Diablo Canyon, Units 1 and 2 - Invensys Operations Management Document 993754-1-813, Validation Test Plan, Revision 1, Attachment 6

ML12222A101
Person / Time
Site:	Diablo Canyon
Issue date:	06/07/2012
From:	Nguyen L Invensys Operations Management, Invensys/Triconex
To:	Office of Nuclear Reactor Regulation
References
PG&E Letter DCL-12-069 993754-1-813, Rev 1
Download: ML12222A101 (43)
v • d • e

Text

Attachments 9-11 to the Enclosure contain Proprietary Information

-Withhold Under 10 CFR 2.390 Enclosure Attachment 6 PG&E Letter DCL-1 2-069 Invensys Operations Management Document"993754-1-813, Revision 1, Validation Test Plan" Attachments 9-11 to the Enclosure contain Proprietary Information When separated from Attachments 9-11 to the Enclosure, this cover sheet is decontrolled.

in Ve. n s" s Operations Management i n V. rl ww s" Triconex Project: IPG&E PROCESS PROTECTION SYSTEM REPLACEMENT Purchase Order No.: 3500897372 Project Sales Order: 1993754 PACIFIC GAS & ELECTRIC COMPANY NUCLEAR SAFETY-RELATED PROCESS PROTECTION SYSTEM REPLACEMENT DIABLO CANYON POWER PLANT VALIDATION TEST PLAN (VTP)Document No. 993754-1-813

(-NP)Revision 1 June 07, 2012 I I Non -Proprietary copy per 1 OCFR2.390-Areas of Invensys Operations Management proprietary information, marked as [P], have been redacted based on I OCFR2.390(a)(4).

Name Signature Title Author: -Loc Nanyen 96AP'7^'#

Nuclear IV&V Engineer Reviewers:

Son Phan -i Nuclear IV&V Engineer Approvals:

Kevin Vu sl!r 6 Leg,, Nuclear IVV Manager V', p or tecltc ýerno:'

in e~s.i~ in Ve. n .ws i n Voe. n sM.ge sT Operations Management Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 2 of 42 Date: 06/07/2012 Document Change History Revision Date Change Author 0 10/13/11 Initial Issue L. Nguyen 1 06/07/12 -Sec 1.2: Revised test scope to include NetOptics Network L. Nguyen Aggregator Tap and MWS as test tools.-Sec 1.3.2: Add media converters.-Sec 1.3.3: Include Media Converters, NetOptics Network Aggregator Tap and MWS as part of communication testing in FAT.-Sec 1.4: Update Figure 1.-Sec 1.4.2: Identify four separate TSAPs for Protection Set 1, Protection Set II, Protection Set III, and Protection Set IV will be subjected for validation of this project.-Sec 1.4.3: Add MWS application specific software and"Wireshark" to the list of Software that is not subject to Validation.-See 1.4.4: Revise System communication to include the NetOptics Network Port Aggregator Tap and MWS complete interface testing with the VI 0 Tricon into IV&V scope of testing.-Sec 4.5.1: Add "Wireshark", MWS, and Ethernet hub as part of the test tools list. Update Tool List.-Sec 5.1.1: Update Discrete Input Modules description.-Sec 5.1.2, Table2: Add Online Test and Calibration, and Maintenance as part of V 10 Tricon TSAP features that will be executed via MWS.-Sec 5.1.5, item d: Delete SVT and validation of data quality tagging routine (Not within this project scope).g. Add Validation of Online Testing and calibration

h. Add Validation of Maintenance.

i. Add Validation of Tricon Diagnostic.-Section 7.2: Clarify Tricon assigned worst case response time is 200 msec.-All sections:*Revise references from FRS and IRS to HRS or SRS accordingly.

• Change "TriStation 1 31 Application Programming Software" to "TriStation 1131 Developer's Workbench Software".

• Denote Protection Set as Protection Set.*Denote "TriStation Application Project" as TSAP*Editorial changes to incorporate PG&E comments.I I.1 4 +

in~e~i n V'e. n "v Operations Management Triconex Document:

993754-1-813 1 Title: DCPP PPS Validation Test Plan Revision:

1 Page: 3 of 42 Date: 06/07/2012 Table of Contents L ist of T ables ....................................................................................................

5 L ist of F igures ...........................................................................................................

6 1. P urpose and Scope .........................................................................................

7 1. 1. Purpose ............................................................................................................................................................

7 1.2 .S co p e ...............................................................................................................................................................

7 1.3. Test Plan Overview .........................................................................................................................................

8 1.3.1. Pre-Factory Acceptance Test (pre-FAT)

........................................................................................

8 1.3.2. Hardware Validation Test (HVT) ....................................................................................................

9 1.3.3. Factory Acceptance Test (FAT) ......................................................................................................

9 1.4. V10 Tricon portion of the PPS ............................................................................................................

11 1.4. 1. Hardware ............................................................................................................................................

12 1.4.2. Software ..............................................................................................................................................

12 1.4.3. Software that is not subject to Validation

......................................................................................

12 1.4.4. System Communication

......................................................................................................................

12 1.4.5. System interfaces

................................................................................................................................

13 2. R eferences

.........................................................................................................

15 2. 1. Industry Documents

.......................................................................................................................................

15 2.2. NRC Documents

............................................................................................................................................

15 2.3. Pacific Gas & Electric Documents

...........................................................................................................

