 63 should be deleted since it is a duplicate of 22.
136 46 3.1.1.5.2.1 3 19 The last sentence of this paragraph indicates any replacement for the port tap Revise to indicate that the licensee must review inthe must be evaluated in the same manner to determine the manner in which it is same manner as the NRC did. This sentence implies being used and configured is acceptable. This implies that the NRC would need that the staff will have to review any changes to perform a similar review. This should be allowed by the 50.59 process.
137 47 3.1.1.5.2.2 2 1 The draft SER states that "the NRC staff SE on the topical report has only a limited Delete sentence discussion of the service unit." A word search of the NRC SER for the TXS Topical Report revealed 28 instances where service unit was mentioned.
138 47 3.1.1.5.2.2 2 7 Should be "safety-related" rather than "safety-relevant". Correct 139 47 3.1.1.5.2.2 4 2 The terms "key lock", "key switch", key-operated switch, and keyswitch are used Revise to "keyswitch" for consistency.
interchangeably. Recommend the use of "keyswitch" for consistency with the Oconee LAR and supplements 140 48 3.1.1.5.2.2 3 6 The draft SER states that "This determination is limited to the methods used in The current wording is ambiguous and difficult to the digital RPS/ESPS system, and should not be considered as generic approval interpret. It would be better to clarify that the review for to have continuous and permanent bi-directional communications between future projects is limited to physical access controls, key safety-related and nonsafety systems. Any future interconnection between switch design, and any changes to the Run Time safety-related and nonsafety systems, including such connections by AREVA environment software affecting the mode change using TXS systems, will need to be reviewed inthe same manner as was done control software.
for the digital RPS/ESPS, with a detailed code review of the methods used to prevent loss of isolation inthe event of hardware or software failure, to reach an equivalent conclusion of reasonable assurance of safety."
141 49 3.1.1.5.2.2 3 1 The second sentence of this paragraph and the last sentence on the page says Revise to indicate that "currently" the procedural
'procedural controls for connection of laptop will be ... procedure called "Software controls are... Delete last sentence of page.
Loading"'
This statement is currently true; however, the procedure title is subject to change.
Recommend deleting the 2nd occurrence since it's exactly the same information provided inthe second sentence.
142 49 3.1.1.5.2.3 1 3 The draft SER states that neither the TXS Topical Report nor its SER discuss the Revise to indicate that use of portable computer is maintenance laptop. TXS Topical Report briefly discusses the use of a portable briefly discussed inthe TXS TR.
(i.e., laptop) computer in Section 2.5.5.1 and Figure 2.11. The Interface software for the boot loading via the serial interface port on the SVE2 module is described 17
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution in Topical Report Section 3.2.1.3 and the TXS Topical Report SER (on page 18).
143 49 3.1.1.5.2.3 3 6 This paragraph indicates that the licensee stated that the maintenance laptop will Revise to indicate laptop will be locked instorage be stored in I&C test equipment area. In Supp 18, Encl 1, Duke stated that the location inthe Control Room area.
Laptop will be locked in a storage location within the Control Room area.
144 50 3.1.1.5.2.3 2 5 The draft SER states "Afollow up inspection activity is required." Delete statement. Redundant to footnote 5.
145 51 3.1.1.5.2.4 1 1 The draft SER states that the "test machine is not mentioned in the TXS TR Clarify this statement or delete as it is not true.
(Reference 25) or the NRC staff SE (Reference 25)."
EMF-2341 (P), which is referenced inthe TXS Topical Report, describes the test machine inSections 5.3 and 6, as well as Figures 5.3, 5.4, and 6.1. The SER for the TXS Topical Report discusses the test machine on pages 6 and 44.
146 53 3.1.1.6.1.1 1 13 The draft SER states that "this determination is not generic to other uses of the Clarify that the review for future projects is simply TXS platform and any future modification of the software associated with the limited to software changes affecting the communications with other channels or with nonsafety systems; or use of this type communication software associated with interdivisional of communications in other uses of the TXS platform will require a similar staff (interchannel) communication review, with a similar safety determination, to be acceptable insafety-related systems at nuclear power plants."
The current wording is ambiguous and difficult to interpret. Itwould be better to clarify that the review for future projects is simply limited to software changes affecting the communication software associated with interdivisional (interchannel) communication.
147 55 3.1.1.6.1.3 1 3 The draft SER states that "this interchannel communications was not discussed in Clarify this statement or delete as it is not true.
the TXS TR (Reference 25) or approved in the SE on that TR (Reference 25).
The TXS Topical Report describes the interchannel communication feature in Section 4.1. It is shown inFigures 3.1, 4.2, and 4.3. The SER discusses this feature on pages 4, 20, 30, and 45. Itwas also the subject of a specific and detailed presentation in a meeting held with NRC on November 16-18, 1999.
148 55 3.1.1.6.1.3 01 14 The SE discusses problems with an input signal resulting insending incorrect Revise to use RPS as an example.
data to the other three channels. This section is intended to address both systems. However, it is describing RPS only and not ESPS.
149 56 3.1.1.6.1.3 2 10 The draft SER references Section 3.2 initem 1. There is no Section 3.2. The Revise correct reference is 3.2.0.
18
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 150 56 3.1.1.6.1.3 03 04 This paragraph includes the following sentence: "The TXS system will then Revise to use RPS as an example.
revert to two of three trip or actuation logic, and the safety function will not be disabled." The discussion is intended to be generic for both systems but the SE is describing RPS (a 4 channel system) versus ESPS (a 3 channel system).
151 57 3.1.1.6.1.3 5 The draft SER describes the "...adequate diversity within the ATWS and data Correct acquisition system (DAS)..."
Need to clarify what SE is talking about. Definitely not data acquisition system.
The intent here is probably to mention AMSAC and DSS (ATWS mitigation systems) and DLPIAS and DHPIAS (diverse actuation systems).
152 57 3.1.1.6.1.3 2 10 The draft SER references "... Enclosure 2 of TSC 007-09, Supplement 13 Correct (Reference 71)."
The date on Reference 71 is November 2, 2002, should just be November 2002 as indicated on the test report. Would be better to refer to LAR Supplement 13 (Ref.
14). The test report is item 2 of Enclosure 2 of Supp 13.
153 58 3.1.1.6.1.4 2 2 The draft SER states "Inthe TXS system proposed for use in the digital CHANGE to: "...In the TXS system proposed for use in RPS/ESPS, all interdivisional and safety to nonsafety communications is done the digital RPS/ESPS, all interdivisional and safety to using an SL21 daughter board attached the SVE2 safety function processor MSI communications is done using an SL21 daughter board." Replace "nonsafety" with "MSI". .Also insert "to". board attached to the SVE2 safety function processor Note: The MSI to nonsafety communication uses the SCP2, as shown in Figure board."
3.1.1.5-.2.
154 61 3.1.1.6.1.10 3 10 The draft SER states that "this approval is limited to the specific manner inwhich Clarify that the review for future projects is limited to the TXS System, as proposed for use inthe digital RPS/ESPS, provides this physical access controls, key switch design, and any protection, and any future modification of the hardware or software associated with changes to the Run Time environment software this feature inthis or other uses of the TXS platform will require similar staff review, affecting the mode change control software.
with a similar safety determination, to be acceptable for use insafety-related systems at nuclear power plants."
The current wording is ambiguous and difficult to interpret.
155 61 3.1.1.6.1.10 3 3 AREVA digital RPS/ESPS should be Oconee digital RPS/ESPS (several places) Correct 156 62 3.1.1.6.1.11 1 6 The draft SER states that "...plant procedures and administrative controls will Revise to state "...and has committed to place the restrict using the parameter change enable keyswitch to change from the standard respective channel out of service while changing the operational mode without placing the affected division into bypass or trip." software, parameters, etc. Strict administrative control over the use of these key switches is necessary to ensure that operability of the system is maintained 19
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution during these evolutions." The proposed revision matches Sections 3.1.1.5.2.2 and 3.2.0.2.1.
157 62 3.1.1.6.1.11 1 3 This paragraph states that for the Oconee digital RPS/ESPS, the parameter Revise change enable keyswitch can provide a permissive to allow the SU to change operational modes of the safety channel without the channel being in-bypass or in trip. The licensee recognized this issue, and as described in Section 3.2 of this SE, plant procedures and administrative controls will restrict using the parameter change enable keyswitch to change from the standard operational mode without placing the affected division into bypass or trip.
Need to indicate that this is permissible for testing as described in the revised Response to RAI 80 and RAI EICB 106 provided inSupplement 18 (Ref. 19 of SE).
Also, it would be better to state the channel (Oconee does not use the term "division") is inoperable for parameter changes and bypassed for software updates 158 64 3.1.1.6.1.17 4 7 The draft SER states that "itshould be noted that this is not a generic approval, To avoid confusion as to the meaning of this limitation, and different nuclear power plants and different applications have different it would be better to link it to TXS Topical Report plant-environmental requirements. Future use of the AREVA TXS platform, the specific action item 1.
qualification of the platform must be compared to the application requirements to ensure the platform qualifications envelop the requirements."
The meaning of this statement is confusing.
159 65 3.1.1.6.2 7 1 Phrase "the ATWS" is being used to describe "the ATWS mitigation systems" Insert "mitigation systems" after ATWS. Note this Note that the phrase ATWS mitigation systems is used in Section 3.9.1 phrase also occurs on page 48 line 11, page 57 line 5, page 243 paragraph 1 line 2.
160 65 3.1.1.6.1.19 4 1 The draft SER states that "...AREVA document number 32-9009296-004., AREVA NP document 32-9009296-005 was submitted inLAR Supplement 15 and should be referenced instead of version 004.
161 66 3.1.1.6.2 1 The draft SER states that "... DHPIAS described in Section 3.9.2 of this SE." The correct reference is Section 3.9.3.
162 66 .3.1.1.6.2 2 Phrase "the ATWS" is being used to describe "the ATWS mitigation systems" Insert "mitigation systems" after ATWS Note that the phrase ATWS mitigation systems is used in Section 3.9.1 163 66 3.11.6.3 2 7 The draft SER states that "since the digital RPS/ESPS TXS system does not use The discussion of 'priority modules' should be removed multidivisional control and display stations, the points in this NRC staff position and replaced with 'multidivisional control and display relating to the implementation of priority modules are not applicable, and no stations.'
further discussion is required.
20
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 164 67 3.1.1.7 1 3 The draft SER references BTP HICB-14. The correct reference is BTP 7-14.
165 67 3.1.1.7 6 5 The references to 10 CFR 50.34(f) are not correct to Oconee, since these The applicable NUREG-0737 TMI action item is the regulations are not applicable based on the operating license date. appropriate reference for Oconee.
166 68 3.1.1.7 8 3 The references to 10 CFR 50.34(f) are not correct to Oconee, since these The applicable NUREG-0737 TMI action item is the regulations are not applicable based on the operating license date. appropriate reference for Oconee.
167 70 3.1.1.7 9 3 In Item 15, they mention the "licensee's Energy RPS and ESFAS Replacement Correct information.
Project Specifications". I think they started to say "Duke Energy's" and then changed this to "licensee's" and that the word "Energy" needs to be deleted.
168 71 3.1.1.7-16 2 3 The draft SER states "...described in Section 3.2.3 of this Enclosure." This is Change "this Enclosure" to "Enclosure 1 to the LAR" confusing, need to clarify you are referencing Enclosure 1 to the LAR.
169 71 3.2.0.1 8 3 The draft SER states "... function block diagrams (FBDs) which are entered into Change "function block diagrams (FBDs)" to "function a software tool called the specification and coding environment (SPACE). blocks (FBs)" and change "FBDs" to "Function Application developers follow procedures that direct the use of approved and Diagrams (FDs)"
validated library components to build FBDs. When completed and verified by an independent V&V engineer, the approved FBDs are This statement needs clarification, terminology needs to change.
170 72 3.2.0.1 3 2 Need to clarify that ER-Bus is only used for FAT testing or troubleshooting Revise sentence to clarify. Add "for FAT or troubleshooting" at the end of the 1st sentence.
171 72 3.2.0.1 3 2 The draft SER uses the acronym ER-Bus. It should be replaced with ERBUS.
172 82 3.2.0.2.3 4 6 The draft SER states "... Each FB module corresponds to a FB on the FBD." Revise to state "...Each FB module corresponds to a FB on the FD."
173 83. 3.2.0.2.3 5 1 Figure 3-1 is not labeled. Correct 174 91 3.2.1.1 5 The draft SER lists AREVA 01-1457-06. 01-1457-08 was submitted in LAR 17 at NRC's request.
It should be referenced.
175 91 3.2.1.1 1 2 The draft SER lists 51-9006444-005. 51-9006444-009 was submitted in LAR 17 at NRC's request. Itshould be referenced.
