DCL-16-011, Pacific Gas & Electric Co. Diablo Canyon Power Plant Units 1 & 2 Functional Requirements Specification Process Protection System (PPS) Replacement Nuclear Safety-Related,08-0015-SP-001, Rev. 9
Text
Functional Requirements Specification Ic mfow W .- I I L--, Document No. 08-0015-SP-001 Revision 9 Nuclear Safety-Related NucwA~EtiERJ' Prepared for: Pacific Gas & Electric Co.Diablo Canyon Power Plant Units 1 & 2 Process Protection System (PPS) Replacement November, 2013SOLUTIONS Repoir Record QA Status: 10CFR50 21CFR820 [-, ISO 9000 [--, Other D] Total Pages: 90 Title: Functional Requirements Specification Process Protection System (PPS) Replacement Client: Pacific Gas & Electric Co. Facility:
Diablo Canyon Units 1 & 2 Revision
Description:
Revised per Revision History Sheet Computer runs are identified on a Computer File Index : Yes [] N/A []Error reports are evaluated by: NA Date: Computer use is affected by error notices. No Yes [] (if yes, attach explanation)Date V erifie,(s)
Date Robert A. itEgneer mW. Hefler, Pr~ cipal Engineer Verification:
Verification is performed in accordance with EOP 3.4 as indicated below[] Design review as documented on the following sheet or Verification Report No. 1 1-2243-VR-0 15, Rev. 0[] Alternate calculation as documented in attachment or D] Qualification testing as documented in attachment or Al Sipkovsky, Project Manager Date: Units t &2 DC6631 95-44-8 Page 2 OF 90 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9-- Page 3 of 90 REVISION HISTORY Revision Affected Reason for Revision Number Sections/Pages
______________________________
1All Initial Issue 1.3 Added/deleted acronyms 1.4 Revised Reference 1.4.1.1.10 to correct version; revised 2 References 1.4.1.2.3, 1.4.1.4.1, 1.4.1.5.8, & 1.4.3.6 to add applicability statement Deleted Reference 1.4.2.1; updated all References in Section 1.4.2.2 Added Reference 1.4.3.18 2.1 Editorial change in second paragraph 2.3 Changed "Channel Set Failure" to "PPS Failure" in Section 2.3.2.2 Section 3 Reformatted and rewritten to accommodate major update remarks.Section 4 Reformatted and rewritten to accommodate major update____________remarks.
Section 2.2.2.2 Added "associated" for clarification.
Section 2.2.3.3 Added 'associated" for clarification.
3Sections 3.1.1.1.1(c), Deleted "PPS processing instrumentation shall be located in racks 3.1.1.1.2(c), not occupied by the HSI equipment." 3.1.1.1.3(c), and 3.1.1.1.4(c)
Section 3.1.1.6.1 Corrected typo.Section 3.1.4.1 Revised EQ requirements for temperature and relative humidity.Section 3.2.1.3.2 Revised requirement by adding "for energize to trip/actuate outputs." Sections 3.2.1.3.4, Clarified requirements for Manual Trip Switches, Manual Bypass 3.2.1.3.5, 3.2.1.3.6, Switches, and Manual OOS Switches.3.2.1.3.7 Section 3.2.1.5.3 Clarified requirements for Channel in Bypass alarm.Section 3.2.1.5.4 Added "DTTA" for clarification.
_________
Section 3.2.1.8.1 Revised tolerances for RCA, RTE, and RD.a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 4 of 90 Section 3.2.1.8.2 Revised accuracy reciuirements for time base.3 (cont.)Section 3.2.1.9.1 Revised for clarification.
Section 3.2.1 .13.2 Revised for clarification.
Section 3.2.1.14.3 Revised for clarification.
Section 3.2.1.15.5 Revised for clarification.
Section 3.2.1.16.5 Revised requirement for Containment Spray to fail "AS-IS" on___________________detection of fatal diagnostic.
Section 3.2.3.7.1, Deleted associated Note; "The requirements of Section 3.2.1.3.2 3.2.3.7.2 do not apply." Sections 3.2.4.5.1, Revised Section reference.
3.2.4.5.2 Sections 3.2.4.6.1, Revised to correct Protection Set associated with interlock 3.2.4.6.2 requirement.
Section 3.2.5.4.2(d)
Revised for clarification.
Section 3.2.5.14.7 Added items gg) and hh).Section 3.2.8.4.1 Revised for clarification.
Section 3.2.8.6.1 Revised for clarification.
Section 3.2.11.14.3 Revised items b and d to show them as n'egative values.Section 3.2.13.7.2 Revised to show exemption from Section 3.2.1.3.4 requirement.
Section 3.5.2.4 Added new requirement.
Section 3.7.1 Revised for clarification.
Section 4.1.3 Revised for clarification.
Section 4.1.5 Revised to correct reference.
Section 1.4.1.1.12 Replaces Section 1.4.1.2.3 Reference.
4 Section 1.4.1.2.3 Reference replaced by Section 1.4.1.1.12 Reference.
Section 1.5 Feedflow deleted from Parameter Listing.Section 2.2.2.1 Added Section reference for clarification of requirement.
Section 3.2 Second paragraph:
changed "Rod Control" to "Rod Speed and Direction".
Section 3.2.1.8.1 Revised accuracy requirement for subsection c),2),i.Section 3.2.1.12.2 Revised input filter requirement.
Section 3.2.1.14.1 Revised wording.Section 3.2.1.16.5 Revised requirement to include PZR Pressure High (PORV).Section 3.2.2.9.3 Subsection a): Changed to reflect actual output scaling.Section 3.2.3.6 Added explanation paragraph.
a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 5 of 90 Section 3.2.5.13.1 Added Thot streamino factor calculated output Lao units.4 (cont.)Seton325.38 eiedscto itetoso "Agrtm inta fAsuac" Section 3.2.5.13.9 Revised section title to show "Algorithms" instead of "Assurance".
Section 3.2.5.14.7 Revised descriptions for tuning constants y, z, aa. bb, cc, dd, ee, ift.Section 3.2.5.15.3 Added subsection I) to include Filtered Thot streaming factors Section 3.2.9.4.1 Added subsection d) to include PPC interface.
Section 3.2.9.4.2 Added subsection d) to include PPC interface.
Section 3.2.10.4.3 Added subsection c) to include PPC interface.
Section 3.2.10.4.4 Added subsection c) to include PPC interface.
Section 3.2.11.6.1 Changed "TS" to 'TO" in subsections d, f, g, h, I so that description matches Transfer Function Specification.
Section 1.5 Parameter Table: added Loop 4 to Wide Range Pressure for Protection Set IV; deleted extra comma from Steamfiow, Steamline Pressure for Protection Sets I, II.5 Section 3.1.6:2 Corrected typo: Regulatory Guide "1.1.80" to "1.180".Section 3.2.1.5.3 Item b), 2): added "per part a)" to Section reference.
__________________
Item c), 2): clarified requirement.
Section 3.2.1.15.5 Corrected typo (extra comma).Section 3.2.4.1.2 Added WR Pressure Loop 4 to text.Section 3.2.4.6.2 Deleted '(see Section 3.2.4.6.1)".
Section 3.2.11.1.7 Deleted "PPS-RTS" from a), b), c), and d).Section 4.1.13.2 Deleted '(reactor coolant loops 3 and 4)" from text.Section 2.3.1.1 Revised to clarify "signal validation." Section 3.2.1.5.2 Added subsection f).Section 3.2.2.14.1 Changed "full flow" to "rated flow." Section 3.2.5.5 Deleted Note.Sections 3.2.5.5.1 and Changed wording to resolve discrepancy with other documents.
3.2.5.5.2 Section 3.2.5.5.3 Deleted to resolve discrepancy with other documents.
Section 3.2.5.14.7 Revised tuning constant names a) thru I) to agree with PLS;added tuning constant:
ii) SCAL FLUX CALIB.Section 3.2.9.14.1 Deleted items a) and b) -not tunincl constants.
6 { Section 3.1.1.6 Changed "shall be provided" to 'will be provided" and deleted___________
j _________________requirement 3.1.1.6.1.
a LTRarl Units 1&2 DC663195-44-8
_.DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 6 of 90 Section 3.1.7 Added new reauirement for Time Synchronization.
6 (cont.)Section 3.2.1.3.7 Revised Section reference for 00S.Section 3.2.1.5.2 Item f) revised to include COR low alarm suppression requirements.
Section 3.2.1.5.3 Items a), c) revised to separate OOS requirements from Bypass requirements.
Section 3.2.1.5.4 Deleted "DTTA" from alarm title.Section 3.2.1.5.5 Added new Section to address GOS Switch requirements.
Section 3.2.1.14.3 Revised a) and b) to provide range requirements.
Section 3.2.1.16.5 Revised requirement to provide clarification.
Section 3.2.1.16.6 Added new requirement for Energize to Trip comparators.
Sections 3.2.1.16.7 and Added new requirements to support Technical Specification 3.2.1.16.8 requirements.
Section 3.2.2.13.1 Revised Section reference to tuning constant ranges.Section 3.2.2.14.2 Added Section to identify tuning constants and range__________________requirements with specific requirements for Reactor Coolant Flow.Section 3.2.3.16 Added new requirement 3.2.3.16.2 which required numbering the________________requirement for RTD failures (3.2.3.16.1).
Section 3.2.4.16.1 Added new requirement.
Section 3.2.7.16.1 Added new requirement.
Section 3.2.8.4.1 Revised c) to reflect that the PZR High Temp Alarm output will be_________________provided from the PPS and not the P0S.Section 3.2.8.5 Added requirement 3.2.8.5.1 which also required a revision to__________________
3.2.8.5 descriptive information.
Section 3.2.8.7.1 Revised requirement to reflect that the PZR Temp High Alarm will_________________be provided from the PPS and not the PCS.Section 3.2.6.14.2 Added to provide range for PZR Temp High Alarm.Section 3.2.11.9.2.b)
Corrected typo Section 3.2.13.16.1 Added new requirement.
Section 3.2.1.15.1 Revised requirement to address test-in-trip and test-in-bypass.
7Section 3.2.1.15.8 Added new requirement.
Section 3.2.5.13.10 Revised to include capability for manual setting of streaming factors to zero._________
Section 3.2.11.15.2 Added new requirement.
8 Section 3.2.1.3.4 Revised to address manual trip switch requirements for energize a LTRafl Units 'l&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 7 of 90 to trocoorto utus+ t Sections 3.2.6.4.1 and 3.2.6.4.2 Revised to inciude ERFOS Monitoring requirement.
8 (cont.)Section 3.2.13.7.2 Deleted second paragraph.
Revision to Section 3.2.1.3.4 negates__________________the need for this paragraph.
Section 3.2.8.4.1 Deleted item "c)". Alarm function to be performed in PPS.Sections 3.2.1.5.1 thru Revised to state required output state (Deenergize or Energize to 3.2.1.5.4, 3.2.1.5.5 b), Alarm) for outputs to MAS.3.2.4.6.3, 3.2.4.6.4, 3.2.8.5.1, 3.2.10.5.1 thru 3.2.10.5.4, 3.2.11.5.1 thru 3.2.11.5.4, and 3.2.13.5.1 Sections 3.2.6.7, Deleted "(RTS and ESFAS)" from Section title for conformity with 3.2.10.7, and 3.2.13.7 rest of FRS.Section 3.2.8.7 and Deleted Section 3.2.8.7.1 and identified "None" as comparator 3.2.8.7.1 Trip and Trip Logic outputs provided by PZR Vapor Temp.Comparators are only specified for alarming (Section 3.2.8.5.1) and RHR interlock (Section 3.2.8.6.1).
Sections 3.2.10.7.9 thru Deleted these Sections.
Comparators for these alarm functions 3.2.10.7.12 are specified in Section 3.2.10.5.Section 1.4.1.5.3 Deleted Reference to RG 1.75.See Reason for Revision The following requirement sections were added: 9 1.3.1 3.2.1.8.1 a)2)3.2.3.14.2 3.2.6.14.2 3.2.10.4.1 e), f), g)3.2.10.4.4 d), e)3.2.12.14.3 4.1.17 3.2.1.5.4 d)1.3.2 3.2.1.3.7 b)3.2.4.14.4 3.2.7.14.6 c), d)3.2.10.4.2 d), e), f)3.2.10.14.4 e), f)3.2.13.14.3 3.2.11.15.3 3.2.9.5.3 2.3.1.2.3 3.2.2.14.2 3.2.5.14.7 ij)3.2.9.14.
g), h)3.2.10.4.3 d), e)3.2.11.14.3 f), g)4.1.16 1.4.1.5.11 a LTRar% Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 8 of 90 See Reason for Revision The following requirement sections were deleted: 9 (cont.)3.1.7 3.2.1.15.8 3.2.3.16.2 3.2.7. 16. 1 3.2.10.16.2 3.2.1.3.5 c)3.2.1.16.1 3.2.4.16.1 3.2.8. 14.2 3.2.13. 16.1 3.2.1.12.1 3.2.1.16.2 3.2.5.14.11 3.2.10.16.1 3.2.13.5.1 See Reason for Revision The following sections were edited for clarification of requirements:
2.3.1.2 2.3.2.2 3.1.1.3 3.2.1.3.2 3.2.1.8 3.2.1.11.1 3.2.1. 14 3.2.1.15.1 3.2.1. 16.5 3.2.1. 16.8 3.2.2. 14.1 3.2.4.6.3 3.2.4.16 3.2.5.9.1 a), b)3.2.5.13.10 3.2.5.15.3 3.2.7.4.2 b), d)3.2.7.14.6 3.2.8.14.3 3.2.9.14.1 c)3.2.10. 14 3.2.11. 14 3.2.11.14.3 c), d)3.2.12.16.2 3.2.13.14 3.3.2 2.3.1.2.1 2.5 3.1.1.9 3.2.1.3.5 3.2.1.8.1 b) 3)3.2.1.11.2 3.2.1.14.2 3.2.1.16.3 3.2.1.16.6 3.2.2.9.3 3.2.3.9.1 3.2.4.6.4 3.2.5.1.5 c)3.2.5.9.1 d), e)3.2.5.14 3.2.6. 14 3.2.7.14 3.2.8.9.1 a)3.2.9.14 3.2.10.4.3 c)3.2.10.14.4 3.2.11.14.3 3.2.11.14.3 e)3.2.12.14 3.2.13.15 4.1.1 2.3.1.2.2 2.7 3.1.1.10 3.2.1.3.6 3.2.1.11 3.2.1.13.2 3.2.1.15 3.2.1. 16.4 3.2.1. 16.7 3.2.2. 14 3.2.3. 14 3.2.4.14 3.2.5.1.6 f 3.2.5.9.3 a), b), e)3.2.5. 14.7 3.2.7.4.1 b), e).3.2.7.14.5 3.2.8.14 3.2.9.14.1 3.2.10.4.4 c)3.2.10.16 3.2.11.14.3 a), b)3.2.11.15.2 3.2.12.15 3.2.13.16 4.1.2 a LTRaI1 Units 1&2 DC663195-44-8 DCPP Units I & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 9 of 90 4.1.2.1 4.1.3 4.1.4 4.1.5 4.1.6 4.1.7 4.1.8 4.1.9 4.1.10 4.1.11 4.1.12 4.1.12.1 4.1.12.2 4.1.13 4.1.13.1 4.1.13.2 4.1.14 4.1.15 3.2.1.3.7 a) 3.2.5.13.11 3.2.1.8.1 a) 1)See Reason for Revision The following sections were edited for clarification of PPS alarm philosophy:
9 (cont.)3.2.1.5.1 3.2.1.5.5 3.2.2.5.2 3.2.3.5.2 3.2.5.5 3.2.5.5.4 3.2.6.5.1 3.2.7.5.1 3.2.8.5.1 3.2.9.5 3.2.10.5.1 3.2.10.5.4 3.2.11.5.1 3.2.11.5.4 3.2.12.5 3.2.13.5 3.2.1.5.4 3.2.1.5.2 3.2.2.5 3.2.3.5 3.2.4.5.3 3.2.5.5.1 3.2.5.5.5 3.2.6.5.2 3.2.7.5.2 3.2.8.5.2 3.2.9.5.1 3.2.10.5.2 3.2.10.5.5 3.2.11.5.2 3.2.11.5.5 3.2.12.5.1 3.2.13.5.2 3.2.1.5.3 a)3.2.2.5.1 3.2.3.5.1 3.2.4.5.4 3.2.5.5.2 3.2.6.5 3.2.7.5 3.2.8.5 3.2.8.5.3 3.2.9.5.2 3.2.10.5.3 3.2.10.5.6 3.2.11.5.3 3.2.11.5.6 3.2.12.5.2 3.2.13.5.3 See The following requirement sections were edited to correct Reason for Revision typos:__________1.4.1.3 3.2.1.12.2 Sections 3.2.2.14 thru 3.2.13. 14 Revised to provide resolution of range settings.aLT aM Units 1 &2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 10 of 9O CONTENTS INTRODUCTION
.............................................................................................
13 1.1 SYSTEM PURPOSE...........................................................................................
13 1.2 SYSTEM SCOPE..............................................................................................
13 1.3 DEFINITIONS, ABBREVIATIONS AND ACRONYMS............................................................
14 1.3.1 Definitions..................................................................................................
14 1.3.2 Acronyms..................................................................................................1]7 1.3.3 Abbreviations
.............................................................................................
18
1.4 REFERENCES
...................................................................
'..............................
18 1.4.1 General References and Standards...................................................................
18 1.4.2 Documents Provided by Others........................................................................
20 1.4.3 Implementing Documents (Use Latest Revision)....................................................
23 1.5 SYSTEM OVERVIEW ..........................................................................................
24 2 GENERAL SYSTEM DESCRIPTION.......................................................................
26 2.1 SYSTEM CONTEXT...........................................................................................
26 2. 1.1 .Reactor Coolant Flow Channels.......................................................................
26 2. 1.2 Wide Range Reactor Coolant Temperature Channels .............................................
26 2. 1.3 Wide Range Reactor Coolant Pressure Channels..................................................
26 2.1.4 Delta-T/Tavg (DTTA) Channels ......................................................................
26 2.1.5 Pressurizer Level Channels ............................................................................
26 2. 1.6 Pressurizer Pressure Channels........................................................................
27 2. 1.7 Pressurizer Vapor Temperature Channel ............................................................
27 2. 1.8 Steamline Break Protection Channels ................................................................
27 2. 1.9 Steam Generator Narrow Range Level Channels...................................................
27 2. 1.10 Turbine Impulse Chamber Pressure Channels......................................................
28 2. 1. 11 Containment Pressure Channels ......................................................................
28 2.2 SYSTEM MODES AND STATES ...............................................................................
28 2. 2.1 Operating Modes .........................................................................................
28 2.2.2 Manual Trip Switches....................................................................................
28 2.2.3 Manual Bypass Switches ...............................................................................
29 2.3 MAJOR SYSTEM CAPABILITIES
..............................................................................
29 2.3.1 Signal Validation..........................................................................................
29 2.3.2 System Level Diagnostics...............................................................................
29 a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 11 of 90 2.3.3 Tlestability at Power. .....................................................................................
29 2.4 MAJOR SYSTEM CONDITIONS
..................................................................................
30 2.5 MAJOR SYSTEM CONSTRAINTS
................................................................................
30 2.6 USER CHARACTERISTICS........................................................................................30
- 2. 6.1 Operations.................................................................................................
30 2. 6.2 l&C Maintenance
.........................................................................................
30 2.6.3 Engineering................................................................................................
30 2.7 ASSUMPTIONS ANID DEPENDENCIES
...........................................................................
30 2.8 OPERATIONAL SCENARIOS
.....................................................................................
30 3 SYSTEM CAPABILITIES, CONDITIONS, CONSTRAINTS..............................................
31 3.1 PHYSICAL..................................................................................................
31 3. 1.1 Construction...............................................................................................
31 3.1.2 Durability...................................................................................................
32 3.1.3 Adaptability
................................................................................................
32 3.1.4 Environmental Conditions...............................................................................
32 3.1.5 Seismic Requirements
..................................................................................
32 3.1.6 Electromagnetic Compatibility..........................................................................
33 3.1.7 Deleted .....................................................................................................
33 3.2 SYSTEM PERFORMANCE CHARACTERISTICS..................................................................
33 3.2.1 Requirements Applicable to All PPS Channels ....................
.................................
34 3.2.2 Specific Requirements for Reactor Coolant Flow...................................................
40 3.2.3 Specific Requirements for Wide Range Reactor Coolant Temperature.........................
43 3.2.4 Specific Requirements for Wide Range Reactor Coolant Pressure..............................
46 3.2.5 Specific Requirements for DTTA ......................................................................
49 3.2. 6 Specific Requirements for Pressurizer Level ........................................................
58 3.2. 7 Specific Requirements for Pressurizer Pressure ....................................................
61 3.2.8 Specific Requirements for Pressurizer Vapor Temperature
...................................
64...d 3.2.9 Specific Requirements for Steam flow.................................................................
66 3.2.10 Specific Requirements for Steamline Break Protection............................................6d9
- 3. 2.11 Specific Requirements for Steam Generator Narrow Range Level ..............................
73 3. 2.12 Specific Requirements for Turbine Impulse Chamber Pressure..................................
79 3.2.13 Specific Requirements for Containment Pressure ..................................................
82 3.3 SYSTEM SECURITY ..............................................................................................
84 3.3. 1 Physical Security .........................................................................................
84 3.3.2 System Logon Protection
...............................................................................
84 a LTRafl Units 1&2 DC663195-.44-8 DCPP Units I & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 12 of 90 3.3.3 Communications With External (Non-PPS)
Systems...............................................
85 3.4 INFORMATION MANAGEMENT...................................................................................
85 3.5 SYSTEM OPERATIONS
..........................................................................................
85 3.5.1 System Human Factors .................................................................................
85 3.5.2 System Main tainability...................................................................................
85 3.5. 3 System Reliability
........._...............................................................................
85 3.6 POLICY AND REGULATION
......................................................................................
85 3.7 SYSTEM LIFE CYCLE SUSTAINMENT...........................................................................
85 3. 7. 1 PPS Software.............................................................................................
85 4 SYSTEM INTERFACES
.....................................................................................
87 4.1 EXTERNAL INTERFACES
.........................................................................................
87 4. 1.1 Plant Process Computer (PPC) ......................................................................
.. 87 4.1.2 Main Annunciator System (MA S) ......................................................................
87 4. 1.3 Main Control Panels .....................................................................................
87 4. 1.4 Hot Shutdown Panel.....................................................................................
87 4.1.5 Solid State Protection System (SSPS) ...............................................................
87 4. 1.6 AMSAC....................................................................................................
87 4. 1.7 Digital Feedwater Control System (DFWCS) ........................................................
88 4.1.8 Rod Speed and Direction
...............................................................................
88 4.1.9 Pressurizer Pressure Control ..........................................................................
88 4. 1.10 Pressurizer Level Control...............................................................................
88 4. 1.11 Auxiliary Feedwater (AFW) Control ...................................................................
88 4. 1.12 Reactor Vessel Level Indicating System (RVLIS)...................................................
89 4. 1.13 Low Temperature Overpressure Protection System (L TOPS)....................................
89 4. 1.14 Pressurizer Power Operated Relief Valve (PORV) Control System..............................
89 4. 1.15 Residual Heat Removal (RHR) Interlocks............................................................
89 4. 1.16 Pressurizer Level Control...............................................................................
89 4. 1.17 Steam Dump Control ....................................................................................
90 4.2 HUMAN SYSTEM INTERFACE
........ ...........................................................................
90 a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 13 of 90 1 Introduction 1.1 System Purpose The Process Protection System PPS is comprised of four separate protection sets which provide trip and actuation signals to the Solid State Protection System (SSPS) for use by the Reactor Trip System (RTS), and Engineered Safety Features Actuation System (ESFAS). Output signals of PPS parameters are provided to the Main Control Room (MCR) for indication and recording, to the Plant Process Computer (PPC) for monitoring, and to the Main Annunciator System (MAS) for alarming.The PPS also provides input sensor signals for use by various plant control systems. These signals are isolated from the PPS and are not processed by the PPS instrumentation (with the exception of Delta-T and Tavg (DTTA) channels).
1.2 System Scope The PPS processes physical plant parameters such as temperature, pressure, level, and flow into electrical signals for use by plant control and protection systems.The PPS consists of sixteen (16) racks (per DCPP Unit) of instrumentation located in the Cable Spreading Rooms (Auxiliary Building, elevation 128). The sixteen racks are divided into four Protection Sets; five racks each for Protection Sets I and II, three racks each for Protection Sets III and IV. Each Protection Set must be physically separated and electrically isolated from the other sets.Protection Set I is comprised of Racks I thru 5 (RNPIA, RNP1B, RNP1C, RNP1D, and RNPIE).Protection Set II is comprised of Racks 6 thru 10 (RNP2A, RNP2B, RNP2C, RNP2D, and RNP2E).'Protection Set Ill is comprised of Racks 11 thru 13 (RNP3A, RNP3B, and RNP3C). Protection Set IV is comprised of Racks 14 thru 16 (RNP4A, RNP4B, and RNP4C).PPS outputs provide ON/OFF (partial trip) signals to the two trains of the SSPS whenever measured parameters indicate that safety limits are being approached (a pre-established setpoint is exceeded).
The SSPS will initiate a reactor trip or actuate engineered safety features systems when the requisite number of PPS channels have tripped (designed coincidence logic is satisfied).
The various reactor trips and ESFAS actuations are shown on the DCPP Functional Logic Diagrams (FLDs)[Reference 1.4.3.5] included in the DCPP Final Safety Analysis Report Update (FSARU) document[Reference 1.4.3.2].PPS output signals (isolated as required) are provided to the MCR, PPC, and the MAS for indication, recording, monitoring, and alarming purposes.PPS input signals are isolated and provided for use by various plant control systems and the Anticipated Transient Without Scram (ATWS) Mitigation System Actuation Circuitry (AMSAC) where required.