15 2.4. Invensys Operations M anagement Documents

.........................................................................................

15 3. Definitions and Acronyms ...............................................................................

16 3. i. Definitions

.....................................................................................................................................................

16 3.2. Acronyms ......................................................................................................................................................

17 4. T est O verview ...............................................................................................

19 4. 1. Organization

..................................................................................................................................................

19 4.1.1. Test Plan Preparation

..........................................................................................................................

19 4.1.2. Staffing and Training Needs .........................................................................................................

19 4.2. Schedule ........................................................................................................................................................

20 4.3. Resources

......................................................................................................................................................

21 4.4. Responsibilities

.............................................................................................................................................

22 4.5. Tools, Techniques, and M ethodologies

....................................................................................................

23 4.5.1. Tools ...................................................................................................................................................

23 4.5.2. Techniques and M ethodologies

....................................................................................................

24 5. T est R equirem ents ........................................................................................

25 i n V'e. n s-" i .v. ..Operations Management Triconex Document:1 993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 4 of 42 Date: ] 06/07/2012

5. 1. General ..........................................................................................................................................................

25 5.1. 1. Hardware ............................................................................................................................................

26 5.1.2. Software ..............................................................................................................................................

26 5.1.3. Pre- Factory Acceptance Test (Pre-FAT)

......................................................................................

29 5.1.4. Hardware Validation Test (HVT) ..................................................................................................

30 5.1.5. Factory Acceptance Test (FAT) ...................................................................................................

30 5.2. Risks and Contingencies

................................................................................................................................

32 5.3. Environm ental N eeds ....................................................................................................................................

32 5.4. Approvals

......................................................................................................................................................

33 5.4. 1. Validation Test Plan Approvals

....................................................................................................

33 5.4.2. Validation Test Docum ent Approvals

...........................................................................................

33 6. Test Implementation

....................................................................................

35 6. 1. Test Tasks ......................................................................................................................................................

35 6.2. Test Approach ...............................................................................................................................................

36 6.2.1. Docum ent Review ...............................................................................................................................

36 6.2.2. Hardware Validation and Inspection (HVT) ..................................................................................

36 6.2.3. Power-Up Inspection and Tests (HV T) ........................................................................................

37 6.2.4. Hardware Calibration Checks and Testing using M&TE (HVT) ...................................................

37 6.2.5. Version Verification Checks (H VT) .............................................................................................

37 6.2.6. Device Com m unication (FAT) ......................................................................................................

37 6.2.7. Validation Testing (HV T and FAT) .............................................................................................

37 6.3. Design Features N O T Tested ........................................................................................................................

38 7. Acceptance Criteria ......................................................................................

39 7. 1. General ..........................................................................................................................................................

39 7.2. Response tim es ..............................................................................................................................................

39 7.3. Accuracy ........................................................................................................................................................

39 7.4. Anom aly Reporting and Resolution

.........................................................................................................

39 7.5. Deviation Policy (Suspension

& resum ption) ...........................................................................................

39 8. Test Implementation and Documentation

..................................................

41 8. 1. Test Sum m ary Reports ..................................................................................................................................

41 8.2. Anom aly Reports ...........................................................................................................................................

42 8.3. Required control procedures

.........................................................................................................................

42 i n V'e. n s'.u s" Operations Management i n Ve. n s'.w s" Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

1 Page: 5 of 42 Date: 06/07/2012 List of Tables Table 1. Validation Test Schedule ............................................................................................

20 in Ve. ns. s Operations Management in Ve. n s'.# s" Triconex Document:

1 993754-1-813 Title: I DCPP PPS Validation Test Plan Revision:

1 Page: 6 of 42 Date: 06/07/2012 List of Figures Figure 1: Tricon Protection Set and its Class II Communication

................................................

11 i n ve. n s-i s-in V e. n s* .w s*Operations Management Triconex Document:1 993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

1 Page: 7 of 42 Date: 06/07/2012

1. Purpose and Scope 1.1. Purpose The purpose of this Validation Test Plan (VTP) is to prescribe the scope, approach, and resources of the testing activities that are required to be performed for the V 10 Tricon portion of the Diablo Canyon Power Plant (DCPP) Process Protection System (PPS) to support the following: " To detail the activities required to prepare for and conduct the system integration tests." To identify the tasks for responsible teams to perform and the schedule to be followed in performing the tasks." To define the sources of the information used to prepare the plan." To define the test tools and environment needed to conduct the system test.1.2. Scope The DCPP PPS system is classified as nuclear safety related (Class I E), and all project nuclear safety related activities shall comply with the applicable requirements of Invensys Operations Management Nuclear Quality Assurance Manual (IOM-Q2) [Ref 2.4.1 ] and any additional quality requirements specified in the Project Management Plan (PMP) [Ref 2.4.5], Project Quality Plan (PQP)[Ref 2.4.6], Software Quality Assurance Plan (SQAP) [Ref 2.4.7], and Software Verification and Validation Plan (SVVP) [Ref 2.4.8].This VTP will address safety concerns during the development of Protection Set software test specifications, procedures and test cases, Pre- Factory Acceptance Test (Pre-FAT) and Factory Acceptance Test (FAT). Software-contributed hazards will be tracked and mitigated adequately throughout the development lifecycle (via the Project Traceability Matrix (PTM) and Hazard Tracking List). The performance of assessments of the software safety mitigation effort and their effectiveness shall be addressed in each phase summary report and final report.This VTP is prepared in accordance with Test Control, PPM 6.0 [Ref 2.4.4], Application Program Development PPM 7.0 [Ref 2.4.4], and follows the guidelines described in IEEE 1012-1998 "IEEE Standard for Software Verification and Validation" [Ref 2. 1.].The PPS is composed of four separate Protection Sets: Protection Set 1, Protection Set 1I, Protection Set Ill, and Protection Set IV, each comprising the V 10 Tricon, the Westinghouse Advanced Logic System (ALS) platform, and the Maintenance Workstation (MWS). The ALS and MWS are not within scope of supply of this project.The test scope of this project will include hardware of all four V10 Tricon Protection Sets and their related TriStation Application Projects (TSAP). MWS and the communication peripherals (Media converters and NetOptics Port aggregator Taps) will be utilized as test tools for complete interface tests between V 10 Tricon Protection Set and MWS.