176 92 3.2.1.1 3 1 Change IV&V approval to independent review and approval of the FAT Revise 177 93 3.2.1.1 1 10 The draft SER states "...The NRC trip report for this audit was reviewed by the The reference is incorrect. Change to Reference 60.
NRC staff (Reference 90)." The Ref. 60 listing in Section 5.0 needs to be revised to I_ I I I I reflect the NUPIC audit performed in Germany 21
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 178 93 3.2.1.1 3 7 The draft SER states that "because the ONS and AREVA NP Inc. software Revise to indicate the AREVA Ols are generic and are management plan documents are project specific, they are not suitable for reuse suitable for other applications unless significant with future projects." The AREVA NP Operating Instructions and Records changes are made that reduce the level of commitment Management Manual reviewed by NRC are generic documents that are used for to implementation of industry standards.
all TXS projects. As such, the SER should not limit their use unless significant changes are made that reduce the level of commitment to implementation of industry standards.
179 94 3.2.1.2 4 1 The draft SER lists AREVA 01-1457-06. 01-1457-08 was submitted inLAR 17 at Revise NRC's request. It should be referenced.
180 94 3.2.1.2 8 1 The draft SER states "... Open Items Process (Reference 83)." Revise to state Revise
"...Open Items Process in01-1577-03 (Reference 83).
181 94 3.2.1.2 8 2 The draft SER states "...This instruction establishes a process for documenting Revise potential discrepancies, improvements, or anomalies that deviate from the required status or condition. discovered during the phases of the software Note: 01-1611-01 was submitted in LAR Supplement development process." 10 at the request of NRC so Reference 11 can be used.
Add the following sentence after this one: "Changes to project hardware, software, and test design documentation that may be required as a result of an Open Item issue, are processed inaccordance with Operating Instruction 01-1611-01 (new reference)."
182 94 3.2.1.2 8 1 The draft SER states "... Deviations from the established SDP are identified and Insert "the corrective action program or" as indicated.
remediated through the use of the Open Items Process Revise to state "... Deviations from the established SDP are identified and remediated through the corrective action program or use of the Open Items Process..."
183 95 3.2.1.2 2 2. The draft SER states "... The Software Life Cycle Model (SLCM) for the digital Remove reference to SPM and discuss individually as RPS/ESPS system is defined in the Software Program Manual documents." Based NRC required Duke to discuss on the NRC acceptance review issues, Duke was not allowed to reference the TELEPERM XS Software Program Manual. Itshould not be mentioned.
184 95 3.2.1.2 4 8 The draft SER states that "because the components of the AREVA NP Inc., Revise statement to indicate that AREVA Ols and software development plan are project specific, they are not suitable for reuse Records Management Manual are generic and are with future projects." The AREVA NP Operating Instructions and Records suitable for other applications unless significant Management Manual reviewed by NRC are generic documents that are used for changes are made that reduce the level of commitment all TXS projects. As such, the SER should not limit their use unless significant to implementation of industry standards.
changes are made that reduce the level of commitment to implementation of 22
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution industry standards.
185 96 3.2.1.3 5 1 The draft SER states "...SQAP (01-1457), provides..." Revise to state "...SQAP described in01-1457 (Reference 80), provides.
Need to add reference number.
186 97 3.2.1.3 4 4 The draft SER states that "because the AREVA NP Inc., software QAP is project Revise statement to indicate that AREVA Ols and specific, it is not suitable for reference infuture safety-related applications of the Records Management Manual are generic and are TXS platform. For future systems the determination of suitability of the software suitable for other applications unless significant QA planning will need to be revisited." The AREVA NP Operating Instructions changes are made that reduce the level of commitment and Records Management Manual reviewed by NRC are generic documents that to implementation of industry standards.
are used for all TXS projects. As such, the SER should not limit their use unless significant changes are made that reduce the level of commitment to implementation of industry standards.
187 97 3.2.1.4 5 1 The (SintP) acronym introduced inthis section is not in the acronym list Place (SintP) inthe acronym list at end of the SER 188 98 3.2.1.4 2 14 The bullet list of test specifications lists 6 documents. The following documents Add documents need to be added to the list:
- 62-9014399-000, Cyber Security Factory Acceptance Test Specification
" 62-9081518-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Normal Startup and Shutdown Factory Acceptance Test Specification 189 99 3.2.1.4 1 The draft SER states "... Enclosure 2 of Supplement 7 to the LAR (Reference 97) Revise and delete Reference 97 from Section 5.0
..."The correct reference is 8. Reference 97 appears to be a separate listing for Reference list.
Enclosure 2 of Supplement 7; however the ML# is the same.
190 99 3.2.1.4 3 3 The draft SER states "... SIVAT was not considered to be a qualified tool for Revise to state "... SIVAT was not considered to be an integrated system validation purposes ... approved tool for integrated system validation purposes SIVAT is a qualified tool, just not approved by the NRC.
191 100 3.2.1.5 2 1 The title for this section, Software Installation Plan, needs to have the acronym Include the acronym (SInstP) in section title (SInstP) after it inorder to introduce the acronym and be consistent with other section titles.
192 100 3.2.1.6 6 1 The title for this section, Software Maintenance Plan, needs to have the acronym Include the acronym (SMaintP) insection title (SMaintP) after it in order to introduce the acronym and be consistent with other section titles.
193 101 3.2.1.6 1 2 The 1st sentence on page 101 refers to Section B.3.1.6, Software Maintenance Correct either the wording or the acronym Plan [SMP]. The acronym (SMP) is Software Management Plan so either the 23
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution wrong wording or the wrong acronym is used here.
194 101 3.2.1.7 3 9 This paragraph refers to the MSFIS system. This is not correct and appears to be Correct as appropriate. Change to "digital RPS/ESPS a carryover from the Wolf Creek SER. The reviewer intended to refer to the RPS/ESPS.
195 103 3.2.1.9 1 First bullet reads "Software and Integration" Revise first bullet to read "Software and Hardware Integration" 196 103 3.2.1.9 3 7 The draft SER states that "because the evaluated software safety plan is specific Revise statement to indicate that AREVA Ols and to the digital RPS/ESPS design, this safety determination is not suitable for Records Management Manual are generic and are reference when using the TXS platform for other safety-related systems in suitable for other applications unless significant nuclear power plants. For future systems the determination of suitability of the changes are made that reduce the level of commitment software safety planning will need to be revisited." The AREVA NP Operating to implementation of industry standards.
Instructions and Records Management Manual reviewed by NRC are generic documents that are used for all TXS projects. As such, the SER should not limit their use unless significant changes are made that reduce the level of commitment to implementation of industry standards.
197 104 3.2.1.10 1 1 The draft SER states "... Oconee Nuclear Station 1 RPS/ESFAS Controls Revise to state "... Oconee Nuclear Station 1 and 3 Upgrade Software Verification and Validation Plan," (Reference 98)." Duke RPS/ESFAS Controls Upgrade Software Verification submitted Unit 1 and Unit 3 SWPs need to credit both. and Validation Plans," (References 88 and 98)."
198 104 3.2.1.10 2 3 The draft SER states "... The Areva NP Inc., IW group is a matrixed Revise.
organization which was composed of personnel on assignment from other organizational units, however the required degree of independence as defined in the SVVP was maintained and all IVV personnel were qualified to perform the assigned activities."
Change the bolded text as follows: an independent organization which uses support personnel matrixed 199 104 3.2.1.10 3 1 The draft SER states "... NRC staff conducted a detailed evaluation of the SVV Revise to state "... NRC staff conducted a detailed (Reference 88) by comparing it ..." NRC actually evaluated the Unit 1 and 3 evaluation of 01-1459-08 (Reference 84), 01-1639-00 SVVPs. (new reference), and the Unit 1 and 3 SVVPs (References 88 and 98) by comparing them ..."
200 106 3.2.1.10 2 4 The draft SER states that "because the evaluated V&V plans are specific to the Revise statement to indicate that AREVA Ols and digital RPS/ESPS design, this safety determination is not suitable for reference Records Management Manual are generic and are when using the TXS platform for other safety-related systems innuclear power suitable for other applications unless significant plants. For future systems the determination of suitability of the SVVP will need changes are made that reduce the level of commitment to be revisited." The AREVA NP Operating Instructions and Records to implementation of industry standards.
Management Manual reviewed by NRC are generic documents that are used for 24
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution all TXS projects. As such, the SER should not limit their use unless significant changes are made that reduce the level of commitment to implementation of industry standards.
201 106 3.2.1.11 4 n/a The draft SER states that "... The digital RPS/ESPS software configuration Insert "(Reference 89) and" as indicated by the bolded management activities are controlled by the ONS, Units 1, 2, and 3 RPS/ESFAS text in the comment column.
Controls Upgrade SCMP AREVA 01-1460-10, (Reference 82)." Revise to state
"...The digital RPS/ESPS software configuration management activities are controlled by the ONS, Units 1, 2, and 3 RPS/ESFAS Controls Upgrade SCMP (Reference 89) and AREVA 01-1460-10, (Reference 82)."
202 107 3.2.1.11 1 8 The draft SER states "...The software library procedures that direct these Insert "01-1583-03" as indicated by the bolded text in activities were also reviewed ..."Revise to state ..."The software library the comment column.
procedure 01-1583.03 that directs these activities was also reviewed..."
01-1583-03, Software Library and Control, was submitted in LAR Supplement 10 at NRC's request.
203 107 3.2.1.11 1 2 The draft SER states "...various versions of the software ina locked room, ..." The Revise to state "... various versions of the software in a software is locked in a safe. locked safe ...."
204 107 3.2.1.11 1 3 The draft SER states "...checking in all modified and tested software..." Revise Insert "new or" as indicated by the bolded text inthe to state "... checking in all new or modified and tested software ...' comment column.
205 108 3.2.1.11 1 9 The draft SER states that "because the evaluated software configuration Revise statement to indicate that AREVA Ols and management plan is specific to the digital RPS/ESPS design, this safety Records Management Manual are generic and are determination is not suitable for reference when using the TXS platform for other suitable for other applications unless significant safety-related systems innuclear power plants. For future systems the changes are made that reduce the level of commitment determination of suitability of the software CMP will need to be revisited." The to implementation of industry standards.
AREVA NP Operating Instructions and Records Management Manual reviewed by NRC are generic documents that are used for all TXS projects. As such, the SER should not limit their use unless significant changes are made that reduce the level of commitment to implementation of industry standards.
206 108 3.2.1.11 1 7 The draft SER states "...Additionally, Areva NP Inc. has since adopted the Added the bolded text to the end of the sentence as practice of using configuration control boards inaccordance with IEEE Std. 828- indicated by the bolded text inthe comment column.
1990 and IEEE Std. 1042-1987." Revise to state ..."Additionally, AREVA NP Inc. Also change AREVA to all caps.
has since adopted the practice of using configuration control boards in accordance with IEEE Std. 828-1990 and IEEE Std. 1042-1987 as part of the results from recommendations for process improvement from IW organization (see Section 3.2.2.2.1)."
25
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 207 117 3.2.2.4 2 3 List of test procedures is incomplete. The following test procedures should be Add test procedures added:
- 63-9018592-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Startup /Shutdown Acceptance Test Procedure (LAR Supplement 7)
- 63-9076528-000, Cyber Security Factory Acceptance Test Procedure (LAR Supplement 7)
- 63-9080101-001, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade FAT Procedure for Diverse High Pressure Injection Actuation System (Reference 153)
- 63-9013142-001, FAT Procedure for Diverse Low Pressure Injection Actuation System (Reference 151) 208 117 3.2.2.4 2 3 The references on the list of test specifications are incorrect. Reference 112 should be replaced with Reference 93.
Reference 118 should be replaced with Reference 96.
Reference 120 should be replaced with Reference 92.
209 117 3.2.2.4 2 3 List of test specifications is incomplete. The following test specifications should Add test specifications be added:
- 62-9014399-000, Cyber Security Factory Acceptance Test Specification (LAR Supplement 7)
- 62-9081518-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Normal Startup and Shutdown Factory Acceptance Test Specification (LAR Supplement 7) 210 117 3.2.2.4 2 3 FAT Test Table is not complete. For completeness a new column with the test Add new column and list the test summary report summary reports from LAR Supplement 12 should be added: associated with each FAT.