With the exception of Delta-T and Tavg from the DTTA channels, these are raw signals that are not processed by the PPS to prevent interaction between control and systems as required by IEEE 279-1971[Reference 1.4.1.1.2].
Inputs to the PPS consist of signals from the following sensor types: o 4-20 mA pressure transmitters o 4-20 mA differential pressure transmitters o 200 ohm platinum 3-wire Resistance Temperature Detectors o 200 ohm platinum 4-wire Resistance Termperature Detectors o 0-10 VDC signals from the (power range)Nuclear Instrument System (NIS)With the exception of the NIS inputs, all sensors are powered from the PPS.a l Unit Page D613 OF490 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 14 of 90 Outputs from the PPS for indication, recording, or external system monitoring are 4-20 mA.The PPS Functional Block Diagrams [Reference 1.4.2.2] provide-a graphical depiction of all PPS channels showing inputs, outputs, external interfaces, instrumentation class, isolation requirements, and a simplified diagram of the processing logic requirements.
1.3 Definitions, Abbreviations and Acronyms 1.3.1 Definitions The following definitions apply for this document: Channel An arrangement of components, modules, and software as required to generate a single protective action signal when required by a generating station condition.
A channel loses its identity where single action signals are combined.Module Any assembly of interconnected components that constitutes an identifiable device, instrument, or piece of equipment.
A module can be disconnected, removed as a unit, and replaced with a spare. It has definable performance characteristics that permit it to be tested as a unit. A module can be a card or other subassembly of a larger device, provided it meets the requirements of this definition.
Components Items from which the system is assembled (such as resistors, capacitors, wires, connectors, transistors, tubes, switches, and springs).Fatal Diagnostic A detected inability of a protection set to perform its intended safety function.Single Failure .Any single event that results in a loss of function of a component or components of a system. Multiple failures resulting from a single event shall be treated as a single failure.Protective Action A protective action can be at the channel or the system level. A protective action at the channel level, is-' the i'nitiation of a signal by a single channel when the variable sensed exceeds a limit. A protective action at the system level is the initiation of the operation of a sufficient numberof actuators to effect a protective function.Protection Set A protection set, is a physical grouping of process channels with the same Class-ilE electrical channel designation (I, II, Ill, or IV). Each of the four redundant protection sets is provided with separate and independent power feeds and process instrumentation transmitters.
Thus, each of the four redundant protection sets is physically and electrically independent of the other sets.Protective Function A protective function is the sensing of one or more variables associated with a particular generating station condition, signal processing, and the initiation and_________________________completion of the protective action at values established inUnits I1&2 DC6631 95-44-8il l 9P ag e 14 O F 90 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 15 of 90 TERM '" " " DEFINITION'
...the design bases.Type Tests Tests made on one or more units to verify adequacy of.design of that type of unit.Degree of Redundancy The difference between the number of channels monitoring a variable and the number of channels that, when tripped, will cause an automatic system trip.Minimum Degree of Redundancy The degree of redundancy below which operation is prohibited or otherwise restricted by the Technical Specifications
[Reference 1.4.3.1].Diversity and Defense-In-Depth Requirement imposed on the Protection System design to (D&D-in-D or D3) ensure that required protective actions will occur to protect against Anticipated Operational Occurrences and Design Basis Accidents (as described in the FSARU) concurrent with a common cause failure (usually assumed to be_______________________software) that disables one or more echelons of defense.Phase A Containment Isolation Closure of all nonessential process lines that penetrate containment.
Initiated by high containment pressure, pressurizer low pressure, low steamline pressure, or manual actuation.
Phase B Containment Isolation Closure of remaining process lines. Initiated by containment high-high pressure signal (process lines do not include engineered safety features lines) or manual actuation.
Trip Accuracy The tolerance band containing the highest expected value of the difference between (a) the desired trip point value of a process variable, and (b) the actual value at which a comparator trips (and thus actuates some desired result).This is the tolerance band within which a comparator must trip. It includes comparator accuracy, channel accuracy for each input, and environmental effects on the rack-mounted electronics.
It comprises all instrumentation errors; however, it does not include any process effects such as fluid stratification.
Channel Accuracy (An element of trip accuracy).
Includes accuracy of the primary element, transmitter, and rack-mounted electronics, but does not include indication accuracy.Actuation Accuracy Synonymous with trip accuracy, but used where the word"trip" may cause ambiguity.
Indication Accuracy The tolerance band containing the highest expected value of the difference between: (a) the value of a process variable read on an indicator or recorder, and (b) the actual value of that process variable.
An indication must fall within this tolerance band. It includes channel accuracy, accuracy of readout devices, and rack environmental effects but not process effects such as fluid stratification.
Reproducibility This term may be substituted for "accuracy" in the above definitions for those cases where a trip value or indicated value need not be referenced to an actual process aLTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 16 of 90 TERM " .DEFINITION
..variable value, but rather to a previously established triP or indication value; this value is determined by test.Instrument Class IA Class IA instruments and controls are those that initiate and maintain safe shutdown of the reactor, mitigate the consequences of an accident, or prevent exceeding 10 CFR 100 [Reference 1.4.1.3.4]
off-site dose limits.Instrument Class lB Class lB instruments and controls are those that are required for post-accident monitoring of Category I and 2 variables in accordance with Regulatory Guide 1.97, Revision 3 [Reference 1.4.1.5.5].
Instrument Class II Class II instruments and controls have nonsafety-related functions.
However, certain Class II components are subjected to some graded quality assurance__________________________requirements.
Partial Trip A condition where the SSPS input relay is in the tripped/actuated state.* For a Deenergize to Trip protective function, the input relay state is False (0).* For an Energize to Trip protective function, the input relay state is True (1).Test in Trip A maintenance condition in which the system output is maintained in the actuated condition.
- For a Deenergize to Trip PPS output, the condition maintains the comparator output in a False (0) state (SSPS input relay deenergized).
- For an Energize to Trip PPS output, the condition maintains the comparator output in a True (1)state (SSPS input relay energized).
Test in Bypass A maintenance condition in which a system output is maintained in the non-actuated condition.
- For a Deenergize to Trip system output, the' Bypass condition maintains the output in a True (1) state.* For an Energize to Trip system output, the Bypass condition maintains the output in a False (0) state.The Bypass condition is maintained until removed by maintenance personnel.
Bypass duration limitations are administratively controlled by the Owner in accordance with Technical Specifications.
Out of Service (OOS) An intentional inoperable condition established for a protection system channel that prevents an unexpected interaction with other plant systems during maintenance activities.
For protection system channels that include comparator outputs, the OOS condition is established when a comparator OL~tput from the PPS instrumentation is forced to a fixed state by plant personnel via the HSI.For the purpose of this definition, manual trip and manual bypass switches are external components and are not considered part of the PPS instrumentation.
a LTRafl units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Sp3ecification 08-0015-SP-001, Revision:
9 Page 17 of 90 1.3.2 TERM DEFINITION May term used to denote permission to perform activities and is neither a requirement nor a recommendation.
Should A term used to denote recommendations that are desirable but not contractual requirements.
Shall A term used to denote a legally binding (i.e., contractual) requirement.
Will A term used to denote intention or certainty; not a legally binding (i.e., not contractual) requirement.
.A/D Analog to Digital AFW Auxiliary Feedwater (Control System)AMSAC ATWS Mitigation System Actuation Circuitry ANS American Nuclear Society ANSI American National Standards Institute ATWS Anticipated Transient Without Scram CFR Code of Federal Regulations D/ADiiatoAag DCM Design Criteria Memorandum DCPP Diablo Canyon Power Plant DFWCS Digital Feedwater Control System DNB Departure from Nucleate Boiling DTTA Delta-T / Tavg ERFDS Emergency Response Facility Data System ESFAS Engineered Safety Features Actuation System FLD Functional Logic Diagram FRS Functional Requirements Specification FSARU Final Safety Analysis Report Update GDC General Design Criteria HSI Human System Interface I&C Instrumentation and Controls IEC International Electro-Technical Commission IEEE Institute of Electrical and Electronic Engineers LCO Limiting Condition for Operation LTOPS Low Temperature Overpressure Protection System MAS Main Annunciator System MCR Main Control Room NIS Nuclear Instrument System NRC (USNRC) (United States) Nuclear Regulatory Commission OOS Out-of-Service OPDT Overpower Delta-T OPTR Overpower Turbine Runback OTDT Overtemperature Delta-T aLTRaf nts 1&2 DC663195-44-8 Pae17 OF 90 DCPP Units I & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 18 of 90 ACRONYM DEFINITION OTTR Overtemperature Turbine Runback PG&E (PGE) Pacific Gas & Electric Company PORV Power Operated Relief Valve P LS Precautions, Limitations, and Setpoints (document)
PPC Plant Process Computer PPS Process Protection System PZR Pressurizer RCS Reactor Coolant System RHR Residual Heat Removal RNARA Rack Nuclear Auxiliary Relay A RNASA Rack Nuclear Auxiliary Safeguards A RNASB Rack Nuclear Auxiliary Safeguards B RNP Rack Nuclear Protection (PPS Racks)RTD Resistance Temperature Detector RTS Reactor Trip System RVLIS Reactor Vessel Level Indication System RX Reactor S/G Steam Generator SI Safety injection SQA2 Sensor Quality Algorithm 2-Input SQA3 Sensor Quality Algorithm 3-Input SSPS Solid State Protection System STP Surveillance Test Procedure TTD Trip Time Delay Abbreviations ABBREVIATION DEFINITiON.
...Delta-T or AT Differential (Reactor)
Coolant Temperature Reg Guide (RG) Regulatory Guide Tavg Average (Reactor)
Coolant Temperature 1.3.3 1.4 References 1.4.1 General References and Standards The following codes, standards, and regulations referenced in this Section are totally or partially applicable to the activities covered by this Specification:
1.4.1.1 Institute of Electrical and Electronics Engineers (IEEE): 1.4.1.1.1 IEEE Standard 1233-1 998, "Developing System Requirements Specifications" 1.4.1.1.2 IEEE Standard 279-1971, "Criteria for Protection Systems for Nuclear Power Generating Stations" a LTRafl Units 1&2 0C663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 19 of 90 1.4.1.1.3 IEEE Standard 308-1971, "Criteria for Class lE Electric Systems for Nuclear Power Generating Stations" 1.4.1.1.4 IEEE Standard 323-1974, "IEEE Standard for Qualifying Class-1 E Equipment for Nuclear Power Generating Stations" 1.4.1.1.5 IEEE Standard 338-1977, "IEEE Standard Criteria for the Periodic Testing of Nuclear Power Generating Station Protection Systems" 1.4.1.1.6 IEEE Standard 344-1987, "Recommended Practices for Seismic Qualification of Class 1 E Equipment for Nuclear Power Generating Stations" 1.4.1.1.7 IEEE Standard 379-1977, "IEEE Application of Single Failure Criterion to Nuclear Power Generating Station Class IE Systems" 1.4.1.1.8 IEEE Standard 384-1981, "IEEE Trial-Use Standard Criteria for Separation of Class 1 E Equipment and Circuits" 1.4.1.1.9 IEEE Standard 472-1974, 'IEEE Guide for Surge Withstand Capability Tests" 1.4.1.1.10 IEEE Standard 603-1991, "IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations" 1.4.1.1.11 IEEE Standard 1050-1996, "Guide for Instrumentation and Control Equipment Grounding in Generating Stations" 1.4.1.1.12 IEEE Standard 7-4.3.2 -2003, 'Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations" 1.4.1.2 American National Standards Institute (ANSI)1.4.1.2.1 ANSI Standard N18.2-1973 and N18.2a-1975, "Nuclear Safety Criteria for the Design of Pressurized Water Reactors" 1.4.1.2.2 ANSI Standard N18.8-1973, "Criteria for Preparation of Design Bases for Systems that Perform Protective Functions in Nuclear Power Generating Stations" 1.4.1.3 1.4.1.3.1 Code of Federal Regulations (CFR)Code of Federal Regulations (CFR), 1 0CFR50, Appendix A, General Design Criteria (GDC)1.4.1.3.1.1 1.4.1.3.1.2 1.4.1.3.1.3 1.4.1.3.1.4 1.4.1.3.1.5 1.4.1.3.1.6 1.4.1.3.1.7 1.4.1.3.1.8 1.4.1.3.1.9 1.4.1.3.1.10 1.4.1.3.1.11 1.4.1.3.1.
12 1.4.1.3.1.13 GDC 1, "QualityStandards and Records" GDC 2, "Design Bases for Protection Against Natural Phenomena" GDC 3, "Fire Protection" GDC 4, "Environmental and Missile Design Bases" GDC 10, "Reactor Design" GDC 12, "Suppression of Reactor Power Oscillations" GDC 13, "Instrumentation and Control" GDC 15, "Reactor Coolant System Design" GDC 17, "Electric Power Systems" GDC 18, "Inspection and Testing of Electric Power Systems" GDC 19, "Control Room" GDC 20, "Protection System Functions" GDC 21, "Protection System Reliability and Testability" a LTRefl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 20 of 90 1.4.1.3.1.14 GDC 22, "Protection System Independence"/1.4.1.3.1.15 GDC 23, "Protection System Failure Modes" 1.4.1.3.1.16 GDC 24, 'Separation of Protection and Control Systems" 1.4.1.3.1.17 GDC 25, "Protection System Requirements for Reactivity Control Malfunctions" 1.4.1.3.1.18 GDC 27, "Combined Reactivity Control Systems Capability" 1.4.1.3.1.19 GDC 28, "Reactivity Limits" 1.4.1.3.1.20 GDC 29, 'Protection Against Anticipated Operational Occurrences" 1.4.1.3.2 I0CFR50, Appendix B, Quality Assurance Criteria for Nuclear Power Plants 1.4.1.3.3 10CFR50, Appendix R, Fire Protection Program for Nuclear Power Plants 1.4.1.3.4 10CFR100, Reactor Site Criteria 1.4.1.4 International Electro-Technical Commission (IEC): 1.4.1.4.1 61131-3, Programmable Controllers
-Part 3: Programming Languages, Ed. 2.0, 21 Jan 2003 (as applicable) 1.4.1.5 United States Nuclear Regulatory Commission (USNRC) Regulatory Guides 1.4.1.5.1 Regulatory Guide 1.22 (Safety Guide 22), "Periodic Testing of Protection System Actuation Functions" 1.4.1.5.2 Regulatory Guide 1.47, "Bypassed and Inoperable Status Indication for Nuclear Power Plant Safety Systems" 1.4.1.5.3 Deleted 1.4.1.5.4 Regulatory Guide 1.89, "Qualification of Class 1 E equipment for Nuclear Power Plants" 1.4.1.5.5 Regulatory Guide 1.97, Rev. 3, "Instrumentation for Light-Water-Cooled Nuclear Power Plants to Assess Plant and Environs Conditions During and Following an Accident" 1.4.1.5.6 Regulatory Guide 1.100, Rev. 2 "Seismic Qualification of Electrical Equipment for Nuclear Power Plants" 1.4.1.5.7 Regulatory Guide 1.118, Rev. 2, "Periodic Testing of Electric Power and Protection Systems" 1.4.1.5.8 Regulatory Guide I1.152, "Criteria for Programmable Digital Computer System Software in Safety Related Systems in Nuclear Power Plants" (as applicable) 1.4.1.5.9 Regulatory Guide 1.1 53, "Criteria for Power, Instrumentation and Control Portions of Safety Systems" 1.4.1.5.10 Regulatory Guide 1.180, Rev. 1, "Guidelines for Evaluating Electromagnetic and Radio-Frequency Interference in Safety Related Instrumentation and Control Systems" 1.4.1.5.11 Regulatory Guide 1.75, Rev. 2, "Physical Independence of Electric Systems" 1.4.2 Documents Provided by Others 1.4.2.1 Deleted 1.4.2.2 1.4.2.2.1 PPS Functional Block Diagrams (Altran Solutions Documents) 08-0015-D-I-1, Protection Set I, Reactor Coolant Flow a LTRaf Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 21 of 90 1.4.2.2.2 08-0015-0-I-1A, Protection Set!I, Reactor Coolant Flow 1.4.2.2.3 08-0015-D-1-2, Protection Set I, Wide Range Temperature 1.4.2.2.4 08-0015-D-I-3, Protection Set I, Delta-TITavg 1.4.2.2.5 08-0015-D-I-3A, Protection Set!I, Delta-TITavg 1.4.2.2.6 08-0015-D-I-4, Protection Set!I, Pressurizer Level 1.4.2.2.7 08-0015-0-I-5, Protection Set I, Pressurizer Pressure 1.4.2.2.8 08-0015-D-I-5A, Protection Set!I, Pressurizer Pressure 1.4.2.2.9 08-001 5-D-I-6, Protection Set!I, Steamflow (S/G 1)1.4.2.2.10 08-0015-D-I-7, Protection Set!I, Steamfiow (SIG 2)1.4.Z.2.1 1 08-0015-D-I-8, Protection Set!I, Steamflow (SIG 3)1.4.2.2.12 08-0015-0-1-9, Protection Set!I, Steamflow (S/G 4)1.4.2.2.13 08-001 5-D-I-10, Protection Set!I, Steamline Break Protection (S/G 1)1.4.2.2.14 08-0015-D-I-11, Protection Set!I, Steamline Break Protection (S/G 2)1.4.2.2.15 08-0015-D-1-12, Protection Set!I, Steamline Break Protection (S/G 3)1.4.2.2.16 08-001 5-D-1-13, Protection Set!I, Steamline Break Protection (S/G 4)1.4.2.2.17 08-0015-D-!-14, Protection Set!I, Steam Generator Level (S/Gs 2 & 3)1.4.2.2.18 08-001 5-D-!-15, Protection Set!I, Turbine Impulse Chamber Pressure 1.4.2.2.19 08-001 5-D-!-16, Protection Set!I, Containment Pressure 1.4.2.2.20 08-0015-D-!-16A, Protection Set!I, Containment Pressure 1.4.2.2.21 08-001 5-D-1-1 7, Protection Set!I, System Alarms 1.4.2.2.22 08-0015-D-1-17A, Protection Set!I, System Alarms 1.4.2.2.23 08-0015-D-lI1-, Protection Set II, Reactor Coolant Flow 1.4.2.2.24 08-0015-D-Il-lA, Protection Set II, Reactor Coolant Flow 1.4.2.2.25 08-0015-D-II-2, Protection Set II, Wide Range Temperature 1.4.2.2.26 08-0015-0-II-3, Protection Set II, Delta-T/Tavg 1.4.2.2.27 08-0015-D-II-3A, Protection Set II, Delta-TFI-avg 1.4.2.2.28 08-0015-03-11-4, Protection Set II, Pressurizer Level 1.4.2.2.29 08-0015-D-II-5, Protection Set II, Pressurizer Pressure 1.4.2.2.30 08-0015-D-II-5A, Protection Set II, Pressurizer Pressure 1.4.2.2.31 08-0015-D-II-6, Protection Set II, Steamflow (S/G 1)1.4.2.2.32 08-0015-D-II-7, Protection Set II, Steamflow (S/G 2)1.4.2.2.33 08-0015-0-II-8, Protection Set II, Steamflow (S/G 3)1.4.2.2.34 08-0015-D-II-9, Protection Set II, Steamflow (S/G 4)1.4.2.2.35 08-001 5-0-lI1-10, Protection Set II, Steamline Break Protection (S/G 1)1.4.2.2.36 08-0015-D-!1-11, Protection Set II, Steamline Break Protection (S/G 2)1.4.2.2.37 08-001 5-D-I1-1 2, Protection Set II, Steamline Break Protection (S/G 3)a LTRSfl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 22 of 90 1.4.2.2.38 08-0015-D-Il-1 3, Protection Set II, Steamline Break Protection (SIG 4)1.4.2.2.39 08-0015-D-I1-14, Protection Set il, Steam Generator Level (S/Gs 1 & 4)1.4.2.2.40 08-0015-D-ll-15, Protection Set II, Turbine Impulse Chamber Pressure 1.4.2.2.41-08-001 5-D-11-16, Protection Set II, Containment Pressure 1.4.2.2.42 08-001 5-D-IlI-16A, Protection Set II, Containment Pressure 1.4.2.2.43 08-0015-D-11-17, Protection Set II, System Alarms 1.4.2.2.44 08-0015-D-II-17A, Protection Set II, System Alarms 1.4.2.2.45 08-0015-D-II1-1, Protection Set III, Reactor Coolant Flow 1.4.2.2.46 08-001 5-D-Ill-i1A, Protection Set Ill, Reactor Coolant Flow 1.4.2.2.47 08-0015-D-III-2, Protection Set Ill, Wide Range Pressure 1.4.2.2.48 08-0015-D-1II-3, Protection Set Ill, Delta-T/Tavg 1.4.2.2.49 08-0015-D-lIII-3A, Protection Set Ill, Delta-T/Tavg 1.4.2.2.50 08-0015-D-III-4, Protection Set Ill, Pressurizer Level 1.4.2.2.51 08-001 5-D-lIII-5, Protection Set III, Pressurizer Pressure 1.4.2.2.52 08-0015-D-llI-5A, Protection Set III, Pressurizer Pressure 1.4.2.2.53 08-0015-D-Ill-6, Protection Set Ill, Steamline Break Protection (S/G 2)1.4.2.2.54 08-0015-D-Ill-7, Protection Set III, Steamline Break Protection (S/G 3)1.4.2.2.55 08-0015-D-Ill-8, Protection Set Ill, Steam Generator Level (S/Gs 1 thru 4)1.4.2.2.56 08-001 5-0-1II-9, Protection Set Ill, Containment Pressure 1.4.2.2.57 08-001 5-D-I II-9A, Protection Set Ill, Containment Pressure 1.4.2.2.58 08-001 5-D-Ill-I10, Protection Set III, System Alarms 1.4.2.2.59 08-001 5-D-Ill-i10A, Protection Set Ill, System Alarms 1.4.2.2.60 08-0015 IV-l, Protection Set IV, Wide Range Pressure 1.4.2.2.61 08-0015 IV-2, Protection Set IV, Delta-T/Tavg 1.4.2.2.62 08-0015 IV-2A, Protection Set IV, Delta-T/Tavg 1.4.2.2.63 08-0015 IV-3, Protection Set IV, Pressurizer Pressure 1.4.2.2.64 08-0015 IV-3A, Protection Set IV, Pressurizer Pressure 1.4.2.2.65 08-0015 IV-4, Protection Set IV, Pressurizer Vapor Temperature 1.4.2.2.66 08-0015 IV-5, Protection Set IV, Steamline Break Protection (S/G 1)1.4.2.2.67 08-0015 IV-6, Protection Set IV, Steamline Break Protection (S/G 4)1.4.2.2.68 08-0015 IV-7, Protection Set IV, Steam Generator Level (S/Gs 1 thru 4)1.4.2.2.69 08-0015 IV-8, Protection Set IV, Containment Pressure 1.4.2.2.70 08-0015 IV-8A, Protection Set IV, Containment Pressure 1.4.2.2.71 08-001 5-D-IV -9, Protection Set IV, System Alarms 1.4.2.2.72 08-0015 IV-9A, Protection Set IV, System Alarms a LTRafl Units 1&,2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 23 of 90 1.4.3 Implementing Documents (Use Latest Revision)1.4.3.1 Technical Specifications, DCPP Units 1 and 2, Appendix A to License Nos. DPR-80 and DPR-82, as amended 1.4.3.2 DCPP Final Safety Analysis Report Update (FSARU), latest revision 1.4.3.3 DC 663229 -47, Precautions Limits and Setpoints Document (PLS), latest revision 1.4.3.4 Reactor Control & Protection Functional Requirements DC 663195-17 1.4.3.4.1 PGE/PEG -300/3, Thermal Overpower and Overtemperature Protection 1.4.3.4.2 PGE/PEG -300/4, Reactor Coolant System Pressure and Level Protection System 1.4.3.4.3 PGEIPEG -300/5, Reactor Coolant System Low Flow Protection 1.4.3.4.4 PGE/PEG -300/6. Safety Injection System Actuation 1.4.3.4.5 PGE/PEG -300/7, Steam Generator Protection System 1.4.3.4.6 PGE/PEG -300/8, Steam Break Protection 1.4.3.4.7 PGE/PEG -300/9, Miscellaneous Protection Systems 1.4.3.4.8 PGE/PEG -300/1 7, Turbine Control System 1.4.3.5 Functional Logic Diagrams (FLD): 1.4.3.5.1 DC 495842, FLD -Reactor Trip Signals 1.4.3.5.2 DC 495845, FLD -Primary Coolant System Trip Signals 1.4.3.5.3 DC 495846, FLD -Pressurizer Trip Signals 1.4.3.5.4 DC 495847, FLD -Steam Generator Trip Signals 1.4.3.5.5 DC 495848, FLD -Safeguards Actuation Signals 1.4.3.5.6 DC 495849, FLD -Rod Controls and Rod Blocks 1.4.3.5.7 DC 495850, FLD -Steam Dump Control 1.4.3.5.8 DC 495853, FLD -Feedwater Control and Isolation 1.4.3.5.9 DC 495855, FLD -Auxiliary Feedwater Pumps Startup 1.4.3.5.10 DC 495856, FLD -Turbine Trips, Runbacks and Other Signals 1.4.3.5.11 DC 495857, FLD -AMSAC Signals 1.4.3.6 PG&E IDAP CF2.1D9, Software Quality Assurance Plan, Software Development (as applicable) 1.4.3.7 Design Criteria Memorandum (DCM) C-17, Hosgri Response Spectra 1.4.3.8 DCM C-25, Design Earthquake Response Spectra for Structures, Systems, and Components 1.4.3.9 DCM C-28, Maximum Building Displacements 1.4.3.10 DCM C-30, Double Design Earthquake Response Spectra a LTRafl Units 1&2 DC663195-44-8 DCPP Units I & 2, Process Protection SYStem Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 24 of 90 1.4.3.11 0CM S-65, 120 VAC System 1.4.3.12 DCM S-38A, Plant Protection System 1.4.3.13 DCM T-10, Seismic Qualification of Equipment 1.4.3.14 0CM T-19, Electrical Separation and Isolation 1.4.3.15 DCM T-24, Design Criteria for DCPP Instrumentation and Controls 1.4.3.16 DCPP HSI Development Guidelines Document 1.4.3.17 Surveillance Test Procedure STP 1-33, Reactor Trip and ESF Response Time Test Program 1.4.3.18 10115-J-NPG, Process Protection System Controller Transfer Functions Design Input Specification 1.5 System Overview The PPS consists of four separate and isolated protection sets with adequate instrumentation to monitor the following reactor plant parameters and provide signals to the Solid State Protection System (SSPS)for use in determining when required Reactor Trip System (RTS) or Engineered Safeguards Features Actuation System (ESFAS) protective actions are required.The PPS provides signals (isolated where appropriate) to drive indicators and/or recorders in the MCR to provide operators with operating plant information and to satisfy the requirements of Regulatory Guide 1.97 [Reference 1.4.1.5.5]
as described in Section 7.6 of the DCPP FSARU [Reference 1.4.3.2].The PPS provides isolated signals to the PPC, the AMSAC system, and to various plant control systems such as the Digital Feedwater Control System (DFWCS) and the Rod Control System. With the exception of Delta-T and Tavg, these signals are derived from the PPS channel sensor input loops and are not processed by the PPS.Refer to the PPS Functional Block Diagrams [Reference 1.4.2.2] for identification of PPS inputs and outputs.The following table identifies the reactor plant parameters that are monitored by the PPS: PARAETERPROTECTION SET Wide Range Rx Coolant Temperature (hot and cold legs), Loops 1, 2 I Wide Range Rx Coolant Temperature (hot and cold legs), Loops 3, 4 II Wide Range Rx Coolant Pressure, Loops 3, 4 IV Wide Range Rx Coolant Pressure, Loop 4 Ill Narrow Range Rx Coolant Temperature (hot and cold legs), Loop 1 I Narrow Range Rx Coolant Temperature (hot and cold legs), Loop 2 II Narrow Range Rx Coolant Temperature (hot and cold legs), Loop 3 Ill Narrow Range Rx Coolant Temperature (hot and cold legs), Loop 4 IV Neutron Flux (from Nuclear Instrument System) I, 11, Il, IV aLTRafl Units 1&2 DC663195-44-8 Page 24 OF 90 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 25 of 90.PARAMETER PROTECTION SET Pressurizer Level 1, II, III Pressurizer Pressure 1, II, Il, IV Pressurizer Vapor Temperature iV Steamfiow, Steamline Pressure, S/Gs 1, 2, 3, 4 III Steamline Pressure, S/Gs 2, 3 III Steamline Pressure, S/Gs 1, 4 IV SIG Narrow Range Level, S/Gs 1, 2, 3, 4 III, IV SIG Narrow Range Level, S/Gs 2, 3I SIG Narrow Range Level, S/Gs 1, 4 II Turbine Impulse Chamber Pressure 1, II Containment Pressure I, II, II, IV a LTRafl Units 1l&2 DC663195-44-8 DCPP Units I & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 26 of 90 2 General System Description 2.1 System Context The PPS is designed to monitor plant parameters that are important to reactor safety during all plant conditions.