i n Ve. ns'.w s" In Ve. n s-. s-rcoe Operations Management Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 8 of 42 Date: 06/07/2012 ALS 4-20 milliamp resistance temperature detector (RTD) inputs to the VI 0 Tricon will be simulated during the Factory Acceptance Test (FAT). Refer to the Hardware Requirements Specification (HRS) [Ref 2.4.9] for additional information.

From here on, the V I0 Tricon portion of the Protection Set will be referred to as V10 Tricon Protection Set and the safety related TriStation Application Project will be denoted as TSAP.1.3. Test Plan Overview This VTP covers a full system test for the VI10 Tricon four (4) Protection Sets. This includes application functions, system interfaces, and system performance (e.g., response time). This VTP addresses only the safety related TSAP V 10 Tricon Protection Set application code developed using TriStation 1131 Developer's Workbench Software (TS 113 1). This VTP does not include V&V of the TS 1131 programming tool, which will be used to develop the TSAP software.Hardware and software procured by vendors other than Invensys Operations Management will be verified and validated by the originating organization under separate programs.

For specific system requirements, refer to the Software Requirement Specifications (SRS) [Ref 2.4.10] and HRS [Ref 2.4.9].Testing is performed to ensure satisfactory hardware, software and integration system performance in accordance with Tricon SRSs and HRSs. Measurement and Test Equipment (M&TE) calibration shall be performed before testing activity and traceable to National Institute of Standards and Technology (NIST). Measures will be taken to establish that tools, gages, instruments, and other measuring and testing devices used in activities affecting quality are properly controlled, calibrated, and adjusted at specified periods to maintain accuracy within acceptable limits. Tests performed as part of system integration include: " Pre-Factory Acceptance Test (pre-FAT)" Hardware Validation Test (HVT)* Factory Acceptance Test (FAT)1.3.1. Pre-Factory Acceptance Test (pre-FAT)The purpose of the Pre-Factory Acceptance Test (pre-FAT) is to ensure that the FAT procedure is developed properly in accordance with the V 10 Tricon Protection Set for PPS hardware, TSAP, and associated components function as designed in an operating integrated system environment.

The Pre-Factory Acceptance Test (Pre-FAT) informally executes the Factory Acceptance Test procedures to determine their suitability, correctness, completeness, and efficiency of the test procedures.

Results from the Pre-FAT may be used to identify integration deficiencies.

However, the primary goal of the Pre-FAT is to improve the test procedures themselves prior to the initial run of the FAT.

i n Ve. n s-. s-in Ve. n s.w s" Operations Management Triconex E Document:1 993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

1 Page: 9 of 42 Date: 06/07/2012 1.3.2. Hardware Validation Test (HVT)The purpose of the Hardware Validation Test (HVT) is to validate that the VlO Tricon Protection Set hardware and interfacing hardware components function as designed in an operating integrated system environment prior to FAT.The HVT is developed in accordance with Project Procedures Manual (PPM) 6.0, [Ref 2.4.4]. In order to complete the HVT, each test item must be initialed by test personnel and at the end of each test section an initial and date is required from test personnel, QA, and a Pacific Gas and Electric representative.

The HVT will be performed by simulating Analog Inputs (AI) and Digital Inputs (DI) using M&TE at the terminal blocks which are processed and made available to the non safety-related MWS via the media converters and NetOptics Port Aggregator Taps. The CAPE Software and applicable I/O modules together with hardware test software TSAP and TriStation laptop will be utilized to manipulate point values and display status as necessary.

1.3.3. Factory Acceptance Test (FAT)The purpose of the Factory Acceptance Test (FAT) is to validate that:* The TSAP properly working with V 10 Tricon Protection Set hardware and associated components function as designed in an operating integrated system environment.

• Complete Interface between VI 0 Tricon with Field 1/O and MWS (via media converters and NetOptics Port Aggregator Taps).Note that V10 Tricon System software verification testing will be conducted prior to the FAT as part of verification and validation (V&V) of the V10 Tricon Protection Set software application under separate procedures.

Software verification testing is conducted during the Implementation Phase of the project lifecycle

-see the Software Verification and Validation Plan [Ref 2.4.8] for additional information.

FAT procedures are developed to validate the system requirements as described in HRS, SRS, and System Design Drawings that have been verified and documented in the PTM. Systematic testing will be based on the functional diagrams series drawings [Ref 2.3.5] and will provide for documented check-off of each step. The TSAP is loaded into the V 10 Tricon system and the test procedures implemented.