- 66-9097714-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade DLPIAS FAT Summary Test Report (Reference 152)
- 66-9098737-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade DHPIAS FAT Summary Test Report (Reference 154)
- 66-9098774-002, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Nuclear Instrumentation (NI) FAT Summary Test Report
- 66-9097605-001, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Cyber Security FAT Summary Test Report
- 66-9098849-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls 26
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution Upgrade RPS SW Functional FAT Summary Test Report
- 66-9100133-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Graphic Service Monitor (GSM) FAT Summary Test Report
- 66-9100137-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade RPS/ESFAS HW Failure FAT Summary Test Report
- 66-9099526-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade TXS Gateway to OAC FAT Summary Test Report
" 66-9100136-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade ESFAS SW Functional FAT Summary Test Report
- 66-9100138-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Supplemental ESFAS HW Failure FAT Summary Test Report
- 66-9099856-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Start Up/Shut Down FAT Summary Test Report
- 66-9100134-001, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Small Break LOCA FAT Summary Test Report
- 66-9100135-001, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade One Pump Coastdown FAT Summary Test Report
- 66-9100140-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade RPS Response Time FAT Summary Test Report
" 66-9100139-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade ESFAS Response Time FAT Summary Test Report
- 66-9103504-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Factory Acceptance Testing (FAT) Summary Report (Reference 133) 211 118 3.2.2.4 1 1 The first sentence needs to be written, it doesn't make any sense: Try - The NRC observed FAT procedures and tests during the audit (Reference 30) to verify that system The NRC staff concluded during the audit (Reference 30) that the FAT procedures requirements have been appropriately incorporated into and tests observed test the digital RPS/ESFAS to verify that system requirements the system have been appropriately incorporated into the system.
212 118 3.2.2.4 1 7 The draft SER states that "Testing activities were observed to be consistent with Revise to state "Testing activities were observed to be the requirements of the SRS and the System Design description (SDD)." consistent with the requirements of the SRS and the Software Design description (SDD)." -
213 118 3.2.2.5 4 1 The 1st sentence of the 2nd paragraph states that a requirements tracing tool called Remove reference to Requisite Pro. Duke is no longer Rational Requisite Pro was used for managing the system software requirements using this tool. Just say a requirements tracing tool was through the software lifecycle phases. This tool is no longer used for preparation of used.
the RTM for a variety of reasons and this sentence should be removed.
214 119 3.2.2.6 5 3 The draft SER states that"... 3.2.2.6 Software and Data Quality Assurance Change Ref. 77 to Ref. 142, not Ref. 77. Also, revise to 27
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution Document (SDQAD)" and then uses the SDQAD acronym several times inthe use the SDQA acronym in all places to be consistent section. Ref. 77 is the SDQA program, Ref. 142 is the resulting SDQA with the rest of the document.
document. SDQAD is not a common acronym and should be changed to SDQA document throughout.
215 120 3.2.2.7 5 6 The last sentence of this paragraph refers to an independent FMEA performed Change "independent FMEA" to "a summary of the by the licensee. This was actually a summary of the FMEA performed by FMEA" AREVA 216 121. 3.2.3.1 3 8 The draft SER states that "...The GSM is used for maintenance activities while Revise to state "The GSM is used for monitoring and the digital RPS/ESPS is bypassed." The GSM is also used for monitoring maintenance activities, as described inSections activities 3.1.1.4.7 and 3.1.1.5.2.2."
217 121 3.2.3.1 4 8 The SER states "... the RPS functions, the TSPS functions, the MSI functions, (1) Revise to "... the RPS functions, the ESPS and the TXS Gateway computer." functions, the MSI functions, and the transfer of TSPS should be replaced with ESPS. (2) When discussing the TXS Gateway information from the MSI to the TXS Gateway computer, we need to specify that the SRS provides the requirements for the computer".
transfer of computer point information to the TXS Gateway as there are other non-safety SRSs for software resident on the TXS Gateway computer for Gateway specific applications (i.e. there is a GHA SRS for the GHA application and a GWOPC SRS for the TXS Gateway /OPC interface used by the OAC to poll for computer point information.
218 122 3.2.3.1 1 4 The draft SER states that "...extracted from the RPS and ESFAS Equipment Revise Specifications (Reference 53 and Reference 52), the System Functional Description (Reference 123) the Ancillary Design Inputs document, the Key switch Specification (Reference 56), and industry IEEE Std. 830-1993." Add "and IEEE Stds 603-1998 and 7-4.3.2-2003" to the end of this sentence. Delete IEEE Std 830, since it only provides guidance on writing SRSs.
219 122 3.2.3.1 1 4 The draft SER states that "...extracted from the RPS and ESFAS Equipment Revise Specifications (Reference 53 and Reference 52), the System Functional Description (Reference 123) the Ancillary Design Inputs document, the Key switch Specification (Reference 56), and industry IEEE Std. 830-1993." Add "and IEEE Std 7-4.3.2-2003" to the end of this sentence. IEEE Std 830 only provides guidance on writing SRSs.
220 122 3.2.3.1 2 7 The draft SER states that "...The digital RPS/ESPS SRS conforms to the guidance Delete second bullet.
of IEEE 830-1993 "IEEE Recomrmended Practice for Software Requirements Specifications," as amended by RG 1.172 with the exception of the following: ...
. This SRS organized the requirements primarily by function This is not accurate. IEEE Std 830-1993 Section 5.3.7, Organizing the specific 28
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution requirements, states that "There is no one optimal organization for all systems."
221 123 3.2.3.2 1 2 The draft SER states that "...Guidance for development of this architecture is Revise to state "...Requirements for the development of provided inthe "Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade the application software come from the RPS and ESFAS Software Generation and Download" procedure (Reference 75)." Equipment Specifications (Reference 53 and Reference 52), the System Functional Description (Reference 123)."
222 124 3.2.3.4 All This section uses the acronym FBD. The correct acronym for Function Diagrams is FD.
223 125 3.2.3.5 All This section uses the acronyms FBG and FBD and the term Function Block The correct acronyms are FD and FDG and the Diagram. terminology is Function Diagram, and Function Diagram Group.
224 125 3.2.3.5 2 2 The SER states "... the Software Configuration Items through the end of the Revise to state "... the Software Configuration Items Detailed Design Phase." The Software Configuration Items List is maintained through the basic design, detailed design, testing, through the basic design, detailed design, testing, commissioning and final commissioning and final documentation phases of documentation phases of the project as identified in Software Configuration the project as identified in Software Configuration Management Plan (reference 89) and Project Phases (reference 79). Management Plan (reference 89) and Project Phases (reference 79)."
225 125 3.2.3.5 4 3 The draft SER states ."...with the Software Library and Control Instructions 01-1583-03, Software Library and Control, was (Reference) ..." Add missing reference number. submitted in LAR Supplement 10 (Ref. 11).
226 126 3.2.3.6 5 4 The draft SER states that "... summary of the results of this evaluation was Correct provided inthe Final V&V Summary Report (Reference 729). The correct reference is 51-9113322-000, Oconee Nuclear Station Unit 1 RPS/ESFAS Controls Upgrade Software V&V Final Report, which was submitted in LAR Supplement 17.
227 126 3.2.3.6 4 2 The SER states "the Software Configuration Items through the end of the Revise to state "... the Software Configuration Items Detailed Design Phase." through the basic design, detailed design, testing, commissioning and final documentation phases of The Software Configuration Items List is maintained through the basic design, the project as identified in Software Configuration detailed design, testing, commissioning and final documentation phases of the Management Plan (reference 89) and Project project as identified in Software Configuration Management Plan (reference 89) Phases (reference 79)."
and Project Phases (reference 79).
228 128 3.3.1 3 The draft SER states that "..,EPRI Topical Report (TR) -102323, Revision 2..." Change to Revision 1.
Regulatory Guide 1.180 endorses EPRI TR -102323, Revision 1.
229 128 3.3.1 2 3 The draft SER states that "...Section 3.1 of this SE and listed inAttachment Aof Change to Attachment 1 the licensee-approved..." This should be Attachment 1 of the EQ report.
230 129 3.3.1 3 6 The draft SER states that "...AREVA documents 66-5065212-03..." AREVA NP document 66-5065212-04 was submitted in 29
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution LAR Supplement 18 and should be referenced instead of version 03.
231 129 3.3.1 3 9 The draft SER states that "...the licensee's review and approval of these Change to Reference 17.
documents (Reference 130) ..." Ref. 130 is incorrect. This documentation was provided in Enclosure 3 (Items 6 &7) to Supp 16 (Reference 17).
232 129 3.3.1 4 5 The draft SER states that "...and provided the licensee Seismic Requirements in Revise to state "... and provided the licensee Seismic Attachment G." Seismic requirements were provided in Attachment F and G Requirements inAttachments F and G, respectively respectively of the replacement specifications. in the two above listed specifications."
233 130 3.3.1 2 1 The draft SER states that "...Additionally, the SE stated in Section 2.1.2.1 that No change need.
the plant-specific application should identify inthe plant operating procedures monitoring internal cabinet temperature to ensure that the internal cabinet temperature will be always under the environmental qualification envelope, and develops plant-specific procedures to respond to TXS cabinet/subrack high temperature alarms."
Clarification is provided for information (no change is needed):
Section 3.3.1.1 of the SER notes acceptance of qualification that shows the cabinets bound control room temperature limits. The cabinet hi temp alarm will trip an RPS channel. The shutdown protects the system from exceeding the EQ temp limit. This is from the FMEA and is consistent with the description of the temp monitoring function inthe SBG3 Manual. A high temperature alarm will initiate a "CABINET FAULT" condition which will also turn "ON" the cabinet fault light at the top front and rear of the cabinet. The temperature alarm alerts the operator to high temperature inthe SBG3 power supplies and de-energizes all digital and analog outputs from the affected cabinets.
Duke operator response will be to enter a TS action statement and investigate the temp problem.
234 131 .3.3.1 01 02 The draft SER states that "...The environmental qualification tests on the TXS test Revise to state "...The environmental qualification tests specimen were performed to qualify to the requirements in EPRI TR-107330 on the TXS test specimen were performed to extreme under the normal (1240 F and 90 percent relative humidity) and extreme (1400 F and 90% relative humidity) operating (1400 F and 90% relative humidity) operating conditions that the TXS system conditions to which the TXS system would be would be exposed in a nuclear power plant in the U.S. while performing its exposed in a nuclear power plant inthe U.S. while safety function." Need to clarify what was actually performed. AREVA performing its safety function This exceeds the performed to extreme operating conditions. requirements in EPRI TR-107330 (1200 F and 90 30
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution percent relative humidity)."
235 131 3.3.1 4 4 The draft SER states that "...the qualification of the TXS system for use at ONS, Revise to state "...the qualification of the TXS system Unit 1." The report is generic to all three units. AREVA Doc. No. 66-5065212-04, for use at ONS."
which was submitted in LAR Supplement 18, had the words Unit 1 removed from the title, since the report is generic to all three Oconee units.
236 132 3.3.1 4 The draft SER states that "...(3) The ONS-specific tests performed in the U.S. to Revise as recommended.
ONS requirements for ONS-specific equipment and reported in the ONS, Unit 1, RPS/ESPS Replacement Project Equipment Qualification Report (Reference 59)."
AREVA Doc. No. 66-5065212-04, was submitted in LAR Supplement 18, and is generic to all three Oconee units. Remove Unit 1 from title and use Reference 19 or replace Reference 59 in Section 5.0 with the latest EQ report that was submitted.
237 132 3.3.1 1 5 The draft SER states that "...Attachment 1 of the report includes a test specimen Revise to state there was a test specimen list of 197 list of 185 components including interface components and power supply components components." The latest version of EQ report submitted in supp 18 lists 197.
238 133 3.3.1.1 2 2 The draft SER states that "...Qualification testing performed determined the Revise to indicate Qualification testing was ability of the TXS system to perform safety-related functions before, during, performed at 140OF and 90% relative humidity to and after normal (124 0F temperature and 90% relative humidity (RH) and demonstrate the ability of the TXS system to extreme 1400F1/95% RH environmental exposures." perform safety-related functions before, during, and after extreme environmental exposures."
The origin of the normal 124 0 F temperature and 90% relative humidity stated in the first sentence of this paragraph is unknown. EPRI TR-107330 normal temperature and relative humidity are 104 0 F and 95% RH, respectively. The Oconee specified normal operating temperature is 740F and humidity range is 30
- 80% RH. The qualification testing temperature and humidity levels were 140OF and 90% RH.
239 133 3.3.1.1 2 10 The draft SER states that "...and referenced AREVA documents (66-5065211- Revise to state ".51-9025423-000 01, 51-9025423-00, 51-5052273, and 51-9005453 004) ..."
240 134 3.3.1.3 2 1 The draft SER states that "...As described above, three test specimens were Revise to state "...As described above, three test tested in Germany, including the seismic testing." Two of the test specimens specimens were tested (one in Germany and two in were tested inthe United States the United States), including the seismic testing.