The PPS provides partial trip/ESFAS actuation signals to the SSPS whenever pre-established setpoints are exceeded.
The SSPS initiates a Reactor Trip or actuates safeguards functions as described below whenever the design coincidence logic for the required protective action is satisfied.
PPS channel protective functions are identified in the following sections.
More detail is provided in Sections 3 and 4. Refer to the FLDs [Reference 1.4.3.5] for additional detail regarding these protective functions.
2.1.1 Reactor Coolant Flow Channels 2.1.1.1 Low Flow Reactor Trip Provides Departure from Nucleate Boiling (DNB) protection.
2.1.2 Wide Range Reactor Coolant Temperature Channels 2.1.2.1 Input to Low Temperature Overpressure Protection System (LTOPS)Provides protection against overpressurization at low plant temperature.
2.1.3 Wide Range Reactor Coolant Pressure Channels 2.1.3.1 Input to LTOPS Provides protection against overpressurization at low plant temperature.
2.1.3.2 Input to Residual Heat Removal (RHR) valve interlock circuit Provides protection against improper operation of RHR isolation valves.2.1.4 Delta-T/ Tavg (DTT-IA) Channels 2.1 .4;1 Overtemperature Delta-T (OTDT) Reactor Trip Provides DNB protection.
The setpoint for the OTDT reactor trip is continuously calculated by the PPS for each of the four reactor coolant loops.2.1.4.2 Overpower Delta-T (OPDT) Reactor Trip Provides protection against excessive power (fuel rod rating protection).
The setpoint for the OPDT reactor trip is continuously calculated by the PPS for each of the four reactor coolant loops.2.1.5 Pressurizer Level Channels 2.1.5.1 Pressurizer High Water Level Reactor Trip a LTRafl Units 1&,2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 27 of 90 Provides backup protection to the Pressurizer High Pressure Reactor Trip and prevents the pressurizer from becoming water solid during low worth and low power rod withdrawal accidents.
2.1 .6 Pressurizer Pressure Channels 2.1.6.1 Pressurizer Low Pressure Reactor Trip Provides protection against low pressure that could lead to DNB, and limits the necessary range of protection afforded by the OTDT Reactor Trip.2.1.6.2 Pressurizer High Pressure Reactor Trip Provides protection for the reactor coolant system against system overpressure.
2.1.6.3 Pressurizer Low-Low Pressure Safety Injection (SI)Initiate the automatic starting of decay heat removal systems to provide protection against loss of primary or secondary coolant accidents.
This actuation signal may be manually blocked when pressurizer pressure is below the P-I11 interlock setpoint (Pressurizer Pressure Not High) with the manual block automatically removed by an increasing pressurizer pressure above the P-i11 setpoint.2.1.7 Pressurizer Vapor Temperature Channel 2.1.7.1 Pressurizer Vapor Space Temperature Low RHR valve V-8701 interlock circuit input.2.1.8 Steamline Break Protection Channels 2.1.8.1 Steamline Pressure Low SI and Steamline Isolation Initiate the automatic starting of boron injection and decay heat removal systems and to provide protection against steamline break accidents.
2.1.8.2 Steamline Pressure High Negative Rate Steamline Isolation Provide protection in the case of a steamline break when Pressurizer Pressure is less than the P-Il setpoint and Low Steamline Pressure SI is blocked.2.1.9 Steam Generator Narrow Range Level Channels 2.1.9.1 Steam Generator (SIG) High-High Level Turbine Trip and Feedwater Isolation (P-14, S/G High Level Permissive)
Provides protection against S/G overfill and damage to the main steamlines or main turbine.2.1.9.2 S/G Low-Low Level Reactor Trip and Auxiliary Feedwater (AFW) Pump Start Protects the reactor from loss of heat sink in the event of loss of feedwater to one or more S/Gs or a major feedwater line rupture.The signals to actuate reactor trip and start AFW pumps are delayed through the use of a Trip Time Delay (TTD) for reactor power levels below 50% of rated thermal power. The use a LTRSfl Units 1&2' DC663195-44-8 DCPP Units I & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 28 of 90 of the TTD allows added time for natural SIG level stabilization or operator intervention to avoid an inadvertent protection system actuation.
2.1.10 Turbine Impulse Chamber Pressure Channels 2.1.10.1 Turbine Impulse Chamber Pressure High to P-13 Interlock The purpose of the P-i13 permissive is to provide an input to P-7 indicative of low turbine power when less than the setpoint.The purpose of the P-7 permissive is to disable selected Reactor Trip signals while operating at low power levels.2.1.10.2 Turbine Impulse Chamber Pressure Low Interlock C-5 Blocks control rod withdrawal.
The purpose of the C-5 interlock is to prevent automatic outward rod motion when power is less than the design limit for the Rod Control System.2.1.11 Containment Pressure Channels 2.1.11.1 Containment Pressure High SI, Phase A Containment Isolation Initiates the automatic starting of safeguards equipment to provide protection against a high energy line break inside containment.
2.1.11.2 Containment Pressure High-High Phase B Containment Isolation, Containment Spray Actuation Purpose is to protect the containment integrity and limit fission product release by closing containment isolation valves and initiating containment cooling spray and chemical addition.2.2 System Modes and States The PPS is required to be operational during all plant modes in accordance with the requirements of the Plant Technical Specification
[Reference 1.4.3.1].2.2.1 Operating Modes There are no special operating modes associated with the PPS. It is an instrumentation system that continuously monitors the plant parameters identified in Section 1.5 and provides status indication to the main control room and partial trip inputs to the SSPS whenever protection channel setpoints are exceeded.2.2.2 Manual Trip Switches 2.2.2.1 Manual trip switches independent of the PPS instrumentation shall be provided for each PPS comparator reactor trip and safeguards actuation output to the SSPS in accordance with Section 3.2.1.3.4.
2.2.2.2 The manual trip switches shall be configured to match the TRIP/ACTUATE action (de-energize or energize to TRIP/ACTUATE) of the associated PPS comparator output.2.2.2.3 The manual trip switches shall be functional at all times including when the channel is in a a LTRafl: Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 29 of 90 bypass condition.
2.2.3 Manual Bypass Switches 2.2.3.1 Manual bypass switches independent of the PPS instrumentation shall be provided for each Containment High-High Pressure (Containment Spray) comparator output to facilitate on-line maintenance and testing.2.2.3.2 Manual bypass switches independent of the PPS instrumentation shall be provided for each Turbine Impulse Pressure High (P-i13) comparator output to facilitate on-line maintenance and testing.2.2.3.3 The manual bypass switches shall be configured to maintain the normal non-tripped status (energized or de-energized) of the associated PPS comparator output.2.3 Major System Capabilities The following system capabilities shall be provided: 2.3.1 Signal Validation 2.3.1.1 Signal validation is required for the DTTA channels as described in Sections 3.2.5.1.5 and 3.2.5.1.6.
Signal validation other than range checking per Section 2.3.1.2 is not required for any other PPS channel.2.3.1.2 Input signal range checking is required for all PPS channel input signals. Alarming of Out-of-Range High or Out-of-Range Low input signals is required.
Unless otherwise specified, Out-of-Range (QOR) setpoints shall be as follows: 2.3.1.2.1 QOR Low: -5% span, reset: -2.5% span 2.3.1.2.2 OOR High: 105% span, reset: 102.5% span 2.3.1.2.3 Input OCR alarms per Section 2.3.1.2 shall be suppressed (or cleared) when the affected input is placed in an out'of service condition.
2.3.2 System Level Diagnostics 2.3.2.1 The PPS processing instrumentation shall be provided with sufficient diagnostic capability to isolate'system faults to the card/module level.2.3.2.2 MCR alarms and annunciators (PPS Failure and Trouble) are actuated by signals from the PPS when PPS diagnostics detect conditions that are indicative of degraded performance or failure of some system component.
Conditions requiring alarming are identified in Section 3.2.1.5.2.3.3 Testability at Power 2.3.3.1 The capability for testing while at power shall be provided for all PPS channels as required by I10CFR50, Appendix A, GDC 21 [Reference 1.4.1.3.1.13].
Refer to Section 3.2.1.15 for guidance.a LTRar~ Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 30 of 90 2.4 Major System Conditions Refer to Section 2.2, "System Modes and States." 2.5 Major System Constraints Implementation of the requirements specified in this document will ensure that applicable constraints per Design Criteria Memorandum (DCM) S-38A, Plant Protection System [Reference 1.4.3.12]
have been addressed.
2.6 User Characteristics 2.6.1 2.6.1 Operations The primary user of the PPS is Operations.
Operations will require access to Human System Interface (HSI) displays with the exception of displays dedicated to system maintenance activities.
2.6.2 I&C Maintenance l&C Maintenance will require access to all displays and functions associated with the PPS HSI and processing instrumentation for purposes of performing Technical Specification
[Reference mandated surveillance testing and for maintaining the system.Maintenance display access will require security access measures for any maintenance function that has the capability of changing system configuration.
2.6.3 Engineering
Engineering will require access to all displays and functions associated with the PPS HSI and processing instrumentation to facilitate configuration control of the system.2.7 Assumptions and Dependencies Implementation of the requirements specified in this document will ensure that assumptions and dependencies per Design Criteria Memorandum (0CM) S-38A, Plant Protection System [Reference 1.4.3.12]
have been addressed.
2.8 Operational Scenarios Refer to Section 2.2, "System Modes and States." a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 31 of 90 3 System Capabilities, Conditions, Constraints 3.1 Physical 3.1 .1 Construction The PPS instrumentation will be installed within 16 equipment racks (per unit) located in the Cable Spreading Rooms at elevation 128 of the Auxiliary Building.3.1.1.1 The PPS equipment racks are divided into four separate Protection Sets which are physically separated and electrically isolated from each other.3.1.1.1.1 Protection Set I a) Protection Set I shall consist of five (5) racks.b) One rack shall be dedicated to Class II PPS equipment.
c) Deleted 3.1.1.1.2 Protection SetlII a) Protection Set II shall consist of five (5) racks.b) One rack shall be dedicated to Class II PPS equipment.
c) Deleted 3.1.1.1.3 Protection Set III a) Protection Set III shall consist of three (3) racks.b) One rack shall be dedicated to Class II PPS equipment.
c) Deleted 3.1.1.1.4 Protection Set IV a) Protection Set IV shall consist of three (3) racks.b) One rack shall be dedicated to Class II PPS equipmeht.
c) Deleted 3.1.1.2 PPS instrumentation shall be accessible via full length frontand rear cabinet doors.3.1.1.3 Required physical separation shall be maintained between Class IE and non-Class 1E circuits as required by DCM T-19 [Reference 1.4.3.14].
3.1.1.4 Each PPS Protection Set will be powered from a separate 120 VAC vital bus via a Class IE uninterruptible power supply. Refer to DCM S-65 [Reference 1.4.3.11].
3.1.1.5 Each PPS Protection Set will be provided with a 120 VAC control grade (non-vital) utility power source.3.1.1.6 Each PPS Protection Set will be provided with redundant loop power supplies capable of powering all 4-20 mA instrument loops associated with that Protection Set.3.1.1.6.1 Deleted.3.1.1.6.2 The initial full load design current for each loop power supply should not exceed 75% of a T ~lUnits 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 32 of 90 rated power supply capacity to provide margin for future expansion.
3.1.1.6.3 Failure of a loop power supply shall be alarmed (see Section 3.2.1.5).3.1.1.7 Non-vital 125 VDC from the Main Annunciator will be provided for interrogation of alarm output contacts.3.1.1 .7.1 Output contacts provided for interrogation by the MAS shall be rated at 125 Vdc, 50 mA (minimum).
3.1.1.8 The HSI equipment is Instrument Class lIand shall be isolated from the PPS processing instrumentation as required by General Design Criteria (GDC) 24 [Reference 1.4.1.3.1.16].
Refer to 0CM T-24 [Reference 1.4.3.15]
for guidance.3.1.1.9 PPS processing instrumentation will be qualified and installed to satisfy Seismic Category I requirements applicable to DCPP. Refer to Section 3.1.5 for guidance.3.1.1.10 The PPS HSI equipment will be seismically supported to prevent damage to or loss of* operability of the safety related PPS instrumentation should a seismic event occur. Refer to Section 3.1.5 for guidance.3.1.2 Durability The PPS equipment shall be capable of continuous operation in the environment specified in Section 3.1.4.3.1.3 Adaptability The PPS is a mature system and it is not anticipated that many changes to processing instrumentation or inputs and outputs will be required over the life of the system. However, it is desirable that the system have the capability for additional inputs/outputs within the existing environs so that any required changes to system function can be readily accommodated.
3.1.3.1 There shall be adequate rack space available to accommodate at least 10% additional inputs of each type used within the system for future use.3.1.3.2 There shall be adequate rack space available to accommodate at least 10% additional outputs of each type used within the system for future use.3.1.4 Environmental Conditions The Cable Spreading Rooms at DCPP are considered to be a mild environment.
3.1.4.1 The PPS instrumentation shall be qualified for the following conditions which define this environment:
3.1.4.1.1 Temperature:
3.1.4.1.2 Relative Humidity: 3.1.4.1.3 Pressure: 3.1.4.1.4 Radiation:
40 to 104°F 0 to 95% (non-condensing)
Atmospheric N/A (mild environment) 3.1.5 Seismic Requirements aLTRar Units 1 &2 DC6631 95-44-8 Page 32 OF 90 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 33 of 90 The PPS Class I equipment shall be qualified to Seismic Category I levels by test, analysis, or a combination thereof, to satisfy the requirements of IEEE Std. 344 [Reference 1.4.1.1.6](endorsed by Regulatory Guide 1.100 [Reference 1.4.1.5.6])
as supplemented by the following DCPP requirements:
3.1.5.1 Seismic Response Spectra The seismic inertial loads acting on the PPS are defined in DCM 0-17 [Reference 1.4.3.7], 0CM C-25 [Reference 1.4.3.8], and DCM C-30 [Reference 1.4.3.10].
The seismically induced inter- and intra- structural displacements are defined in 0CM C-28 [Reference 1.4.3.9].3.1.5.2 Seismic Qualification Design Class I PPS equipment and components shall meet the design bases for seismic qualification in accordance with 0CM T-1 0 (Seismic Qualification of Equipment)
[Reference 1.4.3.13].
Non-Class 1E (Class II) PPS equipment is not subject to the seismic requirements of Section 3.1.5. The Class II equipment shall be mounted and supported in such a fashion that it cannot become a missile during a seismic event and possibly damage or disable a safety-related structure, system, or component.
3.1.6 Electromagnetic Compatibility 3.1.6.1 Susceptibility:
The PPS shall be qualified by test, analysis, or a combination thereof, to function without fault or error in an electromagnetic environment in accordance with the guidance of Regulatory Guide 1.180 [Reference 1.4.1.5.10].
3.1.6.2 Emissions:
the PPS equipment shall be qualified by test, analysis or a combination thereof, to not create an electromagnetic environment that will adversely affect the operation of safety-related Class 1 E equipment operating in the same location (cable spreading room).The qualification shall follow the guidance of Regulatory Guide 1.180, as above.3.1.6.3 Grounding:
the PPS equipment shall support the grounding methods described in IEEE Std.1050 [Reference 1.4.1.1.11]
and endorsed by Regulatory Guide 1.180 to limit adverse effects of susceptibility and emissions (both radiated and conducted).
3.1.7 Deleted 3.2 System Performance Characteristics The PPS is required to monitor plant parameters that are important to safety. The PPS provides signals for parameter monitoring, indication, recording, and to the MAS for alarming in the MCR for use by operations personnel and to satisfy the Post-Accident Monitoring requirements of Regulatory Guide 1.97[Reference 1.4.1.5.51 as defined in Chapter 7.5 of the DCPP FSARU [Reference 1.4.3.2].With the exception of Delta-T and Tavg from the Delta-T/Tavg (DTTA) channels, where required, the PPS will provide isolated signals from the channel sensor (prior to processing by the PPS instrumentation) via qualified isolation devices for use by Class II control systems such as the DFWCS, the Rod Speed and Direction System, the Pressurizer Pressure Control System, the Pressurizer Level Control System, and the AMSAC.The PPS will provide isolated (Class Il) level signals from level channel sehsors (prior to processing by the PPS instrumentation) via qualified isolation devices for use by the Class I Auxiliary, Feedwater a LTR~fl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Req uir6m~ents Specification Page 34 of 90 System.The PPS provides partial trip output signals to the SSPS whenever established RTS or ESFAS parameter setpoints are exceeded.
The SSPS will initiate a Reactor Trip and/or actuate ESFAS whenever the design logic (coincidence) for the required protective action is satisfied.
The DCPP FLDs [Reference 1.4.3.5] provide detailed information regarding the SSPS Reactor Trip and ESFAS functional operation.
The following Sections (3.2.1 thru 3.2.13) define the specific requirements for each PPS channel that must be satisfied to ensure that the PPS performs as designed.3.2.1 Requirements Applicable to All PPS Channels The following requirements are applicable to all PPS channels.
Requirements specific to a particular channel will be identified in the specific Section (3.2.2 through 3.2.13) dealing with that channel.3.2.1.1 Functional Description Refer to the "Functional Description" requirement Section associated with each individual PPS channel.3.2.1.2 Special Environmental Requirements This Specification applies only to the PPS instrumentation that is located in the Unit 1 and Unit 2 Cable Spreading Rooms at DCPP (elevation 128). These areas are considered to be a mild environment.
See Section 3.1.4 for specific environmental conditions applicable to these areas.3.2.1.3 -indicators, Status Lights, and Contr'ols The following status requirements are applicable to all PPS channels: 3.2.1.3.1 Status indication (ON/OFF) shall be provided locally at the PPS instrumentation racks for all comparator outputs.-, 3.2.1.3.2 For energize to trip/actuate comparator outputs, feedback shall be provided to the PPS to facilitate detection of open circuits, short circuits, or actual output not matching command unless specified otherwise in Sections 3.2.2 through 3.2.13 of this document.S3.2.1.3.3 Signals for status indication to satisfy .the requirements of Regulatory Guide 1.47[Reference 1.4.1.5.2]
shall be provided to the MCR from each protection set for indication that a protection channel has been placed in an inoperable condition (e.g., bypassed).
3.2.1.3.4 Manual trip switches shall be provided locally at the PPS instrumentation racks for all deenergize to trip comparator outputs except for those provided for alarm purposes only.This Specification does not require nor does it preclude the use of manual trip switches for energize to trip comparator outputs. Where used on energize to trip circuits the requirements of this section shall apply.a) These manual trip switches shall provide an independent trip capability that will override the PPS comparator output.b) Channel status downstream of the manual trip switch shall be determinable by the PPS.c) Exceptions to this requirement for a particular comparator output will be identified in the "Trips and Trip Logic" subsection of the Section (3.2.2 thru 3.2.13) associated with that comparator.
3.2.1.3.5 Manual bypass switches shall be provided for each Containment High-High Pressure a T ~lUnits I8&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 35 of 90 (Containment Spray) comparator Output...a) When in bypass, these switches shall maintain the normal (non-tripped) condition of the comparator output independent of the PPS.b) Indication of Bypass shall satisfy the requirements of Section 3.2.1.5.3.
c) Deleted 3.2.1.3.6 Manual bypass switches shall be provided for each Turbine Impulse Pressure High (P-13)comparator output.a) When in bypass, these switches shall maintain the normal (non-tripped) condition of the comparator output independent of the PPS.b) Indication of Bypass shall satisfy the requirements of Section 3.2.1.5.3.
3.2.1.3.7 A method shall be provided for placing a PPS channel out-of-service (e.g. manual OOS switch) for the purpose of performing maintenance activities (e.g., parameter updates)without requiring that a Protection Set be declared inoperable.
a) Indication of Out-of-Service shall satisfy the requirements of Section 3.2.1.5.5 or b) An alternative indication of Out-of-Service shall be provided.3.2.1.4 Outputs for Monitoring, Indication, Recording, and Control Analog outputs shall be capable of driving an impedance of up to 1000 ohms without loss of accuracy.Refer to the "Outputs for Monitoring, Indication, Recording, and Control" requirement Section associated with each individual PPS channel.Note: "Outputs" includes:
outputs processed through the PPS instrumentation (e.g., RCS Flow); and outputs processed through qualified hardware isolation devices on the sensor Tnput loop (e.g., PZR Level to process control).3.2.1.5 Alarms and Annunciators The following system level alarms and annunciators will be provided by PG&E for each Protection Set. Separate input signals shall be provided to these alarms from processing instrumentation for each Protection Set. Refer to PPS System Level Alarm drawings: Protection Set I [References 1.4.2.2.21, 1.4.2.2.22], Protection Set II [References 1.4.2.2.43, 1.4.2.2.44], Protection Set Ill [References 1.4.2.2.58, 1.4.2.2.59], and Protection Set IV[References 1.4.2.2.71, 1.4.2.2.72].