Pacific Gas & Electric will approve the test procedures prior to starting FAT and have the opportunity to witness FAT. At the highest level, each Protection Set functions as follows: " Perform a system service routine, which initializes, syncs, and establishes the system staging." Process input signals read from Tricon analog input and digital input signals." Perform computations for the programs." Process program results and send output data from the Tricon analog and digital output modules.

i n v'e. n s'.! s" Operations Management i n. V e. n s'.y s, Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 10 of 42 Date: 06/07/2012" Verify the interface (bidirectional communication) between Tricon and MWS via the media converters and NetOptics Port Aggregator Taps." Verify that the NetOptics Port Aggregator Taps will not allow any inbound signal from the Port 1 to Port A and B.

i n Ve. n s'.ý s" Operations Management i nVe. n s'.w s" Triconex Document:

1 993754-1-813 1 Title: DCPP PPS Validation Test Plan Revision:

1 Page: 11 of 42 Date: 06/07/2012 1.4. V10 Tricon portion of the PPS Gateway Switch (Typ of 2)10OBaseT (Copper)(Typ of 2)Prot Set I Maintenance Workstation ,B (Typ of 2)Prot Set I Class II Tricon 1 0OBaseT (Copper)(Typ of 2)Class II Class I Class I Triplicated RS-485 I/O Bus (Copper)Prot Set I ALS Class I Class I Class 11 Prot Set 1 Remote RXM Triplicated E 0 0 Optical Fiber 010 I]L Class II]0r0o0l0o0o0 U Legend:----Multi-Mode Optical Fiber..............

R S-422/R S-485 Serial or 1 0O BaseT C opper 1 4-20 mA Analog Copper-'jim'Figure 1: Tricon Protection Set and its Class II Communication.

iIn Ve. n s-. s i n V e. n s* .w s*Operations Management Triconex Document:1 993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 12 of 42 Date: 06/07/2012 1.4.1. Hardware Each V10 Tricon Protection Set of the PPS Replacement comprises three V 10 Tricon chassis: 1.4.2. Software The TriStation 1131 Developer's Workbench Software (TS 1131) that runs on Microsoft Windows XP operating system will be used to develop the TSAP for the VI 0 Tricon Protection Sets. The four TSAPs for Protection Set I, Protection Set II, Protection Set II, and Protection Set IV will be subjected to validation of this project.Refer to (SRS) [Ref 2.4.10] for additional details.1.4.3. Software that is not subject to Validation

• TS 1131* Tricon Firmware" TS 1131 Standard Libraries* Windows 2000/XP/7TM**

-TriStation Laptop/Workstation OS" MWS application specific software* Wireshark (port monitoring software for windows)** Windows OS, PC, and laptop (these are not tested, but functionally checked prior to test/integration activities).

1.4.4. System Communication The Class I (safety-related)

V I0 Tricon Protection Set will utilize two Tricon Communication Modules (TCM) in the Main Chassis to communicate with external Class II (non-safety) devices.The fiber optic cable electrically isolates the Tricon TCMs from the external Class 1l devices.The NetOptics Network Port Aggregator Taps direct the network traffic between the TCM, MWS and Gateway Switches.

The NetOptics device permits two-way communications between the non-safety MWS belonging to a specific Protection Set and the Tricon in that Protection Set, but allows only one-way communication to other non-safety systems (e.g., the PDN/PPC via the Gateway Switch). The non-safety media converters will be set up between the Tricon Main i n vVe. n s". s i-'e.s Operations Management Triconex Document:1 993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 13 of 42 Date: 06/07/2012 Chassis and the NetOptics Network Port Aggregator Tap. The media converters convert the fiber optic medium at the output of the TCM to copper medium at the input of the NetOptics Network Port Aggregator Tap.The MWS is a non-safety device that will be developed separately from the PPS Replacement Project under a separate Pacific Gas & Electric Purchase Order (PO), budget, and staff. PG&E will provide the MWS, NetOptics Network Port Aggregator Tap, network switches, and media converters prior to Pre-FAT to test the complete interface between the NetOptics Network Port Aggregator Tap, MWS and the V I0 Tricon.The Nuclear Delivery (ND) group will coordinate with Pacific Gas & Electric for system staging prior to turn over to Nuclear IV&V.The Nuclear IV&V group will confirm proper operation of network communications system interfaces before beginning testing addressed in this VTP. To ensure protection against unintended operation of connected equipment and operator errors, Nuclear IV&V will verify that there is no inbound communication path from Port I to either Port A or B of the NetOptics Network Port Aggregator Tap.Nuclear IV&V will also verify correct two-way communication between the VIO Tricon and the MWS via Ports A and B of the port aggregator.

For these efforts, Nuclear IV&V will include the NetOptics Network Port Aggregator Tap and MWS interface testing as part of Nuclear IV&V test scope. The NetOptics Network Aggregator Tap design specifications, network test tools, and MWS design specifications shall be generated and provided by PG&E within the required time frame for Nuclear IV&V to complete all of the Validation Test documentation.

