ML11222A113
ML11222A113 | |
Person / Time | |
---|---|
Site: | Watts Bar |
Issue date: | 08/04/2011 |
From: | Stinson D Tennessee Valley Authority |
To: | Document Control Desk, Office of Nuclear Reactor Regulation |
References | |
Download: ML11222A113 (76) | |
Text
Tennessee Valley Authority, Post Office Box 2000, Spring City, Tennessee 37381-2000 August 4, 2011 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D.C. 20555-0001 Watts Bar Nuclear Plant, Unit 2 10 CFR 50.4 NRC Docket No. 50-391
Subject:
WATTS BAR NUCLEAR PLANT (WBN) UNIT 2 - INSTRUMENTATION AND CONTROLS STAFF INFORMATION REQUESTS
Reference:
- 1. Licensee Open Items to be Resolved for SER Approval List The purpose of this letter is to provide TVA's responses to NRC's information requests on the "Licensee Open Items to be Resolved for SER Approval List." Enclosure 1 to this letter provides TVA's responses to the information requested by NRC.
Enclosure 2 contains the supporting documents for TVA's responses to NRC's requests/questions provided in Enclosure 1. Enclosure 3 contains a list of references on which TVA's responses are based. Enclosure 4 contains a list of new regulatory commitments.
If you have any questions, please contact William Crouch at (423) 365-2004.
I declare under penalty of perjury that the foregoing is true and correct. Executed on the 4 th day of August, 2011.
Respectfully,
ýICD J<ZZ:-
I,-
David Stinson Watts Bar Unit 2 Vice President
-DO-y) 0 ýK
U.S. Nuclear Regulatory Commission Page 2 August 4, 2011
Enclosures:
- 1. Responses to Licensee Open Items To Be Resolved For SER Approval
- 2. List of Attachments
- 3. List of References
- 4. List of New Regulatory Commitments cc (Enclosures):
U. S. Nuclear Regulatory Commission Region II Marquis One Tower 245 Peachtree Center Ave., NE Suite 1200 Atlanta, Georgia 30303-1257 NRC Resident Inspector Unit 2 Watts Bar Nuclear Plant 1260 Nuclear Plant Road Spring City, Tennessee 37381
Enclosure I TVA Letter Dated August 4, 2011 Responses to Licensee Open Items to be Resolved for SER Approval For some NRC requests for additional information (RAIs), this letter provides TVA's initial response. For the other NRC RAIs in this letter, a response has been provided in previous TVA letters to the NRC, and the NRC has subsequently requested additional information. For these requests, the initial TVA response is not repeated below. The additional NRC information requests are identified in this letter as "Follow-up NRC Requests." TVA responses to these items are identified as "TVA Response to Follow-up NRC Request."
The following acronyms/abbreviations are used in this letter:
DBE Design Basis Event EQ Environmental Qualification FSAR Final Safety Analysis Report I/F Current to Frequency Converter lIEEETM Institute of Electrical and Electronics Engineers NRC Nuclear Regulatory Commission SRP Standard Review Plan PAMS Post Accident Monitoring System Rev. Revision RG Regulatory Guide SE Safety Evaluation TID Total Integrated Dose TVA Tennessee Valley Authority
- 1. NRC Request (l&C RAI Matrix Item Number 349) (SSER 23 Table HH Item Number 78)
Radiation testing was not considered in any of the test reports as all the equipment has been assumed to be located in nuclearpower plant areas with mild environments and radiationdosages less than I x 103 rads for total integrateddose (TID). However, the radiationmonitors and the I/F converters are located in the main control room which is defined as mild environment. For WBN-2 mild environment is defined as room or building zone where (1) the temperature,pressure, or relative humidity resulting from the direct effects of a design basis event (DBE) (e.g., temperature rise due to steam release) are no more severe than those which would occur during an abnormal plant operationalcondition, (2) the temperature will not exceed 130°F due to indirecteffects of a DBE, (3) the event radiation dose is less than or equal to I x 104 rads, and (4) the total event plus the 40 year TID (total integrated dose) is less than or equal to 5 x 104 rads (reference WB-DC-40-54).
TVA to addresslack of radiationqualification for WBN-2.
Follow-up NRC Request February25, 2011 response is acceptable. Item will be trackedas a confirmatory item in the SE. TVA to provide calculation or summary of calculation when complete.
1 IEEE is a registered trademark in the U.S. Patent & Trademark Office, owned by the Institute of Electrical and Electronics Engineers, Incorporated.
E1-1
Enclosure I TVA Letter Dated August 4, 2011 Responses to Licensee Open Items to be Resolved for SER Approval TVA Response to Follow-up NRC Request Attachment 1 contains TVA calculation WBNAPS3127, "EQ Dose in the Control Building,"
Revision 0, which completes this item. The calculation result for the Main Control Room on elevation 755 is a total integrated gamma plus beta dose (40 year normal plus 100 day accident) of 362.76 Rads. This is less than the 1,000 Rad maximum limit for the containment high range radiation monitors.
On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS againstthe current staff position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response: TVA performed an analysis and concluded that the Common Q PAMS equipment does not need to meet either IEEE 279-1971 or IEEE 603-1991 and so no analysis was performed or provided.
However, SRP (NUREG-0800 Rev. 2 dated March 2007) Section 7.7, "Information System Important to Safety," specifically identifies IEEE Std 603-1991 as being applicable to accident monitoring instrumentation. Based upon the review of this item, the staff finds the following open items:
1 TVA to demonstrate that the Common Q PAMS meets the applicableregulatory requirements in IEEE Std 603-1991.
2 TVA to update FSAR (Amendment 103) Table 7.1-1 to reference IEEE Std 603-1991 for WBN2 Common Q PAMS.
Follow-up NRC Request Resolve disagreementbetween the FSAR and Regulatory Guide 1.97 Revision 2, definition of Type A variables.
TVA Partial Response to NRC Request and Response to Follow-up NRC Request
- 1. Response provided in TVA to NRC letter dated May 6, 2011 (Reference 1) to open items 367 and 372.
- 2. Attachment 2 contains the proposed FSAR change which addresses item 2 of the original request and the follow-up request by updating the definition of Type A variables to include the additional TVA selection criteria and adding note 14 to Table 7.5-2 for the containment high radiation monitors which will be included in a future amendment. Note 14 states that the containment high radiation monitors do not meet the Regulatory Guide (RG) 1.97, Revision 2, definition for a Type A variable.
Enclosure I TVA Letter Dated August 4, 2011 Responses to Licensee Open Items to be Resolved for SER Approval
On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS againstthe current staff position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response: "thatWBN2 is not committed in complying with Reg. Guide 1.75... Since WBN2 is not committed to RG 1.75 or IEEE-384, no comparison is required..."
However, WBN2 is committed to RG 1.75 Rev. 2, "PhysicalIndependence of Electric Systems." RG 1.75 Rev. 3 and IEEE Std. 384-1992 are used, in part, to address IEEE Std 603-1991 Clause 5.6.1. The current NRC staff position for RG 1.75 is documented in Rev.
- 3. Based upon the review of this item, the staff finds the following open item:
I TVA to update FSAR (Amendment 103) Table 7.1-1 to include RG 1.75 Rev. 3 for WBN2 Common Q PAMS and the Sorrento ContainmentHigh Radiationmonitor The Common Q PAMS was designed to meet the requirementsof RG 1.75 Rev. 2. WBN2 did not perform an analysis to RG 1.75 Rev. 3. Based upon the review of this item, the staff finds the following open item:
2 TVA to evaluate Common Q PAMS and the Sorrento Containment High Radiation monitor for conformance with RG 1.75 Rev. 3.
TVA Partial Response to NRC Request
- 1. Attachment 2 contains the proposed FSAR change which adds RG 1.75, Revision 3 to Table 7.1-1 which will be included in a future amendment.
- 2. Evaluation included in item 7 of TVA to NRC letter dated May 6, 2011 (Reference 1).
After further review, the staff determined that a reference to the Sorrento containment high radiation monitors was not required.
- 4. NRC Request (l&C RAI Matrix Item Number 366) (SSER 23 Table HH Item Number 96)
On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the current staff position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response: TVA stated that the Common Q PAMS equipment fully meets the RG 1.100 Rev. 0 and is compliant with Rev.
3, with exception of testing above 33 Hz, which is not applicableto Watts Bar.
The WBN2 FSAR (Amendment 103) references Regulatory Guide 1.100 Rev. 1 "Seismic Qualification of Electrical Equipment for Nuclear Power Plants." The Common Q PAMS was designed to meet the requirements of RG 1.100 Rev. 2. RG 1.100 Rev. 3 is the currentrevision of this guide and is endorsed by the NRC. RG 1.100 Rev. 3 endorses IEEE 344-2004.
Based upon the review of this item, the staff finds the following open item:
E1-3
Enclosure I TVA Letter Dated August 4, 2011 Responses to Licensee Open Items to be Resolved for SER Approval 1 TVA to update FSAR (Amendment 103) Table 7.1-1 to include RG 1.100 Rev. 3 for WBN2 Common Q PAMS and the Sorrento Containment High Radiation monitor.
or 2 TVA to evaluate Common Q PAMS for conformance with RG 1.100 Rev. 1.
TVA Partial Response to NRC Request 1 Attachment 2 contains the proposed FSAR change which adds RG 1.100, Revision 3 to Table 7.1-1 which will be included in a future amendment. After further review, the staff determined that a reference to the Sorrento containment high radiation monitors was not required.
2 Evaluation included in item 8 of TVA to NRC letter dated May 6, 2011 (Reference 1).
On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the currentstaff position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response.
The WBN2 FSAR (Amendment 103) references RG 1.153 Rev. 0, "Criteriafor Safety Systems." The Common Q PAMS is designed to meet the requirements of RG 1.153 Rev.
- 1. By letter dated February25, 2010 (MLl 10620219), TVA stated:
"The subject Regulatory Guides [RG 1.153 Rev. 0 & 1] endorse and reference other standards. Common Q PAMS has been evaluated to comply with the requirements of these other endorsed standards ([Comparisonreportin this letter titled IEEE-279-1971 to IEEE-603-1991 Comparison]). Therefore no additionalanalysis needs to be performed and no further action is necessary."
However, the "Comparisonreportin this letter titled IEEE-279-1971 to IEEE-603-1991 Comparison,"stated:
"The first of the two standards, IEEE-279, is part of the design basis of WBN2 but is not relevant to Common Q PAMS. The second standard,IEEE-603-1991 is not part of the design basis for the Common Q PAMS forWBN2."
Based on the reasoningquoted above, WBN2 did not evaluate the Common Q PAMS against the criteriaof RG 1.153 Rev. 1; therefore, the staff finds the following open item (see also Open Items No. I & 2 above.):
I TVA to evaluate Common Q PAMS for conformance with RG 1.153 Rev. 1.
Follow-up NRC Request Submit FSAR Amendment to update table 7.1-1.
E1-4
Enclosure I TVA Letter Dated August 4, 2011 Responses to Licensee Open Items to be Resolved for SER Approval TVA Response to Follow-up NRC Request Attachment 2 contains the proposed FSAR change which adds RG 1.153, Revision 1 to Table 7.1-1 as applicable to the Common Q PAMS which will be included in a future amendment.
On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the current staff position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response.
The WBN2 FSAR (Amendment 103) references RG 1.152 Rev. 0, "Criteriafor Digital Computers in Safety Systems of Nuclear Power Plants." The Common Q PAMS was designed to meet the requirements of RG 1.152 Rev. 1. RG 1.152 Rev. 2 is the current revision of this guide and is endorsed by the NRC. By letter dated February25, 2010 (MLI 10620219), TVA stated:
"RG 1.152 rev 2 endorses ANSI/IEEE-ANS-7-4.3.2-2003, but also provides extra regulatoryguidance concerning computer based cyber security. Since this revision was not part of the design basis of WBN2 or Common Q PAMS, the project makes no commitment to the compliance of RG 1.152 rev 2."
Based upon the review of this item, the staff finds the following open item:
1 TVA to evaluate Common Q PAMS for conformance with RG 1.152 Rev. 2.
Follow-up NRC Request Submit FSAR Amendment to update table 7.1-1.
TVA Response to Follow-up NRC Request Attachment 2 contains the proposed FSAR change which adds RG 1.152, Revision 2 to Table 7.1-1 which will be included in a future amendment.
- 7. NRC Request (M&C RAI Matrix Item Number 369) (SSER 23 Table HH Item Number 99)
On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS againstthe current staff position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response.
The WBN2 FSAR (Amendment 103) references IEEE 7-4.3.2-1982, "IEEE Standard Criteriafor Digital Computers in Safety Systems of Nuclear Power Generating Stations" as endorsed by Regulatory Guide (RG) 1.152, "Criteriafor Use of Computers in Safety Systems of Nuclear Power Plants,"Revision 0 for the Eagle 21 system. The current E1-5
Enclosure I TVA Letter Dated August 4, 2011 Responses to Licensee Open Items to be Resolved for SER Approval regulatoryposition is documented in RG 1.152 Rev. 2 which endorses IEEE Std 7-4.3.2-2003 as an acceptable method for using digital computers to meet IEEE Std 603-1991.
Based upon the review of this item, the staff finds the following open item:
I WBN2 to update FSAR Table 7.1-1 to reference IEEE 7-4.3.2-2003 as being applicable to WBN2 Common Q PAMS and the Sorrento Containment High Radiation monitor.
TVA Response to NRC Request
- 1. Attachment 2 contains the proposed FSAR change which adds IEEE 7-4.3.2 to Table 7.1-1 as being applicable to the WBN Unit 2 Common Q PAMS which will be included in a future amendment. After further review, the staff determined that a reference to the Sorrento containment high radiation monitors was not required.
On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the current staff position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response.
The WBN2 FSAR (Amendment 103) does not reference RG 1.168, IEEE 1012, or IEEE 1028. IEEE Std 7-4.3.2-2003 indentifies IEEE Std 1012-1998 as normative. RG 1.168, Rev. 1 endorses, with clarifications,IEEE 1012-1998. The current staff positions are documented in RG 1.168 Rev. 1, IEEE 1012-1998, and IEEE 1028-1997. Based upon the review of this item, the staff finds the following open item:
1 WBN2 to update FSAR Table 7.1-1 to reference RG 1.168 Rev. 1, IEEE 1012-1998, and IEEE 1028-1997 as being applicable to WBN2 Common Q PAMS and the Sorrento Containment High Radiation monitor.
TVA Response to NRC Request
- 1. Attachment 2 contains the proposed FSAR change which adds RG 1.168, Revision 1 to Table 7.1-1 as being applicable to WBN Unit 2 Common Q PAMS which will be included in a future amendment. After further review, the staff determined that a reference to the Sorrento containment high radiation monitors was not required.
- 9. NRC Request (l&C RAI Matrix Item Number 371) (SSER 23 Table HH Item Numbers 102 and 103 )
On 5/6/2010 (See Open Item No. 81) the NRC Staff requested an evaluation of the Common Q PAMS against the current staff position.
By letter dated 2/25/11 (ML110620219), TVA docketed a response.
E1-6
Enclosure 1 TVA Letter Dated August 4, 2011 Responses to Licensee Open Items to be Resolved for SER Approval The WBN2 FSAR (Amendment 103) does not reference Regulatory Guide 1.209, "Guidelinesfor EnvironmentalQualification of Safety-Related Computer-Based Instrumentation and Control Systems in Nuclear Power Plants." Based upon the review of this item, the staff finds the following open item:
I WBN2 to update FSAR Table 7.1-1 to reference RG 1.209 and IEEE Std. 323-2003 as being applicableto WBN2 Common Q PAMS and the Sorrento Containment High Radiation monitor.
TVA did not docket an evaluation against the criteria in RG 1.209. Based upon the review of this item, the staff finds the following open item:
2 WBN2 to evaluate Common Q PAMS for conformance with RG 1.209 and IEEE Std.
TVA Response to NRC Request
- 1. Attachment 2 contains the proposed FSAR change which adds RG 1.209 and IEEE Standard 323-2003 to Table 7.1-1 as being applicable to the Common Q PAMS which will be included in a future amendment. After further review, the staff determined that a reference to the Sorrento containment high radiation monitors was not required.
- 2. Attachment 3 provides the evaluation of the Common Q PAMS to the requirements of RG 1.209 and IEEE Standard 323-2003.
E1-7
Enclosure 1 TVA Letter Dated August 4, 2011 Responses to Licensee Open Items to be Resolved for SER Approval Attachment 2 Proposed TVA FSAR Change Package
NGDC WATTS BAR NUCLEAR PLANT UNIT 2 NGDC PP-10 PROJECT CHANGES TO FINAL SAFETY ANALYSIS REVISION 4 PROCEDURE REPORT, TECHNICAL SPECIFICATIONS (TS), TS BASES, AND/OR TECHNICAL REQUIREMENTS MANUAL (TRM), TRM BASES FSAR CHANGE REQUEST FSAR CHANGE PACKAGE NO.
PART A Change Required due Date Affected FSARITS/TRM Description of Justification to:* (DCN, Design Section(s) Change Modification, TS Complete Change, Other) See Change Table See Change See Change Table N/A Table See Change Table
- Attach a marked up copy of applicable FSAR page, table, revised figures, table of contents, list of tables etc.