241 134 3.3.1.3 3 4 The draft SER states that "...The tests were conducted in accordance with IEEE Revise to state "...The tests were conducted in 344-1987 and AREVA document 51-1018204-00, referenced in RPSIESPS accordance with IEEE 344-1987. AREVA document Replacement Project Equipment Qualification Report (Reference 59) and 51-1018204-00, referenced in RPS/ESPS audited by the NRC staff at the AREVA Rockville, Maryland, facility during a Replacement Project Equipment Qualification 31
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution July 2009, audit." Report (Reference 59) was audited by the NRC stiff at the AREVA Rockville, Maryland, facility during a The statement "The tests were conducted in accordance with IEEE 344-1987 July 2009 audit. Testing of the modules and other and AREVA document 51-1018204-00" is not incorrect but can be misleading, components is addressed in AREVA document 66-since 51-1018204-00 reports only the seismic testing of the cabinets and not of 5065212-004 (Reference 59).
the other TXS modules and other components inside the cabinets. Testing of the modules and other components is addressed in numerous other reports referenced insection 7.0 of 66-5065212-004, specifically references /10/,/11/,
/12/, /16/,/17/,/19/, /201, 1221/, 34/, and /40/.
242 134 3.3.1.3 5 1 The draft SER states that "...Prior to the seismic test, the digital RPS/ESPS Revise to state "...The TXS cabinets were tested cabinet, as a test specimen, was mounted to test fixtures to simulate the actual separately with typical components mounted inside to in-service configurations." provide loading but not powered. Seismic qualification of the TXS components consisted of shaking them on rigid open stainless steel test fixtures. This testing is reported inAREVA document 66-5065212-004."
243 136 3.3.1.4.1 The draft SER states: Revise to state:
CE101 Test Type Range 30 Hz to 50 kHz CE101 Test Type Range 30 Hz to 10 kHz CEI02 Test Type Range 50 kHz to 400 MHz CE102 Test Type Range 10 kHz to 2 MHz The test type range needs to be corrected.
244 136 3.3.1.4.2 The draft SER states: Revise to state:
CS114 Test Type Range 50 kHz to 400 MHz CS1 14 Test Type Range 10 kHz to 30 MHz RS1 03 Test Type Range 10 MHz to 10 GHz RS103 Test Type Range 30 MHz to 10 GHz The following line items should be added with the The test type range needs to be corrected, footnote.
CS115*; Conducted susceptibility, bulk cable injection; impulse excitation; Pass CS1 16*; Conducted susceptibility, damped sinusoidal transients; 10 kHz to 100 MHz; Pass
- Not performed for equipment tested prior to issuance of RG 1.180, Rev. 1 245 137 3.3.1.4.3 The draft SER states: The table should be replaced with the following line items IEC 61000-4-4; Electrical fast transient/burst immunity; +/-3 kV; Pass and the footnote.
IEC 61000-4-5; Surge immunity combination wave; +/-3kV; Pass IEC 61000-4-4**; Electrical fast transient/burst immunity; 3 kV; Pass Revise as indicated in the Recommended Resolution column. IEC 61000-4-5**; Surge immunity combination wave;
_ _3kV; Pass 32
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution IEC 61000-4-12**; Ring wave immunity; 3kV; Pass
IEC 61000-4-2***; Direct discharge; 8 kV; Pass Revise as indicated in the Recommended Resolution column. IEC 61000-4-2***; Air discharge; 15 kV; Pass Testing limited to closed cabinets 247 138 3.4 1 1 The description of requirements from 10 CFR 50.55a(h) is not consistent with the The description of requirements from 10 CFR 50.55a(h) regulation for a plant based on the Oconee license dates. should be based on the Oconee license dates, as noted inparagraph (2) of the regulation.
248 138 3.3.1.5 3 9 The table listing tested isolation devices contains only those that were tested in The list inthe table is not a complete list. Consider 2002, and one of those shown did not pass testing. Subsequent to 2002, deleting the table or indicate this.
numerous other isolation devices have been tested and successfully passed, as reported inrevision 04 of the ONS RPS/ESPS Replacement Project Equipment Qualification Report 66-5065212-04.
249 140 3.4.1.1 1 1 The first sentence that evaluates compliance with each of these clauses should be Revise as recommended.
worded the same. For consistency say: "The requirements of IEEE Std. 603-1998, Clause x, Item (x) are the same as in IEEE Std. 603-1991...
250 142 3.4.1.5 1 3 The draft SER states that "... are evaluated inSections 3.5.3.2 and 3.5.4.2 of this Revise as recommended SE." The section references should be 3.4.3.2 and 3.4.4.2.
251 142 3.4.1.6 2 3 The draft SER states: "These new sensors are intended to provide additional Revise to indicate: "The use of these sensors inthe margin in the Chapter 15 safety analysis and will be addressed ina separate Chapter 15 safety analyses is not addressed in this LAR". Change this sentence to indicate that this will not be addressed inthis SER."
SER. Duke will determine whether a LAR is needed to credit these sensors. No need to imply this is a requirement here.
252 144 3.4.1.12 6 2 This description needs to be consistent with Section 3.1.1.4.8.2. D3 does not Insert "(refer to section 3.1.1.4.8.2) at end of first require the protective action of DHPIAS as implied by this paragraph sentence. Other option is to repeat portions of this section.
253 144 3.4.1.12 6 3 "The D3 assessment also credits a previously approved manual operator action to Delete the word "also" trip the reactor". The word also makes the appearance that the D3 work credits diverse LPI &HPI. This is true for diverse LPI but not true for diverse HPI.
254 145 3.4.2 2 3 The draft SER states that "... acceptability of both of this aspect was confirmed Revise as recommended through factory acceptance testing (Reference 101 and Reference 133)." Revise to state "... acceptability of both of these aspects was confirmed through factory 33
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution acceptance testing, as described inSection 3.2.2.4.
255 146 3.4.2.2.1 3 3 The draft SER states that "...a digital output is generated and the four associated Revise to state "...digital outputs are generated and the trip relays are de-energized (one ineach channel)." More than one output is four associated trip relays are de-energized (one ineach generated. See LAR Figure 2.2-1 channel)."
256 147 3.4.2.2.2.1 4 1 The draft SER states that "...Actuation of the ESPS Emergency Override switch Replace switch with pushbutton.
will de-energize the automatic outputs to all ESPS actuated field devices." A pushbutton is used rather than a switch.
257 147 3.4.2.2.2.1 6 3 The draft SER states that "... Override pushbuttons are equipped with flip covers to Delete the word "flip." No need to be specific regarding prevent inadvertent operation." Sliding covers are used instead of flip covers, the type of cover.
258 150 3.4.2.3.2 2 2 The draft SER states that "... Two different groups within the AREVA NP perform: Revise (1) the TXS platform development - AREVA NP GmbH, and (2) application-software development - AREVA NP." Add "Inc." to the end of this sentence.
259 151 3.4.2.5 3 1 The 1st sentence of the 3rd paragraph needs "confirmed" added after review to Add "confirmed" after the word review read, "The NRC staff review confirmed that the...".
260 151 3.4.2.5 3 4 The 2nd sentence of the 3rd paragraph reads: "Further, the NRC staff review of the Revise sentence per comment.
self diagnostic features and tests performed by the TXS platform will, for failures detected by self-diagnostics, place a digital RPS/ESPS into a safe state and annunciate that failure to the operators." Need to replace "performed by" with "confirmed that" to make it read correctly.
261 151 3.4.2.5 4 1 This paragraph makes conclusions for Clause 5.4 inthe section for Clause 5.5. By Delete Paragraph doing this, it seems that Clause 5.5 is acceptable because Clause 5.4 was acceptable, and Clause 5.4 is acceptable because 5.5 was acceptable. That is, a circular logic has been created.
262 152 3.4.2.6.1 2 3 The draft SER states that "... Voltage signals from the SAA1 modules are supplied Revise to state "...The SAA1 module supplies one to two separate circuits. One circuit is the TXS Analog Input Modules. The second voltage output to the S466 and one current output for the circuit is the SNV1 (a TXS Isolator and multiplier) module." SNV1. One circuit is the TXS Analog Input Modules (S466). The second circuit is the SNV1 (a TXS Isolator The SNV1 has the ability to receive a voltage input, but it isn't used inthat and multiplier) module."
configuration within the Oconee design. Need to revise these 3 sentences.
263 153 3.4.2.6.1 0 4 The draft SER states that "... binary signal (-0 VDC or ~24 VDC) by an Revise to state "...binary signal (-0 VDC or -24 VDC) by Optocoupler for the input to the digital ... an Optocoupler or relay for the input to the digital..."
A relay is also used. Revise this sentence to state this.
264 154 3.4.2.6.3.1 The acronyms ESPS1 and ESPS2 are not defined inthe acronym list Add to acronym list as ESPS1 = ESPS Set 1 (or I subsystem 1), ESPS2 = ESPS Set 2 (or subsystem 2) 34
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 265 155 3.4.2.6.3.1 The acronym (RPS E) is not defined inthe acronym list Add to acronym list as RPS E = RPS Channel E 266 156 3.4.2.6.3.2 3 5 The draft SER states that "...Two ESPS cabinets will be provided for ESPS Odd Revise to state "...Two single bay ESPS Cabinets will be and Even Component Status." Clarify that two single bay cabinets will be provided, provided for ESPS Odd and Even Component Status."
267 156 3.4.2.6.3.2 3 5 The draft SER states that "...All of the RPS/ESPS cabinets (either single or dual Revise bay) are to be located within the control room. These are steel cabinets mounted on a cabinet mounting frame, which is mounted on the floor, and have no hardwired interconnections except for sharing of similar signals through fiber optic cables. (The exception being the hard wired signals between cabinets Al and A2, B1 and B2, C1 and C2 of the ESPS subsystems.)"
Add "the Reactor Trip Relay Logic wiring" to the end of the parenthetical phrase.
268 158 3.4.2.7 The draft SER states that "...are evaluated inSection 3.5.5.7 of this SE." The correct section reference is 3.5.2.7.
269 160 3.4.2.8 2 1 Clause 5.8 does not refer to 10 CFR 50.34(f). What is the purpose of this The applicable NUREG-0737 TMI action item is the reference? This CFR is not applicable to Oconee as its application was not appropriate reference for Oconee.
pending as of 2/16/82.
Recommend deleting this sentence 270 162 3.4.2.8.1.1 1 The draft SER states that "..-The RPS Channel E application software runs on one Revise to state "..The RPS Channel E application of the four processors used for MSI communications. The RPS Channel E software runs on one of the five processors used for processor and all related TXS hardware are considered safety related due to the MSI communications. A sixth processor provides MSI communications isolation function." alarm information related to the Channel E signals to the OAC via the MSI. The RPS Channel E This section needs to be updated to reflect the system change discussed with processors and all related TXS hardware are NRC during the April 2009 audit inAlpharetta. considered safety related due to the MSI communications isolation function."
271 162 3.4.2.8.2 5 3 The draft SER states that "...during Factory Acceptance Testing (Reference 30) Revise to state "...during Factory Acceptance Testing
..." More appropriate to reference Section 3.2.2.4. Reference 30 is the NRC (see Section 3.2,2.4) ... ""
FAT audit report.
272 163 3.4.2.8.3 The references to 10 CFR 50.34(f) are not correct to Oconee, since these The applicable NUREG-0737 TMI action item is the regulations are not applicable based on the operating license date. appropriate reference for Oconee.
273 163 3.4.2.8.3.1 3 1 The draft SER states that "... SDD (References 127 and 135) . Ref. 135 is not Revise to state that "... SDD (Reference 127) a valid reference for the SDD.
274 163 3.4.2.8.3.2 9 1 The draft SER states that "... SDD (References 127 and 135)..." Ref. 135 is not Revise to state that "... SDD (Reference 127) a valid reference for the SDD.
275 163 3.4.2.8.3.2 9 2 The draft SER states that "...The ESPS voter, Channels Al and A2, provide an Revise to state that "...The ESPS voter, Channels Al and 35
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution isolated output contact to drive the HPI Bypass Enable Statalarm." A2, provide an isolated output contact to drive the HPI BYPASS PERMIT Statalarm."
This paragraph is not correct. There is not ESPS Voter Channel Al and A2. When RCS pressure drops below the Bypass Permit value as sensed by any instrument input channel, the HPI Bypass Permit statalarm is actuated. The operator then presses Bypass pushbuttons (P/Bs) for each channel set. A P/B bypasses channels Al and A2 and a statalarm actuates to indicate these are bypassed.
Another P/B for B1 and B2 and another for C1 and C2. Statalarms exist for these also. Asimilar set-up exists for low pressure injection.
The word PERMIT needs to be added to the description of the Statalarm.