1.4.5. System interfaces The following is a list of the PPS system interfaces: " Advanced Logic System (ALS)" Plant Process Computer (PPC)" Main Annunciator System" Main Control Panels* Hot Shutdown Panel" Solid State Protection System (SSPS)" Rod Control System" Pressurizer Pressure Control System" Pressurizer Level Control System" Auxiliary Feedwater (AFW) Control System* Reactor Vessel Level Indicating System (RVLIS)* Low Temperature Overpressure Protection System (LTOPS) in v'e. n s" Operations Management in Ve. n s*.w s.Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 14 of 42 Date: 06/07/2012

• Residual Heat Removal (RHR) Interlocks For additional detail refer to the Hardware Requirements Specification (HRS) [Ref 2.4.9]. The above list is only shown for overview understanding of the PPS system interfaces and they are not within the test scope of this project.

i nv'e. ns" i nv e. n s..,s.Operations Management Triconex Document:1 993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 15 of 42 Date: 06/07/2012

2. References 2.1. Industry Documents 2.1.1 IEEE 1012 -1998, Standard for Software Verification and Validation.

2.2. NRC Documents 2.2.1 Branch Technical Position 7-14, Guidance on Software Reviews for Digital Computer-Based Instrumentation and Control Systems, U.S. Nuclear Regulatory Commission.

2.2.2 NUREG-0800, Standard Review Plan, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition, Chapter 7 -Instrumentation and Controls, U.S. Nuclear Regulatory Commission.

2.2.3 U.S. NRC Regulatory Guide (RG) 1.168, Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.2.2.4 U.S. NRC Digital Instrumentation and Controls Interim Staff Guidance DI&C-ISG-06.

2.2.5 10CFR50, Appendix A, GDC 21 "Protection System Reliability and Testability." 2.3. Pacific Gas & Electric Documents 2.3.1 Pacific Gas & Electric Purchase Order # 3500897372.

2.3.2 Pacific Gas & Electric 08-0015-SP-001, Functional Requirements Specification.

2.3.3 Pacific Gas & Electric Process Protection System Replacement Conceptual Design Document.2.3.4 Pacific Gas & Electric Process Protection System Replacement Interface Requirements Specification.

2.3.5 10115-J-NPG, Process Protection System Controller Transfer Functions Design Input Specification.

2.4. Invensys Operations Management Documents 2.4.1 IOM-Q2, Invensys Operation Management Nuclear Quality Assurance Manual.2.4.2 NSIPM, Nuclear Systems Integration Program Manual, NTX-SER-09-21.

2.4.3 Software Configuration Management Procedure (SCMP).2.4.4 Project Procedures Manual (PPM).2.4.5 Project Management Plan (PMP), 993754-1-905.

2.4.6 Project Quality Plan (PQP), 993754-1-900.

2.4.7 Software Quality Assurance Plan (SQAP), 993754-1-801.

2.4.8 Software Verification and Validation Plan (SVVP), 993754-1-802.

2.4.9 Hardware Requirements Specification (HRS), 993754-1-807.

2.4.10 Software Requirements Specification (SRS), 993754-1-809.

2.4.11 Quality Procedure Manual (QPM).

iIn Ve. n s-ýs-i n Ve. n s* .w s*Operations Management Triconex Document:1 993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

1 Page: 16 of 42 Date: 06/07/2012

3. Definitions and Acronyms 3.1. Definitions Acceptance (Pass/Fail)

Criteria:

Decision rules used to determine whether a software or hardware passes or fails a test.Acceptance Testing: Formal testing conducted to determine whether or not a system satisfies its acceptance criteria and to enable the customer to determine whether or not to accept the system.Anomaly: A condition observed in the documentation or operation of hardware and software that deviates from expectations based on previously verified hardware/software products or reference documents.

A critical anomaly is one that must be resolved before the V&V effort proceeds to the next phase.Project Traceability Matrix: A documented matrix indicating the origin of the requirements, their implementing design output documentation and the corresponding testing requirements.

Software Validation Testing: The process of evaluating software through testing at the end of the development process to determine whether it satisfies specified requirements.

Test Plan: A document describing the scope, approach, resources, and schedule of intended testing activities.

It identifies test items, the features to be tested, the testing tasks, who will do each task, and any risks requiring contingency planning.Test Procedure:

A document specifying the sequence of actions for the execution of a test.Test Specification:

A specification that translates customer requirements and design features into test specifications and test approaches for validation by testing. It may add to or refine the test approaches described in the Validation Test Plan. (Also known as the Test Design Specification.)

Unit: An assembly of interconnected components that constitutes an identifiable device, instrument, or piece of equipment.

A unit can be disconnected, removed as a single piece, and replaced by a spare. It has definable performance characteristics that permit it to be tested as a single assembly.

Software functions that meet the requirements of this definition are also defined as a unit. By this definition, the words "unit" and "module" (hardware/software) are interchangeable.

Verification:

The process of evaluating a system or component to determine whether the products of a given development phase satisfy the conditions imposed at the start of that phase.Validation:

The process of evaluating a system or component during or at the end of the development process to determine whether it satisfies specified requirements.

i n V'e. n s. s Operations Management i n V e. n s .w s" Triconex Document:

1 993754-1-813 1 Title: DCPP PPS Validation Test Plan Revision:

1 Page: 17 of 42 Date: 06/07/2012 3.2. Acronyms AFW Auxiliary Feedwater Al Analog Inputs ALS Advanced Logic System COTS Commercial-off-the-Shelf DCPP Diablo Canyon Power Plant DRCS Document Review Comment Sheet DTTA Delta Temperature