PROPOSED CHANGES HAVE BEEN COORDINATED WITH AND ARE CONCURRED BY THE SUPPORTING ORGANIZATIONS, IF APPLICABLE SUPPORTING ORG. DATE Joe T. Temples Bechtel I&C Engineering _&_/_/_./_
Laura M. Radcliffee/.VauLw Bechtel I&C Engineering 7V27/lI Dan F. Faulkner (,)_,.-, , TVA Oversight 7/ 6/(t W. David Webb). . Bechtel I&C Engineering _71a, _ '71_
Frank A. Koontz TVA Oversight 71__711(
-StevenA. Hilmes '-i .,* o *aTVA Oversight- 4/
Print " 8ig*1n "
Prepared by: Mark S. Clark ,Phone: 423-365-3007 Date: 07/26/11 Organ ization/Add reas.htell I&C/IOB22A Approved - J----7ZZ.7% Phone: 423-365-7757 Date:
Th6mas R. Raley Section Supervisor References (based on design document, if any):
- Section supervisor approval is not required for typographical changes PART B Licensing Disposition Approved o Amendment No._
Rejected o Basis for Rejection:
Licensing Approval*** Date:
Initiating Organization transmit to: Licensing Forward to Originator Page 1 of 1 PP-1 0-1
Change Table Change # Section Change Justification
- 1. 1.1.1 Change heat input for RCPs from Resolve disagreement between and 14MWt to 16MWt chapters 1 and 5 based on initial Unit 1.2.2.2 1 value
- 2. Chapter 7 Add 7.4.2 for the Auxiliary Control Resolve July 12, 2011 ACRS meeting Table of Room, and renumber 7.4.2 Analysis to comment to add a section on the Contents 7.4.3 Auxiliary Control Room to the FSAR.
7.4.2 7.4.3
- 3. 7.1.2 Remove the entries in 7.1.2 that are Remove redundant information duplicated in Table 7.1-1, provide appropriate reference to Table 7.1-1 and renumber remaining items.
- 4. 1.1.1 Correct the use of quotes, correct Editorial corrections 7.1.2 spelling errors, adjust page numbers Table 7.1-1 and entries in Table 7.1-1. Reformat 7.4.3 Table 7.1-1 Notes for consistency and Table 7.5-2 clarity.
- 5. Table 7.1-1 Add entries and notes associated with Resolve NRC RAIs on Table 7.1-1 installation of the Common Q Post Accident Monitoring System (PAMS) and the RM-1000 digital radiation monitors
- 6. Table 7.2-2 Delete the word chamber from the The use of the term "turbine impulse description of the P-7 interlock. chamber" was previously changed to "turbine impulse" in all other locations.
This entry was overlooked during the previous change.
- 7. 7.5.1.2 Revise definition of Type A variables to Resolve NRC RAI on the definition of Table 7.5-2 reflect the fact that TVA includes RG 1.97 Type Variables.
variables that do not meet the RG 1.97 definition and identify those variables in Table 7.5-2
- 8. 7.1 Correct reference entries for WCAPs Corrections to match standard WCAP References 17044 and 13869 entry format and reflect correct WCAP 7.2 13869 title.
References 7.3 References
- 9. 12.3.4.1.3 Provide details of COT periodic test Respond to NRC comment to include frequency in accordance with COT frequency information in-the calculation WBNEEB EDQ1090-99005, FSAR Rev. 2.
- 10. 11.4.4 Revise terms used to describe monitor Be consistent with the ODCM and testing. Tech Spec terms for testing.
- 11. 12.3.4.1.3 Delete reference to the ODCM and There are no area radiation monitors reword for clarity, included in the scope of the ODCM.
- 12. 7.2.1.1.5 Delete discussion of the pressurizer FCR-57359 against EDCR 52449
,level condensing chambers deletes the condensing chambers
WATTS BAR WBNP-104 WBNP-1 04 WATTS BAR
1.0 INTRODUCTION
AND GENERAL DESCRIPTION OF PLANT
1.1 INTRODUCTION
1.1.1 Introduction This Final Safety Analysis Report (FSAR) is submitted in support of the application of the Tennessee Valley Authority (TVA) for Class 103 facility operating licenses for a two-unit nuclear power plant located approximately 50 miles northeast of Chattanooga at the Watts Bar site in Rhea County, Tennessee. Unit 1 received the low power operating license (NPF-20) on November 9, 1995, and the full power operating license (NPF-90) on February 7, 1996. TVA declared commercial operation on May 25, 1996. This FSAR reflects the Unit 2 plant. Unit 2 receieved a construction permit on January 1, 1973, and I Change 4 was placed in deferred status by letter to the NRC dated July 14, 2000. By letter dated August 3, 2007, TVA notified the NRC of its plans to resume unrestricted construction activities, under the existing construction permit and its plans to request an operating license prior to April 1,2012. TVA expects to place Unit 2 in commercial operation by October 1, 2012.
This facility has been designated the Watts Bar Nuclear Plant. The plant is designed, built, and will be operated by TVA. The Unit employs a four-loop Pressurized Water Reactor Nuclear Steam Supply System (NSSS) furnished by Westinghouse Electric Corporation. The Unit is similar to Unit 1 and those of the Sequoyah Nuclear Plant and other similar Westinghouse plants licensed by the U. S. Nuclear Regulatory Commission (NRC).
The Unit 2 reactor core is rated at 3,411 MWt and, at this core power, the NSSS will operate at 3,425 MWt. The additional 44-16_ MWt is due to the contribution of heat to the IChange 1 primary coolant system from nonreactor sources, primarily reactor coolant pump heat.
The reactor core has an Engineered Safeguards design rating of 3,582 MWt, and each NSSS has a design rating of 3,596 MWt. The net electrical output is 1,160 MWe, and the gross electrical output is 1,218 MWe for the rated core power. Plant safety systems, including containment and engineered safety features, are designed and evaluated at the higher power level. The higher power rating is used in the analysis of postulated accidents which have as a consequence the release of fission product activity to the environment.
The containment for the reactor consists of a free standing steel vessel with an ice condenser and separate reinforced concrete Shield Building. The free standing steel vessel and the concrete Shield Building were designed by TVA, and the ice condenser was designed and furnished by the Westinghouse Electric Corporation.
1.1.2 Licensing Basis Documents The following documents are typical documents submitted periodically to NRC following receipt of operating license. Implementation of changes to these documents without NRC approval may be controlled by regulation or the plant operating license.
INTRODUCTION 1.1-1
WATTS BAR WBNP-104 containment is designed to adequately retain these fission products under the most severe accident conditions, as analyzed in Chapters 6 and 15.
The license application NSSS power level is 3,425 MWt which includes 44-16 MWt from [Change 1 the reactor coolant pumps. Operation at the core design rating of 3,411 MWt yields a steady state core average linear power of 5.45 kW/ft and a corresponding peak power of 13.1 kW/ft. Reactivity coefficients and other design parameters, which are supported by analysis and experience with other similar plants, provide the basis for concluding that this reactor can be operated safely at the power levels of the application rating. The initial core load has a negative moderator temperature coefficient of reactivity at operating temperature at all times throughout core life.
The reactor core, with its related control and protection system, is designed to function throughout its design lifetime without exceeding the acceptable fuel damage limits. The core design, together with process and residual heat removal (RHR) systems, provides for this capability under expected conditions of normal operations with appropriate margins for uncertainties and anticipated transient situations, including, as examples, the effects of the loss of reactor coolant flow, turbine trips due to steam and power conversion system malfunctions, and loss of external electrical load. Acceptable fuel damage limits can be found in Section 4.2.
The reactor core is a multi-region cycled core. The fuel rods are cold worked ZIRLO tubes containing slightly enriched uranium oxide fuel. The fuel assembly is a canless type with the basic assembly consisting of the guide thimbles mechanically fastened to the grids, top, and bottom nozzles. The fuel rods are held in the grids by spring clips.
The internals, consisting of the upper and lower core support structures, are designed to support, align, and guide the core components, direct the coolant flow and guide the in-core instrumentation. Dissolved boric acid is used as a reactivity control device to minimize the use of burnable absorbers.
Rod cluster control assemblies (RCCAs) and burnable absorber rods are inserted into the guide thimbles of the fuel assemblies. The absorber sections of the RCCAs are fabricated of silver-indium-cadmium alloy slugs sealed in stainless steel tubes. The absorber material in the burnable absorber rods is in the form of borosilicate glass sealed in stainless steel tubes. The control rod drive mechanisms for the RCCAs are of the magnetic jack type. The latches are controlled by three magnetic coils. They are so designed that upon a loss of power to the coils, the RCCA is released and falls into the core by gravity to shut down the reactor.
Pressure in the system is controlled by the pressurizer, where system pressure is maintained through the use of electrical heaters and water sprays. Steam can either be formed by the heaters, or condensed by the spray to minimize pressure variations due to contraction and expansion of the coolant. Instrumentation used in the reactor coolant system is described in Chapter 7. Spring-loaded steam safety valves and power-operated relief valves for overpressure protection are connected to the pressurizer and discharge to the pressurizer relief tank, where the discharged steam is condensed and cooled by mixing with water.
GENERAL PLANT DESCRIPTION 1.2-3
WATTS BAR WBN P-104 TABLE OF CONTENTS Section Title Page 7.3.2.1 SYSTEM RELIABILITY/AVAILABILITY AND FAILURE 7.3-9 MODE AND EFFECT ANALYSES 7.3.2.2 COMPLIANCE WITH STANDARDS AND DESIGN 7.3-9 CRITERIA 7.3.2.3 FURTHER CONSIDERATIONS 7.3-16 7.3.2.4
SUMMARY
7.3-16 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.4-1 7.
4.1 DESCRIPTION
7.4-1 7.4.1.1 MONITORING INDICATORS 7.4-1 7.4.1.2 CONTROLS 7.4-2 7.4.1.3 EQUIPMENT AND SYSTEMS AVAILABLE FOR COLD 7.4-5 SHUTDOWN 7.4.2 AUXILIARY CONTROL ROOM (ACR) Change 2]
7.4. -3 ANALYSIS 7.4-5 7.5 INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY 7.5-1 7.5.1 POST ACCIDENT MONITORING INSTRUMENTATION (PAM) 7.5-1 7.5.1.1 SYSTEM DESCRIPTION 7.5-1 7.5.1.2 VARIABLE TYPES 7.5-1 7.5.1.3 VARIABLE CATEGORIES 7.5-2 7.5.1.4 DESIGN BASES 7.5-3 7.5.1.5 GENERAL REQUIREMENTS 7.5-6 7.5.1.6 ANALYSIS 7.5-7 7.5.1.7 TESTS AND INSPECTIONS 7.5-7 7.5.1.8 POST ACCIDENT MONITORING SYSTEM (PAMS) 7.5-8 7.5.2 PLANT COMPUTER SYSTEM 7.5-8 7.5.2.1 SAFETY PARAMETER DISPLAY SYSTEM 7.5-9 7.5.2.2 BYPASSED AND INOPERABLE STATUS INDICATION 7.5-11 SYSTEM (BISI) 7.5.2.3 TECHNICAL SUPPORT CENTER AND COMMUNICATION 7.5-13 DATA LINKS 7.6 ALL OTHER SYSTEMS REQUIRED FOR SAFETY 7.6-1 7.6.1 120V AC AND 125V DC VITAL PLANT CONTROL POWER 7.6-1 SYSTEM 7.6.2 RESIDUAL HEAT REMOVAL ISOLATION VALVES 7.6-1 7.6.
2.1 DESCRIPTION
7.6-1 7.6.2.2 ANALYSIS 7.6-2 7-fi Table of Contents
WATTS BAR WBNP-104 7.1.1.2 Safety-Related Display Instrumentation The Post Accident Monitoring System (PAMS) provides essential information required by the operator to diagnose and monitor significant accident conditions. The accident-monitoring instrumentation is designed with redundant channels so that a single failure does not prevent the operator from determining the nature of an accident, the functioning of the engineered safety features, the need for operator action, and the response of the plant to the safety measures in operation. This system is described in Section 7.5.1.8.
Other safety-related, along with non safety-related display instrumentation is discussed in Section 7.5..
7.1.1.3 Instrumentation and Control System Designers All systems discussed in Chapter 7 have definitive functional requirements developed on the basis of the Westinghouse NSSS design. TVA is responsible for the total design of the WBN instrumentation and controls systems. The RTS, ESFAS, and SSPS are generally the instrumentation and controls systems within the scope of the Westinghouse supply. Figures 7.2-1 and 7.3-3 show the logic for the Reactor Protection System (RPS).
7.1.1.4 Plant Comparison System functions for all systems discussed in Chapter 7 are similar to those of Sequoyah Nuclear Plant. Detailed comparison is provided in Section 1.3.
7.1.2 Identification of Safety Criteria Section 7.1.2.1 gives design bases for the systems given in Section 7.1.1.1, except for the auxiliary control air system which is described in Section 9.3.1 and the safety-related display instrumentation systems which are described in Section 7.5. Design bases for non safety-related systems are provided in the sections which describe the systems.
Conservative considerations for instrument errors are included in the accident analyses presented in Chapter 15. Functional requirements, developed on the basis of the results of the accident analyses, which have utilized conservative assumptions and parameters are used in designing these systems and a preoperational testing program verifies the adequacy of the design. Accuracies are discussed in Sections 7.2, 7.3 and 7.5.
The documents listed below were considered in the design of the systems given in Section 7.1.1. In general, the scope of these documents is given in the document itself.
This determines the systems or parts of systems to which the document is applicable. A discussion of compliance with each document for systems within its scope is provided in the referenced sections.
Because some documents were issued after design and testing had been completed, the equipment documentation may not meet the format requirements of some standards.
Table 7.1-1 and Notes 1 through 4-2-20 identify the degree of conformance to applicable documents and justify exceptions. In addition to the documents listed in Table 7.1-1, Change 3 tThe documents considered are:
INTRODUCTION 7.1-5
WATTS BAR WBNP-104 WBNP-1 04 WATTS BAR (1) -General Design Criteria for Nuclear Power Plants, "Appendix A to Title 10 CFR [Change 4 Part 50, July 7, 1971." (See Sections 7.2, 7.3, 7.4, and 7.6).
(2) Deleted
( "Regulatory Guide 1.22 (Revision 0) Periodic Testing of Protection System Cag Actuation Func~tions,' Regulatory Guides for Water Cooeled Nulo'lar Power
" ".Cjt,.__V -MIN-C-1-f-1. "M tý N"MAIr 7.1 1, ete 2.
(4) Regulatory Guide 1.29 (Revision 3) "Seismic. DsgnCassification, "Regulator-y Guides for Water Cooled. NuclePar Po-Wer DD. lantS," irectora*r.-t-te of Regulate~'
Standards, Atomic Energy cm*m sionr.
(5);I The Institute of Electrical and EletFPRnic Engineers, Inc., "IEEE StandarFd: Criteria for Protection Systems for Nuclear Power Generating Stations," IEEE StandarAd 279 1971. (Sec Sectiens 7.2,,7.3, 7.6).
(6) The IRstitute of Electrical aRd EleGFtrnic Engineers, Inc., "IEEE StandarFd Crifria for Class 1E Electric Systemns for Nucle-ar Powoer Generating Stations," IEEE:
Standard 308 1971. (See Section 8.1.5) 7-}2)LThe Institute of Electrical and Electronic Engineers, Inc.," IEEE Standard for Electrical Penetration Assemblies in Containment Structures for Nuclear Fueled Power Generating Stations," IEEE Standard 317-1976. (See Section 8.3.1.2.3).
(9) The lmInstitu-_te of Electrical and ElectFroni Engineers, Inc., "IEEE Trial Use Standard: General Guide for Qualifying Class 1Electric Equipment for Nuclear Power Generating Stations," IEEE Standard 323 197-1. (See Table 7.1 1, Not Change 3]
(9) The Institute ofE-lectrical and Electronic Engineers, Inc., "IEEE StaRda.d-fe Qualifying Q las 1 E Equipment for Nulear Power Generating Stations", IEE Std. 323 1974. (See Table 7.1 1, Notes 4 and 8) 1/fl1 I l l*i-T I
PIhM IN m 'PP mrll l I,.-,, '-'
-44)3LTheInstitute of Electrical and Electronic Engineers, Inc., "IEEE Standard Installation, Inspection, and Testing Requirements for Instrumentation and Electric Equipment During the Construction of Nuclear Power Generating Stations," IEEE Standard 336-1971. (See Section 8.3.1.2.2).
(12) The Institute of Electrical and Electronic Engineers, Inc., "IEEE Trial Use Criteria for the Period Tesing of Nuclear Power Generating Station Protection Change 3 Systems," IEEE Standard 338 1971. (Sec Section 7m2.2.2, 7.3.2.2.5 and Tabl 7.1 1,Nete 4.
7.1-6 INTRODUCTION
WATTS BAR WBNP-104 WATTS BARWBNP-104l (43) IEEEStd. 328 198-7 "IEEE StaRd*a-rd Criteria for the PeDrieodic Testi'ng of Nuclear*a Power GenReating Station Safety Systems.. (Sec Table 7.1 1, Note 8)
(44) The Institute of Electrical and Electronic Engineers, lnc.,j'IEE Trial Use Guide IChange 3 for Seismnic Qu1alfication of Class I El!ectric Equipment forF Nuclear Power G~eneating StationS," IEEE.F Standard 344 1971. (See Section 3.10.1).
f~54j(IThe Institute of Electrical and Electronic Engineers, Ine, "IEEE Recommended Practices for Seismic Qualification of Class 1 E Equipment for Nuclear Power Generating Stations," IEEE Std. 344-1975. (See Section 3.10.1)
(16) The Institute of FE!ectrca*l aRd EletFronic Engineers, ,Rln, IEEE Recomme.-nded Practices for Seismic Qualification of Class , 1 Equipment for Nuclear Power Generating StationS," IEEEF Std. 311 1987. (See Table 7.1 1, Note 8)
(17) The Institute of Ealectric~al and Electroic EnRgineers, Ine, "IFEEE Guide for Genra Principles of Reliability Analysis of Nuclear Power Genorating Station Protection Systems," IEEEfStd. 352 1975. (See Table 7.1 1, Note 8)
(18I The Institute of EletrFi*al aRnd ElFetronic e ln., "IEEE Trial Use Guide
,nGineers, Change 3 for the Applic.afion of the Single Failure* riterion to Nu rlear Power Geperating.
Station Protection Systems," IEEE Standard - 3-79, 1972. (See Table 7.1 1, Note (19) The IRstitute*f Eleptric-al nd EleGtroRnic- Engineers, nc, "F=IEE Starndard Application*of the Single Failure Critero*n to Nuclear Power GeRerating Station Class lEF Systems," IEEE Std. 379 1988. (Sec Table 7.1 1, Note 8)
(20) The Institute oTf Electrical and E-lectronic Engineers, lno, "IEEE Standard Crite for Independence of Class l E Equipment and Circuits," IEEE=F Std. 381 1981-.