3.2.1.5.1 PPS Failure [Output to MAS Deenergizes to Alarm with Reflash capability]
System failure conditions determined to impact a safety function that results in a Technical Specification
[Reference 1.4.3.1] Limiting Condition for Operation (LCO) entry shall provide signals to actuate a "PPS Failure" annunciator in the Main Control Room (MCR).The following system level conditions are to be alarmed: a) Failure to set trip on demand (condition exists for longer than 1 second) with the exception of alarm comparators and the C-3, C-4, and C-5 control interlock comparators b) Critical component failure or failures that result in entry into a Technical Specification LCO Channel specific inputs to the PPS Failure alarm are identified in Sections 3.2.2.5 through 3.2.13.5.a LTRafl Units 1&2 0C663t95-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 36 of 90 3.2.1.5.2 PPS Trouble [Output to MAS Deenergizes to Alarm with Reflash capability]
System failure conditions that do not impact a safety function that results in a Technical Specification LCO entry shall provide signals to actuate a "PPS Trouble" annunciator in the MCR.The following system level conditions are to be alarmed: a) Trip output set without a demand (condition exists for longer than 1 second) with the exception of alarm comparators and the C-3, 0-4, and 0-5 control interlock comparators b) Loss of one critical instrument power supply (redundant supply working)c) Loss of one or both non-critical instrument power supplies d) Component failures that do not result in entry into a Technical Specification LCO Channel specific inputs to the PPS Trouble alarm are identified in Sections 3.2.2.5 through 3.2.13.5.3.2.1.5.3 PPS Channel in Bypass [Output to MAS Energizes to Alarm with Reflash capability]
a) Actuation of any comparator bypass in a Protection Set will provide a signal to the MAS for alarming the bypassed condition in the Main Control Room.b) Where utilized, comparator manual bypass switches shall be provided with two (2)separate and independent output contacts.1) One contact will be used to physically bypass the comparator trip/actuation output maintaining the non-tripped/non-actuated state.2) The other contact will be for use in satisfying Bypassed indication requirements per part a) of Section 3.2.1.5.3.
c) Deleted.3.2.1.5.4 PPS RTD Failure [Output to MAS Energizes to Alarm with Reflash capability]
The following conditions shall actuate an "RTD Failure" annunciator in the MCR: a) Input deviation
-SQA2 b) Two bad inputs -SQA2 c) Less than two good inputs -SQA3A and SQA3B d) The alarms per a), b), and c) shall be suppressed when the OTTA channel is out of service.3.2.1.5.5 PPS Out of Service [Output to MAS Energizes to Alarm with Reflash capability (for Item b below)]Where utilized, external Channel Out-of-Service (OOS) switches shall be provided with two (2) separate and independent output contacts [Contacts Close on OOS].a) One contact without reflash capability will be provided for use by the MAS (independent of the PPS instrumentation) to indicate that a manual OOS switch has been actuated and a channel OOS permissive has been set.b) The other contact will be for use in establishing the proper HSI/PPS interfaces for performing maintenance and parameter/setpoint updates. A signal shall be provided for use by the MAS to indicate the channel OOS condition once it is confirmed and established.
a LTRaf Units 1&2 DC66319S-44-8 Pag 36OF 90 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 37 of 90 3.2.1.6 Interlocks and Permissives Refer to the "Interlocks and Permissives" requirement Section associated with each individual PPS channel.3.2.1.7 Trips and Trip Logic PPS comparators determine when established setpoints have been exceeded and provide outputs for use by other systems such as the RTS and ESFAS. Refer to the "Trips and Trip Logic" requirements Section associated with each individual PPS channel for comparator requirements associated with that channel.3.2.1.8 Accuracy A statistical analysis of PPS rack accuracy allowances, including a detailed description of the methodology used to determine rack accuracy allowance value(s), shall be performed by the equipment supplier and provided for use by PG&E to evaluate the need for changes to PPS setpoints.
Section 3.2.1.8.1 includes typical rack allowances that shall be considered.
This is a non--inclusive list and may be supplemented depending on the type of equipment utilized.3.2.1.8.1 Typical Rack Allowances include the following:
a) Rack Calibration Accuracy (RCA): The reference (calibration) accuracy rating for a process loop string. A process ioop includes all modules in a specific channel. It is assumed that the individual modules are calibrated to a particular tolerance and that the process loop is verified to be calibrated to a specific tolerance.
- 1) The following tolerances for input signal conditioning shall be applicable:
- i. 4-20 mA input signal conditioning accuracy tolerance shall not exceed:+ 0.13% span ii. RTD input signal conditioning accuracy tolerance shall not exceed : o + 0.375 °F (narrow range)o +/- 1.05 0 F (wide range)2) 4-20 mA analog output signal accuracy tolerance shall not exceed + 0.5% of span unless otherwise specified.
b) Rack Comparator Setting Accuracy (RCSA): The reference (calibration) accuracy of.the instrument loop comparator (bistable).
- 1) For a single input bistable the tolerance shall not exceed + 0.2% span.2) For a dual input bistable the tolerance shall not exceed + 0,5%. span.3) No uncertainty is included for this term for channels that do not have an electronic comparator.
c) Rack Temperature Effects (RTE): The change in input-output relationship for the process rack module string due to a change in the ambient environmental conditions.
- 1) Fo)r an analog system the tolerance shall not exceed _+ 0.5% span.2) As applicable, for a digital system the following tolerances shall be applicable:
- i. 4-20 mA input signal conditioning temperature effects shall not exceed:+/- 0.25% span ii. RTD input signal conditioning temperature effects shall not exceed: a T ~lUnits 1&2 DC663195-44-8 D)CPP Units I & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 38 of 90 o + 1.2°0 F (narrow range)o + 5.6 °F (wide range)d) Rack Drift (RD)): The change in input-output relationship over a period of time.1) For an analog system the tolerance shall not exceed +/- 1.0% span.2) As applicable, for a digital system the tolerance shall not exceed: i. 4-20 mA input signal conditioning rack drift tolerance shall not exceed:+ 0.2% span ii. RTD input signal conditioning rack drift tolerance shall not exceed: o +/- 0.3 °F (narrow range)o + 1.4 °F (wide range)3) The drift requirements per this Section shall be valid for a period of 30 calendar months (minimum).
3.2.1.8.2 As applicable (digital system), Processor Time Base (Loop Cycle Time)Where input and output signals are updated on a time-dependant cyclic basis, a method for verifying the time base shall be provided.a) The measurable time base shall have an accuracy of+/-+ 0.1% of the utilized time base (e.g., for a 100 msec time base this would be+/-+ 0.1 msec).3.2.1.9 Range (for Inputs, Calculated Values, and Outputs)Instrument Range requirements are function dependent.
Refer to the "Range (for Inputs, Calculated Values, and Outputs)" requirements Section associated with each individual PPS channel.3.2.1.9.1 Analog inputs shall be provided with the capability to adjust input scaling (see Section 3.2.1.13).
3.2.1.10 Time Response The time response of the PPS processing instrumentation (from input signal conditioner to conditioned output signal) shall not exceed 0.409 seconds [Reference 1.4.3.17].
The time delay mentioned above is defined as the elapsed time following a step change at the signal conditioner input from 5% below (above) to 5% above (below) the comparator setpoint with all externally adjustable transfer functions set to 1 (as applicable) and all externally adjustable time delays set to 0.0 (as applicable).
3.2.1.11 Overload and Recovery Characteristics Overload (overrange) of any instrument channel or component in an affected protection system shall result only in the saturation of the affected components in the direction of the overload.3.2.1.11.1 After the out-of-range signal causing the overload returns from the overload condition, all component units of the system shall recover from the saturated condition and return to their correct output values (within nominal accuracy limits) within 1 second.Note: The 1 second recovery time specified need be met only when all externally adjustable time delays are set to 0.0.3.2.1.11.2 During recovery from overload, the output of all affected component units shall progress smoothly from the saturated value to the correct value without oscillation or overshoot a LTRaF~ Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 39 of 90 larger than 1% (peak-to-peak) of channel range exclusive of the theoretical amplification of lead/lag and rate/lag units.Note: The requirements on oscillation and overshoot should be met even with all externally adjustable time delays set to 0.0.3.2.1.12 Noise Levels 3.2.1.12.1 Deleted 3.2.1.12.2 For analog inputs, an adjustable low pass filter with a cutoff frequency range of 0 -15 Hz (minimum bandwidth) shall be provided.Filter attenuation requirements:
o 10 Hz =-20 dB minimum* 60 Hz = -45 dB minimum 3.2.1.13 Controller Transfer Functions Refer to the "Controller Transfer Functions" requirement Section associated with each individual PPS channel for channel specific transfer functions.
3.2.1.13.1 All PPS instrumentation shall have the capability to provide a hysteresis/deadband setting for comparator setpoints as follows: a) Comparator reset for increasing signal trips shall be 1% of input span below trip setpoint.b) Comparator reset for decreasing signal trips shall be 1% of input span above trip setpoint.3.2.1.13.2 All PPS analog inputs must be provided with the capability to adjust scaling. Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Sections 3.2.2.14 through 3.2.13.14.
3.21.14 Setpoints and Tunable Parameters (Range of Setting)3.2.1.14.1 All comparator setpoints shall be capable of being entered and changed locally under administrative controls.3.2.1.14.2 All tunable parameters shall be capable of being entered and changed locally at the PPS instrumentation racks under administrative controls.3:'2.1.14.3 Deleted 3.2.1.15 Test and Calibration The capability must be provided for PPS channel calibration and test at power as required by IEEE Std. 338 [Reference 1.4.1.1.5]
with the following constraints:
3.2.1.15.1 The capability shall be provided for testing at power in either Test in Bypass mode (where the partial trip/actuation outputs associated with the channel in test are maintained in the non-tripped/non-actuated condition) or Test in Trip mode (where the partial trip/actuation outputs associated with the channel in fest are maintained in the tripped/actuated condition).
3.2.1.15.2 In the case of 1/N (one-out-of-N) logic, a bypass shall (must) be provided to prevent the actuation of a protection system during a channel test.3.2.1 .15.3 As applicable, the capability to verify that all analog-to-digital (A/D) conversions are calibrated independently of each other shall be provided.a LTReflb units, &2DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 40 of 90 3.2.1.15.4 As applicable, the capability to verify that digital-to-analog (D/A) conversions are calibrated independently of the A/Ds shall be provided (i.e., the inputs to the D/As are independently verifiable from the inputs to the AIDs for calibration purposes).
3.2.1.15.5 Overlap test capability shall be provided for both periodic and time response testing.3.2.1.15.6 Periodic testing shall not require the need for the use of temporary jumpers or lifting of leads.3.2.1.15.7 A method shall be provided for verification of allowed changes to setpoints and/or tuning constants prior to and following initiation of the change.3.2.1.15.8 Deleted 3.2.1.16 Failure Mode Requirements 3.2.1.16.1 Deleted 3.2.1.16.2 Deleted 3.2.1.16.3 Deenergize to Trip comparator outputs shall be designed such that upon loss of electrical power, the resultant output is the tripped (deenergized) condition.
3.2.1 .16.4 Energize to Trip comparator outputs shall be designed such that upon loss of electrical power, the resultant output is the non-tripped (deenergized) condition.
3.2.1.16.5 Detectable failures that could result in loss of ability to perform a required safety function should result in affected Deenergize to Trip comparators being placed in the tripped (deenergized) condition.
This requirement does not apply to functions that are out of service.3.2.1.16.6 Detectable failures that could result in loss of ability to perform a required safety function should result in affected Energize to Trip comparators being placed in the non-tripped (deenergized) condition.
This requirement does not apply to functions that are out of service.3.2.1.16.7 The capability shall be provided to transit from Test in Bypass to Test in Trip for any channel to support Technical Specification
[Reference 1.4.3.1] requirements.
3.2.1.16.8 The capability shall be provided to transit from Test in Trip to Test in Bypass for any channel to support Technical Specification
[Reference 1.4.3.1] requirements.
3.2.2 Specific Requirements for Reactor Coolant Flow The following specific requirements apply to the Reactor Coolant Flow channels and are in addition to the requirements specified in Section 3.2.1.3.2.2.1 Functional Description Reactor Coolant Flow channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.2.1.1 Reactor Coolant Flow, Loops 1 thru 4 (Protection Set I): Reference 1.4.2.2.1, 1.4.2.2.2 3.2.2.1.2 Reactor Coolant Flow, Loops 1 thru 4 (Protection Set II): Reference 1.4.2.2.23, 1.4.2.2.24 3.2.2.1.3 Reactor Coolant Flow, Loops 1 thru 4 (Protection Set Ill): a LTRar Uis & DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 41 of 90 Reference 1.4.2.2.45, 1.4.2.2.46 3.2.2.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.2.3 Indicators, Status Lights, and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.2.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Reactor Coolant Flow channels: 3.2.2.4.1 Reactor Coolant Flow Loop 1 (Protection Sets I, If, Il)a) MCR Indication b) PPC Monitoring 3.2.2.4.2 Reactor Coolant Flow Loop 2 (Protection Sets 1, I1, II)a) MCR Indication b) PPC Monitoring 3.2.2.4.3 Reactor Coolant Flow Loop 3 (Protection Sets I,II, III)a) MCR Indication b) PPC Monitoring 3.2.2.4.4 Reactor Coolant Flow Loop 4 (Protection Sets I, 11, I1l)a) MCR Indication b) PPC Monitoring 3.2.2.5 Alarms and Annunciators The following alarm outputs shall be provided for the Reactor Coolant Flow channels: 3.2.2.5.1 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range 3.2.2.5.2 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.2.6 Interlocks and Permissives There are no interlocks or permissives associated with PPS Reactor Coolant Flow channel processing.
3.2.2.7 Trips and Trip Logic The following comparator outputs shall be provided by the Reactor Coolant Flow channels: 3.2.2.7.1 Reactor Coolant Loop I Flow Low (Protection Sets I, II, Il)For use by the SSPS Low Reactor Coolant Flow Reactor Trip logic [Deenergize to Trip].3.2.2.7.2 Reactor Coolant Loop 2 Flow Low (Protection Sets I, II, 1l)a LTRafl units &2DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 42 of 90*For use by the SSPS Low Reactor Coolant Flow Reactor Trip logic [Deenergize to Trip].3.2.2.7.3 Reactor Coolant Loop 3 Flow Low (Protection Sets I, If, 1l)For use by the SSPS Low Reactor Coolant Flow Reactor Trip logic [Deenergize to Trip].3.2.2.7.4 Reactor Coolant Loop 4 Flow Low (Protection Sets I, I1, ill)For use by the SSPS Low Reactor Coolant Flow Reactor Trip logic [Deenergize to Trip].3.2.2.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.2.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.2.9.1 Input Variables:
a) Reactor Coolant Flow: 4 -20 mA = 0 to 100 XMTR dp%3.2.2.9.2 Calculated Variables:
Refer to Section 3.2.2.13.*3.2.2.9.3 Output Variables:
a) Reactor Coolant Flow: 0 to 100 XMTR dp% = 4 -20 mA Note: equivalent to 0 to 120% of normalized flow.3.2.2.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.2.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.2.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.2.13 Controller Transfer Functions The following controller transfer functions are used in the processing of Reactor Coolant Flow channels: 3.2.2.13.1 Reactor Coolant Flow Normalization Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.2.14.2.
3.2.2.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Reactor Coolant Flow channels: a LTR~fl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 43 of 90 3.2.2.14.1 Reactor Coolant Flow Low Reactor Trip: 40.000 to 70.000 normalized dp%3.2.2.14.2 Tunable Parameters a) Input Scaling m (normalizing constant) 0.5000 to 1.9000 b) Input scaling b (offset) -1 0.000 to 10.000 dp%3.2.2.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.3.2.2.16 Failure Mode Requirements No additional requirements to those identified in Section 3.2.1.16.3.2.3 Specific Requirements for Wide Range Reactor Coolant Temperature The following specific requirements apply to the Wide Range Temperature channels and are in addition to the requirements specified in Section 3.2.1.3.2.3.1 Functional Description Wide Range Temperature channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.3.1.1 Wide Range Temperature, Reactor Coolant Loops 1 and 2 (Protection Set I): Reference 1.4.2.2.3 3.2.3.1.2 Wide Range Temperature, Reactor Coolant Loops 3 and 4 (Protection Set II): Reference 1.4.2.2.25 3.2.3.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.3.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.3.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Wide Range Temperature channels: 3.2.3.4.1 Hot Leg Temperature Loop 1 (Protection Set I)a) MCR Recording b) ERFDS Monitoring c) RVLIS Train B Monitoring d) PPC Monitoring 3.2.3.4.2 Hot Leg Temperature Loop 2 (Protection Set I)a) MCR Recording a LTRaFP Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 44 of 90 b) ERFDS Monitoring c) RVLIS Train B Monitoring d) PPC Monitoring 3.2.3.4.3 Hot Leg Temperature Loop 3 (Protection Set II)a) MCR Recording b) ERFDS Monitoring c) RVLIS Train A Monitoring d) PPC Monitoring 3.2.3.4.4 Hot Leg Temperature Loop 4 (Protection Set II)a) MCR Recording b) ERFDS Monitoring c) RVLIS Train A Monitoring d) PPC Monitoring 3.2.3.4.5 Cold Leg Temperature Loop 1 (Protection Set I)a) MOR Recording b) ERFDS Monitoring c) PPC Monitoring 3.2.3.4.6 Cold Leg Temperature Loop 2 (Protection Set I)a) MCR Recording b) ERFDS Monitoring c) PPC Monitoring 3.2.3.4.7 Cold Leg Temperature Loop 3 (Protection Set II)a) MCR Recording b) ERFDS Monitoring c) PPC Monitoring 3.2.3.4.8 Cold Leg Temperature Loop 4 (Protection Set II)a) MCR Recording b) ERFOS Monitoring c) PPC Monitoring 3.2.3.5 Alarms and Annunciators The following alarm outputs shall be provided for the Wide Range Temperature channels: 3.2.3.5.1 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range 3.2.3.5.2 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System "08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 45 of 90 a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.3.6 Interlocks and Permissives There are no interlocks or permissives associated with PPS Wide Range Temperature channel processing.
3.2.3.7 Trips and Trip Logic The following comparator outputs shall be provided by the Wide Range Temperature Channels: 3.2.3.7.1 Cold Leg Temperature Low Loop 2 (Protection Set I)For use by the LTOPS [Energize to Trip].3.2.3.7.2 Cold Leg Temperature Low Loop 3 (Protection Set I1)For use by the LTOPS [Energize to Trip].3.2.3.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.3.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.3.9.1 Input Variables a) Wide Range Temperature Hot Leg:[4-wire 200 ohm platinum RTD] = 0 to 700 0 F (minimum range)b) Wide Range Temperature Cold Leg:[4-wire 200 ohm platinum RTD] = 0 to 700 0 F (minimum range)3.2.3.9.2 Calculated Variables:
None 3.2.3.9.3 Output Variables:
a) Wide Range Temperature Hot Leg: 0 to 700 0 F =4 -20 mA b) Wide Range Temperature Cold Leg: 0 to 700 0 F = 4 -20 mA 3.2.3.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.3.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.3.12 Noise Levels No additional requirements to those identified in Section 3.2.1 .12.3.2.3.13 Controller Transfer Functions The following controller transfer functions are used in the processing of Wide Range a LTRar~ Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 46 of 90 Temperature channels: 3.2.3.13.1 RTD Resistance to Temperature Calculation Refer to Reference 1.4.3.18 for details.3.2.3.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Wide Range Temperature channels: 3.2.3.14.1 Cold Leg Temperature Low LTOPS (Protection Sets 1, II): 0.000 to 700.000 0 F 3.2.3.14.2 Tunable Parameters a) Input scaling m (gain) 0.5000 to 1.9000 b) Input scaling b (offset) -70.000 to 70. 000 °F c) RTD a constant 150.000 to 250.000 ohms d) RTD b constant 0.200000 to 0.600000 ohms/°F e) RTD c constant -0.500000E-04 to -0.I00000E-04 ohms/(°F*°F) 3.2.3.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.3.2.3.16 Failure Mode Requirements 3.2.3.16.1 Detected RTD failures shall result in a low-going signal (failed low).3.2.3.16.2 Deleted 3.2.4 Specific Requirements for Wide Range Reactor Coolant Pressure The following specific requirements apply to the Wide Range Pressure channels and are in addition to the requirements specified in Section 3.2.1.3.2.4.1 Functional Description Wide Range Pressure channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.4.1.1 Wide Range Pressure, Reactor Coolant Loop 4 (Protection Set Ill): Reference 1.4.2.2.47 3.2.4.1.2 Wide Range Pressure, Reactor Coolant Loops 3 and 4 (Protection Set IV): Reference 1.4.2.2.60 3.2.4.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.4.3 Indicators, Status Lights and Controls a LTRSfl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 47 of 90 No additional requirements to those identified in Section 3.2.1.3.3.2.4.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Wide Range Pressure channels: 3.2.4.4.1 Wide Range Pressure Loop 4 [PT-403] (Protection Set Ill)a) MCR Recording b) EREDS Monitoring c) RVLIS Train B Monitoring d) PPC Monitoring 3.2.4.4.2 Wide Range Pressure Loop 4 [PT-403A] (Protection Set IIl)a) MCR Indication b) ERFDS Monitoring c) PPC Monitoring 3.2.4.4.3 Wide Range Pressure Loop 3 [PT-405] (Protection Set IV)a) MCR Indication b) ERFDS Monitoring c) PPC Monitoring d) RVLIS Train A Monitoring, 3.2.4.4.4 Wide Range Pressure Loop 4 [PT-405A] (Protection Set IV)a) MCR Indication b) PPC Monitoring c) ERFDS Monitoring 3.2.4.5 Alarms and Annunciators The following alarm outputs shall be provided for the Wide Range Pressure channels: 3.2.4.5.1 Reactor Coolant Pressure Hi, Loop 4 [PT-403A] (Protection Set Ill)Input to RHR Valve 8702 Not Isolated alarm circuit (RHR Interlocks, see Section 3.2.4.6.3).
3.2.4.5.2 Reactor Coolant Pressure Hi, Loop 4 [PT-405A] (Protection Set IV) .Input to RHR Valve 8701 Not Isolated alarm circuit (RHR Interlocks, see Section 3.2.4.6.4).
3.2.4.5.3 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range 3.2.4.5.4 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.4.6 Interlocks and Permissives The following comparator outputs shall be provided by the Wide Range Pressure channels: 3.2.4.6.1 Reactor Coolant Pressure Low, Loop 4 (Protection Set III)a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 48 of 90 For use by the RHR system interlocks Valve 8702 control circuit [Energize to Trip].3.2.4.6.2 Reactor Coolant Pressure Low, Loop 4 (Protection Set IV)For use by the RHR system interlocks Valve 8701 control circuit [Energize to Trip].The Wide Range Pressure Low Loop 4 comparator output to the RHR Valve 8701 Interlock circuit shall be interlocked with the Pressurizer Vapor Space Temperature Low comparator output. A graphical presentation is shown on References 1.4.2.2.60 and 1.4.2.2.65.
3.2.4.6.3 Reactor Coolant Pressure High, Loop 4 (Protection Set Ill)For use by the RHR system interlocks Valve 8702 alarm circuit (see Section 3.2.4.5.1)
[Deenergize to Trip].3.2.4.6.4 Reactor Coolant Pressure High, Loop 4 (Protection Set IV)For use by the RHR system interlocks Valve 8701 alarm circuit (see Section 3.2.4.5.2)
[Deenergize to Trip].3.2.4.7 Trips and Trip Logic The following comparator outputs shall be provided by the Wide Range Pressure channels: 3.2.4.7.1 Reactor Coolant Pressure High, Loop 4 (Protection Sets III, IV)For use by LTOPS [Energize to Trip].3.2.4.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.4.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.4.9.1 Input Variables:
a) Reactor Coolant Wide Range Pressure: 4 -20 mA = 0 to 3000 psig 3.2.4.9.2 Calculated Variables:
None 3.2.4.9.3 Output Variables:
a) Reactor Coolant Wide Range Pressure: 4 -20 mA [0 to 3000 psig] = 4-20 mA (input loop Class IA/Il isolator)1 3.2.4.10 Time Response No additional requirements to those identified in Section 3.2.1 .10.3.2.4.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1 .11.3.2.4.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.4.13 Controller Transfer Functions No additional requirements to those identified in Section 3.2.1.13.a LTRafl Units 1&,2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 49 of 90 3.2.4.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Wide Range Pressure channels: 3.2.4.14.1 Reactor Coolant Wide Range Pressure High LTOPS (Protection Sets III, IV): 0.00 to 3000.00 psig -3.2.4.14.2 Reactor Coolant Wide Range Pressure High RHR Interlocks (Protection Sets III, IV): 0.00 to 3000.00 psig 3.2.4.14.3 Reactor Coolant Wide Range Pressure Low RHR Interlocks (Protection Sets Ill, IV): 0.00 to 3000.00 psig 3.2.4.14.4 Tunable Parameters a) Input scaling m (gain) 0.5000 to 1.9000 b) Input scaling b (offset) -300.00 to 300.00 psig 3.2.4.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.3.2.4.16 Failure Mode Requirements No additional requirements to those identified in Section 3.2.1.16.3.2.4.16.1 Deleted 3.2.5 Specific Requirements for DTTA The following specific requirements apply to the DTTA channels and are in addition to the requirements specified in Section 3.2.1.3.2.5.1 Functional Description DTTA channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).The following sub-sections provide information regarding the development of the Thot, Tcold, Tavg, and Delta-T signals used in calculating the Thermal Overpower and Overtemperature Protection trip setpoints.
The information is presented in a "per DTTA channel" basis. The same process shall be performed in all four DTTA channels.
Each DTTA channel is associated with a particular reactor coolant loop (e.g., DTTA channel 1 is for reactor coolant loop 1 ).3.2.5.1.1 DTTA Reactor Coolant Loop 1 (Protection Set I): Reference 1.4.2.2.4, 1.4.2.2.5 3.2.5.1.2 DTTA Reactor Coolant Loop 2 (Protection Set II): Reference 1.4.2.2.26, 1.4.2.2.27 3.2.5.1.3 DTTA Reactor Coolant Loop 3 (Protection Set Ill): Reference 1.4.2.2.48, 1.4.2.2.49 3.2.5.1.4 DTTA Reactor Coolant Loop 4 (Protection Set IV): a LTRafl- Units 1&,2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 50 of 90 Reference 1.4.2.2.61, 1.4.2.2.62 3.2.5.1.5 Tcold Signal Development A filtered Tcold average (Tfcavg) signal shall be calculated from the two (2) Tcold RTD inputs configured for use in a single DTTA channel for use in the DTTA channel protection function calculations.