& Average Temperature ESFAS Engineered Safety Features Actuation System FAT Factory Acceptance Test FBD Function Block Diagram FTA Field Termination Assembly HRS Hardware Requirements Specification HVT Hardware Validation Test ICN Interim Change Notice 10, I/O Input/Output IRS Interface Requirements Specification IV&V Independent Verification and Validation LTOPS Low Temperature Overpressure Protection System M&TE Measurement and Test Equipment MWS Maintenance Workstation ND Nuclear Delivery NIST National Institute of Standards and Technology NQA Nuclear Quality Assurance NRC Nuclear Regulatory Commission NSIPM Nuclear Systems Integration Program Manual OOR Out-of-Range OPDT Overpower Delta-T OPTR Overpressure Turbine Runback OTDT Overtemperature Delta-T OTTR Overtemperature Turbine Runback PE Project Engineer PG&E Pacific Gas and Electric PM Project Manager PMP Project Management Plan PO Purchase Order PPC Plant Process Computer PPM Project Procedures Manual PPS Process Protection System PQAE Project Quality Assurance Engineer PQP Project Quality Plan PTM Project Traceability Matrix QA Quality Assurance QPM Quality Procedures Manual RHR Residual Heat Removal RTS Reactor Trip System in v'e. n s" i nV e s.. s.Operations Management Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

1 Page: 18 of 42 Date: 06/07/2012 RVLIS Reactor Vessel Level Indicating System SCMP Software Configuration Management Plan SDC Software Development Checklist SDD Software Design Description S/G Steam Generator SIDR System Integration Deficiency Report SIL Software Integrity Level SQAP System Quality Assurance Plan SRS Software Requirements Specification SSPS Solid State Protect System SUT System Under Test SVT Software Verification Test SVVP Software Verification and Validation Plan TCM Triconex Communications Module TRB Test Review Board TSI 131 TriStation 1131 TSAP TriStation Application Project TTD Trip Time Delay V&V Verification and Validation VTP Validation Test Plan VTS Validation Test Specification i n V'e. n s s Operations Management in Ve. n s'. s" Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

1 Page: 19 of 42 Date: 06/07/2012

4. Test Overview The V&V approach as described in IEEE 1012-1998

[Ref 2.1.1 ] will be used for conducting project V&V activities.

These activities will be planned and scheduled per Software Verification and Validation Plan (SVVP) [Ref. 2.4.8], the project schedule, the applicable PPMs [Ref 2.4.4], and the PQP [Ref 2.4.6].The V&V effort shall be accomplished using a separate Nuclear Independent Verification

&Validation (IV&V) organization not associated with the Nuclear Delivery (ND) organization as identified in the PQP [Ref 2.4.6]. This independent V&V process is consistent with the process described in Annex C.4.1 of IEEE 1012-1998

[Ref 2.1.1].4.1. Organization 4.1.2. Staffing and Training Needs Test staff personnel are qualified as determined by the Nuclear IV&V Manager, in coordination with the Software Verification Validation Plan (SVVP) [Ref. 2.4.8], as documented in the Project training files, per PPM 9.0[Ref 2.4.4]. Test staff personnel must be current on required Project training prior to start of formal testing.Test staff shall have completed the following: " The TRICON/TriStation 1131 Comprehensive course" The TriStation 1131 Standard or Comprehensive Programming Course& Or have equivalent experience.

For additional project requirements, refer to the SVVP [Ref. 2.4.8]. The Nuclear IV&V Manager may authorize substitution of equivalent training or experience for any qualification, training, or skills requirement, where appropriate.

in Ve. n s'.4 s" Operations Management i n V e. n s .s s Triconex Document:

1993754-1-813 1 Title: DCPP PPS Validation Test Plan Revision:

I Page: 20 of 42 Date: 06/07/2012 4.2. Schedule The project schedule was developed based on the life cycle defined in the NSIPM [Ref 2.4.2] as implemented by the PPM [Ref 2.4.4]. Adhering to the procedure manuals assure the required project deliverables will satisfy PG&E technical and NRC regulatory requirements, and that the necessary supporting collateral will be generated to support the safety conclusions of both ND and Nuclear IV&V. Refer to the project schedule for the latest date and duration for completion of each task. Project related validation test tasks are as follows: wP i n V'e. n s'.w s" Operations Management i n V'e. n s'.w s" Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 21 of 42 Date: 06/07/2012 4.3. Resources ND team members report to the PM. Nuclear QA team members report to the Nuclear QA Manager. Nuclear IV&V team members report to Nuclear IV&V Manager, who provides resource management of Nuclear IV&V staff and other resources (such as materials, equipment, work space, etc., required by the Nuclear IV&V team) to ensure that adequate resources are in V e. n S s.ý4 s" in nve. n s'.w s" Operations Management Triconex Document:1 993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 22 of 42 Date: 06/07/2012 assigned to the PPS Replacement Project for proper implementation.

Refer to the PMP [Ref 2.4.5] for the details of the project organization and responsibilities assigned to each project team member and Nuclear IV&V team member.4.4. Responsibilities

1. Nuclear IV&V Manager is responsible for staffing the Nuclear IV&V group and approving All Nuclear IV&V generated documents.

2. Project Engineer is responsible for providing support to the Test Director, as needed.3. Project Quality Assurance Engineer is responsible for observing the testing activities, as directed by the applicable test procedures.

4. Nuclear IV&V Team is responsible for developing, review, and release all Nuclear IV&V generated documents and conducting tests in accordance with the system Software Verification and Validation Plan (SVVP), [Ref 2.4.8].5. Test Director is responsible for coordinating and executing all tests that are in accordance to related test procedures.