(24) The Institute Of Electrial and ElectEronic Engineers, Ine, "IEEE= Standard Criteri for Safety Systemns for NulaPoe Generating Stations," IEE.E Std. 603 1980.
(22) "Regulatory Guide 1.53 Revision 0, Juno 1973 Application of the Single-Failure Criterion to Nuclear Power Plant Protection Systems, "Regulatory Guidesfo Waer oled Nuclear Power Plant DiVision of Reactor Standards, Atomic EFnergy CoMmissioR. (See Table 7.1 1, Note 3).
(23) Regulator,' Guide 1.17, Revision 0, May 197-3 "Bypassed and Inoperable Stau Indication for Nuclear Power Plant Safety Systems". (See Table 7.1 1, Note 5)
INTRODUCTON 7.1-7
WATTS BAR WBNP-104 WATTS BARWBNP-1 04 (24) Regulatery Guide 1.75, Revision 2, September 1978 "PhySical independencGo Electrical Systems". (See Table 7.1 1, Note 8)
(25) Regulatory Guide 1.89, Revision 1, June 1981 'Qualification of Glass 1F Equip nt for Nuclear Power Plants". (See Table 7.1 1-, NIoMe (26) rle÷d by Amendment 103a (27) Regulatory Guide 1.100, Revision 1,August 1977 "Seismic QualificationP of Elet*rical Equipment for Nuclear Power Plants". (Sec Table 7.1 1, Note 8)
(28) Regulator,' Guide 1.105, Revision 2, February' 19865 "Instrum~enAt Setpoints forF Change 3 Safet' Related Systems". (See Table 7.1 1, Note 8) 629) e ... Ilt Guide 1.118, ReVi*io;n 2 Jiu e1978 "Periodic TestiRngof Electric Powe8an Protection Systems". (See 8.1.5.3, Note 8 for electric power systems&)
pig) Regulatorr' Guide 1.153, Revision 0, De'ember 1985 "riteFria for Powe*r
/FInsrumentation and ConRtro'l Po-,ioR.S o-f Safety Systems". Regulatory Guide 1.153, endorses the guidance of IEEE= SSW. 6-032 1980. (See Table 7.1 1, Note8 (31) ANSI/IEFEE ANS 7 41.32 1982 "Application Criteria for Programmable Digital 6em~pyter Systems in Safety Syste S i- ruiar NU: Pewer kUUUWeFay~~t~
(See Table 7.1 1, No~tes 8 and 10)
ANSI/IEEE ANS 7 4.3.2 1982 expands andl amplifies the require-ments, of IEEE=F Std. 603 1980 (32) Rcoulatoe Guide 1.152. Revision 0. Novemnber 1985 "Criteria for PEGroaramable (See Table 7.1 1, Notes 6 and 8)
R.gulator Guide 1.152, endorses the guidance of ANSI/IEEE 714.3.2 1982.
7.1.2.1 Design Bases The technical design bases for the protection systems are provided by Westinghouse equipment specifications which consider the functional requirements for these systems and applicable criteria as identified in Table 7.1-1.
7.1.2.1.1 Reactor Trip System The reactor trip system acts to limit the consequences of Condition II events by, at most, a shutdown of the reactor and turbine, with the plant capable of returning to operation after corrective action. The reactor trip system features impose a limiting boundary region to plant operation which ensures that the reactor safety limits analyzed in Chapter 15 are not exceeded during Condition II events and that these events can be accommodated without developing into more severe conditions.
7.1-8 INTRODUCTION
WATTS BAR WRNP-1n4 (4) Erin, L. E., "Topical Report Eagle 21 Microprocessor-Based Process Protection System," WCAP-12374, Rev. 1, December 1991 (Westinghouse Proprietary Class 2); WCAP-12375, Rev. 1, December 1991 (Westinghouse Proprietary Class 3).
(5) Trozzo, R. W.,WGAP "Westinghouse Setpoint Methodology for Protection Systems7 Watts Bar Unit 2" WCAP-1 7044-P/NP," Revision 0, December 2009, IChange 8 (Unit 2 only).
(6) Scherder, W. J., WCAP-13869, "Functional Diversity Assessment For The Reactor Protection SVstem/Engineered Safety Features Actuation System At IChange 8 Watts Bar Units 1 And 2," Revision 1, October 1993. "Reactor Protection System Diversit' in W~estinghouSe Pre-ssurized W~ater ReactoGtrs," Rev. 1.
INTRODUCTON 7.1-19
WATTS BAR WBNP-104 Table 7.1-1 Watts Bar Nuclear Plant NRC Regulatory Guide Conformance (Page 1 of 910) IChange 4 The extent to which the recommendations of the applicable NRC regulatory guides and IEEE standards are followed for the Class 1 E instrumentation and control systems is shown below.
The symbol (F) indicates full compliance. Those which are not fully implemented are discussed in the referenced sections of the FSAR and in the footnotes as indicated.
Regulatory Guide 1.22, Revision 0, February 1972 "Periodic Testing of Protection System Actuation Functions" (F, see note 2).
Regulatory Guide 1.29, Revision 3, September 1978 "Seismic Design Classification" (F).
Regulatory Guide 1.30, Revision 0, August 1972 "Quality Assurance Requirements for the Installation, Inspection, and Testing of Instrumentation and Electric Equipment." (See Section 7.1 for compliance.)
Regulatory Guide 1.45, Revision 0, May 1973 "Reactor Coolant Pressure Boundary Leakage Detection Systems" (See Note 7).
Regulatory Guide 1.47, Revision 0,May 1973 "Bypassed and Inoperable Status Indication for Nuclear Power Plant Safety Systems" (F see note 5).
Regulatory Guide 1.53, Revision 0, June 1973 "Application of the Single Failure Criterion to Nuclear Power Plant Protection Systems" (F see note 3).
Regulatory Guide 1.62, Revision 0, October 1973 "Manual Initiation of Protective Actions" (F).
Regulatory Guide 1.63, Revision 2, July 1978 "Electrical Penetration Assemblies in Containment Structures for Water-Cooled Nuclear Power Plants" (See Section 8.1.5.3 for compliance).
Regulatory Guide 1.68, Revision 2, August 1978 "Preoperational and Initial Startup Test Program for Water-Cooled Power Reactors" (See Section 14.2.7).
Regulatory Guide 1.75, Revision 2, September 1978 "Physical Independence of Electric Systems" (See Sections 8.1.5.3, 8.3.1.4, 8.3.2.4, and 8.3.2.5 for compliance, Notes 8 and 15).
JChange 51 Regulatory Guide 1.75, Revision 3, February 2005, "Criteria for Independence of Electrical Safety Systems" (See Sections 8.1.5.3, 8.3.1.4, 8.3.2.4, and 8.3.2.5 for compliance) (See Notes 13, 14 and 15).
7.1-20 INTRODUCTON
WATTS BAR WBNP-104 Table 7.1-1 Watts Bar Nuclear Plant NRC Regulatory Guide Conformance
( Page 2 of 010) I Change 4 Regulatory Guide 1.79, Revision 1, September 1975 "Preoperational Testing of Emergency Core Cooling Systems for Pressurized Water Reactors" (See Section 6.3.4.1).
Regulatory Guide 1.683, Revision 0, April 1982 "Preoperational Testing of Instrument Air Systems" (F).
Regulatory Guide 1.89, Revision 1, June 1984 "Environmental Qualification of Certain Electrical Equipment Important to Safety for Nuclear Power Plants" (See note 4).
Regulatory Guide 1.97, Revision 2, December 1980 "Instrumentation for Light-Water Cooled Nuclear Power Plants to Assess Plant Conditions During and Following an Accident" (See Section 7.5).
Regulatory Guide 1.100, Revision 1, August 1977 "Seismic Qualification of Electrical Equipment for Nuclear Power Plants" (See Note 8).
Re-gulatory Guide 1.100, Revision 2, June 1988, "Seismic Qualification of Electric and Mechanical Equipment for Nuclear Power Plants" (See Notes 13, and 20). Change 5 Regulatory Guide 1.100, Revision 3, September 2009, "Seismic Qualification of Electric and Mechanical Equipment for Nuclear Power Plants" (See Notes 13, 14 and 16).
Regulatory Guide 1.105, Revision 2, February 1986 November 1976 "Instrument Setpoints for Safety-Related Systems" (See Note 8).
Regulatory Guide 1.133, Revision 1, May 1981 "Loose-Part Detection Program for the Primary System of Light-Water Cooled Reactors", Revision 1 (See Note 12).
Regulatory Guide 1.118, Revision 2, June 1978 "Periodic Testing of Electric Power and Protection Systems" (See Notes 8 and 11), (See Section 8.1.5.3, Note 8, for electric power systems).
Regulatory Guide 1.152, Revision 0, November 1995 "Criteria for Programmable Digital Computer System Software in Safety-Related Systems of Nuclear Power Plants" (See Notes 6, 8 and 14). Change 5 Regulatory Guide 1.152, Revision 3, July, 2011 "Criteria for Digital Computers in Safety Systems of Nuclear Power Plants " (See Notes 13 and 17).
Regulatory Guide 1.153, Revision 0, December 1985 "Criteria For Power, Instrumentation and Control Portions of Safety Systems" (See Notes 8 9 and -914). I C~hange 5 Regulatory Guide 1.153, Revision 1, June 1996, "Criteria For Safety Systems" (See Note 13).
ANSI.IEEE ANS 7 4.3.2 1982 "Application Criteria fo Programmable Digital C..puter Systems in Safety Systems of Nuclear Power Generating Sttions" (See Note 8 and 10). IChange 4 Regulatory Guide 1.152, ReViSion 0,Noeme 199Q5 "C~riterFia for Programmable Digital Computer System Software in Safety Related Systems of Nuclear Power Plants" (P) (See notes 6 and8).
IChange 4I IEEE Stud. -2791971, "Protection Systems for Nuclear Power Generating StationS" (F=).
7.1-21 INTRODUCTION
WATTS BAR WBNP-104 Table 7.1-1 Watts Bar Nuclear Plant NRC Regulatory Guide Conformance (Page 3 of 10_9) IChange 4 Regulatory Guide 1.168, Revision 1, February 2004, "Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants" (See Note 13).
Regulatory Guide 1.209, Revision 0, March 2007, "Guidelines for Environmental Qualification of IChange 5 Safety-Related Computer-Based Instrumentation and Control Systems in Nuclear Power Plants" (See Note 13)
ANSI/IEEE-ANS-7-4.3.2-1982 "Application Criteria for Programmable Digital Computer Systems in Safety Systems of Nuclear Power Generating Stations" (See Notes 8, 10 and 14).
IEEE Std. 7-4.3.2-2003 "Application Criteria for Programmable Digital Computer Systems in Safety Systems of Nuclear Power Generating Stations" (See Notes 13 and 18).
IEEE Std. 279-1971, "Protection Systems for Nuclear Power Generating Stations" (F) (See Sections 7.2, 7.3, 7.6).
IEEE Std. 308-1971, "Class 1E Power Systems for Nuclear Power Generating Stations" (See Section 8.1.5).
IEEE Std. 323-1971, "IEEE Trial-Use Standard: General Guide for Qualifying Class 1 E Equipment for Nuclear Power Generating Stations" (See Note 4).
IEEE Std. 323-1974, "IEEE Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations," (See Notes 4, 8 and 814). IChange 5 IEEE Std. 323-2003, "IEEE Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations," (See Note 13).
C~hange 51 IEEE Std. 338-1971, "Periodic Testing of Nuclear Power Generating Station Safety Systems" (See note 1 and Section 7.3.2.2.5 for compliance).
IEEE Std. 338-1977, "IEEE Standard Criteria for the Periodic Testing of Nuclear Power Generating Station Safety Systems" (See Note 11).
IEEE Std. 338-1987, "IEEE Standard Criteria for the Periodic Testing of Nuclear Power Generating Station Safety Systems," (See Notes 8, 13 and 14). IChange 5 IEEE Std. 344-1971, "Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations" (F) (For clarification of conformance to IEEE Standard 344-1975, See Section 3.10.1).
IEEE Std. 344-1987, "IEEE Recommended Practice for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations," (See Notes 8 and 14). Ichange 5 IEEE Std. 352 1975, "IEEE Guide for General Principles of Reliability Analysis of Nuclear Power Generating Station Protection Systems," (See Note 8).
C~hange 4 IEEE Std. 379 1972, "IEEE Trial Use Guide for the appli.atiGon f the Single Failure Crimteri*on to Nuclear Power Ge*eFrating Station Protetion Systems," (Sec Note 3).
IEEE Std-. 3-79 1988, "llEEE= StaRdapr
÷ Applicati*
- R f the Single Fa;ilure Critrion to Nuclear Power Generating Statien Class FESystoms," (See Nete 8). IChange 4 7.1-22 INTRODUCTION
WATTS BAR WBNP-104 Table 7.1-1 Watts Bar Nuclear Plant NRC Regulatory Guide Conformance (Page 4 of 109) I Change4 IEEE Std. 344-2004, "IEEE Recommended Practice for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations," (See Notes 13 and 16).
IEEE Std. 352-1975, "IEEE Guide for General Principles of Reliability Analysis of Nuclear Power Generating Station Protection Systems," (See Note 8). IChange 5I IEEE Std. 379-1972, "IEEE Trial-Use Guide for the application of the Single Failure Criterion to Nuclear Power Generating Station Protection Systems," (See Note 3).
IEEE Std. 379-1988, "IEEE Standard Application of the Single Failure Criterion to Nuclear Power Generating Station Class 1 E Systems," (See Note 8).
IEEE Std. 384-1981, "IEEE Standard Criteria for Independence of Class 1 E Equipment and Circuits," (See Note 8).
IEEE Std. 384-1992, "IEEE Standard Criteria for Independence of Class 1 E Equipment and I Change 5 Circuits," (See Notes 13 and 19).
IEEE Std. 603-1980, "IEEE Standard Criteria For Safety Systems for Nuclear Power Generating Stations," (See Note 8).
IEEE Std. 603-1991, "IEEE Standard Criteria For Safety Systems for Nuclear Power Generating Stations," (See Note 13). Change 51 IEEE Std. 1012-1998 "IEEE Standard for Software Verification and Validation" (See Note 13)
IEEE Std. 1028-1997 "IEEE Standard for Software Reviews" (See Note 13)
NOTES Change 4 Note 1 Conformance to IEEE 338-1971 The periodic testing of the reactor protection systems conforms to the requirements of IEEE Standard 338-1971 with the following comments:
- 1. The surveillance requirements of the Technical Specifications for the protection system I change 4I ensure that the system functional operability is maintained comparable to the original design standards. Periodic tests at frequent intervals demonstrate this capability for the system.
Protection systems response times from the scnSO. through the actuated devic,, as ientificdI in the Watts Bar Technical Requirements Manual, wIll be verified. Tehnical Specificatiolns *requ ir periodic testing on at least 18 mRonth inteNrals. Each test shall includ- Cohange 41 a~t P-least one logic train such that both logic trains, are t~es-tedd At least onc~e per 36 months. and-one channel per f*untion such that all channels are tested at least once ever-' (N times 1*)
months, where N is the total number of redundant channels in a specific protection function.
The measuromonW t of reponsGe time at the Specified freque*n*ipGrovides ur-nce that the prtecti..Ve and Engi.eered Safety Features action function ass.oiated with each channel is completed within the time limit assumed in the accident analyses,.
Change 4
- 2. The test frcqueRnies, established for the racto-r prftection system, evaluatod in-\AP 10271 SupplemeRnt 1 and,OAPD 10271 P A SupplemeRnt 2, "WeStiRnghloue EvalU'tiOn of Sur-eillance Frequencies and Out of Service Times for the Reactor Protection Instrument System," are onRsistent with the required reliaNility of the rea*trF proteti*n System to provide acceptable risk results.
7.1-23 INTRODUCTION
WATTS BAR WBNP-104 WATTS BARWBNP-104d Table 7.1-1 Watts Bar Nuclear Plant NRC Regulatory Guide Conformance Change 4]
( Page 5 of 109)
Protection systems response times from the sensor throuqh the actuated device, as identified in the Watts Bar Technical Requirements Manual, will be verified.
Technical Specifications require periodic testinq on at least 18-month intervals. Each test shall include at least one loqic train such that both loqic trains are tested at least once per 36 months and one channel per function such that all channels are tested at least once every (N times 18) months, where N is the total number of redundant IChange 4 channels in a specific protection function.
The measurement of response time at the specified frequencies provides assurance that the protective and Enqineered Safety Features action function associated with each channel is completed within the time limit assumed in the accident analyses.
- 2. The test frequencies established for the reactor protection system, evaluated .in WCAP 10271 Supplement 1 and WCAP 10271-P-A Supplement 2, "Westinqhouse Evaluation of Surveillance Frequencies and Out of Service Times for the Reactor Protection Instrument System," are consistent with the required reliability of the reactor protection system to provide acceptable risk results.
- 3. The periodic test frequency discussed in Paragraph 4.3 of IEEE Standard 338 and specified in the plant Technical Specifications is conservatively selected to assure that equipment associated with protection functions has not drifted beyond its minimum performance requirements. If any protection channel appears to be marginal or requires more frequent adjustments due to plant condition changes, the test frequency is accelerated to accommodate the situation until the marginal performance is resolved.
- 4. The test interval discussed in Paragraph 5.2, IEEE Standard 388, is developed primarily on past operating experience and modified if necessary to assure that system and subsystem protection is reliably provided. Analytic methods for determining reliability are not used to determine test interval except for the Eagle 21 system for which a reliability study was conducted and documented in Westinghouse PCA (88)-129 "Eagle 21 Process Protection System Reliability Study" Rev. 1 dated June 22, 1988 (Westinghouse Proprietary Class 2).