The following constraints apply: a) All Tcold inputs shall be processed through a Lag Filter per Section 3.2.5.13.1.
b) Only Tcold signals that have been validated by the Sensor Quality Algorithm (SQA2)[Reference Section 3.2.5.13.81 shall be used in the Tfcavg calculation.
c) Alarm conditions and outputs associated with the SQA2 are provided in Reference 1.4.3.18.d) The Tfcavg shall be the output of the SQA2 Algorithm.
3.2.5.1.6 Thot Signal Development A filtered Thot average (T~havg) signal shall be calculated from the six (6) Thot RTD inputs configured for use in a single DTTA channel for use in the DTTA channel protection calculations.
a) All Thot inputs shall be processed through a Lag Filter per Section 3.2.5.13.1.
b) Each Thot input shall be compensated by application of a Thot streaming factor determined per Section 3.2.5.13.10.
c) The SQA3A algorithm
[Reference Section 3.2.5.13.9]
shall be used to calculate a Tfhavg value for the three (3) Thot "A" inputs.d) The SQA3B algorithm
[Reference Section 3.2.5.13.9]
shall be used to calculate a mfhavg value for the three (3) Thot "B" inputs.e) Only Thot signals that have been validated by the SQA3A or SQA3B algorithm shall be used in the mfhavg calculation for that group.f) Alarm conditions and outputs associated with the SQA3A, SQA3B, and SQA3 are provided in Reference 1.4.3.18.g) The Tfhavg for the DTTA channel shall be calculated from the outputs of the SQA3A and SQA3B algorithms.
3.2.5.1.7 Delta-T Signal Development Delta-T (calculated loop differential temperature, 0 F) shall be determined for each OTTA channel [Reference Section 3.2.5.13.4].
3.2.5.1.8 Tavg Signal Development Tavg (calculated average loop temperature, 0 F) shall be determined for each DTT-A channel [Reference Section 3:2.5.13.4].
3.2.5.1.9 Normalized Power (PB) Signal Development PB (calculated value for normalized power, unitless) shall be determined for each DTTA channel [Reference Section 3.2.5.13.111].
3.2.5.1.10 Overtemperature Delta-T (OTDT) Setpoint An Overtemperature Delta-T (OTDT) Setpoint shall be determined for each DTTA channel[Reference Section 3.2.5.13.6].
3.2.5.1.11 Overpower Delta-T (OPDT) Setpoint a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 51 of 90 An Overpower Delta-T (OPDT) Setpoint shall be determined for each DTTA channel[Reference Section 3.2.5.13.7].
3.2.5.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.5.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.5.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the DTTA channels: 3.2.5.4.1 Calculated Delta-T (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set Ill[Loop 3], Protection Set IV [Loop 4])a) MCR Indication b) MCR Recording c) Delta-T Auctioneering Circuit d) PPC Monitoring e) Associated Steam Generator Level Channel (Trip Time Delay)3.2.5.4.2 Calculated Tavg (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set Ill[Loop 3], Protection Set IV [Loop 4])a) MCR Indication b) Alarming (Deviation Alarm Circuit)c) PPC Monitoring d) To Control (Tavg Auctioneered
-High to Rod Speed and Direction, Steam Dumps, Pressurizer Level)3.2.5.4.3 Calculated Overpower Setpoint (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set III [Loop 3], Protection Set IV [Loop 4])a) MCR Indication b) MCR Recording c) PPC Monitoring 3.2.5.4.4 Calculated Overtemperature Setpoint (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set Ill [Loop 3], Protection Set IV [Loop 4])a) MCR Indication b) MCR Recording c) PPC Monitoring 3.2.5.5 Alarms and Annunciators The following alarm outputs shall be provided for the DTTA channels: 3.2.5.5.1 Tcold sensor(s) failed as determined by the SQA2 algorithm (see Section 3.2.5.13.8).(Actuation input to "RTD Failure' annunciator).
3.2.5.5.2 Thot sensor(s) failed as determined by the SQA3 algorithm (see Section 3.2.5.13.9).
a LT alUnits 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 52 of 90 (Actuation input to "RTD Failure" annunciator).
3.2.5.5.3 Deleted 3.2.5.5.4 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Power Range Flux input out of range b) Power Range Flux input is open circuit (as constrained by Section 3.2.5.5.4 e))c) Pressurizer Pressure sensor input is out of range (as constrained by Section.. 3.2.5.5.4 d))d) Pressurizer Pressure out of range alarm shall be disabled when Tavg is less than or equal to 530°F and enabled when Tavg is greater than 531°0 F.e) Power Range Flux input open circuit alarm shall be disabled when the associated DTTA channel is out of service.3.2.5.5.5 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) Tcold temperature input signal out of range b) Thot temperature input signal out of range c) Thot temperature deviation as determined by SQA3A or SQA3B algorithm d) Alarms per subsection
- ) shall be disabled when the DTTA function is out of service.3.2.5.6 Interlocks and Permissives The following comparator outputs shall be provided by the DTTA channels: 3.2.5.6.1 OPDT Interlock C-4 (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set III[Loop 3], Protection Set IV [Loop 4])For use by Interlock C-4 logic [Deenergize to Trip].Note: Comparator output voltage provided externally from RNARA.3.2.5.6.2 OTDT Interlock C-3 (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set III[Loop 3], Protection Set IV [Loop 4])For use by Interlock C-3 logic [Deenergize to Trip].Note: Comparator output voltage provided externally from RNARA.3.2.5.6.3 Low-Low Tavg Permissive P-12 (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set III [Loop 3], Protection Set IV [Loop 4])For use by SSPS Protection Interlock P-12 logic [Deenergize to Trip].3.2.5.7 Trips and Trip Logic The following comparator outputs shall be provided by the DTTA channels: 3.2.5.7.1 Overpower Delta-T (OPOT) Reactor Trip (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set IlI [Loop 3], ProtectionSet IV [Loop 4])For use by the SSPS OPOT Reactor Trip logic [Deenergize to Trip].3.2.5.7.2 Overtemperature Delta-T (OTOT) Reactor Trip (Protection Set I [Loop 1], Protection Set II[Loop 2], Protection Set III [Loop 3], Protection Set IV [Loop 4])For use by the SSPS OTDT Reactor Trip logic [Deenergize to Trip].a LTRanl Unts"" C639.4 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 53 of 90 3.2.5.7.3 Low Tavg Feedwater Isolation (Protection Set!I [Loop 1], Protection Set II [Loop 2], Protection Set Ill [Loop 3], Protection Set IV [Loop 4])For use by SSPS Feedwater Isolation logic [Deenergize to Trip].3.2.5.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.5.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.5.9.1 Input Variables a) Thot (Th):[4-wire 200 ohm platinum RTD] = 350 to 6500°F (minimum range)b) Tcold (To):[4-wire 200 ohm platinum RTD] = 350 to 650°F (minimum range)c) Pressurizer Pressure 4 -20 mA = 1250 to 2500 psig d) Lower Flux, NIS Power Range: 0 -10 VDC = 0 to 60% (power)e) Upper Flux, NIS Power Range: 0 -10 VDC = 0 to 60% (power)3.2.5.9.2 Calculated Variables a) Power Range Axial Flux Difference
[Calculated]
= -60 to +60% (power)b) PB (Normalized Power Factor)[Calculated]
= 0 to 1.5 c) Delta-T (AT):[Calculated]
=0 to 150% (power)d) OPDT Setpoint[Calculated]
= 0 to 150% (power)e) OTDT Setpoint[Calculated]
= 0 to 150% (power)f) Tavg:[Calculated]
=530 to 630 0 F 3.2.5.9.3 Output Variables a) Tavg: 530 to 630°F = 4-20 mA (low limited to 530°F)b) Delta-T (AT): 0 to 150% (power) = 4 -20 mA (as constrained by Section 3.2.5.9.3 e))a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 54 of 90 c) OPDT Setpoint -0 to 150% (power) = 4 -20 mA d) OTDT Setpoint 0 to 150% (power) =4 -20 mA e) Delta-T output shall be set to zero when Tavg is less than or equal to 530°F and set equal to calculated value of Delta-T when Tavg is greater than 531°0 F 3.2.5.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.5.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.5.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.5.13 Controller Transfer Functions The following controller transfer functions are used in the processing of DTTA channels: 3.2.5.13.1 Lag Units Lag units shall be provided for each of the loop Thor and Tcold input signals used for OTDT and OPDT Protection.
Lag units shall be provided for each of the loop Thot Streaming Factor calculated outputs., Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.2 Lead/Lag Units Lead/Lag units shall be provided for each of the measured loop Tavg and AT signals used for OTDT and OPOT Protection.
Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.3 Rate/Lag Units A Rate/Lag unit shall be provided for each of the loop Tavg signals used for OPDT Protection.
Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.4 Tavg and Delta-T Calculations The loop average temperature (Tavg) and temperature delta between hot and cold legs (AT)shall be calculated by each DTTA channel.Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with~this function are provided in Section 3.2.5.14.3.2.5.13.5 RTD Resistance to Temperature Calculation Refer to Reference 1.4.3.18 for details.a LTRaI Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 55 of 90 3.2.5.13.6 OTDT Setpoint Calculation The OTOT Setpoint shall be calculated for each DTTA channel.Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.7 OPOT Setpoint Calculation The OPOT Setpoint shall be calculated for each DTTA channel.Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.
-3.2.5.13.8 Sensor Quality Algorithm 2 (SQA2)The SQA2 Algorithm shall be used in development of the average filtered TCoId signal in each DTTA channel.Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.9 Sensor Quality Algorithms 3A and 3B (SQA3A/SQA3B)
The SQA3A and SQA3B Algorithms shall be used in development of the average filtered Thot signal in each DTTA channel.Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.10 Thor Streaming Factor Calculation A temperature streaming correction factor shall be calculated for each Thot RTD as constrained by the following:
a) The streaming factors (for each group) that are made available to the HSI (output of lag filters) shall be set to zero until the following validation checks are satisfied:
The sum of the streaming factors (output from lag filters) for the group is 0.0+/-+0.2 0 F ii. The streaming factors forthe group (output from calculation) are not equal to zero for more than six time constants (Thot lag filter streaming constant)
[Section 3.2.5..14.7 if)].Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.11 Normalized Power (PB) Calculation Normalized Power (PB) shall be calculated for each DTTA Channel as constrained by the following:
a) PB shall be set to 0.0 whenever Tavg is less than or equal to 530°F b) PB shall be the calculated value of PB whenever Tavg is greater than 531°F Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided-in Section 3.2.5.14.3.2.5.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the DTTA channels: 3.2.5.14.1 OPDT Turbine Runback (OPTR): -20.000 to 20.000 percent (usually negative)a LTRan nt 12D63154-Page 55 OF 90 DCPP Units I & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 56 of 90 3.2.5.14.2 OTDT Turbine Runback (OTTR): -20.000 to 20.000 percent (usually negative)3.2.5.14.3 OPDT Reactor Trip: -20.000 to 20.000 percent (usually zero)3.2.5.14.4 OTDT Reactor Trip: -20.000 to 20.000 percent (usually zero)3.2.5.14.5 LOW Tavg Feedwater Isolation:
530.000 to 630.000°F 3.2.5.14.6 LOW-LOW Tavg P-12: 530.000 to 630.000°F 3.2.5.14.7 Tunable Parameters:
a) fl(AI)A (OTDT Flux Imbalance) 0.000 to -50.000%b) fl(AI)B (OTDT Flux Imbalance)
-0.010000 to -0.030000/percent c) fl(AI)C (OTDT Flux Imbalance) 0.000000 to 1.9000000 d) fl(AI)D (OTDT Flux Imbalance) 0.000 to 50.000%e) f2(AI)F (OPDT Flux Imbalance) 0.000 to -50.000%f) f2(AI)H (OPDT Flux Imbalance) 0.000000 to 1.000000 g) f2(AI)l (OPOT Flux Imbalance) 0.000 to 50.000%h) f2(AI)J (OPDT Flux Imbalance) 0.010000 to 0.030000/percent i) fl(AI)N (OTDT Flux Imbalance) 0.01 0000 to 0.030000/percent j) fl(AI)Q (OTDT Flux Imbalance) 0.000000 to 1.000000 k) f2(AI)V (OPDT Flux Imbalance)
-0.01 0000 to -0.030000/percent I) f2(AI)W (OPDT Flux Imbalance) 0.000000 to 1.000000 m) p 0 (OTDT Setpoint) 1700.00 to 2500.00 psig n) AT 0 (PB Calculation) 30.000 to 80.000°F O) m~avg (OTOT Setpoint) 540.000 to 590.000°F p) T'avg (OPDT Setpoint) 540.000 to 590.000°F q) DELTAC (Tcold SQA2 Algorithm) 0.000 to 10.000°F r) DELTAH (Thot SQA3A(B) Algorithm) 0.000 to 25.000°F s) K 1 (OTDT Setpoint) 0.700 to 1.500 t) K 2 (OTOT Setpoint) 0.010000 to 0.030000/°F u) K, (OTDT Setpoint) 0.000350 to 0.00 1000/psig v) K 4 (OPDT Setpoint) 0.700 to 1.500 w) K 5 (OPOT Setpoint) 0.01 0000 to 0.030000/°F x) K 6 (OPDT Setpoint) 0.001000 to 0.003000/°F Y) t 1 Lead Constant (Tavg Lead/Lag) 0.000 to 60.000 seconds z) t2 Lag Constant (Tavg Lead/Lag) 0.000 to 60.000 seconds aa) t3 Rate and Lag Constant (Tavg Rate/Lag) 0.000 to 30.000 seconds bb) t4 Lead Constant (AT Lead/Lag) 0.000 to 60.000 seconds cc) t5 Lag Constant (AT Lead/Lag) 0.000 to 60.000 seconds a LTRafli Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 57 of 90 dd) 6 Lg Costat (T~t ag) .00 to 0.00 seond ee) z 7 Lag Constant (Thotd Lag) 0.000 to 30.000 seconds if) "t 8 Lag Constant (Thor Streaming Lag) 0.000 to 600.000 seconds gg) SXY Calculated Thot Streaming Factor -20.000 to 20.000 0 F Note: X= 1, 2, or3; Y =A orB hh) PLOW PB Threshold (User entered constant) 0.000 to 1.000 ii) SCAL FLUX CALiB fl(AI)/f2(AI) (User entered constant) 1.000000 to 10.000000 jj) m Tcold input scaling (gain) 0.5000 to 1.9000 kk) b Tcold input scaling (offset) -1 2.000 to 12.000°F I1) a Tcold RTD constant 50.000 to 250.000 mm) b Tcold RTD constant 0.200000 to 0.600000 ohms/oF nn) c Tcold RTD constant -0.500000E-04 to -0.I00000E-04 ohms/(OF*°F) oo) m Thot input scaling (gain) 0.5000 to 1.9000 pp) b Thor input scaling (offset) -12.000 to 12.000°F qq) a Thor RTD constant 50.000 to 250.000 rr) b Thot RTD constant 0.200000 to 0.600000 ohms/°F ss) c Thot RTD constant -0.500000E-04 to -0.I00000E-04 oh ms/(°F*°F) tt) m Power Range Flux input scaling (gain) 0.5000 to 1.9000 uu) b Power Range Flux input scaling (offset) -6.0000 to 6.0000%w) m Pressurizer Pressure input scaling (gain) 0.5000 to 1.9000 ww) b Pressurizer Pressure input scaling (offset) -125.00 to 125.00 psig*3.2.5.14.8 All displays of measured AT and AT setpoints shall be in percent of full power AT with scales reading 0 -150%.3.2.5.14.9 During initial plant operation, the AT channels will be calibrated to indicate 100% at 100%power such that the channels do not reflect minor flow variations between loops or minor variations from design flow. Provisions to allow this calibration shall be available in each channel before the AT signal is used for any alarm or protective function.3.2.5.14.10 It is recommended that different tuning constants be used in the OTDT and OPDT setpoint calculations (T~avg and T'avg respectively) to represent the nominal Tavg at rated thermal power so that they can be set and changed independently should the need arise in the future. In most applications, both constants will have the same range setting.3.2.5.14.11 Deleted 3.2.5.15 Test and Calibration The following shall apply to all OTTA channels: 3.2.5.15.1 The capability shall be provided to locally monitor the following variables from all DTTA channels in addition to those that are manually entered: a) Filtered Thot for all Thor sensors b) Filtered ToGld for all Tcold sensors a LTRa l Units 1&2 D6663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 58 of 90 3.2.5.15.2 The capability shall be provided for determining the RTD element resistance without lifting field terminations.
3.2.5.15.3 The capability shall be provided to transmit the following variable quantities from all DTTA channels to the PPC for recording and storage: a) Deleted b) Deleted c) Deleted d) Deleted e) Filtered Thot values (refer to Section 3.2.5.1.6 a))f) Filtered Tcold values (refer to Section 3.2.5.1.5 a))g) Thot Inputs (refer to Section 3.2.5.9.1 a))h) T 0 oox Inputs (refer to Section 3.2.5.9.1 b))i) PB (refer to Section 3.2.5.1.9) j) Filtered Thot Average value (refer to Section 3.2.5.1.6 g))k) Filtered Tcold Average value (refer to Section 3.2.5.1.5 d))I) Filtered Thot Streaming Factor values (refer to Section 3.2.5.13.10) m) Lead/Lag compensated value of AT (refer to Section 3.2.5.13.2) n) Lead/lag compensated value of Tavg (refer to Section 3.2.5.13.2) o) Rate/Lag compensated value of Tavg (refer to Section 3.2.5.13.3) p) Thot-EST values (refer to Section 3.2.5.1.6 b))q) SQA3A Filtered Thor Average value (refer to Section 3.2.5.1.6 c))r) SQA3B Filtered Thot Average value (refer to Section 3.2.5.1.6 d))3.2.5.16 Failure Mode Requirements Detected RTD failures shall result in a low-going signal (failed low).3.2.6 Specific Requirements for Pressurizer Level The following specific requirements apply to the Pressurizer Level channels and are in addition to the requirements specified in Section 3.2.1.3.2.6.1 Functional Description Pressurizer Level channels are presented graphically in the PPS Functional Block Diagrams[Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.6.1.1 Pressurizer Level (Protection Set I)Reference 1.4.2.2.6 3.2.6.1.2 Pressurizer Level (Protection Set II)Reference 1.4.2.2.28 a LTR~fl Units 1&2 DC663t95-44-8 DCPP Units I &2., Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 59 of 90 3.2.6.1.3.
Pressurizer Level (Protection Set Ill)Reference 1.4.2.2.50 3.2.6.1.4 Isolated signals (not processed by the PPS) from all Pressurizer Level channel sensors shall be provided for use by the Pressurizer Level Control System.3.2.6.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.6.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.6.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Pressurizer Level channels: 3.2.6.4.1 Pressurizer Level (Protection Sets I,1II)a) MCR Indication b) PPC Monitoring c) Hot Shutdown Panel Indication d) Pressurizer Level Control (Control Set I)e) Pressurizer Level Control (Control Set II)f) ERFOS Monitoring 3.2.6.4.2 Pressurizer Level (Protection Set LiII)a) MCR Indication b) PPC Monitoring c) Pressurizer Level Control (Control Set I)d) Pressurizer Level Control (Control Set II)e) EREDS Monitoring 3.2.6.5 Alarms and Annunciators The following alarm outputs shall be provided for the Pressurizer Level channels: 3.2.6.5.1 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range 3.2.6.5.2 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.6.6 Interlocks and Permissives There are no interlocks or permissives associated with PPS Pressurizer Level channel processing.
3.2.6.7 Trips and Trip LogicUnits 1 &2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 60 of 90 The following comparator outputs shall be provided by the Pressurizer Level channels: 3.2.6.7.1 Pressurizer Level High Reactor Trip (Protection SetsI, II, Ill)For use by the SSPS Pressurizer Level High Reactor Trip logic [Deenergize to Trip].3.2.6.8 Accuracy.No additional requirements to those identified in Section 3.2.1.8.3.2.6.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.6.9.1 Input Variables:
a) Pressurizer Level: 4 -20 mA = 0Oto 100%3.2.6.9.2 Calculated Variables:
None 3.2.6.9.3 Output Variables:
a) Pressurizer Level: 4 -20 mA [0 to 100%] = 4 -20 mA (from input loop)b) Pressurizer Level: 4- 20 mA [0 to 100%] =4 -20 mA (input loop Class IA/Il isolator)3.2.6.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.6.11 Overload and Recovery Characteristics , No additional requirements to those identified in Section 3.2.1.11.3.2.6.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.6.13 Controller Transfer Functions No additional requirements to those~identified in Section 3.2.1.13.3.2.6.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Pressurizer Level channels: 3.2.6.14.1 Pressurizer Level High Reactor Trip: 40.000 to 100.000%3.2.6.14.2 Tunable Parameters a) Input scaling mn (gain) 0.5000 to 1.9000 b) Input scaling b (offset) -10.000 to 10.000%3.2.6.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.a T ~lUnits 1&2 D6663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 61 of 90 3.2.6.16 Failure Mode Requirements No additional requirements to those identified in Section 3.2.1 .16.3.2.7 Specific Requirements for: Pressurizer Pressure The following specific requirements apply to the Pressurizer Pressure channels and are in addition to the requirements specified in Section 3.2.1.3.2.7.1 Functional Description Pressurizer Pressure channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.7.1.1 Pressurizer Pressure (Protection Set I)Reference 1.4.2.2.7, 1.4.2.2.8 3.2.7.1.2 Pressurizer Pressure (Protection Set II)Reference 1.4.2.2.29, 1.4.2.2.30 3.2.7.1.3 Pressurizer Pressure (Protection Set Ill)Reference 1.4.2.2.51, 1.4.2.2.52 3.2.7.1.4 Pressurizer Pressure (Protection Set IV)Reference 1.4.2.2.63, 1.4.2.2.64, 3.2.7.1.5 Each Pressurizer Pressure channel shall provide a Pressurizer Pressure signal for use by the DTTA channel processed in the same Protection Set.3.2.7.1.6 Isolated signals (not processed by the PPS) from all Pressurizer Pressure channel sensors shall be provided for use by the Pressurizer Pressure Control System.3.2.7.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.7.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.7.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Pressurizer Pressure channels: 3.2.7.4.1 Pressurizer Pressure (Protection Set I): a) MCR Indication b) PPC Monitoring
-Pressurizer Pressure c) Hot Shutdown Panel Indication d) Pressurizer Pressure Control e) PPC Monitoring
-Pressurizer Pressure Lead/Lag 3.2.7.4.2 Pressurizer Pressure (Protection Sets il, Ill, IV): a LTR~ i~ units 1& c.63195-44-8 DCPP Units I & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 62 of 90 a) MCR Indication b) PPC Monitoring
-Pressurizer Pressure c) Pressurizer Pressure Control d) PPC Monitoring
-Pressurizer Pressure Lead/Lag 3.2.7.5 Alarms and Annunciators The following alarm outputs shall be provided for the Pressurizer Pressure channels: 3.2.7.5.1 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.1.
b) Pressurizer Pressure input sensor out of range will be per Section 3.2.5.6.4.
Note: Pressurizer Pressure sensor input is provided to DTTA channel and Pressurizer Pressure channel The alarming function for out of range required by Section 2.3.1.2 will be performed by the DTTA channel.3.2.7.5.2 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.7.6 Interlocks and Permissives The following comparator outputs shall, be provided by the Pressurizer Pressure channels: 3.2.7.6.1 Pressurizer Pressure High P-il Interlock (Protection Sets 1, II, Il)For use by the SSPS P-Il Interlock logic [Deenergize to Trip].3.2.7.6.2 Pressurizer Pressure High PORV Control (Protection Sets I, II, III, IV)For use by the PORV Control logic [Energize to Trip].3.2.7.7 Trips and Trip Logic (RTS and ESFAS)The following comparator outputs shall be provided by the Pressurizer Pressure channels: 3.2.7.7.1 Pressurizer Pressure Low Reactor Trip (Protection Sets I, II, Ill, IV)For use by the SSPS Pressurizer Pressure Low Reactor Trip logic [Deenergize to Trip].3.2.7.7.2 Pressurizer Pressure Low-Low Safety Injection (SI) (Protection Sets iII, III, IV)For use by the SSPS Pressurizer Pressure Low-Low SI logic [Deenergize to Trip].3.2.7.7.3 Pressurizer Pressure High Reactor Trip (Protection Sets I, I1, III, IV)For use by the SSPS Pressurizer Pressure High Reactor Trip logic [Deenergize to Trip].3.2.7.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.7.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be as follows: 3.2.7.9.1 Input Variables:
a) Pressurizer Pressure: a LTR~a Units 1&2 DC663195-44-8 DCPP Units I & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 63 of 90 4 -20 mA = 1250 to 2500 psig 3.2.7.9.2 Calculated Variables:
a) Pressurizer Pressure Compensated:
[Calculated]
= 1250 to 2500 psig 3.2.7.9.3 Output Variables:
a) Pressurizer Pressure: 4 -20 mA [1250 to 2500 psig] = 4 -20 mA (input loop Class IA/Il isolator)3.2.7.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.7.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.7.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.7.13 Controller Transfer Functions The following controller transfer functions are used in the processing of Pressurizer Pressure channels: 3.2.7.13.1 Lead-Lag for Pressurizer Low Pressure Reactor Trip Compensation Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.7.14.3.2.7.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Pressurizer Pressure channels: 3.2.7.14.1 Pressurizer Pressure Low Reactor Trip: 1700.00 to 2250.00 psig 3.2.7.14.2 Pressurizer Pressure Low-Low SI Actuation:
1700.00 to 2250.00 psi 9 3.2.7.14.3 Pressurizer Pressure High Reactor Trip: 2250.00 to 2500.00 psi 9 3.2.7.14.4 Pressurizer Pressure High P-Il Permissive:
1700.00 to 2250.00 psi 9 3.2.7.14.5 Pressurizer Pressure High PORV: 1250.00 to 2250.00 psig a) Deleted b) Deleted 3.2.7.14.6 Tunable Parameters a) Lead Time Constant 0.000 to 60.000 seconds b) Lag Time Constant 0.000 to 10.000 seconds c) Input scaling m (gain) 0.5000 to 1.9000 d) 'Input scaling b (offset) -125.00 to 125.00 psig 3.2.7.15 Test and Calibration a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 64 of 90 No additional requirements to those identified in Section 3.2.1.15.3.2.7.16 Failure Mode Requirements 3:2.7.16.1 Deleted 3.2.8 Specific Requirements for Pressurizer Vapor Temperature The following specific requirements apply to the Pressurizer Vapor Temperature channel and are in addition to the requirements specified in Section 3.2.1.3.2.8.1 Functional Description The Pressurizer Vapor Temperature channel is presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
This drawing identifies all inputs, outputs, and external interfaces and provides a simplified representation of the channel functionality (logic).3.2.8.1.1 Pressurizer Vapor Temperature (Protection Set IV): Reference 1.4.2.2.65 3.2.8.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.8.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.8.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Pressurizer Vapor Temperature channel: 3.2.8.4.1 Pressurizer Vapor Temperature (Protection Set IV)a) MCR Indication b) PPC Monitoring c) Deleted 3.2.8.5 Alarms and Annunciators The following alarm outputs shall be provided for the Pressurizer Vapor Temperature channel: 3.2.8.5.1 Deleted 3.2.8.5.2 The following conditions shall produce an output to the "PPS Failure" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.1.