276 164 3.4.2.8.4 4 5 The draft SER states that '... addressed in Section 3.5.5.8.4 of this SE. Based Revise to state that "... addressed inSection 3.5.2.8 of on the description above and the evaluation in Section 3.5.5.8.4 this SE. Based on the description above and the evaluation in Section 3.5.2.8 The two section references are incorrect.
277 164 3.4.2.8.3.2 2. 1 Delete last paraqraph: "The SDD was reviewed and it was determined that Delete paragraph that refers to RPS within ESPS operational bypass indication is provided to the operator via the Statalarm. Based section. Same paragraph exists within previous RPS on the review of this implemented functionality, the indication of RPS operating section.
bypass meets the requirements of Clause 5.8.3.
Similar information is provided for ESPS in the last two sentences of the preceding paragraph.
278 165 3.4.2.10 3 2 The draft SER states that "... These self-monitoring features are described as Delete the following text: "and system response time being supported by surveillance testing of the TXS System (e.g., see TXS SE testing (e.g., see TXS SE Section 4.3, "System Section 4.2, "Surveillance Testing of the TXS System"), and system response Response Time Test" time testing (e.g., see TXS SE Section 4.3, "System Response Time Test")."
Section 3.10 of the draft SE does not address Response Time Testing which is not required by Oconee Technical Specifications.
279 165 3.4.2.9 1 2 The draft SER states that "...These Keyswitches permit the administrative control Revise to state that "...The use of these Keyswitches is of these features." Need to clarify the intent of this sentence. controlled by the licensee's administrative control program for key control."
280 166 3.4.2.10 1 4 The draft SER states that "...Monitoring of non-TXS components, such as the Revise Absopulse power supplies, bipolar power supplies, and detector power supplies, is accomplished through the monitoring of the signals dependent on those components. For example, ifa signal fault is detected inone of the NI power supplies, the NI Power Supply Fail Statalarm is lit." Add sentence after this:
36
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution "The failure of any Absopulse power supply is detected by cabinet monitoring features and results in trouble alarm.
281 168 3.4.2.14 3 10 The draft SER states that "...The details of the digital RPS/ESPS information Delete the last sentence (in bold text) of the quote in the displays and their acceptance by the NRC staff is provided inSection 3.4.2.8 of this comment column.
SE which states that the human factors aspects of these displays did not change significantly; therefore, no review for possible ambiguous indications is necessary.
The LAR identified new administrative control requirements for key switches. 23 " The last sentence, although accurate, has no correlation to the topic being discussed.
282 168 3.4.2.14 4 1 The draft SER states that "The NRC staff used ISG#4 guidance for evaluating Draft SER section 3.1.1.6.3 says the guidance on the HMI aspect of the digital replacement inthe "multidivisional control and "multidivisional control and display stations" was not display stations" area of interest. The proposed HMI was evaluated against the applicable and not used. The two sections should be NRC staff positions 3.1 through 3.3, respectively on Independence and Isolation, made consistent Human Factors, and D3.
We believe 3.1.1.6.3 is correct 283 170 3.4.2.16 3 The draft SER states that "...Compliance with the guidance provided in ISG 2 is The correct section reference is 3.9.0.
discussed in Section 3.1.1.2, "RPS/ESPS Input/Output Subsystem" of this SE.
284 173 3.4.3.2.3.2 5 5 The draft SER states that "Load Shed logic Channels 1 and 2 will have separate Revise Auto/Manual pushbutton selector switches from the switches used to select Manual for the balance of the ESPS Channel 1 and 2 components." Revised to indicate switches are used to select Auto or Manual for the...
285 173 3.4.3.2.3.2 5 6 The draft SER states that "The Load Shed 1 and 2 switches are installed on a Revise control board below the Auto/Manual switches for ESPS logic Channels 1 and 2."
Revise to clarify that the Load Shed Logic Channels 1 and 2 switches are installed....
286 175 3.4.3.3.1 1 7 The draft SER states that "...The FMEA analyzes failures in nonsafety systems, Revise to state that "...The FMEA analyzes failures in the including nonsafety test circuitry, to assure that no single failure can cause the nonsafety features included within the loss of a safety function or lead to spurious ESPS actuations." The information in RPSIESPS boundary such as nonsafety test circuitry, bold text needs to be revised to clarify the failures innonsafety features that the DHPIAS, DLPIAS, the Gateway, and Service Unit, to FMEA analyzes. assure that no single failure can cause the loss of a safety function or lead to spurious ESPS actuations."
287 175 3.4.3.3.1 3 1 "Integrated ICS" is redundant. Delete the word "Integrated" Revise 288 177 3.4.3.5 1 11 Item (3)" If an analog input, exceeds the TXS input hardware range Delete item (3).
specifications, indication to operators is provided."
37
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution This feature is not active within the S466 (analog input board) software driver and is not used for the Oconee application 289 179 3.4.3.6.1 2 1 The draft SER states that "The SID Bypass is annunciated by: (1) an SID Bypass Revise the bold text to state that "...The S/D Bypass is light inside the RPS cabinet of the effect channel, (2) control room annunciator annunciated by: (1) control room annunciator alarms and alarms, and (3) OAC alarms." (2) OAC alarms."
There is no light inside the RPS cabinet. Revise as indicated In the Recommended resolution column.
290 180 3.4.3.6.1 3 1 Delete the last two paragraphs of this section as the information is redundant to the Revise as recommended.
information inthe 2nd paragraph.
291 184 3.4.4 1 3 The draft SER states that "..As part of the design change, the one exiting output Revise as recommended.
relay was replaced with two output relays and the reactor trip modules (RTMs) were replaced by reactor trip relays." This paragraph addresses ESPS; the next paragraph addresses RPS and provides the same information. Delete the text in bold.
292 186 3.4.5 5 7 The large middle paragraph states, "...vital power panels and breakers shown Remove "shown below" in two places in this paragraph.
below.." There is nothing "shown below" and the shown below should be removed.
293 186 3.4.5 5 2 The draft SER states that "...The digital RPS/ESPS equipment is powered by Revise to state "...The digital RPS/ESPS equipment is redundant 120 VAC / 24 VDC Absopulse power supplies, model PFC419-Q9418." powered by redundant 120 VAC / 24 VDC Absopulse The correct model number is ARV419-Q9418. power supplies, model ARV419-Q9418."'
294 186 3.4.5 5 4 The draft SER states that "...The RPS/ESPS uses-the 120 VAC to power Revise to state "...The RPS/ESPS uses the 120 VAC to redundant auctioneered +/-24VDC power supplies." Only way they can provide - power redundant auctioneered 24VDC power supplies."
24VDC would be to swap the leads on the output. Remove the "'"
295 186 3.4.4.5 1 4 In the second sentence, degree of "channel" should be degree of "redundancy." Correct This also occurs in3.4.5.3.
296 187 3.5 2 1 This section uses the Function Block Diagrams. The correct terminology is Correct Function Diagram.
297 189 3.5.2.3 3 2 The draft SER states that "...integration of computer hardware and software is a Revise to state "...is a planned activity inthe software planned activity in the SDD process ..." This is a planned activity inthe software development process..."
development process.
38
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 298 190 3.5.2.3.1.1 The draft SER states that "... in the V&V activity summary reports (Reference Correct 106, Reference 528, Reference 529, Reference 104, and Reference 729)."
References 528, 529, and 720 are incorrect. The correct references are:
- 51-5072680-007, Oconee Nuclear Station Unit 1 RPS/ESFAS Controls Upgrade Design Phase V&V Activity Summary Report, which was submitted in LAR 11 at NRC's request
- 51-9098074-001, Oconee Nuclear Station Unit 1 RPS/ESFAS Controls Upgrade Implementation Phase V&V Activity Summary Report, which was submitted in LAR 11 at NRC's request, and
" 51-9113322-000, Oconee Nuclear Station Unit 1 RPS/ESFAS Controls Upgrade Software V&V Final Report, which was submitted in LAR 17 at NRC's request.
299 194 3.5.2.4.1 3 2 The draft SER states that "...The qualification of new or changed TXS components Revise to state "...has also been addressed (see has also been addressed (see Section 3.12 of this SE). Based on this evaluation Section 3.12 of this SE). The Plant Specific Action
..." Need to also indicate that the Plant Specific Action Items regarding equipment Items regarding equipment qualifications have been qualifications have been addressed satisfactorily, addressed satisfactorily (see Section 3.1.1.7 Item I of this SE). Based on this evaluation ...
300 194 3.5.2.4.2 6 1 The draft SER states that "...The digital RPS/ESPS does not contain any other Revise to state "...The safety-related portions of the commercial digital computers..." digital RPS/ESPS do not contain any other commercial digital computers.
This statement is not correct. The SU and GW are commercial computers procured by Duke 301 195 3.5.2.5.2. 6 3 The draft SER states that "... FAT demonstrated that these tests did not adversely Replace "Reference 740" with "See Section 3.2.2.4".
affect the ability of the computer to perform its safety functions (Reference 740)."
Reference 740 is obviously wrong, FAT testing is discussed in Section 3.2.2.4, suggest you refer back to this section.
302 199 3.5.2.11 1 2 The draft SER states that "...defined an AREVA NP Inc., 01 (Reference 82)..." Revise to state "...defined inAREVA NP 01-1460..."
The 01 number was omitted. Add 01-1460-10.
303 201 3.6 4 1 The cyber security section contains details on identified threats, assessed These details were classified as security sensitive vulnerabilities, and technical and administrative mitigation measures. information by Duke and AREVA NP in the submittals to NRC. The annotated details should be withheld from public disclosure as security sensitive information. (see separate attachment) 39
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 304 201 3.6 4 4 The draft SER states that "...stated inthe "Oconee Nuclear Station, Units 1, 2, and Revise 3, "Cyber Security Features Associated with the Digital Upgrade of Oconee Nuclear Station Reactor Protective System and Engineered Safeguards Protective System" submission that the ONS RPS/ESPS digital upgrade complies with NRC regulations (Reference 20) .. " The location of the reference needs to be moved.
It should occur after the word "submission" also change the word "submission" to "submittal" 305 204 3.6.1.2 1 6 The draft SER states that "... in Sections 3.6.2.2, 3.6.3.2, 3.6.4.2, 3.6.5.2, and Revise 3.6.6 of this SE." Software development activities are address in 3.6.6.2.
306 204 3.6.1.2 3 5 The draft SER states that "... in Sections 3.6.2.2, 3.6.3.2, 3.6.4.2, 3.6.5.2, and Revise 3.6.6 of this SE." Software development activities are address in3.6.6.2.
307 205 3.6.1.3 1 3 The draft SER states that "...Topical Report, EMF-2110, Revision 1, which states Consider revising this sentence.
that the SU is the only means of accessing the system during normal operations
..." This sentence is misleading. The TXS Topical Report briefly discusses the use of a portable (i.e., laptop) computer in Section 2.5.5.1 and Figure 2.11. The Interface software for the boot loading via the serial interface port on the SVE2 module is described in Topical Report Section 3.2.1.3 and the TXS Topical Report SER (on page 18).
308 205 3.6.1.3 3 5 The last sentence of this paragraph implies that a cyber security assessment was Delete this sentence or state that the cyber security performed in Section 3.1.1.5. "The SU is dedicated to the digital RPS/ESPS and assessment took credit for what was done in Section its cyber security assessment is included in Section 3.1.1.5 of this SE." 3.1.1.5 Assessment against ISG 4 does not contain any security sensitive info.
Recommend this sentence be deleted since it adds no real value and implies that a cyber assessment was performed as part of the ISG 4 evaluation.
309 205 3.6.1.3 3 2 The SER states ".... communication with the Service Unit..." Revise to "... communication between the safety Since the previous sentence is discussing the TXS Gateway and the OAC, the system processors and the Service Unit..."
sentence needs to be clear that the limited communications with the Service Unit is with the MSI and not between the Service Unit and the TXS Gateway.
310 205 3.6.1.3 5 5 The SER states "....the limited two-way communication acceptable with the Revise to "... communication between the safety above...." system processors and the Service Unit is acceptable For clarity, this sentence needs to be clear that the limited communications with with the above..."
the Service Unit is to the MSI and not between the Service Unit and the TXS Gateway.
311 206 3.6.2.1.1 3 2 The draft SER states that "...The requirements stated above for the TXS platform Revise to state "...The requirements stated above for 40
ENCLOSURE I November 19, 2009 Draft RPSIESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution are also applicable for the digital RPS/ESPS development phase." Since the topic the TXS platform are also applicable for the digital is requirements the word "development" is out of place and should be replaced with RPS/ESPS requirements phase."
"requirements."