Note 2 Conformance to Regulatory Guide 1.22 IChange 4 Periodic testing of the reactor trip and engineered safety features actuation systems, as described in Sections 7.2.2 and 7.3.2, complies with NRC Regulatory Guide 1.22, "Periodic Testing of Protection System Actuation Functions." There are functions which will not be tested at power because to do so would render the plant in a less safe condition. These include the following:
- 1. Tyubine trip equipment that causes a reaGcto trip; the trip of turbine fro this same turbin trip eguipmcnt also is taken credit forF en a safety injectfion or reactor trip;
- 2. Generation of a reactor trip by use of the manual trip SWItch; Change 4
- 3. Generation of a reactor trip by use of the manual safety ijconSWitch;
- 4. Clo)sing the main steam line sto~p Valves;
- 5. Closing thedaer cotrol valves;
- 6. Closing the feedwater isolation valves
- 7. Reactor coolant pump compo en cooing water ioaonvalves (close);
7.1-24 INTRODUCTION
WATTS BAR WBNP-104 Table 7.1-1 Watts Bar Nuclear Plant NRC Regulatory Guide Conformance (Page 6 of 109) [Change4
- 1. Turbine trip equipment that causes a reactor trip; the trip of turbine from this same turbine trip equipment also is taken credit for on a safety iniection or reactor trip:
- 2. Generation of a reactor trip by use of the manual trip switch;
- 3. Generation of a reactor trip by use of the manual safety iniection switch; IChange
- 4. Closing the main steam line stop valves;
- 5. Closing the feedwater control valves;
- 6. Closing the feedwater isolation valves:
- 7. Reactor coolant pump component cooling water isolation valves (close):
- 8. Reactor coolant pump seal water return valves (close).
The actuation logic for the functions listed will be tested as described in Sections 7.2 and 7.3. As required by Regulatory Guide 1.22, where actuated equipment is not tested during reactor operation it has been determined that:
- 1. There is no practicable system design that would permit testing of the equipment without adversely affecting the safety or operability of the plant;
- 2. The probability that the protection system will fail to initiate the operation of the equipment is, and can be maintained, acceptably low without testing the equipment during reactor operation; and
- 3. The equipment will be routinely tested when the reactor is shutdown as defined in the Technical Specification.
Where the ability of a system to respond to a bona fide accident signal is intentionally bypassed for the purpose of performing a test during reactor operation, each bypass condition is automatically indicated to the reactor operator in the main control room by a separate annunciator for the train in test. SSPS test circuitry does not allow trains to be tested at the same time so that extension of the bypass condition to redundant systems is prevented.
Note 3 Conformance to IEEE 379-1972 and Regulatory Guide 1.53 I Change 4 The principles described in IEEE Standard 379-1972 were used in the design of the Westinghouse protection system. The system complies with the intent of this standard and the additional requirements of Regulatory Guide 1.53. The formal analyses required by the standard have not been documented exactly as outlined although parts of such analyses are published in various documents (e.g., WCP- 7486-L, December 1970, and WCP-7486, May 1971, W.C. Gangloff, "An Evaluation of Anticipated Operational Transient in Westinghouse Pressurized Water Reactors"). Westinghouse has gone beyond the required analyses and has performed a fault-tree analysis Section 7.1 Reference [1].
7.1-25 INTRODUCTION
WATTS BAR WBNP-104 Table 7.1-1 Watts Bar Nuclear Plant NRC Regulatory Guide Conformance (Page 7 of 109) [Change4 The referenced Topical Reports provide details of the analyses of the protection systems previously made to show conformance with single failure criterion set forth in Paragraph 4.2 of IEEE Standard 279-1971. The interpretation of single failure criterion provided by IEEE-379 does not indicate substantial differences with the Westinghouse interpretation of the criterion except in the methods used to confirm design reliability. Established design criteria in conjunction with sound engineering practices form the bases for the Westinghouse protection systems. The reactor trip and engineered safeguards actuation systems are each redundant safety systems. The required periodic testing of these systems will disclose any failures or loss of redundancy which could have occurred in the interval between tests, thus ensuring the availability of these systems.
Note 4 Conformance to Regulatory Guide 1.89 Change 4 Watts Bar Nuclear Power Plant 1E equipment within the scope of 10 CFR 50.49 is qualified in accordance with IEEE 323-1971 or IEEE 323-1974. (See Reference [1] of Section 3.1.1).
Section 7.1 Reference [4] provides additional information for the Eagle 21 process protection system.
7.1-26 INTRODUCUON
WATTS BAR WBNP-104 Table 7.1-1 Watts Bar Nuclear Plant NRC Regulatory Guide Conformance (Page 8 of 109) I COhange 4 Note 5 Conformance to Regulatory Guide 1.47 IChange 4 Watts Bar Nuclear Plant will be in full compliance with the intent of Regulatory Guide 1.47 (BISI) Revision 0, as described in Section 7.5.2.2.
Note 6 Conformance to Regulatory Guide 1.152, Revision 0 [Change 41 Watts Bar Nuclear Plant process protection racks are qualified by procedures and testing to Westinghouse's interpretation of Regulatory Guide 1.152 (WCAP-13191, Watts Bar Nuclear Plant Eagle 21 Process Protection System Replacement Hardware Verification and Validation Report, April 1992). Regulatory Guide 1.152 endorses the guidance of ANSI/IEEE-ANSI-7-4.3.2-1982.
Note 7 Conformance to Regulatory Guide 1.45, Revision 0 Compliance to Regulatory Guide 1.45 is as identified in Section 5.2.7.3.
Note 8 Eagle 21 System Applicability These Rules, Regulations and standards are applicable to the design of the Eagle 21 process protection system cabinets. Unless stated otherwise, the revision in effect on December 1, 1983 is applicable to the design.
Note 9 Regulatory Guide 1.153 Revision 0 Clarification Regulatory Guide 1.153, Revision 0 endorses the guidance of IEEE Std. 603-1980.
[Change 4J Note 10 ANSI/IEEE-ANS-7-4.3.2-1982 Clarification ANSI/IEEE-ANS-7-4.3.2-1982 - expands and amplifies the requirements of IEEE Std. 603- l Change 4 1980.
Note 11 Conformance to Regulatory Guide 1.118 The design of the Eagle 21 process protection system cabinets complies with the requirements of Regulatory Guide 1.118 Revision 2 except as follows:
[Change 4 Position C.6(a) - Where feasible, test switches or other necessary equipment will be installed permanently to minimize the use of temporary jumpers in testing in accordance with the requirements in IEEE Standard 338-1977.
7.1-27 INTRODUCTION
WATTS BAR WBNP-104 Table 7.1-1 Watts Bar Nuclear Plant NRC Regulatory Guide Conformance (Page 9 of 109) I Change4 Note 12 Conformance to Regulatory Guide 1.133 I Change 4 Conforms except as noted below. Refer to Section 7.6.7 for a discussion of the digital metal impact monitoring system (DMIMS) which is the Watts Bar Unit 2 loose part monitoring system.
Position C.5.a. states that the sensor location should be noted in the Technical Specifications. The Watts Bar Loose-Part Detection System Technical Specifications were relocated to the Technical Requirements Manual. The Technical Requirements Manual describes the sensor locations (TRM B 3.3.6, Loose-Part Detection System).
Positions C.3.a.(3) and C.5.c. recommend a channel calibration be performed at least once per 18 months. In lieu of this recommendation, the DMIMS is calibrated at the frequency stated in subsection TSR 3.3.6.3 of TR 3.3.6 (Loose-Part Detection System) which is the 18 month frequency defined in Reg Guide 1.133 Rev 1.
Positions C.3.a.(2) (a) and (e) state that the alert levels for startup and power operation be submitted to the Commission within 90 days (60 days for subsection (e)) following the completion of the startup test program or when there is a change to the preexisting alert levels for power operation. Watts Bar Unit 2 will report changes in the alert level alarm to the Commission when they exceed the setpoint determination criteria described in Section 7.6.7.
Note 13 Common Q Post Accident Monitoring System (PAMS) Applicability These Rules, Regulations and standards are applicable to the design of the Common Q PAMS system cabinets.
Note 14 Containment High Range Radiation Monitor Applicability These Rules, Regulations and standards are applicable to the design of the digital containment high range radiation monitors. IChange 5 Note 15 Conformance to Regulatory Guide 1.75 Conformance to Regulatory Guide 1.75 is limited to the internal panel wiring provided by the equipment manufacturer. Regulatory Guide 1.75 was issued after the Watts Bar design was complete. Separation criteria for external cabling for WBNP are given in Sections 8.1.5.3, 8.3.1.4, 8.3.2.4, and 8.3.2.5.
Note 16 Conformance to Regulatory Guide 1.100, Revision 3 and IEEE 344-2004 The Common Q new design modules used in the PAMS; and the RM-1000 radiation monitors comply with IEEE 344-2004 and with Regulatory Guide 1.100 Revision 3 with the exceotion of issues associated with testina above 33Hz.
7.1-2R INTROMUC'I(MO T 1-28 INTRODUCTION
WATTS BAR WBNP-104 Table 7.1-1 Watts Bar Nuclear Plant NRC Regulatory Guide Conformance (Page 10 of 10)
Note 17 Conformance to Regulatory Guide 1.152, Revision 2 Common Q PAMS is in conformance with RG 1.152, Revision 3, with the exception of the secure operating environment requirements.
The Common Q PAMS will meet the secure operating environment requirements, by conformance to the cyber security requirements for the WBN Unit 2 Nuclear Security Program as mandated by 10 CFR 73.54 via WBN Unit 2 Procedure 25402-3DP-G04G-00508, "Cyber Security Program." This cyber security procedure addresses the security controls identified in NIST Special Publication 800-53, "Recommended Security Controls for Federal Information Systems and Organizations," Revision 3, which are very similar to the recommended controls endorsed by the NRC in RG 5.71, "Cyber Security Programs For Change 5 Nuclear Facilities," Revision 0, and NEI 08-09, "Cyber Security Plan for Nuclear Power Reactors," Revision 6.
Note 18 Conformance to IEEE 7-4.3.2 2003 The Common Q PAMS meets the applicable requirements of IEEE 7-4.3.2-2003 except as noted below;
- 1. The quality program is in accordance with WCAP-16096-NP-1A "Software Program Manual" (SPM).
- 2. The commercial item dedication program is in accordance with the Westinghouse 10CFR50.54 Appendix B program.
Note 19 Conformance to IEEE 384-1992 Note 19 Conformance to IEEE 384-1992 Conformance to IEEE 384 is limited to the internal panel wiring provided by the equipment manufacturer. Separation criteria for external cabling for WBNP are given in Sections 8.1.5.3, 8.3.1.4, 8.3.2.4, and 8.3.2.5.
Note 20 Conformance to Reaulatorv Guide 1.100 Revision 2 The Common Q legacy modules used in the PAMS meet the requirements of Regulatory Guide 1.100 Revision 2.
7.1- INTRODUCTION
WATTS BAR WB NP-104 WBNP-1 04 WATTS BAR Figure 7.2-1, Sheet 2, shows the logic for all of the nuclear overpower and rate trips. Detailed functional descriptions of the equipment associated with these functions are given in References [2] and [15].
(2) Core Thermal Overpower Trips The specific trip functions generated are as follows:
(a) Overtemperature AT trip This trip protects the core against low DNBR and trips the reactor on two out of four coincidence with one set of temperature measurements per loop. The setpoint for this trip is continuously calculated by the Eagle-21 process protection circuitry for each loop by solving the following equation:
Setpoint 1 '
OTAT SI=,pt = AT0 IK1 -K2 1 (T-T')- K3 (P - P3)-f1(AI1 L - ,+ ' s. Change 4 An overtemperature AT reactor trip occurs when (1 +4 s\ Setpoint IChange 4 AITl > OTATttq+/-rut where:
AT : Measured temperature difference between hot and cold leg, 'F ATO = Indicated loop AT at rated thermal power (RTP), 'F K, = Reference trip setpoint 7.2-4 REACTOR TRIP SYSTEM
WATTS BAR WBNP-104 K2 = Penalty or benefit multiplier for deviation from indicated-Tavg, i 0 F K3 = Penalty or benefit multiplier for deviation from reference pressure,./psig
= Lead/lag time constants for Tavg compensation, seconds
= Lead/lag time constants for AT compensation, seconds s = Laplace transform operator, sec T = Measured RCS average temperature (Tavg), OF T' = Indicated loop Ta;.g at RTP, CF P' = Measured pressurizer pressure, psig P = Nominal RCS operating pressure; psig fl (AI) = Power shaped penalty - function of the indicated difference between the top and bottom detectors of the power range neutron ion chambers.
Values of these parameters are provided in the Technical Specifications or are controlled by plant procedures. (i.e., loop specific values of ATo and T' determin~ied at the beginning of each fuel cycle are controlled by I Change 4 plant procedures).
Note: Additional information on associated tau values ( 7 6 and 'c7) is provided in Section 7.2.1.1.4.
A separate long ion chamber unit supplies the flux signal for each overtemperature AT trip channel.
Increases in Al beyond a predefined deadband result in a decrease in trip setpoint. Refer to Figure 7.2-2.
The required one pressurizer pressure parameter per loop is obtained from separate sensors connected to three pressure taps at the top of the pressurizer. Four pressurizer pressure signals are obtained from the three taps by connecting one of the taps to two pressure transmitters. Refer to Section 7.1.2.2 for a discussion of independence of redundant sense lines.
The logic for this function is shown on Figure 7.2-1, Sheet 3. A detailed functional description of the process equipment associated with this function is contained in Reference [11].
(b) Overpower AT trip This trip protects against excessive power (fuel rod rating protection) and trips the reactor on two out of four coincidence with one set of temperature measurements per loop. The setpoint for each channel is continuously calculated by the process protection circuitry using the following equation:
An overpower AT reactor trip occurs when:
REACTOR TRIP SYSTEM 7.2-5
WATTS BAR WBNP-104 WBNP-1 04 WATTS BAR OPAT *,t " ATo K4-KS T - K6(T -T") -f(AI_ IChange4 1 + Ns-]
AT 1 + T4Ss> OPAT Setpoint where: AT, AToT. 14,,Tand s are defined in Section 7.2.1.1.2(2)(a)
Overtemperature AT trip and Reference Trip setpoint K5 = Penalty multipllier for rate of change in Tag. ,F (T>T"),)
K6 - Penalty or benefit multiplier for deviation from reference Tavg I°F Lag time constant for Ta.v, compensation, seconds
- (" Indicated loop Tay~g at RTP, OF f2 (I Power shape t:Wd function, typically set to 0 for all AI IChange 4 penalty Values of these parameters are provided in the Technical Specifications or are controlled by plant procedures. (i.e., loop specific values of ATo and T' determiniped at the beginning of each fuel cycle are controlled by plant [Change 4 I
procedures).
Note: Additional information on associated tau values (r 6 and 7 7) is provided in Section 7.2.1.1.4.
The source of temperature and flux information is identical to that of the overtemperature AT trip and the resultant overpower AT setpoint is compared to the same AT. The trip logic for this function is shown on Figure 7.2-1, Sheet 3. A detailed functional description of the process equipment associated with this function is contained in Reference [11].
(3) Reactor Coolant System Pressurizer Pressure and Water Level Trips:
The specific trip functions generated are as follows:
(a) Pressurizer low pressure trip The purpose of this trip is to protect against low pressure which could lead to DNB. The parameter being sensed is reactor coolant pressure as measured in the pressurizer. Above P-7 the reactor is tripped when two out of four pressurizer pressure measurements (compensated for 7.2-6 REACTOR TRIP SYSTEM
WATTS BAR WB NP-104 as far as reactor protection is concerned. Reactor trip system setpoints are based upon percentages of the indicated AT at nominal full power rather than on absolute values of AT. This is done to account for loop differences which are inherent. Therefore the percent AT scheme is relative, not absolute, and thus provides better protective action without sacrificing accuracy.
7.2.1.1.5 Pressurizer Water Level Reference Leg Arrangement The pressurizer water level instrumentation consists of three independent, redundant instrument channels which provide reactor trip and control functions. The associated high and low pressure sense lines for each level channel connect to the upper (vapor-filled) and lower (liquid-filled) regions of the pressurizer, respectively, and satisfy the independence requirements specified in Section 7.1.2.2. The high pressure sense line is called a reference leg because the line must be liquid filled and the fill elevation must be maintained at a known point by use of a condening* chamberwhich is the pressurizer Change 4 process connection. The main portion of the reference leg consists of a remote- Change 12 seal/capillary system (integral to the level transmitter) which provides a mechanical seal (bellows) between the process fluid and the capillary line fill-fluid. The location of the remote seal is required to be 12-inches or less (measured vertically) fro-below the process connectionassociated condensing chamber. The condensing chamber and fdow...ns.tream piping uinsulated is and is thus coled by the amb eint environment. The IChange 12 sense line downstream of the root valve is un-insulated to ensure the line remains filled with condensate. This remote seal location requirement minimizes the potential adverse effects of a loss of condensate between the process connectioncRndensiRg c-hamer*.
and the remote seal due to a sudden RCS depressurization event. During reactor operation, the condensate could contain high a concentration of dissolved hydrogen gas. IChange 4 Upon a rapid RCS depressurization event, the resulting dissolution of the hydrogen gas would force the condensate from the line segment between the remote seal and the process connectioncondensing chamber. The sense line routing without the use of a condensing chamber, will minimize the potential for hydrogen buildup. This remote seal IChange 12 location requirement limits the maximum head pressure loss error for this event to approximately 12-inches.
Pressurizer level channel maintenance features include transmitter/remote seal isolation and equalization capability without affecting other redundant channels. Alse.-the IChng0e 12 condensing chamber can be remotely vented by use of permanently installed- Vent line with manual isolation valves.
7.2.1.1.6 Process Protection System The process protection instrumentation system is described in References [1] and [11].
The nuclear instrument system is described in References [2] and [15]. Reference [2] is applicable to the power range only.