6. Test Engineer or Test Technician is responsible for hardware and software test setup, and supporting all associated tests as needed under the direction of the PE or Test Director, as appropriate.

i n Ve. n s" Operations Management i n V e. n s'.w s" Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 23 of 42 Date: 06/07/2012 4.5. Tools, Techniques, and Methodologies w

i n V'e. n s" Operations Management i n Ve. n s'. s" Triconex Document:

1993754-1-813 1 Title: DCPP PPS Validation Test Plan Revision:

I Page: 24 of 42 Date: 06/07/2012 L-1 in v'e. n s'.i s" Operations Management in Ve. n s'.w s Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 25 of 42 Date: 06/07/2012

5. Test Requirements i n V'e. n s s Operations Management i n v e. n s'.. s" Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 26 of 42 Date: 06/07/2012 5.1.1. Hardware The HRS [Ref 2.4.9] lists the V10 Tricon hardware modules that will be used in the VIO Tricon Protection Set system. These hardware modules connect the program stored in the main processor to the field I/O and communication channels.

VI 0 Tricon equipment includes: " Main Chassis, Nuclear (81 10N2).* Primary Remote Chassis (8112N)." Remote Chassis (8112)." Main Processor, Nuclear (3008N).* 120VAC/DC Power Module, Nuclear (831 0N2).* 120VAC/DC Power Module, non-Nuclear (8310)." TCM-FO Triconex Communications Module, Nuclear (4352AN)." Analog Input Modules: Differential Nuclear (3721N) and Isolated, Nuclear (3703EN)." Analog Output Modules: Nuclear (3805HN) and non-Nuclear (3805E)." Discrete Input Modules: Nuclear 24 VAC/DC (3503EN2), Nuclear 11 5VAC/DC (3501TN2), and non-Nuclear 115VAC/DC.(3501E).

• Discrete Output Modules: Nuclear 115 VAC (3601TN), Nuclear 24 VAC (3625N), and non-Nuclear Relay Output (3636T).Additional chassis and cabinet descriptions can be found in the Hardware Requirements Specification (HRS), [Ref 2.4.9].5.1.2. Software The Tricon application software (TSAP) will be developed separately for each Vi10 Tricon Protection Set. The TSAPs shall be independently verified and validated by Nuclear IV&V.Table 2. Protection Set Functions Title Description Protection Set 1. System Gathers system, chassis, slot, 1/O module diagnostic status, signal 1 Diagnostics processing and power supply alarms into variables that can be if including accessed by the other application functions and the MWS. III System IV Alarms-2. Reactor ALS scope Coolant Flow 3. Wide Range Input to Low Temperature Overpressure Protection System I Reactor (LTOPS) provides protection against over pressurization at low II Coolant plant temperature.

Temperature i n V'e. n S. S Operations Management in V'e. n s'. s" Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 27 of 42 Date: 06/07/2012 Protection Title Description Set 4. Wide Range Input to LTOPS provides protection against over pressurization at III Reactor low plant temperature.

IV Coolant Pressure Input to Residual Heat Removal (RHR) valve interlock circuit provides protection against improper operation of RHR isolation valves.5. DTTA Delta Temperature

& Average Temperature 1 Overtemperature Delta-T (OTDT) Reactor Trip provides DNB 11 protection.

The setpoint for the OTDT reactor trip and III Overtemperature Turbine Runback (OTTR)are continuously IV calculated by the PPS for each of the four reactor coolant loops.Overpower Delta-T (OPDT) Reactor Trip provides protection against excessive power (fuel rod rating protection).

The setpoint for the OPDT reactor trip and Overpower Turbine Runback (OPTR) are continuously calculated by the PPS for each of the four reactor coolant loops.6. Pressurizer Pressurizer High Water Level Reactor Trip provides backup I Level protection to the Pressurizer High Pressure Reactor Trip and II prevents the pressurizer from becoming water solid during low Ill worth and low power rod withdrawal accidents.

7. Pressurizer ALS scope.2 Pressure 8. Pressurizer Pressurizer Vapor Space Temperature Low signal provides an IV Vapor RHR valve V-8701 interlock circuit input.Temperature

9. Steam Provide safety-related outputs for post-accident monitoring (S/G I I Generator thru 4). Steamflow is an input for the pressure-compensated II Steam Flow steamflow calculation.

10. Steamline Steamline Pressure Low SI and Steamline Isolation initiate the I Break automatic starting of boron injection and decay heat removal 1I Protection systems and to provide protection against steamline break III accidents.

IV Steamline Pressure High Negative Rate Steamline Isolation provides protection in the case of a steamline break when Pressurizer Pressure is less than the P-I1 setpoint and Low Steamline Pressure SI is blocked.2 The Tricon is providing instrument power for Pressurizer Pressure.