312 207 3.6.2.1.2 4 5 This paragraph references Ref. 160 inits discussion of V&V and the software Use Reference 84. Remove Reference 160 from the design process. Reference 160 is from LAR 2004-09, Supp 1. This is an incorrect Section 5.0 reference list.
reference. Regardless, this reference is not appropriate as Oconee withdrew this LAR. Ref. 84 is the correct reference.
313 207 3.6.2.1.2 6 3 The draft SER states that '... potential security vulnerabilities (Reference 54, This is a better way to reference the key information.
Enclosure 2, pages98-159)." The correct reference is: 51-9113322-000, Oconee Need to add this reference cite.
Nuclear Station Unit 1 RPS/ESFAS Controls Upgrade Software V&V Final Report, which was submitted in LAR 17 at NRC's request.
314 208 3.6.2.1.2 The draft SER states that "... included in the Software V&V Final Report This is a better way to reference the key information.
(Reference 54, Enclosure 2, pages98-159)." The correct reference is: 51- Need-to add this reference cite.
9113322-000, Oconee Nuclear Station Unit 1 RPS/ESFAS Controls Upgrade Software V&V Final Report,which was submitted in LAR 17 at NRC's request.
315 208 3.6.2.1.3 2 2 The draft SER states that "...All TXS system software used to develop the TXS Revise to state "...All TXS system software used on the platform was developed by AREVA (Reference 25)." TXS platform was developed by AREVA (Reference 25)."
316 212 3.6.3.1.2 3 4 The draft SER states that "..,Service Unit is the only system service that is Delete: "modify the safety-related software or" normally connected to the safety system and is used to monitor the functioning of the TXS system, perform functional and periodic tests, provide fault detection and failure diagnosis, modify system parameters, and to modify the safety-related software or to load new safety-related software." The Service Unit has the tools to modify the application software; however, it is not used for that purpose.
317 213 3.6.3.1.2 1 3 The SER states "...operation of a keylock switch for each safety system Revise to "...operation of a keylock switch for each processor to change the system mode of operation prior to making any changes safety system processor to enable the change of the to the system. There is only one common key to change the mode of operation system mode of operation prior to making any changes and it cannot be taken out of the keylock switch when the keylock switch is any to the system. There is only one common key to enable position other than normal operating mode. The system is placed in non- the change of the mode of operation and it cannot be operational mode prior to making changes." taken out of the keylock switch when the key is in the enable position."
This is incorrect as the keyswitches only enable the change of modes of OR operation. The keyswitches do not change the modes by themselves. There are Revise to state "...The keyswitches are described in tests for some ESPS component annunciation that need parameter keys for both Section 3.1.1.2."
subchannels of the same channel.
41
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 318 213 3.6.3.1.2 4 4 This following statement appears inthe draft SER: "The evaluation will assess These elements will be superseded by the licensee's security constraints per Engineering Directives Manual-801 (Revision 1), "Cyber approved Cyber Security Plan that meets 10 CFR Security Risk Evaluation" which was provided to the NRC staff ..." EDM 801 will 73.54.
be revised to meet the assessment requirements required by 73.54 and the forthcoming Duke Energy Cyber Security Plan. Revision 1 will not be the version that will be used for the assessment.
319 215 3.6.3.2 2 The draft SER states that ".'Section 3.2.1.2 of this SE evaluated the vendor's SSD Revise to state "...Section 3.2.1.2 of this SE evaluated plan ..." It should say SDP plan. the vendor's SDP ..."
320 224 3.6.5.1 6 2 The draft SER states that "... Cyber Security FAT Specification (Reference 153) The following test specification reference should be The reference is incorrect. Ref. 153 is the procedure not the specification. added: 6279014399-000, Cyber Security Factory Acceptance Test Specification (LAR Supplement 7) 321 225 3.6.5.1 1 9 The draft SER states that "... CYBER05 consisted of multiple test cases The following test procedure reference should be (Reference 1251)..." The reference is incorrect. added: 63-9076528-000, Cyber Security Factory I Acceptance Test Procedure (LAR Supplement 7).
322 225 3.6.5.1 9 2 The draft SER states that "... physical and logical access (Reference 30 and The following test procedure reference should be Reference 1251)..." The reference 1251 is incorrect, added: 63-9076528-000, Cyber Security Factory Acceptance Test Procedure (LAR Supplement 7).
323 227 3.6.5.2 5 1 The draft SER states that "...The RPS/ESPS application software factory Revise to state "...The RPS/ESPS application software acceptance test was governed by the Software Test Plan ..." To be more factory acceptance test was governed by the FAT Plan precise FAT tests were governed by the FAT Plan.
324 227 3.6.5.2 7 4 The draft SER states that "...At the conclusion of testing, a Certification of Revise to state "...A Certification of Conformance will Performance was issued for the entire system and entered into the Records be issuedwhen the TXS System is shipped to the Management System (per the Records Management Program Manual) site. The Certificate of Conformance is then entered (Reference 23)." Acertificate of conformance will be issued into the AREVA NP Records Management System (per the Records Management Program Manual) (Reference 23)."
325 227 3.6.5.2 8 1 The draft SER states that "...The RPS/ESPS application software test reports Revise to state "...The RPS/ESPS FAT Summary Test contain a summary of the test results ..." This statement needs to be clarified. Reports contain summaries of the test results..."
326 230 3.6.6.2 3 6 Revision 1 will not be used to perform this assessment. EDM 801 will be revised Add a note that acknowledges these elements will be to meet the assessment requirements required by 73.54 and the forthcoming superseded by the licensee's approved Cyber Security Duke Energy Cyber Security Plan. Need to add a note that acknowledges that Plan that meets 10 CFR 73.54.
these elements will be superseded by the licensee's approved Cyber Security Plan that meets 10 CFR 73.54.
327 236 3.7 1 The draft SER states that "Once the total time required for a protective action has Revise to state:
been determined, licensees allocate portions of that time to elements of the 42
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution protective system (i.e., the time required for the sensors to respond to changes in Once the total time required for a protective action has plant conditions, the time required for the actuation logic, and the time required been determined, licensees allocate portions of that for a valve to close or a pump to start). time to elements of the protective system (i.e., the time required for the sensors to respond to changes in plant The licensee defined the digital RPS/ESPS response time requirements for each conditions, the time for rack/processing equipment, safety function inthe RPS/ESPS functional description (Reference 123) as the time required for the actuation logic, and the time follows: required for a valve to close or a pump to start).
Response time requirements for rack/processing equipment need to be included. The licensee defined the digital RPS/ESPS response time requirements for the rackiprocessing equipment and actuation logic inthe RPS/ESPS functional description (Reference 123) as follows:
328 236 3.7 1 20 Item B States: Delete "or equal to" (1) RCS Pressure Low- Less than or equal to 500 msec (2) RCS Pressure Low Low- Less than or equal to 500 msec (3) Reactor Building Pressure High - Less than or equal to 500 msec (4) Reactor Building Pressure High High - Less than or equal to 500 ms The Response times are Less than 500 msec as identified inthe System Function Description (reference 123), the Response Time Calculation (reference 76), and the RPS Response Time Test Procedure (reference 115) 329 236 3.7 1 25 Item C states: Delete "or equal to" Less than or equal to 500 msec The Response times are Less than 500 msec as identified in the System Function Description (reference 123), and the ESFAS Response Time Test Procedure (reference 116) 330 236 3.7 1 27 Item D The SER states: Delete "or equal to" Less than or equal to 500 msec The Response times are Less than 500 msec as identified inthe System Function Description (reference 123), and the ESF Response Time Test Procedure (reference 116) 331 236 3.7 2 2 The draft SER states that "... response time calculation (Reference 76) ... " The correct reference will be reference 58 after the appropriate reference is added to the reference list.
Note: The correct reference is Rev. 5 of the response time calculation. A Then no change is required.
I subsequent comment recommends deleting Rev. 4 from Reference 58 and 43
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution inserting Rev. 5.
332 236 3.7 2 4 The draft SER states that "...and test results (References 158 and 159)..." The Add this reference to cite.
references are incorrect. The following test summary report references from LAR Supplement 17 should be added:
- 66-9100140-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade RPS Response Time FAT Summary Test Report
- 66-9100139-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade ESFAS Response Time FAT Summary Test Report 333 237 3.9 4 9 The draft SER states that "... DI&C-ISG-02 Task Working Group #2: Diversity The current version is Revision 2 dated June 5, 2009 and Defense-in-Depth Issues," September 26, 2007 ..." (ML091590268).
334 237 3.9 5 1 The last paragraph of 3.9 has nothing to do with D3 and should be deleted. It Delete paragraph appears to be misplaced text.
335 238 3.9.0.1 2 1 1st sentence of this paragraph says licensee has completed a revised D3 Recommend deleting the word "revised" or describe assessment... Not sure what this is intended to mean. Duke submitted the D3 what was intended by this statement.
assessment inMarch 2003 and supplemented it several times. Duke summarized the D3 assessment in LAR Section 3.2.3 and described some sensitivity runs we performed at the Staffs request.
336 238 3.9.0.1 5 1 Not sure what an "ATWS" automatic system is. Has this term been previously Change ATWS to AMSAC and DSS defined? The automatic ATWS mitigation systems are AMSAC &DSS 337 241 3.9.0.6 1 2 The phrase ..."ifthe criteria of Staff Positions 1 and 2 of this ISG are addressed.." Correct is not part of the quote. Delete or move the quote 338 243 3.9.1 2 1 AMSAC &DSS were required for B&W plants to meet the overall risk of over- Change" the ATWS AMSAC and the DSS" to "AMSAC pressurizing the RCS following a loss of main feedwater ATWS. This paragraph and DSS" is OK as written but could be improved.
339 243 3.9.1 4 3 Most of paragraph 2 has been copied into this paragraph, and is not required. Revise The repeated information should be deleted.
340 243 3.9.0.8 1 2 Change "existing ATWS provides" to "existing ATWS mitigation systems provide" Change "existing ATWS provides" to "existing ATWS The phrase ATWS mitigation systems is used in Section 3.9.1 mitigation systems provide" 341 244 3.9.1 1 1 Insert "Low Pressure Injection" into diverse actuation. Change "diverse actuation system" to "diverse Low Pressure Injection actuation system (DLPIAS)"
342 244 3.9.2.1 1 1 Diverse LPI does NOT "protect against a departure of nucleate boiling (DNB)" Revise first sentence to" The DLPIAS (Figure 3.9.2.1-1) provides a low-pressure, high-volume source of water to the RCS ..."
44
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 343 244 3.9.2.1 4 3 The draft SER states that "...The interface with the LPI actuation circuit and the Revise to state that "...The isolation device between the DLPIAS bypass switch is safety-related." LPI actuation circuit and the DLPIAS bypass switch is safety-related."
Need to clarify that the isolation device between the LPI actuation circuit and the DLPIAS bypass switch is safety-related.
344 246 3.9.2.3 1 3 The Hardware Design Solutions document does not have a Section 5.1.23. Note Correct this is correct for Rev 16 which was never docketed.
345 247 3.9.3 1 1 Diverse HPI was NOT required to obtain acceptable results inthe D3 analysis. Replace first paragraph with the following: ONS D3 does This is a copy of the diverse LPI section which is not applicable to diverse HPI. not require installation of a DHPIAS, however, the This description needs to be consistent with Section 3.1.1.4.8.2. proposed installation is in response to ISG-2 concern of SWCCF with the ONS design where one redundant set of ESPS channels is sharing processors with RPS Channels A, B, and C.
346 247 3.9.3 2 1 First sentence is not correct, need to delete the remainder of the first sentence delete the remainder of the first sentence following the following the phrase "digital RPS/ESPS upgrade" phrase "digital RPS/ESPS upgrade" 347 247 3.9.3.1 3 1 Diverse HPI does NOT "protect against a departure of nucleate boiling (DNB) Revise first sentence to" The DHPIAS (Figure 3.9.3.1-1) provides a high-pressure, low-volume source of water to the RCS..."
348 247 3.9.3.1 4 3 The draft SER states that "...The interface with the HPI actuation circuit and the Revise to state that "...The isolation device between the DHPIAS bypass switch is safety-related." HPI actuation circuit and the DHPIAS bypass switch is safety-related."
349 249 3.9.3.3 2 6 First bullet is not true; D3 does not require the protective action of this system. Delete bullet This has been copied from Section 3.9.2.2 350 249 3.9.3.3 2 3 The Hardware Design Solutions document does not have a Section 5.1.23. Correct 351 251 3.10 2 15 The draft SER states that "...document number 51-9044432-004, dated April 14, The reference is incorrect. The following reference should 2008 (Reference 1264) " be added: AREVA document No. 51-9044432-004, Oconee Nuclear Station RPS/ESPS Surveillance Change Justification (submitted with Reference 6).