7.2.1.1.7 Solid State Logic Protection System The solid state logic protection system takes binary inputs from the process protection and nuclear instrument channels and other plant equipment corresponding to conditions (normal/abnormal) of plant parameters. The system combines these signals in the required logic combination and generates a trip signal (no voltage) to the undervoltage coils and the shunt trip relays (which energize the shunt trip coils) of the reactor trip circuit breakers when the necessary combination of signals occurs. The system also provides annunciator, status light and computer input signals which REACTOR TRIP SYSTEM* 7.2-15
WATTS BAR WBNP-104 WATTS BARWBNP-1 04 Channel deviation signals in the control system will give an alarm if any temperature channel deviates significantly from the auctioneered (highest) value. Automatic rod withdrawal blocks and turbine runback (power demand reduction) will also occur prior to reaching the reactor trip setpoint if any two of the AT channels indicate an overtemperature or overpower condition.
A discussion of reactor coolant temperature measurement is provided in Section 7.2.1.1.4 7.2.2.3.3 Pressurizer Pressure The pressurizer pressure protection channel signals are used for high and low pressure protection and as inputs to the overtemperature AT trip protection function. Isolated output signals from these channels are provided to the DCS for pressure control. From these, two median signals are developed in independent control groups of the DCS, each with dual redundant control processors. One of the median signals is used to control pressurizer spray and heaters; both are used for pressurizer PORV actuation. A spurious high or low signal from any one channel will not cause a control action. If a failed channel is detected by the DCS, it will not be used in the control algorithm. A coincident high pressure signal from both processors is needed for the actuation of each pressurizer PORV.
Failure of a DCS processor pair could result in a high or low control signal. A spurious high pressure signal can cause decreasing pressure by turning off the heaters and actuating spray. The two out of four low pressurizer pressure reactor trip logic ensures low pressure protection even with two independent channel failures. Overpressure protection is based upon the positive surge of the reactor coolant produced as a result of turbine trip under full load, assuming the core continues to produce fu!l power. The self-actuated safety valves are sized on the basis of steam flow from the pressurizer to accommodate this surge at a setpoint of 2500 psia and an accumulation of 3%. Note that no credit is taken for the relief capability provided by the power-operated relief valves during this surge.
In addition, operation of any one of the power-operated relief valves can maintain pressure below the high pressure trip point for most transients. The rate of pressure rise achievable with heaters is slow, and ample time and pressure alarms are available to alert the operator of the need for appropriate action.
7.2.2.3.4 Pressurizer Water Level Three independent, redundant instrument channels are provided for pressurizer high water level protection. This reactor trip condition is generated based on a 2-out-of-3 logic and serves to prevent water discharge through the pressurizer safety relief valves. The pressurizer level channels also provide isolated out-put signals to the DCS which are I Change 4 used for pressurizer water level control (reference Section 7.7). A median signal selector in the DCS selects the median of the three signals for pressurizer level control so that a spurious high or low signal from any one channel will not cause a control room action. If a failed channel is detected by the DCS, it will not be used in the REACTOR TRIP SYSTEM 7.2-33
WATTS BAR WBNP-104 control algorithm and the average of the two remaining channels will be used for control.
A DCS failure resulting in a high or low control signal output could increase or decrease pressurizer level at a slow rate. The high water level trip setpoint provides sufficient margin such that the undersirable condition of discharging liquid coolant through the j Change 4 safety valves is avoided. Even at full power conditions, which would produce the worst thermal expansion rates, a failure of water level control would not lead to any liquid discharge through the safety valves. This is due to the automatic high pressurizer pressure reactor trip actuating at a pressure sufficiently below the safety valve setpoint.
In addition, alarms are actuated on high or low water level and on significant deviations from programmed level or from the median signal. Channel failure can also be detected by comparison to the other two redundant level channel indicators located in the main control room.. A discussion of the pressurizer water level reference leg arrangement is provided in Section 7.2.1.1.5.
7.2.2.3.5 Steam Generator Water Level The basic function of the reactor protection circuits associated with low steam generator water level is to preserve the steam generator heat sink for removal of long term residual heat. Should a complete loss of feedwater occur, the reactor would be tripped on low-low steam generator water level. In addition, redundant auxiliary feedwater pumps are provided to supply feedwater in order to maintain residual heat removal after trip. This reactor trip acts before the steam generators are dry to reduce the required capacity and increase the starting time requirements of the auxiliary feedwater pumps and to minimize the thermal transient on the reactor coolant system and steam generators.
Therefore, a low-low steam generator water level reactor trip is provided for each steam generator to ensure that sufficient initial thermal capacity is available in the steam generator at the start of the transient. It is desirable to minimize thermal transients on a steam generator for a credible loss of feedwater accident. Implementation of the Median Signal Selector (MSS) feature in the feedwater distributed control system prevents failure of a single steam generator water level channel from causing a feedwater control system disturbance requiring subsequent protective action. Isolated outputs from all three narrow range level channels are input to the MSS. The MSS selects the median signal for use by the control system and control system actions are then based on this signal. Since the high and low signals are rejected, the control system is prevented from acting on a single, failed protection system instrument channel. If a failed channel is detected by the DCS, it will not be used in the control algorithm and the average of the two remaining channels will be used for control. Since no adverse control system action can then result from a failed protection channel, the potential for a control and protection system interaction is eliminated and it is not necessary to consider a second random protection system failure as would otherwise be required by IEEE 279-1971.
7.2-34 REACTOR TRIP SYSTEM
WATTS BAR WBNP-104 7.2.2.4 Additional Postulated Accidents Loss of plant instrument air or loss of component cooling water is discussed in Section 7.3.2. Load rejection and turbine trip are discussed in further detail in Section 7.7.
The control interlocksand permissives, called rod stops, are provided to inhibit automatic and/or manual rod withdrawal and initiate turbine runback. The rod stops indicate certain abnormal reactor operating conditions exist. The rod stop control action is used to stop positive reactivity additions due to rod withdrawal and to prevent reactor system parameters from reaching a condition requiring protective action (i.e., reactor trip actuation). The rod stops are not considered a protective feature. A listing of the initiating input signal and control function of each rod stop is provided in Section 7.7.1.4.1 and Table 7.7-1.
7.2.3 Tests and Inspections The reactor trip system meets the testing requirements of IEEE Standard 338-1971, Reference [10], as discussed in Section 7.1.2. The testability of the system is discussed in Section 7.2.2.2. The test intervals are specified in the Technical Specifications.
Written test procedures and documentation, conforming to the requirements of Reference [10], are utilized in the performance of periodic tests. Periodic testing complies with Regulatory Guide 1.22 as discussed in Section 7.1.2 . To ensure the Median Signal Selector (MSS) functions as described in Section 7.2.2.3.5, operability of the MSS is verified commensurate with the Technical Specification surveillance interval for the associated narrow range steam generator level channels.
The steam generator level MSS is a software function in the feedwater DCS. Proper operation of the MSS can be determined by verifying that the output signal corresponds to the median of the three input signals. The MSS function is tested concurrently with the process protection channels which provide the inputs. Test signals are receieved from I [Change 4 the protection system, as would normal process signals, when the individual protection channels are placed in the test mode. As the test signal magnitude is varied, the MSS will select a different input as the median signal, allowing proper operation of the MSS to be verified. As long as the other two channels are functioning properly and they have not I [Change 4 been tripped or bypassed, a single steam generator level channel can be tested during power operation without causing a feedwater control system upset.
REFERENCES (1) J. A. Nay, "Process Instrumentation for Westinghouse Nuclear Steam Supply Systems," WCAP 7671, April 1971.
(2) Lipchak, J. B., "Nuclear Instrumentation System," WCAP-8255, January 1974.
Applicable to Power Range NIS only.
REACTOR TRIP SYSTEM 7.2-35
WATTS BAR WBNP-104 (16) ISA-DS-67.04, 1982, "Setpoints for Nuclear Safety-Related Instrumentation Used in Nuclear Power Plants."
(17) Bass, J.C., "RCS Flow Measurement Using Elbow Tap Methodology at Watts Bar Unit 1, "WCAP-1 6067, Rev 0 (Westinghouse Proprietary Class 2). (Unit 1 Only).
(18) Trozzo, R. W. ,LWAP- "Westinghouse Setpoint Methodology for Protection Change 8]
Systems- Watts Bar Unit 2" WCAP-17044-P/NP," Revision 0, December 2009, (Unit 2 only.l (19) Scherder, W. J.. WCAP-1 3869, "Functional Diversity Assessment For The Reactor Protection System/EnQineered Safety Features Actuation System At IChange 8I Watts Bar Units 1 And 2," Revision 1, October 1993."Reactor Protection System Diversity inWestinghouse Pressurized Water Reactors," Rev. 1.
REACTOR TRIP SYSTEM 7.2-37
WATTS BAR WBNP-104 WBNP-1 04 WATTS BAR Table 7.2-2 Protection System Interlocks (Page 2 of 2)
Designation Derivation Function II BLOCKS OF REACTOR TRIPS P-7 Absence of P-7: 3/4 neutron flux (power Blocks rector trip on: Low range) below setpoint (from P-10) and Reactor Coolant Flow in more 2/2 turbine impulse harphe--pressure than one loop. Undervoltage, IChange6 below setpoint (from P-13) pressurizer Underfrequency, pressurizer low pressure, and pressurizer high level low pressure, and pressurizer high level.
P-8 Absence of P-8: 3/4 neutron flux (power Blocks reactor trip on low range) below set point reactor coolant flow from one loop only P-9 Absence of P-9: 3/4 neutron flux (power Block reactor trip on turbine range) below setpoint trip Presence of P-9 Defeats block of reactor trip on turbine trip P-13 Absence of P-13: 2/2 turbine impulse Input to P-7 pressure below setpoint REACTOR TRIP SYSTEM 7.2-41
WATTS BAR WBNP-104 engineered safety features actuation system shall not preventsystem action when required.
The redundant concept is applied to both the process protection and logic portions of the system. Separation of redundant process protection channels begins at the process sensors and is maintained in the field wiring, containment vessel penetrations and process protection racks terminating at the redundant safeguards logic racks. The design meets the requirements of Criteria 20, 21, 22, 23 and 24 of the 1971 GDC.
The variables are sensed by the process protection circuitry as discussed in References
[1] and [5] and in Section 7.2. The outputs from the process protection channels are combined into actuation logic as shown in Figure 7.3-3, Figure 7.2-1 Sheet 4 and Figure 7.6-6 Sheet 1.. Tables 7.3-1 and 7.3-2 give additional information pertaining to logic and function.
The interlocks associated with the engineered safety features actuation system are outlined in Table 7.3-3. These interlocks satisfy the functional requirements discussed in Section 7.1.2.
Controls provided on the control board for manual initiation of protective actions are discussed in Section 7.3.2.2.6.
7.3.1.1.1 Function Initiation Functions which rely on the engineered safety features actuation system for initiation include:
(1) A reactor trip, provided one has not already been generated by the reactor trip system.
(2) EmergencyCore Cooling System (ECCS) pumps, and associated valving which I Change 4 provide emergency makeup water to the cold legs of the reactor coolant system following a loss-of-coolant accident.
(3) Essential raw cooling water and component cooling water pumps start and heat exchanger valve realignment.
(4) Auxiliary feedwater pumps and associated valves which maintain the steam I Change 4 generator heat sink during emergency or accident conditions.
(5) Phase A containment isolation, whose function is to prevent fission product release (isolation of all lines not essential to reactor protection).
(6) Steamline isolation to prevent the continuous, uncontrolled blowdown of more than one steam generator and thereby uncontrolled reactor coolant system cooldown.
(7) Main feedwater isolation as required to prevent or mitigate the effect of excessive cooldown and the effects of Main Steam Valve Vault flooding due to a main feedwater line break.
7.3-2 ENGINEERED SAFETY FEATURES ACTUATION SYSTEM
WATTS BAR WBNP-104 (8) Start the emergency diesels to assure backup supply of power to emergency and supporting systems components.
(9) Isolate the control room intake ducts to meet control room occupancy requirements following a loss-of-coolant accident.
(10) Emergency gas treatment system actuation.
(11) Containment ventilation isolation.
(12) Containment spray actuation to reduce containment pressure and temperature on a loss-of-coolant accident or steamline break inside containment.
(13) Phase B containment isolation which isolates the containment following a loss-of-coolant accident or a steam or feedwater line break within containment to limit radioactive releases, and starts the containment air return fans to cool containment and reduce pressure following an accident. (Phase B isolation together with Phase A isolation results in isolation of all but safety injection and spray lines penetrating the containment.)
(14) Automatic switchover of the RHR pumps from the injection to the recirculation mode (Post-LOCA).
(15) Auxiliary Building isolation.
7.3.1.1.2 Process Protection Circuitry The process protection system sensors and racks for the engineered safety features actuation system are described in References [1] and [5]. Discussed in these reports are the protection system parameters to be measured including pressures, flows, tank and vessel water levels, and temperatures as well as the measurement and signal transmission considerations. These latter considerations include the transmitters, flow elements, and resistance temperature detectors, as well as automatic calculations, signal conditioning/processing and location and mounting of the devices. The sensors monitoring the primary system are located as shown on the system flow diagrams in Chapter 5, Reactor Coolant System. The secondary system sensor locations are shown on the feedwater and steam system flow diagrams given in Chapter 10, Main Steam and Power Conversion Systems.
Containment pressure is sensed by four physically separated,_seismically mounted I Change 4 transmitters outside of the containment. The distance from penetration to transmitter is kept to a minimum, and separation is maintained.
The following is a description of those functions not included in the reactor trip or engineered safety features actuation systems which enable additional monitoring in the post loss-of-coolant accident recovery period.
(1) High head and low head ECCS pumps flow.
ENGINEERED SAFETY FEATURES ACTUATION SYSTEM 7.3-3
WATTS BAR WBNP-104 (6) Missiles (see Section 3.5)
(7) Flood (see Sections 2.4 and 3.4)
(8) Wind and tornadoes (See Section 3.3) 7.3.1.2.6 Minimum Performance Requirements Minimum performance requirements are as follows:
(1) System Response Times:
The ESFAS response time is defined in Section 7.1.
The maximum allowable engineered safety features response times are provided in the Technical Requirements Manual. These values are verified in accordance with the Technical Specifications and are consistent with the safety analyses.
See Table 7.1-1, Note 1, for a discussion of periodic response time verification capabilities.
(2) System accuracies:
Accuracies required for generating the required ESFAS signals for mitigation of the design basis events considered in Chapter 15 are provided in References [6]
and [7].
(3) Ranges of sensed variables to be accommodated until conclusion of protective action is assured:
Typical ranges of instrumentation used in generating the required ESFAS signals I Change 4 for protection against the postulated events given in Chapter 15 are as follows:
(a) Pressurizer pressure 1700 to 2500 psig (b) Containment pressure -2 to 15 psig (c) Steamline pressure 0 to 1300 psig (d) Steam generator level 0 to 100% (see Table 7.2-3)
(e) Tavg 530 to 6300 F 7.3.1.3 Final System Drawings The functional logic diagrams, electrical schematic diagrams and other drawings for the systems discussed in this section are referenced in Table 1.7-1.
7.3-8 ENGINEERED SAFETY FEATURES ACTUATION SYSTEM
WATTS BAR WRNP-104 WATTS BARWBNP-104A (4) Mesmeringer, J. C., "Failure Mode and Effects Analysis (FMEA) of the Engineered Safety Features Actuation System," WCAP-8584 Revision 1, February 1980 (Proprietary) and WCAP-8760, February 1980 (Non-Proprietary).
(5) Erin, L. E., "Topical Report, Eagle 21 Microprocessor-Based Process Protection System," WCAP-12374 Rev. 1 December 1991 (Westinghouse Proprietary Class 2); WCAP-12375 Rev. 1 December 1991 (Westinghouse Proprietary Class 3).
(6) Reagan, J. R., "Westinghouse Setpoint Methodology for Protection Systems, Watts Bar Units 1 and 2, Eagle 21 Version," WCAP-1 2096 Rev.7, (Westinghouse Proprietary Class 2). Unit 1 Only (7) Trozzo, R. W.,W=GAP "Westinghouse Setpoint Methodology for Protection SystemsT Watts Bar Unit 2" WCAP-17044-P/NP," Revision 0, December 2009, Change 8 (Unit 2 only)
(8) Invensys Process Systems Document No. 800063-1830, Electromagnetic Compatibility Test Reports, dated August 21, 2008, Rev. 0 ENGINEERED SAFETY FEATURES ACTUATION SYSTEM 7.3-19
WATTS BAR WBNP-104 7.4.1.2.3 Diesel Generators These units start automatically following a loss of normal AC power. However, manual
'controls for diesel startup are provided locally (normal start only not emergency start) at the EDGs as well as in the MCR and auxiliary control room (ACR).
7.4.1.2.4 Valves and Heaters The following valves and heaters provide safe shutdown actions:
(1) Charging flow control valves Manual control for the charging line flow control valves are provided in both the MCR and the ACR.
(2) Letdown orifice isolation valves Open/close controls with a selector switch for the letdown orifice isolation valves are provided both in the MCR and the ACR.
(3) AFW control valves Automatic and manual control for the AFW control valves are located in both the MCR and the ACR for valves associated with the motor driven pumps or at the turbine pump room for valves associated with the turbine driven pump.
(4) Steam dump/atmospheric steam dump Automatic and manual control for the condenser steam dump is provided in the MCR. Condenser steam dump is blocked on high condenser pressure.
Atmospheric steam dump (ASD), in the form of SG PORVs, has automatic and manual control in both the MCR and ACR. Additionally, ASD has manual pneumatic controls locally located.
(5) Pressurizer heater control On-off control with selector switch is provided for two backup heater groups. The heater groups are connected to separate buses, such that each can be connected to separate diesels in the event of loss of outside power. The control is both in the MCR and at the switchgear.
Instrumentation and controls listed in Sections 7.4.1.1 and 7.4.1.2, used to achieve and maintain safe shutdown (hot standby) can also be used for an evacuation of the MCR. IChange 4 Through the use of suitable procedures, these I&C channels together with the equipment identified in Section 7.4.1.3, available for the hot standby and cold shutdown, constitute the body of equipment potentially available to achieve cold shutdown after a MCR evacuation.