3.2.8.5.3 The following conditions shall produce an output to the "PPS Trouble" annunciator in the MCR: a) Input sensor out of range 3.2.8.6 Interlocks and Permissives The following interlocks and/or permissives are applicable to the Pressurizer Vapor Temperature channel: aLT aN Units 1 &2 DC6631 95-44-8 Page 64 OF 90 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 65 of 90 3.2.8.6.1 Pressurizer Vapor Temperature Low (Protection Set IV)For use by the RHR Valve 8701 Interlock Circuit [Energize to Trip].The Pressurizer Vapor Space Temperature Low comparator output shall be interlocked with the Wide Range Pressure Low Loop 4 comparator output to the RHR Valve 8701 Interlock circuit. A graphical presentation is shown on References 1.4.2.2.60 and 1.4.2.2.65.
3.2.8.7 Trips and Trip Logic The following comparator outputs shall be provided by the Pressurizer Vapor Temperature channel: None 3.2.8.7.1 Deleted 3.2.8.8 Accuracy No additional requirements to those identified in Section 3.2.8.8.3.2.8.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.8.9.1 Input Variables:
a) Pressurizer Vapor Temperature:
[3-wire 200 ohm platinum RTD] = 100 to 700°F (minimum range)3.2. 8. 9.2 Calculated Variables:
None 3.2.8.9.3 Output Variables:
a) Pressurizer Vapor Temperature:
100 to 700°F = 4 -20 mA 3.2.8.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.8.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.8.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.8.13 Controller Transfer Functions 3.2.8.13.1 RTD Resistance to Temperature Calculation Refer to Reference 1.4.3.18 for details.3.2.8.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Pressurizer Vapor Temperature channel: 3.2.8.14.1 Pressurizer Vapor Temperature Low (RHR Interlock):
100.000 to 700.000°F a LTRafl Units 1 &2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 66 of 90 3.2.8.14.2 Deleted 3.2.8.14.3 Tunable Parameters a) Input scaling m (gain) 0.5000 to 1.9000 b) Input scaling b (offset) -60.000 to 60.000 0 F c) RTD a constant 150.000 to 250.000 ohms d) RTD b constant 0.200000 to 0.600000 ohms/°F e) RTD c constant -0.500000E-04 to -0.I00000E-04 ohms/(OF*°F) 3.2.8.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.3.2.8.16 Failure Mode Requirements Detected RTD failures shall result in a low-going signal (failed low).3.2.9 Specific Requirements for Steamfiow The following specific requirements apply to the Steamflow channels and are in addition to the requirements specified in Section 3.2.1.3.2.9.1 Functional Description Steamfiow channels are presented graphically in the PPS Functional Block Diagrams[Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.9.1.1 Steamflow Loops 1 thru 4 (Protection Set I): References 1.4.2.2.9 thru 1.4.2.2.12 3.2.9.1.2 Steamflow, Loops 1 thru 4 (Protection Set II): References 1.4.2.2.31 thru 1.4.2.2.34 3.2.9.1.3 The Steamline Pressure signal used for Steamflow compensation shall be from the Steamline Break Protection channel processed in the same Protection Set (see Section 3.2.10), 3.2.9.1.4 The following isolated signals (not processed by the PPS) shall be provided for use by the Digital Feedwater Control System (DFWCS): a) Steamflow channel sensor input, Steam Generators 1, 2, 3, 4 (Protection Sets I, If)3.2.9.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.9.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.9.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided from the Steamflow channels: a LTRafl Units &2Dc663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 67 of 90 3.2.9.4.1 Steamflow Steam Generator 1, 2, 3, 4 (Protection Set!I)a) [Compensated]
MCR Indication b) [Compensated]
ERFDS Monitoring c) DFWCS d) [Compensated]
PPC Monitoring 3.2.9.4.2 Steamflow Steam Generator 1, 2, 3, 4 (Protection Set II)a) [Compensated]
MCR Indication b) [Compensated]
ERFOS Monitoring c) DFWCS d) [Compensated]
PPC Monitoring 3.2.9.5 Alarms and Annunciators The following alarm outputs shall be provided for the Steamflow channels: 3.2.9.5.1 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.1.
3.2.9.5.2 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) In put sensor out of range 3.2.9.5.3' The following conditions shall produce an output to actuate the "PPS Out Of Service" annunciator in the MCR: a) A Steam Flow Indicator (Fl) out of service alarm condition shall be set any time the associated Steamline Pressure channel (Section 3.2.9.1.3) is out of service.3.2.9.6 Interlocks and Permissives There are no interlocks or permissives associated with Steamflow channel processing.
3.2.9.7 Trips and Trip Logic The following comparator outputs shall be provided by the Steamflow channels: None 3.2.9.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.9.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.9.9.1 Input Variables:
a) Steamflow:
4 -20 mA = 0 to 100 XMTR dp%3.2.9.9.2 Calculated Variables:
a) Steamflow (compensated):
a LTRar~ Units 1&2 DC663195-44-8 DCPP. Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 68 of 90 Refer to Section 3.2.9.13.3.2.9.9.3 Output Variables:
a) Steamflow (compensated):
0 to 4.5 million pounds per hour = 4 --20 mA b) Steamflow:
4 -20 mA [0 to 100 XMTR dp%] =4 -20 mA (input loop Class IA/Il isolator)3.2.9.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.9.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.9.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.9.13 Controller Transfer Functions 3.2.9.13.1 Steamfiow Compensation Algorithm Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.9.14.3.2.9.13.2 Steamfiow Normalization Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.9.14.1.
3.2.9.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Steamflow channels: 3.2.9.14.1 Tunable Parameters The following tunable parameters are applicable to the Steamflow Compensation Algorithm:
a) Deleted b) Deleted c) SFmin Value equivalent to user-desired SFDP value d)e)f)g)h)A (Used in Steam Density Calc)B (Used in Steam Density Calc)(Steam Density)ref Input scaling m (gain)Input scaling b (offset)between 0.000 and 1.000% of full scale DP 0.002230 to 0.002540 lb/ft3/psig
-0.263000 to 0.000000 lb/ft3 1.570000 to 2.520000 lb/ft3 0.5000 to 1.9000-1 0.000 to 10.000 %DP 3.2.9.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.aLTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification .Page 69 of 90 3.2.9.16 Failure Mode Requirements No additional requirements to those identified in Section 3.2.1 .16.3.2.10 Specific Requirements for Steamline Break Protection The following specific requirements apply to the Steamline Break Protection channels and are in addition to the requirements specified in Section 3.2.1.3.2.10.1 Functional Description Steamline Break Protection channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic): 3.2.10.1.1 Steamline Break Protection Loops 1, 2, 3, 4 (Protection Set I)References 1.4.2.2.13 thru 1.4.2.2.16 3.2.10.1.2 Steamline Break Protection Loops 1, 2, 3, 4 (Protection Set Il)References 1.4.2.2.35 thru 1.4.2.2.38 3.2.10.1.3 Steamline Break Protection Loops 2, 3 (Protection Set Ill)References 1.4.2.2.53 and 1.4.2.2.54 3.2.10.1.4 Steamline Break Protection Loops 1, 4 (Protection Set IV)References 1.4.2.2.66 and 1.4.2.2.67 3.2.10.1.5 The following isolated signals (not processed by the PPS) shall be provided for use by the Digital Feedwater Control System (DFWCS): a) Steamline Pressure channel sensor input, Steam Generators 1, 2, 3, 4 (Protection Sets I, 1I, II, IV)3.2.10.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.10.3 indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.10.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Steamline Break Protection channels: 3.2.10.4.1 Steamline Pressure Loops 1, 2, 3, 4 (Protection Set I)a) MCR indication b) ERFDS Monitoring c) Hot Shutdown Panel Indication d) DFWCS e) PPC Monitoring
-Steamline Pressure f) PPC Monitoring
-Steamline Pressure Lead/Lag aLTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 70 of 90 g) PPC Monitoring
-Steamline Pressure Rate/Lag 3.2.10.4.2 Steamline Pressure Loops 1, 2, 3, 4 (Protection Set II)a) MCR Indication b) ERFOS Monitoring c) DEWCS d) PPC Monitoring
-Steamline Pressure e) PPC Monitoring
-Steamline Pressure Lead/Lag f) PPC Monitoring
-Steamline Pressure Rate/Lag 3.2.10.4.3 Steamline Pressure Loops 2, 3 (Protection Set Ill)a) MCR Indication b) DFWCS c) PPC Monitoring
-Steamline Pressure d) PPC Monitoring
-Steamline Pressure Lead/Lag e) PPC Monitoring
-Steamline Pressure Rate/Lag 3.2.10.4.4 Steamline Pressure Loops 1, 4 (Protection Set IV)a) MCR Indication b) DFWCS c) PPC Monitoring
-Steamline Pressure-d) PPC Monitoring
-Steamline Pressure Lead/Lag e) PPC Monitoring
-.Steamline Pressure Rate/Lag 3.2.10.5 Alarms and Annunciators The following alarm outputs shall be provided for the Steamline Break Protection channels: 3.2.10.5.1 Steamline Loop 1 Pressure Low (Protection Set IV); alarm output to be suppressed when channel is out of service 3.2.10.5.2 Steamline Loop 2 Pressure Low (Protection Set Ill); alarm output to be suppressed when channel is out of service 3.2.10.5.3 Steamline Loop 3 Pressure Low (Protection Set Ill); alarm output to be suppressed when channel is out of service 3.2.10.5.4 Steamline Loop 4 Pressure Low (Protection Set IV); alarm output to be suppressed when channel is out of service 3.2.10.5.5 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range; alarm output to be suppressed when channel is out of service 3.2.10.5.6 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 71 of 90 3.2.10.6 Interlocks and Permissives There are no interlocks or permissives associated with PPS Steamline Break Protection channel processing.
3.2.10.7 Trips and Trip Logic The following comparator outputs shall be provided by the Steamline Break Protection channels: 3.2.10.7.'1 Steamline Pressure Low Loop I (Protection Sets I, I1, IV)For use by the SSPS Low Steamline Pressure Safety Injection (SI) and Steamline Isolation logic [Deenergize to Trip]. -...3.2.10.7.2 Steamline Pressure Low Loop 2 (Protection Sets I,II, III)For use by the SSPS Low Steamline Pressure SI and Steamline Isolation logic [Deenergize to Trip].3.2.10.7.3 Steamline Pressure Low Loop 3 (Protection Sets I,li,1III)
For use by the SSPS Low Steamline Pressure SI and Steamline Isolation logic [Deenergize to Trip].3.2.10.7.4 Steamline Pressure Low Loop 4 (Protection Sets I, 1I, IV)For use by the SSPS Low Steamline Pressure SI and Steamline Isolation logic [Deenergize to Trip].3.2.10.7.5 Steamline Pressure High Negative Rate Loop 1 (Protection Sets I, II, IV)For use by the SSPS Steamline Isolation logic [Deenergize to Trip].3.2.10.7.6 Steamline Pressure High Negative Rate Loop 2 (Protection Sets I,II, II1)SFor use by the SSPS Steamline Isolation logic [Deenergize to Trip].3.2.10.7.7 Steamline Pressure High Negative Rate Loop 3 (Protection Sets 1, II, Il)For use by the SSPS Steamline Isolation logic [Deenergize to Trip].3.2.10.7.8 Steamline Pressure High Negative Rate Loop 4 (Protection Sets 1, II, IV)3.2.10.7.9 Deleted 3.2.10.7.10 Deleted 3.2.10.7.11 Deleted 3.2.10.7.12 Deleted 3.2.10.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.10.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be as follows: 3.2.10.9.1 Input Variables a) Steamline Pressure: 4 -20 mA = 0 to 1200 psig 3.2.10.9.2 Calculated Variables:
None a LTR~ Units & ageC67195OF490 DCPP Units I & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 72 of 90 3.2.10.9.3 Output Variables:
a) Steamline Pressure: 4 -20 mA [0 to 1200 psig] = 4 -20 mA (from input loop)b) Steamline Pressure: 4 -20 mA [0 to 1200 psig] = 4 -20 mA (input loop Class IA/I I isolator)3.2.10.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.10.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.10.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.10.13 Controller Transfer Functions The following controller transfer functions are used in the processing of Steamline Break Protection channels: 3.2.10.13.1 Steamline Pressure Lead/Lag Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.10.14.
3.2.10.13.2 Steamline Pressure Rate/Lag Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.10.14.
3.2.10.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Steamline Break Protection channels: 3.2.10.14.1 Steamline Pressure Low SI and Steamline Isolation:
385.000 to 88!3.2.10.14.2 Steamline Pressure High Negative Rate Steamline Isolation:
5.000 to 200.0'3.2.10.14.3 Steamline Pressure Low Alarm: 0.00 to 1200.0!3.2.10.14.4 Tunable Parameters a) Lead Time Constant (Lead/Lag function) 0.000 to 60. 000 secon b) Lag Time Constant (Lead/Lag function) 0.000 to 10.000 secon(c) Rate Time Constant (Rate/Lag function) 0.000 to 200.000 secor d) Lag Time Constant (Rate/Lag function) 0.000 to 200.000 secor e) Input scaling m (gain) 0.5000 to 1.9000 f) Input scaling b (offset) -120.00 to 120.00 psi 9 3.2.10.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.i.000 ps~g 00 psi 9 0 psi 9 as is nds nds a LTRanT Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 73 of 90 3.2.10.16 Failure Mode Requirements No additional requirements to those identified in Section 3.2.1.16.3.2.10.16.1 Deleted 3.2.10.16.2 Deleted 3.2.11 Specific Requirements for Steam Generator Narrow Range Level The following specific requirements apply to the S/G Narrow Range Level channels and are in addition to the requirements specified in Section 3.2.1.3.2.11.1 Functional Description S/G Narrow Range Level channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external-interfaces and provide a simplified representation of the channel functionality (logic).3.2.11.1.1 Steam Generator Narrow Range Level, Loops 2 and 3 (Protection Set I): Reference 1.4.2.2.17 3.2.11.1.2
- Steam Generator Narrow Range Level, Loops 1 and 4 (Protection Set II): Reference 1.4.2.2.39 3.2.11.1.3 Steam Generator Narrow Range Level, Loops 1 thru 4 (Protection Set IlI): Reference 1.4.2.2.55 3.2.11.1.4 Steam Generator Narrow Range Level, Loops 1 thru 4 (Protection Set IV): Reference 1.4.2.2.68 3.2.11.1.5 Isolated signals (not processed by the PPS) from all S/G Narrow Range Level channel sensors shall be provided for use by the DFWCS.3.2.11.1.6 Isolated signals (not processed by the PPS) from all S/G Narrow Range Level channel sensors shall be provided for use by the AFW control system.3.2.11.1.7 Isolated signals (not processed by the PPS) from S/G Narrow Range Level channel sensors shall be provided for use by the AMSAC system as follows: a) S/G Narrow Range Level -Loop 1 (Protection Set IV)b) S/G Narrow Range Level -Loop 2 (Protection Set IIl)c) S/G Narrow Range Level -Loop 3 (Protection Set I)d) S/G Narrow Range Level -Loop 4 (Protection Set Il)3.2.11.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.11.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.11.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Steam Generator Narrow Range Level a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 74 of 90 channels: 3.2.11.4.1 Steam Generator Narrow Range Level Loop 1 (Protection Set il)a) MCR indication b) DFWOS c) AFW 3.2.11.4.2 Steam Generator Narrow Range Level Loop I (Protection Set Ill)a) MCR Indication b) ERFDS Monitoring c) DFWCS d) AFW 3.2.11.4.3 Steam Generator Narrow Range Level Loop 1 (Protection Set IV)a) MCR indication b) ERFDS Monitoring c) DFWCS d) AFW e) AMSAC 3.2.11.4.4 Steam Generator Narrow Range Level Loop 2 (Protection Set I)a) MCR indication b) DFWCS c) AFW 3.2.11.4.5 Steam Generator Narrow Range Level Loop 2 (Protection Set Ill)a) MCR Indication b) ERFDS Monitoring c) DFWCS d) AFW e) AMSAC 3.2.11.4.6 Steam Generator Narrow Range Level Loop 2 (Protection Set IV)a) MCR indication b) ERFDS Monitoring c) DFWCS d) AFW 3.2.11.4.7 Steam Generator Narrow Range Level Loop 3 (Protection Set i)a) MCR Indication b) DFWCS c) AFW d) AMSAC a LTRcflq Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 75 of 90 3.2.11.4.8 Steam Generator Narrow Range Level Loop 3 (Protection Set Ill, IV)a) MCR Indication b) ERFDS Monitoring c) DFWCS d) AFW 3.2.11.4.9 Steam Generator Narrow Range Level Loop 4 (Protection Set II)a) MCR Indication b) DEWCS c) AFW d) AMSAC 3.2.11.4.10 Steam Generator Narrow Range Level Loop 4 (Protection Set Ill, IV)a) MCR Indication b) ERFOS Monitoring c) DFWCS d) AFW 3.2.11.5 Alarms and Annunciators The following alarms and annunciator outputs shall be provided by the Steam Generator Narrow Range Level channels: 3.2.11.5.1 Steam Generator Low-Low Level Loop 2 or Loop 3 Trip Time Delay Timer Actuated (Protection Set I); alarm output to be suppressed when TTD is out of service 3.2.11.5.2 Steam Generator Low-Low Level Loop 1 or Loop 4 Trip Time Delay Timer Actuated (Protection Set II); alarm output to be suppressed when TTD is out of service 3.2.11.5.3 Steam Generator Low-Low Level Loop 1, Loop 2, Loop 3, or Loop 4 Trip Time Delay Timer Actuated (Protection Set Ill); alarm output to be suppressed when TTD is out of service 3.2.11.5.4 Steam Generator Low-Low Level Loop 1, Loop 2, Loop 3, or Loop 4 Trip Time Delay Timer Actuated (Protection Set IV); alarm output to be suppressed when TTD is out of service 3.2.11.5.5 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range; alarm output to be suppressed when Steam Generator Narrow Range Level channel is out of service 3.2.11.5.6 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.11.6 Interlocks and Permissives The following interlocks and/or permissives are applicable to the Steam Generator Narrow Range Level channels: 3.2.11.6.1 Steam Generator Low-Low Water Level Trip Time Delay (TTD)All S/G Low-Low Water Level Reactor Trip signals shall be interlocked with a TTD timer that functions as follows: a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 76 of 90 a) Low-Low Water Level detected in any SIG shall generate a signal which will start an elapsed time trip delay timer.b) The allowable TTO shall be based upon the prevailing power level (PL) at the time the Low-Low Water Level Reactor Trip setpoint is reached.c) The PL shall be determined from the Delta-T signal calculated in the DTTA channel of the same Protection Set.d) PL will be used to calculate the allowable time delays for Low-Low Water Level in a single SIG (TO).e) Partial trip actuation shall not occur until the elapsed time is greater than or equal to the allowable TTD.f) Logic and interlocks shall be provided to delay transmission of the SIG Low-Low Water Level signal according to the following:
- i. PL < PHL (PHL = Power High Limit): Time Delay = TO ii. PL >PHL: Time Delay = No Delay g) The TO delay shall be selected when the Low-Low Water Level setpoint is reached in any S/G.h) Should PL increase at any time after TO has been calculated, TO shall be recalculated and the newer (shorter)
TTD shall be applied.i) Should PL decrease after TO has been calculated, there shall be no change in the TO TTO.j) In any Protection Set, restoration of all SIG water levels to a level above the Low-Low Water Level setpoint shall result in termination of the TTD (without trip) and all trip logic signals shall be reset.3.2.11.6.2 Steam Generator Level High-High Loop 1 (Protection Set II, Ill, IV)For use by the SSPS P-14 Permissive logic [Deenergize to Trip].3.2.11.6.3 Steam Generator Level High-High Loop 2 (Protection Set I, III, IV)For use by the SSPS P-14 Permissive logic [Deenergize to Trip].3.2.11.6.4 Steam Generator Level High-High Loop 3 (Protection Set I, Il1, IV)For use by the SSPS P-14 Permissive logic [Deenergize to Trip].3.2.11.6.5 Steam Generator Level High-High Loop 4 (Protection Set II, IIl, IV)For use by the SSPS P-14 Permissive logic [Deenergize to Trip].3.2.11.7 Trips and Trip Logic The following comparator outputs shall be provided by the Steam Generator Narrow Range Level channels: 3.2.11.7.1 Steam Generator Low-Low Level Loop I (Protection Set II, IlI, IV)For use by the SSPS Low-Low Level Reactor Trip and Auxiliary Feedwater (AFW) Pump Start logic [Deenergize to Trip].The Steam Generator Low-Low Level Trip is constrained by the TTD function described in Section 3.2.11.6.1.
3.2.11.7.2 Steam Generator Low-Low Level Loop 2 (Protection Set I,1II1, IV)aLTR~a Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 77 of 90 For use by the SSPS Low-Low Level Reactor Trip and AFW Pump Start logic [Deenergize to Trip].The Steam Generator Low-Low Level Trip is constrained by the TTD function described in Section 3.2.11.6.1.
3.2.11.7.3 Steam Generator Low-Low Level Loop 3 (Protection Set I,1III, IV)For use by the SSPS Low-Low Level Reactor Trip and AFW Pump Start logic [Deenergize to Trip].The Steam Generator Low-Low Level Trip is constrained by the TTD function described in Section 3.2.11.6.1.
3.2.11.7.4 Steam Generator Low-Low Level Loop 4 (Protection Set Il, III, iV)For use by the SSPS Low-Low Level Reactor Trip and AFW Pump Start logic [Deenergize to Trip].The Steam Generator Low-Low Level Trip is constrained by the TTD function described in Section 3.2.11.6.1.
3.2.11.8 Accuracy The following accuracy requirements are applicable to the Steam Generator Narrow Range Level channels: 3.2.11.8.1 The accuracy of the effective time delay for the TTD circuit shall be within +/-1% of adjustable range.3.2.11.9 Range (for inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.11.9.1 input Variables:
a) Steam Generator Narrow Range Level: 4-20 mA = 0 to 100%3.2.11.9.2 Calculated Variables:
a) Delta-T: Calculated in associated DTTA channel per Section 3.2.5.13.4
=0 to 150% power b) Low-Low Level TTD (TD): Calculated per Section 3.2.11.6.1
= 0 to 700 seconds 3.2.11.9.3 Output Variables:
a) Steam Generators 2, 3 Narrow Range Level (Protection Set I): 4 -20 mA [0 to 100%] 4 4-20 mA (from in put loop Class IA/Il isolator)b) Steam Generators 1, 4 Narrow Range Level (Protection Set il): 4 -20 mA [0 to 100%] = 4 -20 mA (input loop Class IA/vil isolator)c) Steam Generator 3 Narrow Range Level (Protection Set I): 4 -20 mA [0 to 100%] = 4 -20 mA (input loop Class IA/VIl isolator to AMSAC)d) Steam Generator 4 Narrow Range Level (Protection Set iI): 4 -20 mA [0 to 100%] = 4 -20 mA (input loop Class IA/VIl isolator to AMSAC)a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 78 of 90 e) Steam Generator 1, 2, 3, 4 Narrow Range Level (Protection Sets Ill and IV): 4 -20 mA [0 to 100%] =4 -20 mA (from input loop)f) Steam Generator 1, 2, 3, 4 Narrow Range Level (Protection Sets Ill and IV): 4 -20 mA [0 to 100%] = 4 -20 mA (input loop Class IA/lI isolator)g) Steam Generator 2 Narrow Range Level (Protection Set Ill): 4 -20 mA [0 to 100%] = 4 -20 mA (input loop Class IA/Il isolator to AMSAC)h) Steam Generator 1 Narrow Range Level (Protection Set IV): 4 -20 mA [0 to 100%] = 4 -20 mA (input loop Class IA/Il isolator to AMSAC)3.2.11.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.11.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.11.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.11.13 Controller Transfer Functions The following controller transfer functions are used in the processing of Steam Generator Narrow Range Level channels: 3.2.11.13.1 The delay units provided for the Steam Generator Low-Low Water Level signals shall have the following transfer function: t -A-4-l A =time delay input ---I --- output 3.2.11.13.2 Upon loss of signal to the delay unit, the output of the unit must reset to its initial state.3.2.11.13.3 Trip Time Delay Algorithm Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.11.14.