352 251 3.10 2 4 Oconee TSs do not require response time testing. Clarify this is a generic Change "response time" to "channel functional test."
discussion that is not applicable to Oconee. None of the discussion on response time testing applies to Oconee. Need to revise and remove discussion related to response time testing.
353 252 3.10 1 The draft SER states that "...Report EMF-2341, dated December 1991 Correct (Reference 1279) ..." The reference is incorrect. The following reference should be added: Siemens, EMF-2341 (P) Revision 0, "Generic Strategy for Periodic 45
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution Surveillance Testing of TELEPERM XS Systems in U.S. Nuclear Generating Stations," Siemens Power Corporation, December 1999.
354 253 3.10.1.2 1 4 The draft SER states that "...signal conditioning equipment (i.e., SAA1 and Revise to state that "...signal conditioning equipment SNVA)..." SNVA should be SNVI. (i.e., SAA1 and SNV1)..."
355 253 3.10.2.1 2 1 Change CHANNEL FUNCTIONAL TEST to CHANNEL CHECK. Correct 356 254 3.10.2.1 1 3 The SER indicates that since ONS Units 1, 2, and 3 will have digital RPS/ESPS Revise to indicate "...and due to existing analog installations completed at different times, it is acceptable to include both analog instrumentation required by TSs other than and digital surveillance test requirements, as appropriate, on the unit-specific basis. RPS/ESPS..."
Regardless of the time of the RPS/ESPS modification, the definitions apply to all TS required instruments, much of which is analog. So, we'll need to retain even after installation on all three units.
357 255 3.10.2.1 5 2 See comment above for page 254.
358 256 3.10.2.3 6 3 The draft SER states that "...The underlined statement in the current definition is Add underlining to the current and revised definition replaced with the underlined statement inthe revised definition." There is no where intended.
underlining provided inthese sections of the document so it is unclear what is being referenced.
359 259 3.11 2 1 The last sentence states that the "methodology for calculating instrumentation Didn't change methods.
setpoint values has been revised..." This is an incorrect statement. The methodology is the same as it was with the analog system. Rather, the uncertainties calculated for the digital system have changed, but there is no impact on the instrumentation setpoints.
360 259 3.11 2 1 The 1st sentence implies Oconee TSs contain instrument setpoints. ONS TS Revise. Remove mention of setpoints from SER. The contain allowable values, plant setpoints are controlled by procedures. Change only thing inTSs is allowable values.
setpoint to allowable value for the context of this discussion.
361 259 3.12 3 1 The draft SER states that "...in LIC-101, Revision 3, "License Amendment NRC Office Instruction LIC-500, Processing Requests for Review Process," Section 4.2, "Using Precedent Safety Evaluations and Reviews of Topical Reports, contains the following References to Topical Report," states: "Ifa licensee intheir application or the instructionsregarding limitations and.conditions:
NRC staff during its review identifies a deviation from the process or limitations associated with a topical report, the NRC should address the deviation inits SE 4.2.7 TB Transmits SE to DLPM for the plant-specific license amendment applications. To address deviations from approved topical reports, the SE for the subject amendment should identify The lead TB will provide the PM with the SE 20 the limitation of condition, evaluate the proposed deviation against appropriate working days prior to the current agreed-upon regulatory criteria, and specifically explain why the deviation is acceptable (or not milestone schedule date for the draft SE. The acceptable)." SE should follow the general guidance in Office Instruction LIC-1 01, with the exception that the 46
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution NRC Office Instruction LIC-500, Processing Requests for Reviews of Topical SE should also specify who can reference the Reports, contains instructions that are not consistent with LIC_101. NRC should TR (e.g., Westinghouse-designed plants), and reconsider using this as the regulatory basis for this review, clearly identify the conditions and limitations the staff has placed on the use of the TR in the body of the SE, including plant-specific items that a licensee referencing the TR will need to submit.
These conditions and limitations shall also be listed in a separate section titled Conditions and Limitations. (emphasis added)
The TXS system is described inTXS Topical Report (AREVA NP Document 38-1288541-00).
NRC approved the TXS Topical Report in a safety evaluation report issued inMay 2000.
The NRC SER for the TXS Topical Report does not contain a separate section titled Conditions or Limitations nor are any conditions or limitations clearly placed on the TXS hardware or software qualification processes.
362 262 3.12.1.3 6 6 The draft SER states that"... In the ONS application, the SNV1 module is used for Revise to state "... Inthe ONS application, the SNV1 multiplying current input signals to be used for processing the RPS input module is used for multiplying current input signals."
signals."
Delete the bolded text.
363 265 3.12.4.3 5 7 The draft SER states that "... The system concept behind this methodology, as NRC may want to consider revising this statement.
reflected inthe acceptance criteria, was for the RTS and the ESFAS systems to be separate systems with limited interconnections. EMF-2267(P) Figure 8.1 shows a combined RTS/ESFAS system. Section 10.2 item 1, which states that "When a failure is assumed for a software block, RT and ESF actuations associated with this block, which should occur from both primary and secondary channels, may not activate' is consistent with a system described inFigure 8.1.
364 266 3.14.1 Not clear how this section will be implemented. Generally, regional inspectors do Clarify intent of this section not perform evaluations; rather they perform'inspections. As noted in Section 3.14.2, inspectors would "review", "ensure", "verify". The five items listed in 3.14.1 all imply that Region II will "evaluate." Or it could imply that ONS performs 47
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution the evaluations and then Region IIinspects. Because the intent is unclear, the section needs to be revised to clarify intent.
Also, the word "shall" is used throughout yet in Section 3.14 the phrase "that should be addressed" is used. Again, the intent needs to be clarified as to which organization is to perform the evaluation - Region II or Duke.
365 267 3.14.2.2 3 2 Item 2 states that "... Ensure that the procedure to be used for system Revise to state "...Ensure that the procedure to be used configuration activities restricts the issuance of the Parameter Change Enable for system configuration activities restricts the issuance key to a single key so that only one channel can be configured at a time." Some of the Parameter Change Enable keys so that only one tests for some ESPS component annunciation need parameter keys for both channel can be configured at a time."
subchannels (e.g., Al &A2) of the same channel (A). Duke revised RAI 80 and RAI EICB 106 responses to clarify that for some cases 2 keys are required to allow testing of one ESPS channel.
366 268 3.14.2 3 1 Item 8. The follow-up to evaluate procedures to monitor internal cabinet Delete Site Inspection Follow-up Item 8.
temperatures is not required. Section 3.3.1.1 of the SER demonstrates acceptance of qualification that shows the cabinets bound control room temperature limits. Added monitoring of cabinet internal temps is not needed.
A high temperature cabinet alarm will trip the associated RPS or ESPS channel.
The shutdown protects the system from exceeding the EQ temp limit. The high temperature alarm will initiate a "CABINET FAULT" condition which will also turn "ON" the cabinet fault light at the top front and rear of the cabinet. The temperature alarm alerts the operator to high temperature in the SBG3 power supplies and de-energizes all digital and analog outputs from the affected cabinets.
Duke operator response will be to enter a TS LCO Condition for an inoperable channel and investigate the temp problem.
367 268 3.14.2 6 1 Item 11 is essentially a duplicate of follow-up item #3. Item 3 is too prescriptive Delete Item 3 and provides details never provided in the LAR and supplements.
368 268 3.14.2 8 1 Item 13 - This item is not written in a style and format similar to other NRC Revise to read: "Verify that..."
Inspection items.
369 269 3.14.2 1 1 Item 14 is talking about cyber aspects of repairs. Repairs are discussed in Delete follow-up item #14 or modify to clearly describe section 3.5.2.10 (SER says review not required), 3.4.2.10 (requirements are met requested follow-up action (with valid references to inthis section). Section 3.6 does not have a reference to repairs. other SER sections).
370 269 3.14.2 7 1 Item #20 is essentially a duplicate of follow-up item #17. Combine with #17 and delete follow-up item #20. Note 48
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution that Test machine will only be used for troubleshooting.
371 269 3.14.2 10 1 Item 23 refers to Section 3.14 for more information on this Regional Activity. Delete the self referential sentence as it provides no Section 3.14 is the introductory section for this section, 3.14.2, and there is no value and is potentially confusing.
value in referencing the lead-in.
372 270 3.14.2 4 1 Item 28 states "Verify that the TXS platform (i.e., RPS/ESPS) cabinets are Revise wording to state" Verify that the TXS platform installed with a control room alarm which monitors the cabinet's locked position." (i.e., RPS/ESPS) cabinets are installed with a control room alarm which monitors the cabinet's closed position (except for cabinets 17 and 18)."
373 270 3.14.2 7 3 Item 31 - Does "as well as cabinet door locks and keyswitches" apply to SU or Need to clarify that SU is not locked.
TXS cabinets?
374 270 3.14.2 7 1 Item 31 states "Verify that the Service Unit is located within the control room Delete , as well as cabinet door locks and keyswitches complex to provide physical protection and also verify that the service unit has - both of which will sound a control room alarm" login / password protection, as well as cabinet door locks and keyswitches - Or both of which will sound a control room alarm." This followup item is written Address the need to verify alarms resulting from as though the SU, cabinet door locks and keyswitches are interrelated. They are keyswitches in a separate sentence.
not. The Cabinet door locks are already addressed by Item 28. Keyswitches should be addressed by a separate followup item. Ifnot this followup item needs to be re-written.
375 270 3.14.2 11 1 Item 35 - Reference to Section 3.6.6.7 is incorrect Correct reference is to Section 3.6.7 Reference is made to RG 1.152, Regulatory Position 2.7. Compliance with this Need to add a note that acknowledges that some RG may not be possible once the 10 CFR 73.54 Cyber Security Plan is approved elements of RG 1.152 may be superseded by the and implemented. licensee's approved Cyber Security Plan that meets 10 CFR 73.54.
376 270 3.14.2 12 1 Item 36 - Reference is made to RG 1.152, Regulatory Position 2.8.1. Need to add a note that acknowledges that some Compliance with this RG may not be possible once the 10 CFR-73.54 Cyber elements of RG 1.152 may be superseded by the Security Plan is approved and implemented. licensee's approved Cyber Security Plan that meets 10 CFR 73.54.
377 271 3.14.2 1 1 Item 37 and 38 are one followup item, remove the hard carriage return and Combine 37 and 38. Add a note to acknowledge that combine. some elements of RG 1.152 may besuperseded by the Compliance with this RG may not be possible once the 10 CFR 73.54 Cyber. licensee's approved Cyber Security Plan that meets 10 Security Plan is approved and implemented. Existing guidance for the CS Plan CFR 73.54.
contains very specific requirements for quality assurance that may be materially different than that contained in RG 1.152.
378 271 3.14.2 3 1 Item 40 - Compliance with this RG position may not be possible once the 10 Add a note to acknowledge that some elements of RG CFR 73.54 Cyber Security Plan is approved and implemented. These activities 1.152 may be superseded by the licensee's approved 49
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution may be required to be located inother licensee documents. Cyber Security Plan that meets 10 CFR 73.54.
379 271 3.14.2 5 1 Item 42 - Compliance with this RG position may not be possible once the 10 Add a note to acknowledge that some elements of RG CFR 73.54 Cyber Security Plan is approved and implemented. Existing 1.152 may be superseded by the licensee's approved guidance for the CS Plan contains very specific requirements for incident Cyber Security Plan that meets 10 CFR 73.54.
response and recovery that may be materially different than that contained in RG 1.152.
380 271 3.14.2 6 1 Item 43 - Compliance with this RG position may not be possible once the 10 Add a note to acknowledge that some elements of RG CFR 73.54 Cyber Security Plan is approved and implemented. Existing 1.152 may be superseded by the licensee's approved guidance for the CS Plan contains very specific guidance for periodic self- Cyber Security Plan that meets 10 CFR 73.54.
assessments and audits which may be materially different than RG 1.152.
381 271 3.14.2 7 1 Item 44 - parentheses are not needed infirst line Delete parentheses 382 272 4.1 2 1 The staff concludes that the design meets 10 CFR 50.34(f)(2)(v), 10 CFR The staff should refer to the applicable NUREG-0737 50.34(f)(2)(xiv), 10 CFR 50.34(f)(2)(xxiii), yet these regulations do not apply to TMI action item or explain why it is using regulations ONS (not applicable since ONS license was not pending as of 2/16/82). The that are not applicable to ONS to evaluate RPS/ESPS applicable NUREG-0737 TMI action item is the appropriate reference for Oconee compliance.
383 272 4.1 5 4 The last sentence of this paragraph does not read well. There is a misplaced Revise "therefore" revise as follows:
"The NRC staff determined that the RPS/ESPS is incompliance with this requirement, since the digital RPS/ESPS LAR does not propose instrumentation Setpoint (Allowable Value) changes for any of the RPS/ESPS functions inthe proposed ONS Units 1, 2, and 3, TS changes; and the RPS/ESPS setpoint methodology conforms to the guidance of RG 1.105."