7.4-4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN
WATTS BAR WBNP-104 7.4.1.3 Equipment and Systems Available for Cold Shutdown (1) Reactor coolant pumps (See Chapter 5)
(2) Auxiliary feedwater pumps (See Chapter 10)
(3) Boric acid transfer pumps (see Chapter 9)
(4) Charging pumps (See Chapter 9)
(5) Essential raw cooling water pumps (See Chapter 9)
(6) Containment fans (See Chapter 9)
(7) Control room ventilation (See Chapter 9)
(8) Component cooling pumps (See Chapter 9)
(9) Residual heat removal pumps (see Chapter 5)
(10) Class 1E power systems (See Chapter 8)
(11) Controlled steam release and feedwater supply (See Section 7.7 and Chapter 10)
(12) Boration capability (See Chapter 9)
(13) Nuclear instrumentation system (source range or intermediate range) (See Section 7.2 and 7.7)
(14) Reactor coolant inventory control (charging and letdown) (See Chapter 9)
(15) Pressurizer pressure control including opening control for pressurizer relief valves (PORVs) Heaters and Spray valves(See Chapter 5)
To achieve cold shutdown, the safety injection signal trip circuit must be defeated and the accumulator isolation valves closed.
Insert 7.4.2 Auxiliary Control Room from next page Change 2 7.4.2-3_Analysis Hot standby is a stable plant condition, automatically attained following a plant shutdown. The hot standby condition can be maintained safely for an extended period of time. In the unlikely event that access to the MCR is restricted, the plant can be safely kept at hot standby until the control room can be reentered by the use of the indicators and controls listed in Sections 7.4.1.1 and 7.4.1.2. These indicators and controls are provided outside as well as inside the MCR. The safety evaluation for maintaining shutdown with these systems and associated instrumentation and controls includes consideration of the accident consequences that might jeopardize safe shutdown conditions. The germane accident consequences are SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.4-5
7.4.2 Auxiliary Control Room (ACR)
The ACR is designated as the central control point for operation of the Auxiliary Control System. The Auxiliary Control System (ACS) contains those instruments and controls necessary to establish and maintain the plant in a safe shutdown condition external to the Main Control Room (MCR). The ACS meets the following regulatory requirements:
" GDC 19 of 10CFR Part 50, Appendix A the ACS is physically independent from the MCR. ACS instrumentation and controls are electrically separated from their counterparts in the MCR. For GDC 19, damage to the control room and electrical circuits therein is not postulated since the MCR evacuation is due to some non-Change 2 mechanistic event.
- As required by 10CFR50, Appendix R fire damage considerations, the ACS is both physically and electrically independent of the control building.
The ACS provides controls and instrumentation in locations remote from the MCR which may be used so as to be capable of achieving and maintaining a safe shutdown condition and to subsequently achieve cold shutdown of the reactor through the use of suitable procedures. The ACS shall be operable in the unlikely event that the MCR must be evacuated due to smoke, toxic aas. etc.. within the MCR.
The design requirements for the ACR and ACS are contained in Design Criteria Document WB-DC-40-58 (Reference 1).
WATTS BAR WBNP-104 those that would tend to degrade the capabilities for boration, adequate supply for auxiliary feedwater, or residual heat removal.
Instrumentation and controls for these systems may require some realignment in order that their functions may be performed from outside the MCR. Procedures for realignment of these controls and instruments are prepared in advance, upgraded as necessary, and available when needed. Note that the reactor plant design does not support attaining the cold shutdown condition from outside the MCR. An assessment of plant conditions can be made on the long term basis to establish the necessary physical realignment to I&C equipment in order to attain cold shutdown. During such time the plant could be safely maintained at hot standby condition.
The I&C functions which are required to be aligned for maintaining safe shutdown of the reactor are discussed above and are the minimum number of I&C functions under non-accident and non:transient conditions. Some of the equipment that provides some of I FChange 4 [
these I&C functions are control systems discussed in Section 7.7 that are not part of the protection system. Proper operation of the control systems will allow a safe shutdown to be attained and maintained by preventing a transient. In considering more restrictive conditions than Section 7.4 examines, certain accidents and transients are postulated in Chapter 15.0 safety analyses which take credit for safe shutdown when the protection system's reactor trip terminates the transient and the engineered safety features system mitigates the consequences of the accident. In these transients, in general, no credit is taken for the operation of control systems listed in Section 7.7 should such operation mitigate the consequences of a transient. Should such operation not mitigate the consequences of a transient, no penalties are taken in the analyses for incorrect control system actions over and above the incorrect action of the control system whose equipment failure was assumed to have initiated the transient. The Chapter 15.0 analyses show that safety is not adversely affected when a limited number of such transients are postulated. Such transients include the following:
(1) Uncontrolled boron dilution (2) Loss of normal feedwater (3) Loss of external electrical load and/or turbine trip (4) Loss of AC power to the station auxiliaries (station blackout).
REFERENCES
- 1. Design Criteria Document WB-DC-40-58 "Auxiliary Control System -- Watts Bar Nuclear IChange 2 Plant - Unit 1 / Unit 2, Revision 5, November 18, 2009 7.4-6 SYSTEMS REQUIRED FOR SAFE SHUTDOWN
WATTS BAR WBNP-104 7.5 INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY 7.5.1 Post Accident Monitoring Instrumentation (PAM) 7.5.1.1 System Description Post Accident Monitoring (PAM) instrumentation is required to monitor plant and environs conditions during and following design basis Condition II, Ill and IVfaults as described in FSAR Chapter 15. PAM instrumentation will enable the Main Control Room (MCR) operating staff (operator) to take preplanned manual actions, provide information on whether critical safety functions are being accomplished, provide information for potential or actual breach of the barriers to fission product release, provide information of individual safety systems, and provide information on the magnitude of the release of radioactive materials.
Table 7.5-2 lists the process information required at the initiation of an accident. The variables' descriptions were selected through a systematic evaluation of parameters required for the mitigation of design basis events at Watts Bar, a comprehensive review of the Emergency Instructions (Els), Function Restoration Guidelines (FRGs), and Condition II, Ill and IVfaults in Chapter 15 of the FSAR. In some cases, the Els and FRGs address mitigation of events which may extend beyond the design of the plant.
Instrumentation used for beyond design basis events may be exempted from being PAM instrumentation. Table 7.5-2 furnishes the appropriate variable classification types/categories for each variable description. PAM variable types/categories were determined using the guidance given in U.S. NRC Regulatory Guide 1.97, R2[1] and General Design Criteria for Nuclear Power Plants[12].
7.5.1.2 Variable Types Five (5) classifications of variable types, A, B, C, D and E, were identified to provide the PAM instrumentation. These classifications meet the PAM classifications contained in Regulatory Guide 1.97, R2. These five classifications are not mutually exclusive, in that a given variable (or instrument) may be included in one or more types. When a variable is included in one or more of the five type classifications, the equipment monitoring this variable meets the most stringent category qualification requirements as noted in Table 7.5-1. Type A variables provide primary information to the operators to allow them to take preplanned manually controlled actions to mitigate the consequences of a Chapter 15 design basis event. Types B, C, D and E are variables for following the course of an accident and are to be used (1) to determine if the plant is responding to the safety measures in operation and (2) to inform the operator of the necessity for unplanned actions to mitigate the consequences of an accident should plant conditions evolve differently than predicted by Chapter 15.
Type A Variables Regulatory Guide 1.97 defines Type A variables as t-Those variables that provide I Change 7 primary information to the MCR operators to allow them to take preplanned manually controlled actions for which no automatic action is provided and that are required for safety systems to accomplish their safety functions INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY 7.5-1
WATTS BAR WBNP-104 for Chapter 15 design basis events. Primary information is information that is essential for the direct accomplishment of specified safety functions. In addition to the Regulatory Guide 1.97 requirements previously stated, TVA calculation WBNOSG4047 "PAM Type Change 7 A Variables Determination" includes certain variables used for event identification and monitoring as Type A variables even though no direct operator action is required.
Type B Variable Those variables that provide information to monitor the process of accomplishing critical safety functions. Critical safety functions are those safety functions which are essential to prevent a direct and immediate threat to the health and safety of the public. These are defined as reactivity control, core cooling, maintaining reactor coolant system integrity, and maintaining containment integrity (including radioactive effluent control).
Type C Variable Those variables that provide information to indicate the potential for breaching or the actual breach of the barriers to fission product release (including high level radioactive release through identifiable release points, i.e., plant vents). The barriers to fission product release are fuel cladding, reactor coolant pressure boundary and primary reactor containment.
Type D Variable Those variables that provide information to indicate the operation of individual safety systems and other plant systems. These variables are to help the operator make appropriate decisions in using the individual systems in mitigating the consequences of an accident.
Type E Variable Those variables used in determining the magnitude of the release of radioactive materials and for continuously assessing such releases.
7.5.1.3 Variable Categories The five types of variables are functionally classified into three (3) qualification categories (1, 2, and 3) according to the safety function provided by the variable.
Descriptions of the three categories are given below. Table 7.5-1 briefly summarizes the qualification criteria of the three designated categories. The differentiation in the 3 categories was made in order that importance of information hierarchy could be recognized in specifying accident monitoring instrumentation. Category 1 instrumentation has the highest pedigree and should be utilized for information which is essential to the main control room operating staff in order for them to determine if the plant critical safety functions are being performed. Category 2 and 3 instruments are of lesser importance in determining the state of the plant and do not require the same level of operational assurance.
The primary differences between category requirements are in the qualification, application of single failure, power supply, and display requirements.
7.5-2 INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY
WATTS BAR WBNP-104 (D) The meteorology monitors are trended on the Plant Computer System.
7.5.1.5 General Requirements 7.5.1.5.1 Display Requirements Category 1 parameters are displayed on individual devices located in the main control room.
Category 2 and 3 devices are either displayed on individual instruments located in the main control room or processed for display by one of the computer-based systems available in the MCR except as described below.
Portable or post accident sampling devices are not displayed in the main control room. [Change 4 In addition, a limited number of Category 2 and 3 devices are displayed on local panels if the following guidelines are met:
(1) The information displayed is of a non-critical or non-diagnostic nature.
(2) The local panel display is accessible under accident conditions.
(3) The information can be retrieved in a time frame necessary to support the operator's actions.
(4) The parameter changes slowly such that only infrequent updates are needed.
Human factors principles have been used in determining the types and locations of the displays. To the extent practical, the same instruments are used for accident monitoring as are used for the normal operations of the plant. This enables the operators to use instruments with which they are most familiar during accident situations. Monitoring instrumentation is from sensors that directly measure the desired variables. Indirect measurements are made only when it can be shown by analysis to provide equivalent or unambiguous information. The PAM parameters have associated required accident ranges. The minimum required ranges are given in Table 7.5-2. The range of the instrumentation is sufficient to keep the indication on scale at all times as required for PAM. Where the required range of monitoring instrumentation results in a loss of instrumentation sensitivity or accuracy in the normal operating range by using a single instrument (such as radiation monitors), multiple instruments are used to encompass the entire required range. Where two or more instruments are needed to cover a particular range, overlapping of instrument spans and accuracies has been provided to ensure one of the two instruments will be on scale at all times.
7.5.1.5.2 Identification The Category 1 and 2 displays are uniquely identified on the main control board so that the operator can easily discern that they are intended for use under accident conditions.
PAM Category 1 display devices have been identified with a nameplate with black background, white letters and the symbol "C1" inscribed on the nameplate. PAM Category 2 display devices (which are not also PAM Category 1) have been 7.5-6 INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY
WATTS BAR WBNP-104 to support the TSC functions can be transmitted at a rate of once per minute and displayed with the radiation release data.
REFERENCES (1) U. S. NRC Regulatory Guide 1.97, Rev. 2 (December 1980) and Rev. 3 (May 1983) "Instrumentation for Light-Water-Cooled Nuclear Power Plants to Assess Plant and Environs Conditions During and Following an Accident".
(2) NUREG 0696, Functional Criteria for Emergency Response Facilities, dated February 1981.
(3) NUREG-0737, Supplement 1, Requirements for Emergency Response Capability, Generic Letter 82-33, dated December 17, 1982.
(4) Regulatory Guide, 1.23, Onsite Meteorological Programs (Safety Guide 23)
Revision 0.
(5) Regulatory Guide 1.47, Bypassed and Inoperable Status Indication for Nuclear Power Plant Safety Systems, Revision 0.
(6) IEEE-Standard 279-1971, Criteria for Protection Systems for Nuclear Power Generating Stations (ANSI-N42.7-1972).
(7) NUREG-1394, Emergency Response Data System Implementation.
(8) Branch Technical Position ICSB-21, Guidance for Application of Regulatory Guide 1.47.
(9) TVA letter to NRC dated August 31, 1990, Watts Bar Nuclear Plant (WBN)Conformance to Regulatory Guide (RG) 1.97 Revision 2. (RIMS L44 900831 804)
(10) TVA letter to NRC dated October 29, 1991, Watts Bar Nuclear Plant WBN-Emergency Response Capability, Regulatory Guide 1.97, Revision 2 - Request for Additional Information Response. (RIMS T04 911029 848)
(11) NUREG-0847, Supplement 9, "Safety Evaluation Report Related to the Operation of Watt Bar Nuclear Plant, Unit 1 and 2," June 1992.
(12) "General Design Criteria for Nuclear Power Plant," Appendix A to Title 10 CFR 50, Criterion 13, 19, and 64.
(13) TVA letter to NRC dated May 9,1994, Watts Bar Nuclear Plant (WBN) -
Regulatory Guide (RG) 1.97, Revision 2, Post accident Accident Monitoring I Change 4 System (PAM) - Supplemental Response (RIMS T04 940509 901).
7.5-14 INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY
WATTS BAR WBNP-104 (14) TVA Letter to NRC dated April 21, 1995, Watts Bar Nuclear Plant (WBN) Units 1 &
2 - Regulatory Guide (RG) 1.97, Revision 2, Post-Accident Monitoring System (PAM) - Supplemental Response (RIMS T04 950421 117).
(15) TVA Letter to NRC dated July 18, 1995, Watts Bar Nuclear Plant (WBN) Units 1 and 2 - Regulatory Guide (RG) 1.97, Revision 2, Post-Accident Monitoring System (PAM) - Supplemental Response (RIMS T04 950718 165)
(16) TVA Letter to NRC dated October 12, 1995, Watts Bar Nuclear Plant (WBN) Units 1 & 2 - Regulatory Guide (RG) 1.97, Revision 2, Post-Accident Monitoring System (PAM) - Supplemental Response (T04 951012 228)
(17) U.S. NRC Regulatory Guide 1.7, Rev. 3 Control Of Gembustable-Combustible Gas Change 4 Concentrations in Contrainment, May 2003.
(18) Nuclear Regulatory Commission 10 CFR Parts 50 and 52 RIN 3150-AG76 C-ombustablcCombustible Gas Control in Containment AGENCY: Nuclear I Change 4I Regulatory Commission. ACTION: Final rule.
INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY 7.5-15
Table 7.5-2 Regulatory Guide 1.97 Post Accident Monitoring Variables Lists(Page 2 of 41)
VAR NUM VARIABLE NAME TYPE/ REDUNDANT MINIMUM MINIMUM RANGE UNITS NOTES -4 CATEGORY CHANNELS RANGE FROM RANGE TO
- 1. Auxiliary Al D2 P1 P2 0 700 GPM (Note 1) Chg Feedwater Flow 2 Channels Per Loop
- 2. Containment Al D2 P1 P2 0 350 Deg F Deviation #8 Lower 2 Channels Compartment Atmosphere Temperature
- 3. Containment Al B1 C1 D2 4 Channels -2 15 PSIG Deviation #24 Pressure (Narrow Note 9 Range)
- 4. Containment Al C3 El P1 P2 1 1.0E7 R/hr Deviation #36 Radiation 2 Upper Note 14 Change 7 2 Lower
- 5. Containment Al B1 C1 D2 P1 P2 0 200 Inches Deviation #32 Sump Level (Wide Range)
- 6. Core Exit Al B1 C1 D2 P1 P2 200 2300 Deg F Minimum of 16 Temperature 8 PAM 1 Operable 8 PAM 2 Thermocouples, 4 from each quadrant Change 4 (Note 1,9, 10)
Deviation #37
- 7. Main Steam Line C2 E2 1 Channel 1.OE -1 1.0E3 pCi/cc Note 7 Radiation Per Steam Generator z
- 8. Nuclear Al B1 D2 P1 P2 1.OE-1 2.0E5 CPS Note 9 Instrumentation 0 (Source Range)
WATTS BAR WBNP-104 Table 7.5-2 Regulatory Guide 1.97 Post Accident Monitoring Variable List (Page 17 of 41)
(10) The Core Exit T/C Temperature, reactor vessel level, and Saturation Margin are trended on redundant Class 1E flat panel displays (the trend duration is user selectable) in the main control room.
(11) The range for the Auxiliary Building particulate is 5x10-10 to 10-5 IpCi/cc and the range for halogens (Iodine) is 10-4 to 10-9 pCi/cc.
(12) The requirements for Category I variables which require a third independent channel to resolve ambiguity resulting when redundant displays disagree are being implemented at WBN as follows:
The requirements for each channel is assigned to a redundant protection set (I, II, Ill, and IV) and electrical independence is maintained from sensor to the isolator in the Auxiliary Instrument Room. From the isolator to the indicator in the Main Control Room, third channel (PAM 3) cables may be routed with either PAM 1 or PAM 2 cables (but not both) depending on its associated protection set.
(13) Unit 2 Only Reg. Guide 1.97 Rev. 2 requires the capability to sample both the reactor coolant and the containment sump. This capability exists by obtaining a sample off the RHR pump discharge after the suction has transferred to the containment sump following a LOCA. When this occurs the sample will be both the containment sump and the reactor coolant. For this reason, all samples are referred to as reactor coolant samples.