Pressurizer Pressure is an input to DTTA for all protection sets. However, all safety functions associated with Pressurizer Pressure will be assigned to ALS.

in Ve. n s s Operations Management in Ve. n.s'.w s" Triconex Document:

993754-1-813 1 Title: DCPP PPS Validation Test Plan Revision:

I Page: 28 of 42 Date: 06/07/2012 Title Description Protection

_____Set 11. Steam Steam Generator (S/G) High-High Level Turbine Trip and Generator Feedwater Isolation (P-14, S/G High Level Permissive) provide II Narrow Range protection against S/G overfills and damage to the main III Level steamlines or main turbine. IV S/G Low-Low Level Reactor Trip and Auxiliary Feedwater (AFW) Pump Start protects the reactor from loss of heat sink in the event of loss of feedwater to one or more S/Gs or a major feedwater line rupture. The signals to actuate reactor trip and start AFW pumps are delayed through the use of a Trip Time Delay (TTD) for reactor power levels below 50% of rated thermal power. The use of the TTD allows added time for natural S/G level stabilization or operator intervention to avoid an inadvertent protection system actuation.

12. Turbine Chamber Pressure High to P-13 Interlock.

The purpose of the P-13 I Impulse permissive is to provide an input to P-7 indicative of low turbine I1 Chamber power when less than the setpoint.

The purpose of the P-7 Pressure permissive is to disable selected Reactor Trip signals while operating at low power levels.Turbine Impulse Chamber Pressure Low Interlock C-5 blocks control rod withdrawal.

The purpose of the C-5 interlock is to prevent automatic outward rod motion when power is less than the desig limit for Rod Speed and Direction.

13. Containment ALS scope Pressure 14 Online Test The VI 0 Tricon TSAP allows on-line testing of the I and Protection Set from the MWS. This is to be accomplished by 11 Calibration using safety related hardware Out-Of-Service (OOS) switch III inputs to a safety related Tricon DI. These inputs are used to IV initiate the transition of the TSAP Protection Set into its test/diagnostics functions.

15 Maintenance The Tricon TSAP provides a method for placing a PPS channel out-of-service (e.g. manual OOS switch) for the purpose of performing maintenance activities via MWS without requiring that the Protection Set be declared inoperable.

IV Ill IV EIJI in v'e. n s" Operations Management in v e.n s'.w s" Triconex HDocument:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

1 Page: 29 of 42 Date: 06/07/2012 i n V'e. n s'.w s" Operations Management i n V e.n s- s" Triconex Document:

993754-1-813 1 Title: DCPP PPS Validation Test Plan Revision:

I Page: 30 of 42 Date: 06/07/2012 i n V'e. n s'.w s" Operations Management i n V e. n s'.w s" Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 31 of 42 Date: 06/07/2012 i n V'e. n s'.4 s" Operations Management inVe.n s'.w s" Triconex Document:

993754-1-813 1 Title:j DCPP PPS Validation Test Plan Revision:

1 Page: 32 of 42 Date: 06/07/2012 i n Ve. n s'.j s" Operations Management i nVe. s'Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

1 Page: 33 of 42 Date: 06/07/2012 5.4. Approvals 5.4.1. Validation Test Plan Approvals This Validation Test Plan is required to be reviewed by the Nuclear IV&V Engineer, and approved by the Nuclear IV&V Manager.wP i n VNe.- .1 5" Operations Management i nV e. n s*.w s, Triconex Document:

1993754-1-813 1 Title: DCPP PPS Validation Test Plan Revision:

I Page: 34 of 42 Date: 06/07/2012 in v'e. n s'.y s" Operations Management in V e. n s'.w s Triconex Document:

993754-1-813 1 Title:1 DCPP PPS Validation Test Plan Revision:

I Page: 35 of 42 Date: 06/07/2012

6. Test Implementation wP i n V'e. n s" Operations Management i n V e. n s'.w s" Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 36 of 42 Date: 06/07/2012 in Ve. n s'.w s" Operations Management in v'e. n s'.w s" Triconex Document:

993754-1-813 1 Title:1 DCPP PPS Validation Test Plan Revision:

1 Page: 37 of 42 Date: 06/07/2012 EL1 in V'e. n s'.! S" Operations Management i n Ve. n s'.w s" Triconex Document:

1 993754-1-813 1 Title: DCPP PPS Validation Test Plan Revision:

I Page: 38 of 42 Date: 06/07/2012 in v'e. n s" Operations Management i n V e. ns',. s" Triconex Document:

1 993754-1-813 1 Title: DCPP PPS Validation Test Plan Revision:

I Page: 39 of 42 Date: 06/07/2012

7. Acceptance Criteria IPI in Ve. n s" Operations Management in V e. n s'-w s Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

1 Page: 40 of 42 Date: 06/07/2012 i n V'e. ns. s" Operations Management in v e. n s -. s.Triconex Document:

993754-1-813 1 Title:1 DCPP PPS Validation Test Plan Revision:

I Page: 41 of 42 Date: 06/07/2012

8. Test Implementation and Documentation These documents are quality records as defined in QPM 16.0, Quality Records [Ref 2.4.11], and shall be controlled per PPM 4.0, [Ref 2.4.4], Project Document & Data Control. The specific documents shall be developed and processed in accordance with the controlling Project Procedure.

8.1. Test Summary Reports A Test Report is required to be developed per PPM 6.0, [Ref 2.4.4], Test Control, to summarize the results of the tests performed.

The required V&V reports are as described in the SVVP. The Test Report may be referenced in the Test Phase summary report and other applicable V&V reports. The Test Report may also incorporate other reports (SIDRs) as attachments.

iIJ in i n v'e. n s'.4 s" Operations Management in Ve. n s-.w s" Triconex Document:

993754-1-813 Title: DCPP PPS Validation Test Plan Revision:

I Page: 42 of 42 Date: 06/07/2012