384 272 4.1 6 6 The paragraph refers to the "ALS" platform." It should refer to the TXS platform. Correct 385 274 4.1 3 2 The reference to 10 CFR 50.34(f) is not correct to Oconee, since these The applicable NUREG-0737 TMI action item is the regulations are not applicable based on the operating license date. appropriate reference for Oconee.
386 275 4.1 7 2 The reference to 10 CFR 50.34(f) is not correct to Oconee, since these The applicable NUREG-0737 TMI action item is the regulations are not applicable based on the operating license date. appropriate reference for Oconee.
387 276 4.2 3 1 The draft SER re-states the following commitment: SRS has been revised. IfNRC needs to verify they should use an inspector follow-up item.
"The Software Requirements Specification will be revised to clarify treatment of the software for the TXS Gateway software, MSI, and RPS Channel E functions. Refer to Section 3.2.3.1 of this SE for evaluation details related to this commitment."
50
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 388 281 5.0 24 The draft SER states that "Dave Baxter ... Supplement 17..." Reference 24 is the same as Reference 18 and should Item 24 be deleted.
389 283 5.0 37 The draft SER states that "...Regulatory Guide 1.105, Revision 2 ... " The current version of RG 1.105 is Revision 3. Need to Item 37 use Rev. 3 consistently throughout 390 284 5.0 48 The draft SER states that "...Regulatory Guide 1.209, Revision 1 ... " The current version of RG 1.209 is the initial issue.
Item 48 There is no Revision 1.
391 284 5.0 50 The draft SER states that"... DI&C-ISG-02 ... September 26, 2007 (ADAMS The current version of DI&C-ISG-02 is Revision 2 dated Item 50 Accession No. ML072540118)." June 5, 2009 (ML091590268).
392 285 5.0 51 The draft SER states that "...DI&C-ISG-04 ... September 28, 2007 (ADAMS The current version of DI&C-ISG-04 is Revision 1 dated Item 51 Accession No. ML072540138). March 06, 2009 (ML083310185).
393 285 5.0 57 The draft SER states that "... List of Regulatory Commitments" May 28, 2008 Reference 57 is the same as Reference 6 and should Item 57 (ADAMS Accession No. ML082800268) ..." be deleted.
394 285 5.0 58 The draft SER states that "...AREVA NP document 32-9009296-004..." AREVA NP document 32-9009296-005 was submitted Item 58 in LAR Supplement 15 and should be referenced instead of version 004.
395 285 5.0 59 The draft SER states that "...AREVA NP document 66-5065212-03 ... " AREVA NP document 66-5065212-04 was submitted in Item 59 LAR Supplement 18 and should be referenced instead of version 03.
396 286 5.0 60 The draft SER states that "Paul F. Prescott ...ML061510646) ... " Item 60 is not cited in the draft SER and should be Item 60 deleted. The correct information for Reference 60 is:
"NRC Letter from Juan Peralta, Chief of Quality and Vendor Branch 1, to Hans-Joachim Nisslein, AREVA-NP GmbH, dated May 7, 2008,
Subject:
NRC Inspection Report For AREVA-NP GmbH 99901371/2008-201 (ML081190190)"
397 286 5.0 61 The draft SER states that "Duke Energy Corporation ... (ADAMS Accession No. Reference 61 is incorrect and should be deleted.
Item 61 ML082800269)..."
398 286 5.0 62 The draft SER states that "ISTec ... November 20, 2002..." The correct date is November 22, 2002.
Item 62 399 286 5.0 63 The draft SER states that "Duke Energy Corporation .-. (ADAMS Accession No. Reference 63 appears to be a duplicate of Reference Item 63 ML083450717)..." 22 and should be deleted. Regardless, it is incorrect as 51
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution it refers to Supp 7 dated 11/25/2008. Supp 7 was dated 10/16/2008.
400 287 5.0 74 The draft SER states that "...AREVA NP document 51-9062040-002 ..." AREVA NP document 51-9062040-003 was submitted Item 74 in LAR Supplement 15 and should be referenced instead of version 002.
401 287 5.0 75 The draft SER states that "...AREVA NP document 51-9001942-004 ... (ADAMS Reference 75 has the same ADAMS number as Item 75 Accession No. ML082800269)..." Reference 58 and should be verified.
402 287 5.0 76 The draft SER states that "...AREVA NP document 32-9009296-005 ... (ADAMS The information in Reference 76 should replace the Item 76 Accession No. ML091050340..." information inReference 58.
403 288 5.0 80 The draft SER states that "...Operating Instruction 1457-06 ... " AREVA NP document Operating Instruction 1457-08 Item 80 was submitted in LAR Supplement 17 and should be referenced instead of version 06.
404 289 5.0 89 The draft SER states that "...AREVA NP document 51-9006444-005 ... " AREVA NP document 51-9006444-009 was submitted Item 89 in LAR Supplement 17 and should be referenced instead of version 005.
405 289 5.0 97 The draft SER states that "...Duke Energy Corporation ...October 16, 2008 Reference 97 is the same as Reference 8 and should Item 97 (ADAMS Accession No. ML083170807) ... be deleted.
406 290 5.0 107 The draft SER states that "...Operating Instruction 1577-02..." Reference 107 is the same as Reference 83 and should Item 107 be deleted.
407 291 5.0 112 The draft SER states that "...AREVA NP document 62-9065544-000..." Reference 112 is the same as Reference 93 and should Item 112 be deleted.
408 291 5.0 118 The draft SER states that "..*AREVA NP document 62-9078736-000 ..." Reference 118 is the same as Reference 96 and should Item 118 be deleted.
409 292 5.0 120 The draft SER states that "...AREVA NP document 62-9066984-000 ..." Reference 120 is the same as Reference 92 and should Item 120 be deleted.
410 292 5.0 126 The draft SER states that "...AREVA NP document 51-5045374-06 ... " AREVA NP document 51-5045374-08 was submitted in Item 126 LAR Supplement 16 and should be referenced instead of version 06.
411 293 5.0 130 The draft SER states that "...AREVA NP document 51-9079808-003 ... (ADAMS Reference 130is the same as Reference 98 and should Item 130 Accession No. ML091050335).,." bedeleted.
412 293 5.0 136 1 Reference 136 is of an internal SE provided to Melanie Wong from Nancy Salgado NRC needs to issue this SER to Duke 52
ENCLOSURE i November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution Item 136 via memorandum dated 5/19/2009. Duke was not aware that this SE existed.
Duke would like a copy to review ifit is going to serve as the licensing basis for the D3 assessment.
413 295 5.0 149 1 References 149 and 150 both dated 2/3/2006 both are internal memoranda Provide one valid D3 SE as a reference.
Item 149 transmitting the Oconee D3 SE. These are apparently related to the D3 SE that was issued on 5/12/2006 and withdrawn on 5/18/2006. Does the SE of Reference 136 re-issue the earlier SE?
414 296 5.0 158 The draft SER states that "...Branch. Technical Position (BTP) HICB-19 ... " The current version is Branch Technical Position 7-19, Item 158 Guidance For Evaluation Of Diversity And Defense-In-Depth InDigital Computer-Based Instrumentation And Control Systems, Revision 5, March 2007 415 296 5.0 160 1 References 160, 161, and 162 are associated with the RPS/ESPS LAR that was Delete references.
Item 160 withdrawn and should not be referenced inthis SE.
416 297 5.0 163 Reference 163 includes "DPC-NE-3007" in its title and provides an ADAMS Delete reference.
Item 163 number. The ADAMS document does not include "DPC-NE-3007" in its 65 pages. This is the internal input used for the D3 assessment provided by letter dated March 20, 2003. Reference 157 is the official D3 assessment; this listing is essentially a duplicate of 157.
417 298 5.0 164 Reference 164 is not referred to from the body of the SE and appears to be Delete reference.
Item 164 incorrect as its title is "....Alternate Source Term..."
418 297 5.0 166 These documents need to be added to the reference list and referred to from the Comments above indicate where these documents body of the SE. should be referenced.
- 62-9014399-000, Cyber Security Factory Acceptance Test Specification (from LAR Supplement 7)
- 62-9081518-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Normal Startup and Shutdown Factory Acceptance Test Specification (from LAR Supplement 7)
O1-1583-03, Software Library and Control (from LAR Supplement 10) 0 O1-1611-01, Design Process (from LAR Supplement 10) 0
- 01-1639-00, Software Reviews and Audits (from LAR Supplement 15)
- 51-5072680-007, Oconee Nuclear Station Unit I RPS/ESFAS Controls Upgrade Design Phase V&V Activity Summary Report (from LAR Supplement 11)
- 51-9098074-001, Oconee Nuclear Station Unit 1 RPS/ESFAS Controls 53
ENCLOSURE 1 November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution Upgrade Implementation Phase V&V Activity Summary Report (from LAR Supplement 11)
- 51-9113322-000, Oconee Nuclear Station Unit 1 RPS/ESFAS Controls Upgrade Software V&V Final Report (from LAR Supplement 17)
- 63-9018592-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Startup /Shutdown Acceptance Test Procedure (from LAR Supplement 7)
" 63-9076528-000, Cyber Security Factory Acceptance Test Procedure (from LAR Supplement 7)
- 66-9098774-002, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Nuclear Instrumentation (NI) FAT Summary Test Report (from LAR Supplement 12)
- 66-9097605-001, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Cyber Security FAT Summary Test Report (from LAR Supplement 12)
- 66-9098849-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade RPS SW Functional FAT Summary Test Report (from LAR Supplement 12)
- 66-9100133-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Graphic Service Monitor (GSM) FAT Summary Test Report (from LAR Supplement 12)
- 66-9100137-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade RPS/ESFAS HW Failure FAT Summary Test Report (from LAR Supplement 12)
" 66-9099526-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade TXS Gateway to OAC FAT Summary Test Report (from LAR Supplement 12)
- 66-9100136-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade ESFAS SW Functional FAT Summary Test Report (from LAR Supplement 12)
" 66-9100138-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Supplemental ESFAS HW Failure FAT Summary Test Report (from LAR Supplement 12)
- 66-9099856-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Start Up/Shut Down FAT Summary Test Report (from LAR Supplement 12) 54
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution
- 66-9100134-001, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade Small Break LOCA FAT Summary Test Report (from LAR Supplement 12)
- 66-9100135-001, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade One Pump Coastdown FAT Summary Test Report (from LAR Supplement 12)
- 66-9100140-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade RPS Response Time FAT Summary Test Report (from LAR Supplement 12)
- 66-9100139-000, Oconee Nuclear Station, Unit 1 RPS/ESFAS Controls Upgrade ESFAS Response Time FAT Summary Test Report (from LAR Supplement 12)
- 01-1585-02, TXS System - Hardware Configuration Management Plan (from LAR Supplement 17)
- 51-9044432-004, Oconee Nuclear Station RPS/ESPS Surveillance Change Justification (from LAR Supplement 5)
- Siemens, EMF-2341 (P) Revision 0, "Generic Strategy for Periodic Surveillance Testing of TELEPERM XS Systems in U.S. Nuclear Generating Stations," Siemens Power Corporation, December 1999 419 297 CCR Not defined or used Delete 420 298 DNB DNB is departure from nucleate boiling, not departure of nucleate boiling. DNB is Delete.
used twice; once in Section 3.9.2.1 and once in Section 3.9.3.1. Based on Duke comments on those two sections, DNB was inappropriately Used and needs to be deleted.
421 298 EMF EMF is defined as Digital Reactor Protection System, this Is not correct Delete, does not need to be defined. This is a report designator and has no specific meaning.
422 298 FBDs Delete and replace with FD for Function Diagram Correct 423 299 LOCA LOCA stands for Loss-of-Coolant-Accident not Loss Coolant Accident Correct 424 299 OAC OAC stands for Operator Aid Computer Correct 425 299 OBE OBE stands for Operating Basis Earthquake Correct 426 299 01 01 stands for Operating Instruction Correct 427 299 NSD-804 Delete -804 from NSD-804 Correct 428 300 RCP Delete, not used after resolution of comment made above. Delete 55
ENCLOSURE I November 19, 2009 Draft RPS/ESPS SER Comments C# Pg # Sect # Para Line Comment Recommended Resolution 429 300 SAT SAT stands for Site Acceptance Testing Correct 430 300 SCIL The acronym (SCIL) is inthe table twice Remove one (SCIL) from acronym table 431 300 SINEC SINEC does not stand for Port Random Access Memory Delete 432 301 STR Delete - should use Siemens TR. Not used. Delete 56