(14) Containment radiation does not meet the requirements of Regulatory Guide 1.97 for a Type A variable. It is identified as a Type A variable for event Change 7 identification as defined in TVA calculation WBNOSG4047.
7.5-34 INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY
WATTS BAR WBNP-104
-Am.
WATTS- WN-Table 7.5-2 Regulatory Guide 1.97 Variable List (Deviation and Justification for Deviations)
(Page 21 of 41)
JUSTIFICATION The flow path monitored by this variable is a normally isolated path that requires operator action to utilize. This path is used for manual boration of the RCS. This path is not required for mitigation of any event. Postc- ac-ideRt-accident reactivity control is IChange 4 accomplished by the Emergency Core Cooling System (ECCS) injecting borated water from the refueling water storage tank (RWST) into the RCS. Manual boration is not utilized. The ECCS flow is monitored by the centrifugal charging pump total flow (high pressure injection flow), the safety injection (SI) pump flow (low pressure injection flow),
and the residual heat removal (RHR) pump flow (RHR System flow). These three variables are in the environmental qualification program and meet the 110% design flow measurement requirement.
DEVIATION 5 VARIABLE 97g Radiation Level in Circulating Primary Coolant (Reactor Coolant Sample Activity).
DEVIATION FROM RG 1.97 GUIDANCE This variable has been identified in RG 1.97, Revision 2, as Type C, Category 1, here as WBN has identified this variable as Type C, Category 3.
JUSTIFICATION For the fuel cladding integrity safety function, RG 1.97 recommends core exit temperature and RCS activity as key variables and gamma spectrum analysis of the reactor coolant as a Category 3 variable. Core exit temperature provides primary indication of a significant breach or potential breach of fuel throughout the emergency instructions (Els), functional restoration guidelines (FRGs), and Final Safety Analysis Report (FSAR). Therefore, this variable was included as the Category 1 or key indication. Radiation level in circulating primary coolant was considered; however, it indicates conditions following fuel damage and provides less timely information. Thus, this variable is considered to be less useful to the operators and was included as a backup variable. TVA meets the intent of the RG 1.97 recommended range by monitoring this variable using the gross activity analysis of primary coolant samples taken in the post accident sampling facility. Samples are obtained from the post accident sampling system in Unit 1 only.
7.5-38 INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY
WB N P -104 04 WBNP-1 WATTS BAR Table 7.5-2 Regulatory Guide 1.97 Variable List (Deviation and Justification for Deviations)
(Page 27 of 41)
DEVIATION 15 VARIABLE (29)
Safety Injection (Cold-Leg) Accumulator Tank Level DEVIATION FROM RG 1.97 GUIDANCE The range recommended in RG 1.97, Revision 2, is 10 to 90% volume using a D2 variable. WBN recommends a range of 73 to 80% volume, using a D3 variable.
JUSTIFICATION The present accumulator tank level indication range of 7450 to 8080 gallons corresponds to 73 to 80% of volume.
Post aG-ide*Rtaccident level does not serve any safety function since the passive IChange 4 injection of the cold-leg accumulators (CLA) into the RCS would be observed through other qualified instrumentation such as RCS pressure. Hence, level instrumentation which meets the requirements of a D3 variable is appropriate.
DEVIATION 16 VARIABLE (28)
Cold-Leg Accumulator Isolation Valve Postition Indication IChange 4 DEVIATION FROM RG 1.97 GUIDANCE RG 1.97, Revision 2, recommends that the position indication of the CLA isolation valve be qualified to D2 requirements. WBN recommends designating this variable as D3.
JUSTIFICATION The CLA isolation valves do not need to change from their normally open position in the event of an accident which requires CLA injection. These valves will already have been opened during startup soon after the RCS pressure sufficiently exceeds the CLA normal operating pressure. Then the associated motive power will be removed.
7.5-44 INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY
WATTS BAR WBNP-104 Table 7.5-2 Regulatory Guide 1.97 Variable List (Deviation and Justification for Deviations)
(Page 30 of 41)
DEVIATION 20 VARIABLE 18 Containment Isolation Valve (CIV) Position DEVIATION FROM RG 1.97 GUIDANCE RG 1.97, Revision 2, recommends that the CIV position indication should meet the requirements of a B1 variable (which encompasses position indication for the duration of the event). WBN's reactor coolant system (RCS) letdown CIVs flow control valves (FCV)-62,-72, -73, -74, and -76 will be submerged postaccident inside containment. I Change 4 These valves' limit switches are not qualified for operation during post submergence. In addition, safety relief valves which are also designated as CIVs are not monitored for position.
JUSTIFICATION The RCS letdown CIVs close on an SI signal, Phase A signal, or a low pressurizer level signal. The valves and associated position indication limit switches are qualified to perform their intended safety functions prior to being submerged. The limit switch for the valve position indication is located on the valve and hence subject to submergence. The limit switch is not qualifiable for submergence. The limit switch performs its intended safety function well before submergence. Valve positions are indicated both in the Main Control Room and the Technical Support Center.
Once the limit switches are flooded, it must be assumed that the control circuit fuses will be blown and position indication will be lost. This indication circuit, however, is isolated from the other CIV indication circuits.
The solenoids for these valves are included in WBN's environmental qualification (EQ) program and will vent to automatically close the FCVs as required under accident conditions. An analysis in WBN's EQ binder demonstrates that once closed, a submergence failure of the solenoid will not cause the FCV to change position. Hence the valves are considered closed and no further indication is required.
For safety relief valves, position indication is not necessary since these valves are constantly in their containment isolation position (i.e., closed), verification that these valves have accomplished their containment isolation function is not necessary since they do not change position to provide this function.
INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY 7.5-47
WATTS BAR WB NP-104 Table 7.5-2 Regulatory Guide 1.97 Variable List (Deviation and Justification for Deviations)
(Page 31 of 41)
DEVIATION 21 Unit 1 Only VARIABLE (97B)
Reactor Coolant Dissolved Hydrogen DEVIATION FROM RG 1.97 GUIDANCE The RG 1.97, Revision 2 (refer to Table 2, Type E variables), recommends that primary coolant grab sample capability exists for hydrogen analysis.
JUSTIFICATION The WBN postaccident sampling facility (PASF) will have two independent methods for I Change 4 measuring dissolved hydrogen in the RCS. It will have the capability to measure dissolved hydrogen in the range from 10-2000 cc/kg with an inline ion chromatograph. In addition, it will have a total dissolved gas analyzer to measure the total dissolved gas in the pressurized coolant in the range from 100-2000 cc/kg. Dissolved oxygen will be separately measured with a dissolved oxygen analyzer. These latter two measurements provide another determination of the dissolved hydrogen. The two available methods provide sufficient backup monitoring capability for dissolved hydrogen and will eliminate the need for handling highly radioactive, undiluted, pressurized reactor coolant grab samples. Diluted, unpressurized reactor coolant grab samples may be obtained as necessary at the PASF for other analyses.
DEVIATION 22 VARIABLE (87)
Radiation Exposure Meters DEVIATION FROM RG 1.97 GUIDANCE RG 1.97, Revision 2, recommends that Type E radiation exposure meters with continuous indication be available at fixed locations. No category is specified. WBN recommends not classifying these meters as a RG 1.97 variable.
JUSTIFICATION RG 1.97, Revision 2, was issued with an outstanding question regarding the practicality of deploying radiation monitors at fixed locations. A study (NUREG/CR-2644) concluded that it is unlikely that a few fixed-station area monitors could provide sufficiently reliable information to be of use in detecting releases from unmonitored containment release points. NRC agreed with this conclusion and in 7.5-48 INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY
WATTS BAR WBNP-104 Table 7.5-2 Regulatory Guide 1.97 Variable List (Deviation and Justification for Deviations)
(Page 32 of 41)
Revision 3 of RG 1.97 deleted the environs radiation monitors from the pressure water reactor (PWR) table of variables.
DEVIATTON 23 VARIABLE (86)
Waste (Radioactive) Gas Holdup Tank Pressure (Waste Gas Decay Tank Pressure)
DEVIATION FROM RG 1.97 GUIDANCE RG 1.97, Revision 2, recommends that waste (radioactive) gas holdup tank pressure be monitored from 0 to 150% of design pressure. WBN recommends that the pressure be monitored from 0 to 100% of design pressure (150 psig).
JUSTIFICATION The design pressure of the waste gas decay tanks is 150 psig. The waste gas decay tanks are equipped with pressure relief valves set at 150 psig. Therefore, WBN's position is that monitoring of the tanks to pressures higher than the relief setpoints is not necessary. WBN considers the existing range of 0 to 100% of design to be acceptable.
DEVIATION 24 VARIABLE (3)
Containment Pressure (Narrow Range)
DEVIATION FROM RG 1.97 GUIDANCE RG 1.97, Revision 2, recommends Type B and Type C variable which covers a ,range of
-5 psig to the design pressure. WBN recommends a lower range of -2 psig using a Type Al, B1, C1, and D2 variable (with no deviation to the upper range).
JUSTIFICATION The WBN containment vessel design net external pressure is 2 psig. inadvetant Inadvertent containment spray initiation will cause rapid depressurization inside IChange 4J containment. However, for this event the pressure will drop below the minimum design pressure. Another event that can cause a depressurization inside containment is continuous inadvertent air return fan operation. However, this will occur slowly enough to allow the operators sufficient time to observe trending of containment depressurization and afford ample opportunity to terminate the air fan operation and manually open the lower compartment pressure relief line.
INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY 7.5-49
WATTS BAR WBNP-104 Table 7.5-2 Regulatory Guide 1.97 Variable List (Deviation and Justification for Deviations)
(Page 33 of 41)
In addition, the containment pressure wide range instrumentation (-5 to 60 psig) overlaps the -2 psig lower range instrumentation. The -2 psig value is the lower design limit and is consistent with the use of upper range design limit of 15 psig. Hence, a lower range value of -2 psig is appropriate for WBN.
DEVIATION 25 VARIABLE (84)
High Level Radioactive Liquid Tank Level (Tritiated Drain Collector Tank)
DEVIATION FROM RG 1.97 GUIDANCE RG 1.97, Revision 2, recommends a range for this variable from top to bottom. WBN recommends a range from 11 to 133 inches from the bottom of the tank.
JUSTIFICATION The capacity of the tank is approximately 24,700 gallons. The quantity of water that is excluded from the range of the indication is approximately 1000 gallons at the bottom and an equal amount at the top. Thus, the present range is capable of monitoring approximately 22,700 gallons which is about 92% of the total capacity of the tank. TVA thereby considers the proposed range for the existing level taps (11 to 133 inches from the bottom of the tank) to be sufficient for indicating post accident storage volume for this tank.
DEVIATION 26 VARIABLE (97E)
Reactor Coolant Boron DEVIATION FROM RG 1.97 GUIDANCE RG 1.97, Revision 2, recommends that the analysis range for boron content in the primary coolant and sump be between 0 to 6,000 parts per million (ppm) and be monitored with a Type B3 and E3 variable. WBN recommends that the range be between 50 to 6,000 ppm and be monitored with a Type E3 variable.
JUSTIFICATION For boron concentrations below 500 ppm, the tolerance for WBN's instrumentation would be limited to plus or minus 50 ppm. This tolerance band is considered by WBN to be acceptable for ensuring that post-accident shutdown margin is maintained. change 4 7.5-50 INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY
WATTS BAR WBNP-104 Table 7.5-2 Regulatory Guide 1.97 Variable List (Deviation and Justification for Deviations)
(Page 36 of 41)
The following paragraphs describe how WBN's program is designed to monitor radiation exposure rates.
A large number of useful missions outside the MCR during accident conditions may be postulated. These missions would be for activities, such as equipment maintenance, grab sample acquisition, and laboratory analyses of grab samples, that might enhance accident mitigation. Exposure rates encountered on these missions would vary over a wide range. This variability arises from the fact that most high exposure outside the containment during accident conditions would be attributable to contained sources and, therefore, be strong functions of distance from the sources. Because of the wide exposure rate variability, the installation of even a large number of high range exposure rate monitoring instruments at selected locations on projected mission routes might not contribute substantially, either to the planning of missions for accident mitigation purposes or to the minimization of dose equivalent to personnel performing the missions.
Based on the above considerations, the WBN radiation monitoring system design uses portable high-range exposure rate instruments in lieu of installed high-range exposure rate monitors. Crews attempting missions outside the MCR following an accident would include Radiological Control personnel provided with high-range exposure rate instrumentation. The range of the Type E portable instrumentation available for this purpose is 1.OE-3 R/hr to 1.0E4 R/hr, which is consistent with the range required for area exposure rate monitoring.
Additionally, the TVA radiation monitoring system presently includes normal range area monitors, each with a range from 1.OE-1 MR/hr to 1.0E4 MR/hr. These monitors are located throughout the plant in areas where personnel access is common. Although, the area monitors are not required to be within the scope of the environmental qualification program and they are not included in the PAM program, monitors located outside the primary containment and'other locations of high post accident exposure rates can be I Change 4 expected to remain on scale and to continue to provide exposure rate indication with required accuracy during accident conditions. The monitors that remain on scale will provide useful input to MCR personnel for assessment of plant exposure rate levels during accident conditions. Based upon this assessment and WBN Radiological Emergency Plan dose limitations, a decision will be made as to whether or not missions outside the MCR would be attempted. In summary, the WBN position on high range accident monitoring ;is that high range exposure rate instrumentation will not be installed and that high range monitoring will be provided by portable monitoring instrumentation that meets the RG 1.97 required range.
INSTRUMENTATION SYSTEMS IMPORTANT TO SAFETY 7.5-53
WATTS BAR WBNP-104 Printer A high-resolution laser printer is provided for printout of system status, waveform graphs, and other data for the generation of reports. The printer features are only available I Change 4 locally in the LPMS cabinet.
Testing The testing program scope is addressed in Reference [6].
7.6.8 Interlocks for RCS Pressure Control During Low Temperature Operation The basic function of the RCS overpressure mitigation system during low temperature operation is discussed in Section 5.2.2.4. As noted in Section 5.2.2.4, this pressure control system includes manually armed semi-automatic actuation logic for the two Pressurizer Power Operated Relief Valves (PORVs). The function of this actuation logic is to continuously monitor RCS temperature and pressure conditions; the actuation logic is manually unblocked when plant operation is at a temperature below the arming setpoint. The monitored system temperature signals are processed to generate the reference pressure limit program which is compared to the actual measured system pressure. This comparison will provide an actuation signal to cause the PORV to automatically open if necessary to prevent pressure conditions from exceeding allowable limits. See Figure 7.6-5 for the block diagram showing the interlocks for RCS pressure control during low temperature operation.
Two separated, independent sets of controls are provided for the interlocks, with the required process variables being derived from redundant protection sets as follows:
(1) Protection Set I (a) Wide Range RCS Temperature (TE-68-1, TE-68-18, TE-68-24, TE-68-41)
(2) Protection Set II (a) Wide Range RCS System Pressure (PT-68-68).
(b) Wide Range RCS Temperature (TE-68-43, TE-68-60, TE-68-65, TE-68-83)
(3) Protection Set III (a) Wide Range RCS System Pressure (PT-68-66).
The wide range temperature signals, as inputs to the Protection Sets I and II, continuously monitor RCS temperature conditions. In Protection Set I, the existing RCS wide range temperature channels on RCS loops 1 and 2 provide inputs to the Eagle 21 digital process protection system. Eagle 21 provides isolated analog signals to the digital process control system. An auctioneer function selects the lowest temperature signal which is then used to calculate an acceptable reference pressure limit (PORV setpoint) considering the plant's allowable pressure and temperature 7.6-8 ALL OTHER SYSTEMS REQUIRED FOR SAFETY
WATTS BAR WBNP-104 Shield building tritium samplers are listed in Table 11.4-2. Continuous tritium samplers (Unit 1 and 2 Shield Buildings) collect gaseous effluent tritium samples from the isokinetic sampling probes. These samples are collected for laboratory analysis. These sampling points are defined in the ODCM. The sampling tables in the ODCM list the type of samples required, the frequency and the analysis required for each release point.
Radioanalytical sampling instrumentation, sampling frequencies, sampling procedures and lower limits of detection are established to provide assurance that 10 CFR 50 Appendix 1,10 CFR 20, and 40 CFR 190 limits are not exceeded.
11.4.4 CALIBRATION AND MAINTENANCE The calibration and maintenance procedures for the process monitors are discussed below.
Each detector and/or its associated electronics has a built in mechanism for checking operability. Built-in check sources can be remotely actuated from its ratemeter mounted either locally or in the MCR. The radioactive check source materials for the normal range IChange 41 gaseous and liquid monitors are listed in Table 11.4-5.
Response checks, Galib-, AtiOn checks, and elcotroniG calibration Source checks, channel [Change 10 checks, channel operational tests (COTs) and channel calibrations are performed periodically, per the ODCM, Technical Specifications, or maintenance instructions as appropriate. The maximum interval for a eeIehannel calibration and performan. e [Change 10 Gheek for any monitor is 22.5 months (18 months plus 25%).
Maintenance is performed, as necessary, if abnormalities are detected during any of the above checks. Unscheduled maintenance is performed, as required.
PROCESS AND EFFLUENT RADIOLOGICAL MONITORING AND SAMPLING SYSTEM 11.4-9
WATTS BAR WBNP-104 12.3.4.1.2.1 Area Monitor Detector The detectors for the Reactor Building upper and lower compartment post accident monitors and upper compartment personnel lock monitor are ion chambers. The other area monitors employ Geiger-Mueller type gamma detectors. Each detector has its own independent high-voltage power supply located on panel 0-M-12 or 1-,2-M-30 in the main control room.
The Reactor Building upper and lower compartment post accident monitors are redundant high range monitors which are required to meet the requirements of RG 1.97 and NUREG-0737.
12.3.4.1.2.2 Main Control Room Ratemeter (0-M-12, 1-,2-M-30)
Ratemeters are of solid-state construction containing a solid-state, high-voltage power supply. Alarms are provided on the ratemeter chassis for high radiation and instrument malfunction. Visual and audible alarms are provided for high radiation and instrument malfunction in the main control room.