3.2.11.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Steam Generator Narrow Range Level channels: 3.2.11.14.1 Steam Generator Water Level Low-Low Reactor Trip: 0.000 to 45.000% of Narrow Range Span Note: Percent of Narrow Range Span refers to percent of span as measured from the narrow range level tap.a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 79 of 90 3.2.11.14.2 Steam Generator Water Level High-High Turbine Trip and Feedwater Isolation:
45.000 to 90.000% of Narrow Range Span Note: Percent of Narrow Range Span refers to percent of span as measured from the narrow range level tap.3.2.11.14.3 Tunable Parameters
- a. (TTD) Power High Limit (PHL)b. (TTD) A c. (TTD) B d. (TTD) C e. (TTD) 0 f. Input scaling m (gain)g. Input scaling b (offset)0.000 to 100.000% of Rated Thermal Power 0.000000 to -0.010000 0.000000 to 1.000000 0.000 to -1 00.000 0.00 to 1000.00 0.5000 to 1.9000-1 0.000 to 10.000%3.2.11.15 Test and Calibration The following Test and Calibration requirements are applicable to the Steam Generator Narrow Range Level channels: 3.2.11.15.1 For the purpose of testing the Delta-T signal that provides input for the TTD logic, the design shall automatically enable a zero second allowable trip delay for all narrow range level channels in the affected Protection Set.3.2.11.15.2 3.2.11.15.3 For the purpose of testing the TTD function, the design shall automatically enable a zero second allowable trip delay for all narrow range level channels in the affected Protection Set.For the purpose of testing a steam generator narrow range level channel, the design shall automatically disable the steam generator low-low level trip input to the TTD algorithm.
3.2.11.16 Failure Mode Requirements The following Failure Mode requirements are applicable to the Steam Generator Narrow Range Level channels: 3.2.11.16.1 Failures (other than loss of power or isolation device) within the PPS processing instrumentation shall not affect the operability of the AMSAC system.3.2.12 Specific Requirements for Turbine Impulse Chamber Pressure The following specific requirements apply to the Turbine Impulse Chamber Pressure channels and are in addition to the requirements specified in Section 3.2.1.3.2.12.1 Functional Description Turbine Impulse Chamber Pressure channels are presented graphically in the PPS Functional Block Diagrams [Reference 1 .4.2.2]. These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.12.1.1 Turbine Impulse Chamber Pressure (Protection Set I): Reference 1.4.2.2.18 a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 80 of 90 3.2.12.1.2 Turbine Impulse Chamber Pressure (Protection Set il): Reference 1.4.2.2.40 3.2.12.1.3 Isolated signals (not processed by the PPS) from all Turbine Impulse Chamber Pressure channel sensors shall be provided for use by the following:
a) AMSAC 3.2.12.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.12.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.12.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Turbine Impulse Chamber Pressure channels: 3.2.12.4.1 Turbine Impulse Chamber Pressure (Protection Set I): a) MCR Indication b) PPC Monitoring c) AMSAC 3.2.12.4.2 Turbine Impulse Chamber Pressure (Protection Set II): a) MCR Indication b) PPC Monitoring c) AMSAC 3.2.12.5 Alarms and Annunciators The following alarm outputs shall be provided for the Turbine Impulse Chamber Pressure channels: 3.2.12.5.1 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range 3.2.12.5.2 The following conditions shall produce an output to actuate the "PPS Trouoble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.12.6 Interlocks and Permissives The following comparator outputs shall be provided by the Turbine Impulse Chamber Pressure channels: 3.2.12.6.1 Turbine Impulse Pressure High (Protection Sets I, II): For use by the SSPS P-i13 Permissive logic [Deenergize to Trip].3.2.12.6.2 Turbine Impulse Pressure Low (Protection Set I)For use by the Turbine Low Power Interlock C-5 logic [Deenergize to Trip].Note: Comparator output voltage provided externally from RNARA.a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 81 of 90 3.2.12.7 Trips and Trip Logic The following comparator outputs shall be provided by the Turbine Impulse Chamber Pressure channels: None 3.2.12.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.12.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.12.9.1 Input Variables:
a) Turbine Impulse Chamber Pressure: 4 -20 mA =0to 110% of Turbine Power 3.2.12.9.2 Calculated Variables:
None 3.2.12.9.3 Output Variables:
a) Turbine Impulse Chamber Pressure: 0Oto 110% of Turbine Power =4-20 mA b) Turbine Impulse Chamber Pressure: 4 -20 mA [0 to 110% of Turbine Power] = 4 -20 mA (input loop Class IA/Il isolator)3.2.12.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.12.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1 .11.3.2.12.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.12.13 Controller Transfer Functions No additional requirements to those identified in Section 3.2.1.13.3.2.12.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Turbine Impulse Chamber Pressure channels: 3.2.12.14.1 Turbine impulse Pressure High to P-13: 5.000 to 20.000%.3.2.12.14.2 Turbine Impulse Pressure Low to C-5: 5.000 to 20.000%.3.2.12.14.3 Tunable Parameters a) Input scaling m (gain) 0.5000 to 1.9000 a LTRafl Units 1&2 DC663195-44-8 Pag 81OF 90 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 82 of 90 b) Input scaling b (offset) -11.000 to 11.000%3.2.12.15 Test and Calibration A manual bypass switch shall be provided for the Turbine Impulse Pressure High to P-i13 comparator output to facilitate test and calibration.
When in Bypass, the switch shall maintain the non-tripped condition of the comparator.
3.2.12.16 Failure Mode Requirements The following Failure Mode requirements are applicable to the Turbine Impulse Pressure channels: 3.2.12.16.1 Failures (other than loss of power or isolation device) within the PPS processing instrumentation shall not affect the operability of the AMSAC system.3.2.13 Specific Requirements for Containment Pressure The following specific requirements apply to the Containment Pressure channels and are in addition to the requirements specified in Section 3.2.1.3.2.13.1 Functional Description Containment Pressure channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.13.1.1 Containment Pressure (Protection Set I): Reference 1.4.2.2.19, 1.4.2.2.20 3.2.13.1.2 Containment Pressure (Protection Set Il): Reference 1.4.2.2.41, 1.4.2.2.42 3.2.13.1.3 Containment Pressure (Protection Set Ill): Reference 1.4.2.2.56, 1.4.2.2.57 3.2.13.1.4 Containment Pressure (Protection Set IV): Reference 1.4.2.2.69, 1.4.2.2.70 3.2.13.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.13.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.13.4 Outputs for Monitoring, Indication, and Control The following outputs shall be provided by the Containment Pressure channels: 3.2.13.4.1 Containment Pressure (Protection Sets I, IV)a) MCR Indication b) PPC Monitoring 3.2.13.4.2 Containment Pressure (Protection Sets II, III)a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 83 of 90 a) MCR Indication b) PPC Monitoring c) ERFDS Monitoring 3.2.13.5 Alarms and Annunciators The following alarm outputs shall be provided for the Containment Pressure channels: 3.2.13.5.1 Deleted 3.2.13.5.2 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range" 3.2.13.5.3 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.13.6 Interlocks and Permissives There are no interlocks or permissives associated with PPS Containment Pressure channel processing.
3.2.13.7 Trips and Trip Logic The following comparator outputs shall be provided by the Containment Pressure channels: 3.2.13.7.1 Containment Pressure High (Protection Sets II, Ill, IV)For use by SSPS SI and Phase A Containment Isolation logic [Deenergize to Trip].3.2.13.7.2 Containment Pressure High-High (Protection Sets I, II, III, IV)For use by SSPS Phase B Containment Isolation, Containment Spray, and Steamline Isolation logic [Energize to Trip].3.2.13.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.13.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.13.9.1 Input Variables:
a) Containment Pressure: 4 -20 mA = -5 to 55 psig 3.2.13.9.2 Calculated Variables:
None 3.2.13.9.3 Output Variables:
a) Containment Pressure: 4 -20 mA [-5 to 55 psig] = 4 -20 mA (from input loop)3.2.13.10 Time Response No additional requirements to those identified in Section 3.2.1.10.a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 84 of 90 3.2.13.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.13.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.13.13 Controller Transfer Functions No additional requirements to those identified in Section 3.2.1.13.3.2.13.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Containment Pressure channels: 3.2.13.14.1 Containment Pressure High SI, Phase A Isolation:
0.0000 to 10.0000 psig 3.2.13. 14.2 Containment Pressure High-High Phase B Isolation, Containment Spray, Steamline Isolation:
0.0000 to 40.0000 psig 3.2.13.14.3 Tunable Parameters a) Input scaling m (gain)b) Input scaling b (offset)0.5000 to 1.9000-6.0000 to 6.0000 psig 3.2.13.15 Test and Calibration A manual bypass switch independent of the PPS shall be provided for the Containment Pressure High-High comparator output to facilitate test and calibration.
When in Bypass, the switch shall maintain the non-tripped condition of the comparator.
3.2.13.16 Failure Mode Requirements No additional requirements to those identified in Section 3.2.1.16.3.2.13.16.1 Deleted 3.3 System Security Access to the PPS will be administratively controlled by the end user(s). The following features shall be available to support configuration control/management of the system and shall be described in the Configuration Management Plan for the system.3.3.1 Physical Security The PPS processing instrumentation shall have provisions for accommodating physical security devices such as keylocks, cabinet locks, etc. to ensure that only appropriate personnel have access to the PPS processing instrumentation.
3.3.2 System Logon Protection Access to the PPS processing instrumentation will be administratively controlled using physical security and/or password Iogon security measures (as applicable).
a LTRaAl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 85 of 90 3.3.3 Communications With External (Non-PPS)
Systems All communications between external systems/devices and the PPS instrumentation shall be read only by the external system.3.4 Information Management There are no information management requirements imposed on the PPS.3.5 System Operations 3.5.1 System Human Factors 3.5.1.1 The PPS HSI design should follow the guidance provided in the DCPP HSI Development Guidelines Document [Reference 1.4.3.16].
3.5.2 System Maintainability 3.5.2.1 The PPS processing instrumentation shall have the capability for removal and replacement of all cards/modules at power (hot swap capability) with the system on-line without adverse effect to any protection function.3.5.2.2 System power supplies shall provide hot swap capability.
3.5.2.3 Test and Calibration requirements are identified in Section 3.2.1.15.3.5.2.4 The capability shall be provided to place and maintain multiple channels Out of Service (trip or bypass).3.5.3 System Reliability System diagnostics and self-testing features shall be incorporated in the design to provide automatic detection (where possible) of component failures or degradation of operability.
3.6 Policy and Regulation Section 1.4 provides a listing of References that are utilized in the development of the PPS and all changes thereto to ensure that system design bases requirements are satisfied and the PPS will function as required within the Plant Protection System to ensure that the health and safety of the general public is not jeopardized by the operation of DCPP. The listed References include documents defining design requirements, documents providing guidance for implementation of design requirements, and licensing documents that provide definitive direction for ensuring that operation of the PPS will be maintained within design requirements.
3.7 System Life Cycle Sustainment This Section is only applicable if the PPS equipment subject to this FRS is digital and requires software to be developed for its use.3.7.1 PPS Software Software shall be maintained in accordance with the Software Quality Assurance Plan a LTRanh Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 86 of 90 developed for the PPS as required by IDAP CF2.1D9 [Reference 1.4.3.6].a LTRaMl Units 1&2 0C663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 87 of 90 4 System Interfaces 4.1 External Interfaces The PPS has external interfaces with the following systems. The exchange of information is strictly from the PPS to the identified system. There is no return of information from the receiving system.4.1.1 Plant Process Computer (PPC)The PPS will interface with the PPC to provide monitoring and status information.
4.1 .1.1 Appropriate signal isolation shall be provided between the PPS and PPC.4.1.2 Main Annunciator System (MAS)The PPS will provide contact outputs where needed to interface with the MAS.4.1.2.1 The MAS will provide the contact interrogation voltage.4.1.2.2 Appropriate signal isolation shall be provided between the PPS and MAS.4.1.3 Main Control Panels The PPS will provide appropriately qualified analog outputs and/or appropriately qualified isolation devices to interface with the main control panels in the MCR for purposes of indication and status monitoring (i.e., indicators, recorders, ERFDS, etc.).4.1.3.1 Appropriate signal isolation shall be provided between the PPS and main control panel devices.4.1.4 Hot Shutdown Panel The PPS will provide analog outputs from Pressurizer Level, Pressurizer Pressure, and Steamline Pressure channels to interface with the Hot Shutdown Panel.4.1.4.1 Appropriate signal isolation shall be provided between the PPS and the Hot Shutdown Panel.4.1.5 Solid State Protection System (SSPS)The PPS will provide partial trip outputs to interface with the SSPS as shown on the Functional Block Diagrams [Reference 1.4.2.2].4.1.6 AMSAC The PPS will provide shared signals from the SIG Narrow Range Level and Turbine Impulse Chamber Pressure channel sensor inputs to interface with the AMSAC.Refer to Sections 3.2.11 and 3.2.12.4.1 .6.1 These signals shall be from the raw sensor input and shall not be processed by the PPS.4.1.6.2 Appropriate signal isolation shall be provided between the PPS and the AMSAC.a LTRafl unit 1& DC663195-44-8 DCPP Units I & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 88 of 90 4.1.7 Digital Feedwater Control System (DFWCS)The PPS will provide signals from the SIG Narrow Range Level, Steamfiow, and Steamline Pressure channel sensor inputs to interface with the DFWCS. , Refer to Sections 3.2.11, 3.2.9, and 3.2.10.4.1.7.1 These signals shall be from the raw sensor input and shall not be processed by the PPS.4.1.7.2 Appropriate signal isolation shall be provided between the PPS and the DFWCS.4.1.8 Rod Speed and Direction The PPS will provide analog outputs from the DTTA channels to interface with Rod Speed and Direction in the Process Control System (PCS).Refer to Section 3.2.5.Note: The alternative of sharing RTD input signals is not considered a feasible option with today's technology but would be allowable should the technology become available.
4.1.8.1 Appropriate signal isolation shall be provided between the PPS and the PCS.4.1.9 Pressurizer Pressure Control The PPS will provide signals from the Pressurizer Pressure channel sensor inputs to interface with Pressurizer Pressure Control in the PCS.Refer to Section 3.2.7.4.1.9.1 These signals shall be from the raw sensor input and shall not be processed by the PPS.4.1.9.2 Appropriate signal isolation shall be provided between the PPS and the PCS.4.1.10 Pressurizer Level Control The PPS will provide signals from the Pressurizer Level channel sensor inputs to interface with Pressurizer Level Control in the PCS.Refer to Section 3.2.6.4.1.10.1 These signals shall be from the raw sensor input and shall not be processed by the PPS.4.1.10.2 Appropriate signal isolation shall be provided between the PPS and the PCS.4.1.11 Auxiliary Feedwater (AFW) Control The PPS will provide signals from the S/G Narrow Range Level sensor inputs to interface with AFW Control in the PCS.Refer to Section 3.2.11.4.1.11.1 These signals shall be from the raw sensor input and shall not be processed by the PPS.4.1.11.2 Appropriate signal isolation shall be provided between the PPS and the PCS.a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 89 of 90 4.1.12 Reactor Vessel Level Indicating System (RVLIS)Outputs from the PPS Wide Range Temperature and Wide Range Pressure channels will be provided to interface with the RVLIS.Refer to Sections 3.2.3 and 3.2.4.4.1.12.1 The PPS Wide Range Temperature (hot leg) channels will provide analog outputs to interface with the RVLIS.4.1.12.2 The PPS Wide Range Pressure channels (reactor coolant loops 3 and 4) will provide raw sensor input signals not processed by the PPS to interface with the RVLIS.4.1.12.3 Appropriate signal isolation shall be provided between the PPS and the RVLIS.4.1.13 Low Temperature Overpressure Protection System (LTOPS)Outputs from the PPS Wide Range Temperature and Wide Range Pressure channels will be provided to interface with the LTOPS.Refer to Sections 3.2.3 and 3.2.4.4.1.13.1 The PPS Wide Range Temperature (cold leg) channels will provide comparator outputs to interface with LTOPS via isolation relays in the Aux Safeguards (RNASA) relay rack.4.1.13.2 The PPS Wide Range Pressure channels will provide comparator outputs to interface with LTOPS via isolation relays in the Aux-Safeguards (RNASA) relay rack.4.1.14 Pressurizer Power Operated Relief Valve (PORV) Control System The PPS will provide comparator outputs from Pressurizer Pressure channels to interface with the PORV Control System via isolation relays in the Aux Safeguards (RNASA) relay rack.Refer to Section 3.2.7.4.1.15 Residual Heat Removal (RHR) Interlocks The PPS will provide comparator outputs from Wide Range Pressure channels to interface with the RHR system RHR suction valve (V-8701 and V-8702) "OPEN" actuation logic and alarming circuits via isolation relays in the Aux Safeguards (RNASA and RNASB) relay racks.Refer to Section 3.2.4.4.1.16 Pressurizer Level Control The PPS will provide analog outputs from the DTTA channels to interface with Pressurizer Level Control in the Process Control System (PCS).Refer to Section 3.2.5.Note: The alternative of sharing RTD input signals is not considered a feasible option with today's technology but would be allowable should the technology become available.
a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 90 of 90 4.1.17 Steam Dump Control The PPS will provide analog outputs from the DTTA channels to interface with Steam Dump Control in the Process Control System (PCS).Refer to Section 3.2.5.Note: The alternative of sharing RTD input signals is not considered a feasible option with today's technology but would be allowable should the technology become available.
4.2 Human System Interface A Human System Interface (HSI) shall be provided that will provide the primary interface between plant personnel and the PPS instrumentation for purposes of testing, maintenance, and troubleshooting.
aLTRafl Units 1&2 DC663195-44-8 Functional Requirements Specification Ic mfow W .- I I L--, Document No. 08-0015-SP-001 Revision 9 Nuclear Safety-Related NucwA~EtiERJ' Prepared for: Pacific Gas & Electric Co.Diablo Canyon Power Plant Units 1 & 2 Process Protection System (PPS) Replacement November, 2013SOLUTIONS Repoir Record QA Status: 10CFR50 21CFR820 [-, ISO 9000 [--, Other D] Total Pages: 90 Title: Functional Requirements Specification Process Protection System (PPS) Replacement Client: Pacific Gas & Electric Co. Facility:
Diablo Canyon Units 1 & 2 Revision
Description:
Revised per Revision History Sheet Computer runs are identified on a Computer File Index : Yes [] N/A []Error reports are evaluated by: NA Date: Computer use is affected by error notices. No Yes [] (if yes, attach explanation)Date V erifie,(s)
Date Robert A. itEgneer mW. Hefler, Pr~ cipal Engineer Verification:
Verification is performed in accordance with EOP 3.4 as indicated below[] Design review as documented on the following sheet or Verification Report No. 1 1-2243-VR-0 15, Rev. 0[] Alternate calculation as documented in attachment or D] Qualification testing as documented in attachment or Al Sipkovsky, Project Manager Date: Units t &2 DC6631 95-44-8 Page 2 OF 90 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9-- Page 3 of 90 REVISION HISTORY Revision Affected Reason for Revision Number Sections/Pages
______________________________
1All Initial Issue 1.3 Added/deleted acronyms 1.4 Revised Reference 1.4.1.1.10 to correct version; revised 2 References 1.4.1.2.3, 1.4.1.4.1, 1.4.1.5.8, & 1.4.3.6 to add applicability statement Deleted Reference 1.4.2.1; updated all References in Section 1.4.2.2 Added Reference 1.4.3.18 2.1 Editorial change in second paragraph 2.3 Changed "Channel Set Failure" to "PPS Failure" in Section 2.3.2.2 Section 3 Reformatted and rewritten to accommodate major update remarks.Section 4 Reformatted and rewritten to accommodate major update____________remarks.
Section 2.2.2.2 Added "associated" for clarification.
Section 2.2.3.3 Added 'associated" for clarification.
3Sections 3.1.1.1.1(c), Deleted "PPS processing instrumentation shall be located in racks 3.1.1.1.2(c), not occupied by the HSI equipment." 3.1.1.1.3(c), and 3.1.1.1.4(c)
Section 3.1.1.6.1 Corrected typo.Section 3.1.4.1 Revised EQ requirements for temperature and relative humidity.Section 3.2.1.3.2 Revised requirement by adding "for energize to trip/actuate outputs." Sections 3.2.1.3.4, Clarified requirements for Manual Trip Switches, Manual Bypass 3.2.1.3.5, 3.2.1.3.6, Switches, and Manual OOS Switches.3.2.1.3.7 Section 3.2.1.5.3 Clarified requirements for Channel in Bypass alarm.Section 3.2.1.5.4 Added "DTTA" for clarification.
_________
Section 3.2.1.8.1 Revised tolerances for RCA, RTE, and RD.a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 4 of 90 Section 3.2.1.8.2 Revised accuracy reciuirements for time base.3 (cont.)Section 3.2.1.9.1 Revised for clarification.
Section 3.2.1 .13.2 Revised for clarification.
Section 3.2.1.14.3 Revised for clarification.
Section 3.2.1.15.5 Revised for clarification.
Section 3.2.1.16.5 Revised requirement for Containment Spray to fail "AS-IS" on___________________detection of fatal diagnostic.
Section 3.2.3.7.1, Deleted associated Note; "The requirements of Section 3.2.1.3.2 3.2.3.7.2 do not apply." Sections 3.2.4.5.1, Revised Section reference.
3.2.4.5.2 Sections 3.2.4.6.1, Revised to correct Protection Set associated with interlock 3.2.4.6.2 requirement.
Section 3.2.5.4.2(d)
Revised for clarification.
Section 3.2.5.14.7 Added items gg) and hh).Section 3.2.8.4.1 Revised for clarification.
Section 3.2.8.6.1 Revised for clarification.
Section 3.2.11.14.3 Revised items b and d to show them as n'egative values.Section 3.2.13.7.2 Revised to show exemption from Section 3.2.1.3.4 requirement.
Section 3.5.2.4 Added new requirement.
Section 3.7.1 Revised for clarification.
Section 4.1.3 Revised for clarification.
Section 4.1.5 Revised to correct reference.
Section 1.4.1.1.12 Replaces Section 1.4.1.2.3 Reference.
4 Section 1.4.1.2.3 Reference replaced by Section 1.4.1.1.12 Reference.
Section 1.5 Feedflow deleted from Parameter Listing.Section 2.2.2.1 Added Section reference for clarification of requirement.
Section 3.2 Second paragraph:
changed "Rod Control" to "Rod Speed and Direction".
Section 3.2.1.8.1 Revised accuracy requirement for subsection c),2),i.Section 3.2.1.12.2 Revised input filter requirement.
Section 3.2.1.14.1 Revised wording.Section 3.2.1.16.5 Revised requirement to include PZR Pressure High (PORV).Section 3.2.2.9.3 Subsection a): Changed to reflect actual output scaling.Section 3.2.3.6 Added explanation paragraph.
a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 5 of 90 Section 3.2.5.13.1 Added Thot streamino factor calculated output Lao units.4 (cont.)Seton325.38 eiedscto itetoso "Agrtm inta fAsuac" Section 3.2.5.13.9 Revised section title to show "Algorithms" instead of "Assurance".
Section 3.2.5.14.7 Revised descriptions for tuning constants y, z, aa. bb, cc, dd, ee, ift.Section 3.2.5.15.3 Added subsection I) to include Filtered Thot streaming factors Section 3.2.9.4.1 Added subsection d) to include PPC interface.
Section 3.2.9.4.2 Added subsection d) to include PPC interface.
Section 3.2.10.4.3 Added subsection c) to include PPC interface.
Section 3.2.10.4.4 Added subsection c) to include PPC interface.
Section 3.2.11.6.1 Changed "TS" to 'TO" in subsections d, f, g, h, I so that description matches Transfer Function Specification.
Section 1.5 Parameter Table: added Loop 4 to Wide Range Pressure for Protection Set IV; deleted extra comma from Steamfiow, Steamline Pressure for Protection Sets I, II.5 Section 3.1.6:2 Corrected typo: Regulatory Guide "1.1.80" to "1.180".Section 3.2.1.5.3 Item b), 2): added "per part a)" to Section reference.
__________________
Item c), 2): clarified requirement.
Section 3.2.1.15.5 Corrected typo (extra comma).Section 3.2.4.1.2 Added WR Pressure Loop 4 to text.Section 3.2.4.6.2 Deleted '(see Section 3.2.4.6.1)".
Section 3.2.11.1.7 Deleted "PPS-RTS" from a), b), c), and d).Section 4.1.13.2 Deleted '(reactor coolant loops 3 and 4)" from text.Section 2.3.1.1 Revised to clarify "signal validation." Section 3.2.1.5.2 Added subsection f).Section 3.2.2.14.1 Changed "full flow" to "rated flow." Section 3.2.5.5 Deleted Note.Sections 3.2.5.5.1 and Changed wording to resolve discrepancy with other documents.
3.2.5.5.2 Section 3.2.5.5.3 Deleted to resolve discrepancy with other documents.
Section 3.2.5.14.7 Revised tuning constant names a) thru I) to agree with PLS;added tuning constant:
ii) SCAL FLUX CALIB.Section 3.2.9.14.1 Deleted items a) and b) -not tunincl constants.
6 { Section 3.1.1.6 Changed "shall be provided" to 'will be provided" and deleted___________
j _________________requirement 3.1.1.6.1.
a LTRarl Units 1&2 DC663195-44-8
_.DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 6 of 90 Section 3.1.7 Added new reauirement for Time Synchronization.
6 (cont.)Section 3.2.1.3.7 Revised Section reference for 00S.Section 3.2.1.5.2 Item f) revised to include COR low alarm suppression requirements.
Section 3.2.1.5.3 Items a), c) revised to separate OOS requirements from Bypass requirements.