12.3.4.1.2.3 Local Indicator-Alarm Panel With the exception of the main control room and Reactor Building upper and lower compartment post accident monitors, each monitor has a locally mounted panel which contains an indicator, a visual and audible high radiation alarm, and a power-on light.
12.3.4.1.2.4 Multipoint Recorders (Main Control Room O-M-12, 1-,2-M-31)
The area monitors, with the exception of the Reactor Building upper and lower compartment post accident monitors, are recorded on multipoint recorders on panel 0-M-12, which is in the MCR. The upper and lower compartment post accident monitors are input to the Integrated Computer System (ICS) for recording purposes.
12.3.4.1.2.5 Monitor Sensitivity and Range The ranges of the instrumentation provided are given in Table 12.3-4. The area monitors set points, adjustable over the entire range, are determined by the radiation control group based on operating background levels. The setpoints for the Reactor Building upper and lower compartment post accident monitors are determined by engineering analysis. .-.U-1ýp fL V'-
12.3.4.1.3 Area Monitor Calibration and Maintenance With the exception of the Reactor Building upper and lower compartment post accident o,iot ,J e..-f monitors, periodic testing of each area monitor includes a channel calibration performed at least once per 22.5 months (18 months plus 25%), and a channel operational test (COT) performed perdedieamyevery 3 months, or at a frequency established by analysis of calihrntion history to ensure performance with a 95% probability at a 95% confidence I-hange9 nerformance with a 95% Drobabilitv at a 95% confidence I of level. testing tois Prisurp IMonitor history caljL[;;t6nn performed in accordance with icensing.or TVA pro.gram reqee~eptAs4Technical Specifications, Offsitc Dose Cauoation Manual (ODC'), or the [Change 11T TVA calibration program). Testing of the Reactor Building upper and lower compartment post accident monitors is performed in accordance with the Technical Specifications.
RADIATION PROTECTION DESIGN FEATURES 12.3-19
WBN Unit 2 FSAR Section 12.3.4.1.3 With the exception of the Reactor Building upper and lower compartment post accident monitors, periodic testing of each area monitor includes a channel calibration performed at least once per 22.5 months (18 moths plus 25%) and a channel operational test (COT) performed every 3 months. The three month COT frequency may be extended ifjustified by a statistical analysis of historical COT records for the same or similar monitors (similar channel circuitry and actuators) . This analysis must establish with a 95% probability at a 95% confidence level that the monitor channel will be found within the established test acceptance criteria (as found band) in subsequent tests for the established COT frequency. Monitor testing...
Enclosure 1 TVA Letter Dated August 4, 2011 Responses to Licensee Open Items to be Resolved for SER Approval Attachment 3 Evaluation of Common Q PAMS Conformance to Regulatory Guide 1.209 And IEEE Standard 323-2003
Westinghouse Common Q Post-Accident Monitoring System (PAMS)
RG 1.209 and IEEE* 1 323TMO - 2003 Comparison Analysis Page 1 of 5
Background
The Westinghouse Common Q~T Post-Accident Monitoring System (PAMS) was designed to meet the requirements of IEEE-323 -1983, "IEEE Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations" and Regulatory Guide 1.89, "Environmental Qualification of Certain Electric Equipment Important to Safety for Nuclear Power Plants" Revision 1 which endorses IEEE-323 -1974. Regulatory Guide 1.89 deals with qualification of equipment located in a harsh environment while IEEE-323 includes requirements for qualification of equipment in harsh and mild environments.
Due to the increasing use of digital instrument and control systems located in mild environments, the NRC issue Regulatory Guide 1.209, "Guidelines for Environmental Qualification of Safety-Related Computer- Based Instrumentation and Control Systems in Nuclear Power Plants," which endorses IEEE 323-2003 subject to five enhancements and exceptions. Because the PAMS is a digital system located in a mild environment, the NRC staff questioned whether or not-the system meets the current regulatory standards. This is-a comparison of the requirements of the Watts Bar Nuclear:Unit 2 (WBN2) PAMS design basis, to the current regulatory guidance.
Discussion The PAMS design and qualification meets the requirements of IEEE 323-1983. Since IEEE Std 323-2003, a revision of IEEE Std 323-1983, the determination is based on the differences between the 1983 and 2003 revision. The introduction to IEEE 323-2003 lists the clarifications and changes made in the revision. These are:
- 1. The standard can be applied to the qualification of equipment in mild environments with reduced documentation requirements.
- 2. The various terms used to identify the design basis events were consolidated into the terms design basis event and basis accident.
- 3. Seismic events are included in design basis events.
- 4. The test margin discussion was enhanced.
- 5. The qualification testing of digital systems and advanced analog systems was revised to include susceptibility testing for EMI/RFI and power surges if appropriate.
- 6. The discussion of aging degradation due to service conditions and its impact on service life was expanded and reinforced.
1 Common Q is a registered trademark of the Westinghouse Electric Company LLC
Westinghouse Common Q Post-Accident Monitoring System (PAMS)
RG 1.209 and IEEE TMI 323TM1 - 2003 Comparison Analysis Page 2 of 5 Analysis of IEEE 323 changes on the qualification of the PAMS:
- 1. This is a clarification. IEEE 323-1983 contains the same guidance with the only change being the reduction of documentation requirements. Since the PAMS meets the 1983 requirements for full documentation it exceeds this requirement change.
- 2. This is an editorial change that does not impact the qualification process. Therefore, the PAMS qualification is in conformance with this change.
- 3. This change does not impact the qualification process. Therefore, the PAMS qualification is in conformance with this change.
- 4. While the discussion was enhanced, the actual margin recommendations did not change.
- 5. The addition of EMI/RFI testing to the qualification test program included adding references to IEEE 603TM2- 1998 and :IEEE 7-4.3.2TM3 - 2003. The PAMS qualification includes testing to Regulatory Guide 1.180, "Guidelines for Evaluating Electromagnetic and Radio-Frequency Interference in Safety-Related Instrumentation and Control Systems," Revision 0 for legacy hardware and Regulatory Guide 1.180, Revision 1 for all new, or modified equipment as stated in WNA-LI-00058-WBT-NP, Revision 3, "Post-Accident Monitoring System (PAMS) Licensing Technical Report," which says:
"Westinghouse has performed specific electromagnetic compatibility-tests on the Common Q equipment as defined in Reference 1 in accordance with EPRI TR-1 02323, Guidelines for Electromagnetic Interference Testing in Power Plants, Revision 1 (Reference 3). For newly released components (A1687, A1688) and upgraded components (PC node box, Flat Panel Displays and Common Q power supply),
Westinghouse has tested in accordance with RG 1.180, Rev. 1. As stated in the updated Common Q Topical Report (Reference 50), any new additions to the baseline equipment, whether they are new modules/devices or enhancements to existing modules/devices, will be tested consistent with the requirements of RG 1.180, Rev. 1. No regression EMI testing will be performed; rather the requirements as defined in RG 1.180, Rev. 1, will be followed. Westinghouse will provide a Watts Bar Unit 2 PAMS Equipment Qualification (EQ) summary report (Reference 49) containing the EMC test results. TVA will perform an EMI site survey for the installation PAMS indication system."
Based on the above, the PAMS qualification does not meet the requirements of the 2003 revision because it does not use the guidance of IEEE 603 - 1998 and IEEE 7-4.3.2 -
2003 as a basis for electromagnetic compatibility testing.
- 6. The expanded discussion does impact the qualification testing process. Therefore, the PAMS qualification is in conformance with this change.
2 IEEE 603 is a registered trademark of the Institute of Electrical and Electronics Engineers, Incorporated.
3 IEEE 7-4.3.2 is a registered trademark of the Institute of Electrical and Electronics Engineers, Incorporated.
Westinghouse Common Q Post-Accident Monitoring System (PAMS)
RG 1.209 and IEEETMI 323TM1 - 2003 Comparison Analysis Page 3 of 5 Regulatory Guide 1.209 endorses the guidance of IEEE 323-2003 with the following enhancements and exceptions:
(1) For environmental qualification of safety-related computer-based I&C systems, type testing is the preferred method. Selective use of the service conditions mentioned in Section 6.1.5.1 of IEEE Std. 323-2003 should be based on the actual environmental conditions. The type tests may be manufacturer's tests that document performance to the applicable service conditions with due consideration for synergistic effects, if applicable. The NRC does not consider the age conditioning in Section 6.2.1.2 to be applicable because of the absence of significant aging mechanisms on microprocessor-based modules.
(2) With appropriate justification, IEEE Std. 323-2003 allows the omission of elements of the test plan in Section 6.3.1.1 and the test sequence in Section 6.3.1.7 for mild environment qualification. The qualification testing should be performed with the I&C system .
f-functioning;, with software and diagnostics that are representative of those used-in actuat*.
operation, while the system is subjected to the specified environmental service : -- _ -
conditions, including abnormal operational occurrences. Testing. should exercise all portions of the safety-relatedcomputer-based I&C systems necessary to:accomplish the-safety-related function or those portions whose operation or'failure could impair the.-ý-
safety-related function. Qualification testing should confirm the response of digital interfaces and verify that the design accommodates the potential impact of environmental effects on the overall response of the system. Although testing of a safety-related computer-based I&C system as a whole is preferred,type testing an entire system as a unit is not always practical. In those cases, confirmation of the dynamic response to the most limiting environmental and operational conditions for a computer-*
based I&C system is based on type testing of the individual modules and-analysis of the cumulative effects of environmental and operational stress on the entire system.
(3) Section 6.3.1.7(C) of IEEE Std. 323 - 2003 provides a note to the standards applicable to testing for electromagnetic interference/radio frequency interference (EMI/RFI) and surge as environmental conditions. Guidelines for conducting electromagnetic susceptibility testing of safety-related I&C systems appear in Revision 1 of Regulatory Guide 1.180, "Guidelines for Evaluating Electromagnetic and Radio-Frequency ----- :. I Interference in Safety-Related Instrumentation and Control Systems," issued October 2003 (Ref. 23), and in Revision 1 of EPRI4 TR 102323, "Guidelines for Electromagnetic Interference Testing in Power Plants" (Ref. 24), as endorsed in a related SER dated April 17, 1996 (Ref. 25).
(4) For safety-related computer-based I&C systems intended for implementation in a mild environment, the NRC staff takes exception to Section 7.1 of IEEE Std. 323-2003. The evidence of qualification in a mild environment should be consistent with the guidance given in Section 7.2 selectively based on actual environmental conditions, and the records should be retained at a facility in an auditable and readily accessible form for review and use as necessary.
4 EPRI is a registered service mark of Electric Power Research Institute, Inc.
Westinghouse Common Q Post-Accident Monitoring System (PAMS)
RG 1.209 and IEEE* 1 323TMO - 2003 Comparison Analysis Page 4 of 5 (5) Regulatory Guide 1.89 (Ref. 8) offers guidance for the environmental qualification of electrical equipment located in a harsh environment, as required by 10 CFR 50.49. For safety-related computer-based I&C systems installed in a harsh environment, the regulatory positions of this guide supplement the harsh environment qualification practices endorsed in Regulatory Guide 1.89.
Analysis of Regulatory Guide 1.209 enhancements and exceptions on the qualification of the PAMS:
(1) Westinghouse performed environmental qualification testing of the PAMS equipment by type testing using service conditions that meet or exceed the Watts Bar Unit 2 environmental data for the equipment location. Therefore, the PAMS qualification meets this requirement.
(2):=Westinghouse type testing of the Common Q hardware is performed on a modular or
-- assembly basis with-repreSentative, software running during the test. The acceptance
- -riteria requires that parameters remain in tolerance before, during and after the-test. -
"-EMI/RFI testing was performed in accordance with Regulatory. Guide 1.180.revision 0 or as previously discussed. --A data storm test of the digital -interface to the plant computer was performed as part of the factory acceptance test. The summary of all qualification testing is provided in EQ-QR,68-WBT-P, "Qualification.Summary Report for Post-
.Accident Monitoring System (PAMS)," Revision 0. Thereforer the PAMS qualification meets this requirement.
(3) The regulatory guide takes exception to the EMI/RFI requirements of IEEE 323 - 2003
- and requires that EMI/RFI testing be performed in accordance with Regulatory Guide 1.180 Revision 1. As previously stated, the PAMS qualification was done to either Regulatory Guide 1.180 Revision 0 or Revision 1.
The difference between Revision 0 and Revision Iof Regulatory Guide 1.180 is that Revision 1 added additional methods that are acceptable for performing EMI/RFI and power surge qualification testing. Both documents endorse EPRI Topical Report, TR-102323, "Guidelines for Electromagnetic Interference Testing in Power Plants," Revision
-_ -4'1. As shown in WNA-LI-00058-WBT-P, "Post-Accident Monitoring System (PAMS)
Licensing Technical Report," Revision 3 the PAMS qualification testing was done in accordance with TR-1 02323, Revision 1. Therefore, the PAMS qualification meets this requirement.
(4) The regulatory guide takes exception to the relaxation of the documentation requirements allowed by the IEEE 323 - 2003. Since the PAMS documentation is in accordance with the requirements of IEEE 323 - 1983, it meets this requirement.
(5) The PAMS equipment is located in a mild environment. Therefore, this enhancement is not applicable to the PAMS qualification.
Westinghouse Common Q Post-Accident Monitoring System (PAMS)
RG 1.209 and IEEETMI 323TMI - 2003 Comparison Analysis Page 5 of 5 Conclusions As described above, the Common Q PAMS qualification is in compliance with the requirements of the Regulatory Guide 1.209 Regulatory Position. Therefore, the PAMS qualification is in accordance with the requirements of IEEE 323 - 2003 as modified by the enhancements and exceptions of Regulatory Guide 1.209.
No further action is necessary.
References a) WBN2 FSAR Section 7.1 and Table 7.1-1, proposed Change Package b) Regulatory Guide 1.89, "Environmental Qualification of Certain Electric Equipment Important to Safety for.Nuclear Power Plants' Revision 1 . ..
-.-... c) Regulatory Guide 1 180.-'"Guidelines for Evaluating-E-1ectromagnetic and Radio-.
Frequency Interference-in Safety-Related Instrumentation and Control Systems,"
Revision 0 d) Regulatory Guide 1.180, "Guidelines for. Evaluating Electromagnetic and Radio-Frequency Interference in Safety-Related Instrumentation and Control Systems,"..
Revision 1 e) Regulatory Guide 1.209, "Guidelines for Environmental Qualification of Safety-Related Computer-Based Instrumentation and Control Systems in Nuclear Power Plants,"
Revision 0 f) ANSI/IEEE 323-1983 "IEEE Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations" g) IEEE 323-2003 "IEEE Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations" h) EPRI Topical Report,:TR-1 02323, "Guidelines for Electromagnetic Interference Testing in Power Plants" Revision 1.
i) WNA-LI-00058-WBT-P, "Post-Accident Monitoring System (PAMS) Licensing Technical Report," Revision 3 j) EQ-QR-68-WBT-P, "Qualification Summary Report for Post-Accident Monitoring System (PAMS)," Revision 0 M. S. Clark / p///
Prepared by I Date S.A.Hilmes , , Z3 Reviewed by /D~e( /
Enclosure 2 TVA Letter Dated August 4, 2011 Responses to Licensee Open Items to be Resolved for SER Approval List of Attachments
- 1 [01-349])
- 5 [01-367], #6 [01-368], #7 [01-369], #8 [01-370], and #9 [01-371])
- 3. Evaluation of Common Q PAMS Conformance to Regulatory Guide 1.209 and IEEE Standard 323-2003 (Letter Item #9 [01-371])
E2-1
Enclosure 3 TVA Letter Dated August 4, 2011 Responses to Licensee Open Items to be Resolved for SER Approval List of References
- 1. TVA to NRC letter, "Watts Bar Nuclear Plant (WBN) Unit 2 - Instrumentation And Controls Staff Information Requests," dated May 6, 2011 (Letter Items #2 [01-364], #3 [01-365], and
- 4 [01-366])
E3-1
Enclosure 4 TVA Letter Dated August 4, 2011 Responses to Licensee Open Items to be Resolved for SER Approval List of New Regulatory Commitments
A. Letter Item #2 [01-364]
Attachment 2 contains the proposed FSAR change which addresses item 2 of the original request and the follow-up request by updating the definition of Type A variables to include the additional TVA selection criteria and adding note 14 to Table 7.5-2 for the containment high radiation monitors which will be included in a future amendment.
B. Letter Item #3 [01-365]
Attachment 2 contains the proposed FSAR change which adds Regulatory Guide 1.75, Revision 3 to Table 7.1-1 which will be included in a future amendment.
C. Letter Item #4 [01-366]
Attachment 2 contains the proposed FSAR change which adds Regulatory Guide 1.100, Revision 3 to Table 7.1-1 which will be included in a future amendment.
D. Letter Item #5 [01-367]
Attachment 2 contains the proposed FSAR change which adds Regulatory Guide 1.153, Revision 1 to Table 7.1-1 as applicable to the Common Q PAMS which will be included in a future amendment.
E. Letter Item #6 [01-368]
Attachment 2 contains the proposed FSAR change which adds Regulatory Guide 1.152, Revision 2 to Table 7.1-1 which will be included in a future amendment.
F. Letter Item #7 [01-369]
Attachment 2 contains the proposed FSAR change which adds IEEE 7-4.3.2 to Table 7.1-1 as being applicable to the WBN Unit 2 Common Q PAMS which will be included in a future amendment.
G. Letter Item #8 [01-370]
Attachment 2 contains the proposed FSAR change which adds Regulatory Guide 1.168, Revision 1 to Table 7.1-1 as being applicable to WBN Unit 2 Common Q PAMS which will be included in a future amendment.
H. Letter Item #9 [01-371]
Attachment 2 contains the proposed FSAR change which adds Regulatory Guide 1.209 and IEEE Standard 323-2003 to Table 7.1-1 as being applicable to the Common Q PAMS which will be included in a future amendment.
E4-1