Section 3.2.1.5.4 Deleted "DTTA" from alarm title.Section 3.2.1.5.5 Added new Section to address GOS Switch requirements.
Section 3.2.1.14.3 Revised a) and b) to provide range requirements.
Section 3.2.1.16.5 Revised requirement to provide clarification.
Section 3.2.1.16.6 Added new requirement for Energize to Trip comparators.
Sections 3.2.1.16.7 and Added new requirements to support Technical Specification 3.2.1.16.8 requirements.
Section 3.2.2.13.1 Revised Section reference to tuning constant ranges.Section 3.2.2.14.2 Added Section to identify tuning constants and range__________________requirements with specific requirements for Reactor Coolant Flow.Section 3.2.3.16 Added new requirement 3.2.3.16.2 which required numbering the________________requirement for RTD failures (3.2.3.16.1).
Section 3.2.4.16.1 Added new requirement.
Section 3.2.7.16.1 Added new requirement.
Section 3.2.8.4.1 Revised c) to reflect that the PZR High Temp Alarm output will be_________________provided from the PPS and not the P0S.Section 3.2.8.5 Added requirement 3.2.8.5.1 which also required a revision to__________________
3.2.8.5 descriptive information.
Section 3.2.8.7.1 Revised requirement to reflect that the PZR Temp High Alarm will_________________be provided from the PPS and not the PCS.Section 3.2.6.14.2 Added to provide range for PZR Temp High Alarm.Section 3.2.11.9.2.b)
Corrected typo Section 3.2.13.16.1 Added new requirement.
Section 3.2.1.15.1 Revised requirement to address test-in-trip and test-in-bypass.
7Section 3.2.1.15.8 Added new requirement.
Section 3.2.5.13.10 Revised to include capability for manual setting of streaming factors to zero._________
Section 3.2.11.15.2 Added new requirement.
8 Section 3.2.1.3.4 Revised to address manual trip switch requirements for energize a LTRafl Units 'l&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 7 of 90 to trocoorto utus+ t Sections 3.2.6.4.1 and 3.2.6.4.2 Revised to inciude ERFOS Monitoring requirement.
8 (cont.)Section 3.2.13.7.2 Deleted second paragraph.
Revision to Section 3.2.1.3.4 negates__________________the need for this paragraph.
Section 3.2.8.4.1 Deleted item "c)". Alarm function to be performed in PPS.Sections 3.2.1.5.1 thru Revised to state required output state (Deenergize or Energize to 3.2.1.5.4, 3.2.1.5.5 b), Alarm) for outputs to MAS.3.2.4.6.3, 3.2.4.6.4, 3.2.8.5.1, 3.2.10.5.1 thru 3.2.10.5.4, 3.2.11.5.1 thru 3.2.11.5.4, and 3.2.13.5.1 Sections 3.2.6.7, Deleted "(RTS and ESFAS)" from Section title for conformity with 3.2.10.7, and 3.2.13.7 rest of FRS.Section 3.2.8.7 and Deleted Section 3.2.8.7.1 and identified "None" as comparator 3.2.8.7.1 Trip and Trip Logic outputs provided by PZR Vapor Temp.Comparators are only specified for alarming (Section 3.2.8.5.1) and RHR interlock (Section 3.2.8.6.1).
Sections 3.2.10.7.9 thru Deleted these Sections.
Comparators for these alarm functions 3.2.10.7.12 are specified in Section 3.2.10.5.Section 1.4.1.5.3 Deleted Reference to RG 1.75.See Reason for Revision The following requirement sections were added: 9 1.3.1 3.2.1.8.1 a)2)3.2.3.14.2 3.2.6.14.2 3.2.10.4.1 e), f), g)3.2.10.4.4 d), e)3.2.12.14.3 4.1.17 3.2.1.5.4 d)1.3.2 3.2.1.3.7 b)3.2.4.14.4 3.2.7.14.6 c), d)3.2.10.4.2 d), e), f)3.2.10.14.4 e), f)3.2.13.14.3 3.2.11.15.3 3.2.9.5.3 2.3.1.2.3 3.2.2.14.2 3.2.5.14.7 ij)3.2.9.14.
g), h)3.2.10.4.3 d), e)3.2.11.14.3 f), g)4.1.16 1.4.1.5.11 a LTRar% Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 8 of 90 See Reason for Revision The following requirement sections were deleted: 9 (cont.)3.1.7 3.2.1.15.8 3.2.3.16.2 3.2.7. 16. 1 3.2.10.16.2 3.2.1.3.5 c)3.2.1.16.1 3.2.4.16.1 3.2.8. 14.2 3.2.13. 16.1 3.2.1.12.1 3.2.1.16.2 3.2.5.14.11 3.2.10.16.1 3.2.13.5.1 See Reason for Revision The following sections were edited for clarification of requirements:
2.3.1.2 2.3.2.2 3.1.1.3 3.2.1.3.2 3.2.1.8 3.2.1.11.1 3.2.1. 14 3.2.1.15.1 3.2.1. 16.5 3.2.1. 16.8 3.2.2. 14.1 3.2.4.6.3 3.2.4.16 3.2.5.9.1 a), b)3.2.5.13.10 3.2.5.15.3 3.2.7.4.2 b), d)3.2.7.14.6 3.2.8.14.3 3.2.9.14.1 c)3.2.10. 14 3.2.11. 14 3.2.11.14.3 c), d)3.2.12.16.2 3.2.13.14 3.3.2 2.3.1.2.1 2.5 3.1.1.9 3.2.1.3.5 3.2.1.8.1 b) 3)3.2.1.11.2 3.2.1.14.2 3.2.1.16.3 3.2.1.16.6 3.2.2.9.3 3.2.3.9.1 3.2.4.6.4 3.2.5.1.5 c)3.2.5.9.1 d), e)3.2.5.14 3.2.6. 14 3.2.7.14 3.2.8.9.1 a)3.2.9.14 3.2.10.4.3 c)3.2.10.14.4 3.2.11.14.3 3.2.11.14.3 e)3.2.12.14 3.2.13.15 4.1.1 2.3.1.2.2 2.7 3.1.1.10 3.2.1.3.6 3.2.1.11 3.2.1.13.2 3.2.1.15 3.2.1. 16.4 3.2.1. 16.7 3.2.2. 14 3.2.3. 14 3.2.4.14 3.2.5.1.6 f 3.2.5.9.3 a), b), e)3.2.5. 14.7 3.2.7.4.1 b), e).3.2.7.14.5 3.2.8.14 3.2.9.14.1 3.2.10.4.4 c)3.2.10.16 3.2.11.14.3 a), b)3.2.11.15.2 3.2.12.15 3.2.13.16 4.1.2 a LTRaI1 Units 1&2 DC663195-44-8 DCPP Units I & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 9 of 90 4.1.2.1 4.1.3 4.1.4 4.1.5 4.1.6 4.1.7 4.1.8 4.1.9 4.1.10 4.1.11 4.1.12 4.1.12.1 4.1.12.2 4.1.13 4.1.13.1 4.1.13.2 4.1.14 4.1.15 3.2.1.3.7 a) 3.2.5.13.11 3.2.1.8.1 a) 1)See Reason for Revision The following sections were edited for clarification of PPS alarm philosophy:
9 (cont.)3.2.1.5.1 3.2.1.5.5 3.2.2.5.2 3.2.3.5.2 3.2.5.5 3.2.5.5.4 3.2.6.5.1 3.2.7.5.1 3.2.8.5.1 3.2.9.5 3.2.10.5.1 3.2.10.5.4 3.2.11.5.1 3.2.11.5.4 3.2.12.5 3.2.13.5 3.2.1.5.4 3.2.1.5.2 3.2.2.5 3.2.3.5 3.2.4.5.3 3.2.5.5.1 3.2.5.5.5 3.2.6.5.2 3.2.7.5.2 3.2.8.5.2 3.2.9.5.1 3.2.10.5.2 3.2.10.5.5 3.2.11.5.2 3.2.11.5.5 3.2.12.5.1 3.2.13.5.2 3.2.1.5.3 a)3.2.2.5.1 3.2.3.5.1 3.2.4.5.4 3.2.5.5.2 3.2.6.5 3.2.7.5 3.2.8.5 3.2.8.5.3 3.2.9.5.2 3.2.10.5.3 3.2.10.5.6 3.2.11.5.3 3.2.11.5.6 3.2.12.5.2 3.2.13.5.3 See The following requirement sections were edited to correct Reason for Revision typos:__________1.4.1.3 3.2.1.12.2 Sections 3.2.2.14 thru 3.2.13. 14 Revised to provide resolution of range settings.aLT aM Units 1 &2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 10 of 9O CONTENTS INTRODUCTION
.............................................................................................
13 1.1 SYSTEM PURPOSE...........................................................................................
13 1.2 SYSTEM SCOPE..............................................................................................
13 1.3 DEFINITIONS, ABBREVIATIONS AND ACRONYMS............................................................
14 1.3.1 Definitions..................................................................................................
14 1.3.2 Acronyms..................................................................................................1]7 1.3.3 Abbreviations
.............................................................................................
18
1.4 REFERENCES
...................................................................
'..............................
18 1.4.1 General References and Standards...................................................................
18 1.4.2 Documents Provided by Others........................................................................
20 1.4.3 Implementing Documents (Use Latest Revision)....................................................
23 1.5 SYSTEM OVERVIEW ..........................................................................................
24 2 GENERAL SYSTEM DESCRIPTION.......................................................................
26 2.1 SYSTEM CONTEXT...........................................................................................
26 2. 1.1 .Reactor Coolant Flow Channels.......................................................................
26 2. 1.2 Wide Range Reactor Coolant Temperature Channels .............................................
26 2. 1.3 Wide Range Reactor Coolant Pressure Channels..................................................
26 2.1.4 Delta-T/Tavg (DTTA) Channels ......................................................................
26 2.1.5 Pressurizer Level Channels ............................................................................
26 2. 1.6 Pressurizer Pressure Channels........................................................................
27 2. 1.7 Pressurizer Vapor Temperature Channel ............................................................
27 2. 1.8 Steamline Break Protection Channels ................................................................
27 2. 1.9 Steam Generator Narrow Range Level Channels...................................................
27 2. 1.10 Turbine Impulse Chamber Pressure Channels......................................................
28 2. 1. 11 Containment Pressure Channels ......................................................................
28 2.2 SYSTEM MODES AND STATES ...............................................................................
28 2. 2.1 Operating Modes .........................................................................................
28 2.2.2 Manual Trip Switches....................................................................................
28 2.2.3 Manual Bypass Switches ...............................................................................
29 2.3 MAJOR SYSTEM CAPABILITIES
..............................................................................
29 2.3.1 Signal Validation..........................................................................................
29 2.3.2 System Level Diagnostics...............................................................................
29 a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 11 of 90 2.3.3 Tlestability at Power. .....................................................................................
29 2.4 MAJOR SYSTEM CONDITIONS
..................................................................................
30 2.5 MAJOR SYSTEM CONSTRAINTS
................................................................................
30 2.6 USER CHARACTERISTICS........................................................................................30
- 2. 6.1 Operations.................................................................................................
30 2. 6.2 l&C Maintenance
.........................................................................................
30 2.6.3 Engineering................................................................................................
30 2.7 ASSUMPTIONS ANID DEPENDENCIES
...........................................................................
30 2.8 OPERATIONAL SCENARIOS
.....................................................................................
30 3 SYSTEM CAPABILITIES, CONDITIONS, CONSTRAINTS..............................................
31 3.1 PHYSICAL..................................................................................................
31 3. 1.1 Construction...............................................................................................
31 3.1.2 Durability...................................................................................................
32 3.1.3 Adaptability
................................................................................................
32 3.1.4 Environmental Conditions...............................................................................
32 3.1.5 Seismic Requirements
..................................................................................
32 3.1.6 Electromagnetic Compatibility..........................................................................
33 3.1.7 Deleted .....................................................................................................
33 3.2 SYSTEM PERFORMANCE CHARACTERISTICS..................................................................
33 3.2.1 Requirements Applicable to All PPS Channels ....................
.................................
34 3.2.2 Specific Requirements for Reactor Coolant Flow...................................................
40 3.2.3 Specific Requirements for Wide Range Reactor Coolant Temperature.........................
43 3.2.4 Specific Requirements for Wide Range Reactor Coolant Pressure..............................
46 3.2.5 Specific Requirements for DTTA ......................................................................
49 3.2. 6 Specific Requirements for Pressurizer Level ........................................................
58 3.2. 7 Specific Requirements for Pressurizer Pressure ....................................................
61 3.2.8 Specific Requirements for Pressurizer Vapor Temperature
...................................
64...d 3.2.9 Specific Requirements for Steam flow.................................................................
66 3.2.10 Specific Requirements for Steamline Break Protection............................................6d9
- 3. 2.11 Specific Requirements for Steam Generator Narrow Range Level ..............................
73 3. 2.12 Specific Requirements for Turbine Impulse Chamber Pressure..................................
79 3.2.13 Specific Requirements for Containment Pressure ..................................................
82 3.3 SYSTEM SECURITY ..............................................................................................
84 3.3. 1 Physical Security .........................................................................................
84 3.3.2 System Logon Protection
...............................................................................
84 a LTRafl Units 1&2 DC663195-.44-8 DCPP Units I & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 12 of 90 3.3.3 Communications With External (Non-PPS)
Systems...............................................
85 3.4 INFORMATION MANAGEMENT...................................................................................
85 3.5 SYSTEM OPERATIONS
..........................................................................................
85 3.5.1 System Human Factors .................................................................................
85 3.5.2 System Main tainability...................................................................................
85 3.5. 3 System Reliability
........._...............................................................................
85 3.6 POLICY AND REGULATION
......................................................................................
85 3.7 SYSTEM LIFE CYCLE SUSTAINMENT...........................................................................
85 3. 7. 1 PPS Software.............................................................................................
85 4 SYSTEM INTERFACES
.....................................................................................
87 4.1 EXTERNAL INTERFACES
.........................................................................................
87 4. 1.1 Plant Process Computer (PPC) ......................................................................
.. 87 4.1.2 Main Annunciator System (MA S) ......................................................................
87 4. 1.3 Main Control Panels .....................................................................................
87 4. 1.4 Hot Shutdown Panel.....................................................................................
87 4.1.5 Solid State Protection System (SSPS) ...............................................................
87 4. 1.6 AMSAC....................................................................................................
87 4. 1.7 Digital Feedwater Control System (DFWCS) ........................................................
88 4.1.8 Rod Speed and Direction
...............................................................................
88 4.1.9 Pressurizer Pressure Control ..........................................................................
88 4. 1.10 Pressurizer Level Control...............................................................................
88 4. 1.11 Auxiliary Feedwater (AFW) Control ...................................................................
88 4. 1.12 Reactor Vessel Level Indicating System (RVLIS)...................................................
89 4. 1.13 Low Temperature Overpressure Protection System (L TOPS)....................................
89 4. 1.14 Pressurizer Power Operated Relief Valve (PORV) Control System..............................
89 4. 1.15 Residual Heat Removal (RHR) Interlocks............................................................
89 4. 1.16 Pressurizer Level Control...............................................................................
89 4. 1.17 Steam Dump Control ....................................................................................
90 4.2 HUMAN SYSTEM INTERFACE
........ ...........................................................................
90 a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 13 of 90 1 Introduction 1.1 System Purpose The Process Protection System PPS is comprised of four separate protection sets which provide trip and actuation signals to the Solid State Protection System (SSPS) for use by the Reactor Trip System (RTS), and Engineered Safety Features Actuation System (ESFAS). Output signals of PPS parameters are provided to the Main Control Room (MCR) for indication and recording, to the Plant Process Computer (PPC) for monitoring, and to the Main Annunciator System (MAS) for alarming.The PPS also provides input sensor signals for use by various plant control systems. These signals are isolated from the PPS and are not processed by the PPS instrumentation (with the exception of Delta-T and Tavg (DTTA) channels).
1.2 System Scope The PPS processes physical plant parameters such as temperature, pressure, level, and flow into electrical signals for use by plant control and protection systems.The PPS consists of sixteen (16) racks (per DCPP Unit) of instrumentation located in the Cable Spreading Rooms (Auxiliary Building, elevation 128). The sixteen racks are divided into four Protection Sets; five racks each for Protection Sets I and II, three racks each for Protection Sets III and IV. Each Protection Set must be physically separated and electrically isolated from the other sets.Protection Set I is comprised of Racks I thru 5 (RNPIA, RNP1B, RNP1C, RNP1D, and RNPIE).Protection Set II is comprised of Racks 6 thru 10 (RNP2A, RNP2B, RNP2C, RNP2D, and RNP2E).'Protection Set Ill is comprised of Racks 11 thru 13 (RNP3A, RNP3B, and RNP3C). Protection Set IV is comprised of Racks 14 thru 16 (RNP4A, RNP4B, and RNP4C).PPS outputs provide ON/OFF (partial trip) signals to the two trains of the SSPS whenever measured parameters indicate that safety limits are being approached (a pre-established setpoint is exceeded).
The SSPS will initiate a reactor trip or actuate engineered safety features systems when the requisite number of PPS channels have tripped (designed coincidence logic is satisfied).
The various reactor trips and ESFAS actuations are shown on the DCPP Functional Logic Diagrams (FLDs)[Reference 1.4.3.5] included in the DCPP Final Safety Analysis Report Update (FSARU) document[Reference 1.4.3.2].PPS output signals (isolated as required) are provided to the MCR, PPC, and the MAS for indication, recording, monitoring, and alarming purposes.PPS input signals are isolated and provided for use by various plant control systems and the Anticipated Transient Without Scram (ATWS) Mitigation System Actuation Circuitry (AMSAC) where required.
With the exception of Delta-T and Tavg from the DTTA channels, these are raw signals that are not processed by the PPS to prevent interaction between control and systems as required by IEEE 279-1971[Reference 1.4.1.1.2].
Inputs to the PPS consist of signals from the following sensor types: o 4-20 mA pressure transmitters o 4-20 mA differential pressure transmitters o 200 ohm platinum 3-wire Resistance Temperature Detectors o 200 ohm platinum 4-wire Resistance Termperature Detectors o 0-10 VDC signals from the (power range)Nuclear Instrument System (NIS)With the exception of the NIS inputs, all sensors are powered from the PPS.a l Unit Page D613 OF490 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 14 of 90 Outputs from the PPS for indication, recording, or external system monitoring are 4-20 mA.The PPS Functional Block Diagrams [Reference 1.4.2.2] provide-a graphical depiction of all PPS channels showing inputs, outputs, external interfaces, instrumentation class, isolation requirements, and a simplified diagram of the processing logic requirements.
1.3 Definitions, Abbreviations and Acronyms 1.3.1 Definitions The following definitions apply for this document: Channel An arrangement of components, modules, and software as required to generate a single protective action signal when required by a generating station condition.
A channel loses its identity where single action signals are combined.Module Any assembly of interconnected components that constitutes an identifiable device, instrument, or piece of equipment.
A module can be disconnected, removed as a unit, and replaced with a spare. It has definable performance characteristics that permit it to be tested as a unit. A module can be a card or other subassembly of a larger device, provided it meets the requirements of this definition.
Components Items from which the system is assembled (such as resistors, capacitors, wires, connectors, transistors, tubes, switches, and springs).Fatal Diagnostic A detected inability of a protection set to perform its intended safety function.Single Failure .Any single event that results in a loss of function of a component or components of a system. Multiple failures resulting from a single event shall be treated as a single failure.Protective Action A protective action can be at the channel or the system level. A protective action at the channel level, is-' the i'nitiation of a signal by a single channel when the variable sensed exceeds a limit. A protective action at the system level is the initiation of the operation of a sufficient numberof actuators to effect a protective function.Protection Set A protection set, is a physical grouping of process channels with the same Class-ilE electrical channel designation (I, II, Ill, or IV). Each of the four redundant protection sets is provided with separate and independent power feeds and process instrumentation transmitters.
Thus, each of the four redundant protection sets is physically and electrically independent of the other sets.Protective Function A protective function is the sensing of one or more variables associated with a particular generating station condition, signal processing, and the initiation and_________________________completion of the protective action at values established inUnits I1&2 DC6631 95-44-8il l 9P ag e 14 O F 90 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 15 of 90 TERM '" " " DEFINITION'
...the design bases.Type Tests Tests made on one or more units to verify adequacy of.design of that type of unit.Degree of Redundancy The difference between the number of channels monitoring a variable and the number of channels that, when tripped, will cause an automatic system trip.Minimum Degree of Redundancy The degree of redundancy below which operation is prohibited or otherwise restricted by the Technical Specifications
[Reference 1.4.3.1].Diversity and Defense-In-Depth Requirement imposed on the Protection System design to (D&D-in-D or D3) ensure that required protective actions will occur to protect against Anticipated Operational Occurrences and Design Basis Accidents (as described in the FSARU) concurrent with a common cause failure (usually assumed to be_______________________software) that disables one or more echelons of defense.Phase A Containment Isolation Closure of all nonessential process lines that penetrate containment.
Initiated by high containment pressure, pressurizer low pressure, low steamline pressure, or manual actuation.
Phase B Containment Isolation Closure of remaining process lines. Initiated by containment high-high pressure signal (process lines do not include engineered safety features lines) or manual actuation.
Trip Accuracy The tolerance band containing the highest expected value of the difference between (a) the desired trip point value of a process variable, and (b) the actual value at which a comparator trips (and thus actuates some desired result).This is the tolerance band within which a comparator must trip. It includes comparator accuracy, channel accuracy for each input, and environmental effects on the rack-mounted electronics.
It comprises all instrumentation errors; however, it does not include any process effects such as fluid stratification.
Channel Accuracy (An element of trip accuracy).
Includes accuracy of the primary element, transmitter, and rack-mounted electronics, but does not include indication accuracy.Actuation Accuracy Synonymous with trip accuracy, but used where the word"trip" may cause ambiguity.
Indication Accuracy The tolerance band containing the highest expected value of the difference between: (a) the value of a process variable read on an indicator or recorder, and (b) the actual value of that process variable.
An indication must fall within this tolerance band. It includes channel accuracy, accuracy of readout devices, and rack environmental effects but not process effects such as fluid stratification.
Reproducibility This term may be substituted for "accuracy" in the above definitions for those cases where a trip value or indicated value need not be referenced to an actual process aLTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 16 of 90 TERM " .DEFINITION
..variable value, but rather to a previously established triP or indication value; this value is determined by test.Instrument Class IA Class IA instruments and controls are those that initiate and maintain safe shutdown of the reactor, mitigate the consequences of an accident, or prevent exceeding 10 CFR 100 [Reference 1.4.1.3.4]
off-site dose limits.Instrument Class lB Class lB instruments and controls are those that are required for post-accident monitoring of Category I and 2 variables in accordance with Regulatory Guide 1.97, Revision 3 [Reference 1.4.1.5.5].
Instrument Class II Class II instruments and controls have nonsafety-related functions.
However, certain Class II components are subjected to some graded quality assurance__________________________requirements.
Partial Trip A condition where the SSPS input relay is in the tripped/actuated state.* For a Deenergize to Trip protective function, the input relay state is False (0).* For an Energize to Trip protective function, the input relay state is True (1).Test in Trip A maintenance condition in which the system output is maintained in the actuated condition.
- For a Deenergize to Trip PPS output, the condition maintains the comparator output in a False (0) state (SSPS input relay deenergized).
- For an Energize to Trip PPS output, the condition maintains the comparator output in a True (1)state (SSPS input relay energized).
Test in Bypass A maintenance condition in which a system output is maintained in the non-actuated condition.
- For a Deenergize to Trip system output, the' Bypass condition maintains the output in a True (1) state.* For an Energize to Trip system output, the Bypass condition maintains the output in a False (0) state.The Bypass condition is maintained until removed by maintenance personnel.
Bypass duration limitations are administratively controlled by the Owner in accordance with Technical Specifications.
Out of Service (OOS) An intentional inoperable condition established for a protection system channel that prevents an unexpected interaction with other plant systems during maintenance activities.
For protection system channels that include comparator outputs, the OOS condition is established when a comparator OL~tput from the PPS instrumentation is forced to a fixed state by plant personnel via the HSI.For the purpose of this definition, manual trip and manual bypass switches are external components and are not considered part of the PPS instrumentation.
a LTRafl units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Sp3ecification 08-0015-SP-001, Revision:
9 Page 17 of 90 1.3.2 TERM DEFINITION May term used to denote permission to perform activities and is neither a requirement nor a recommendation.
Should A term used to denote recommendations that are desirable but not contractual requirements.
Shall A term used to denote a legally binding (i.e., contractual) requirement.
Will A term used to denote intention or certainty; not a legally binding (i.e., not contractual) requirement.
.A/D Analog to Digital AFW Auxiliary Feedwater (Control System)AMSAC ATWS Mitigation System Actuation Circuitry ANS American Nuclear Society ANSI American National Standards Institute ATWS Anticipated Transient Without Scram CFR Code of Federal Regulations D/ADiiatoAag DCM Design Criteria Memorandum DCPP Diablo Canyon Power Plant DFWCS Digital Feedwater Control System DNB Departure from Nucleate Boiling DTTA Delta-T / Tavg ERFDS Emergency Response Facility Data System ESFAS Engineered Safety Features Actuation System FLD Functional Logic Diagram FRS Functional Requirements Specification FSARU Final Safety Analysis Report Update GDC General Design Criteria HSI Human System Interface I&C Instrumentation and Controls IEC International Electro-Technical Commission IEEE Institute of Electrical and Electronic Engineers LCO Limiting Condition for Operation LTOPS Low Temperature Overpressure Protection System MAS Main Annunciator System MCR Main Control Room NIS Nuclear Instrument System NRC (USNRC) (United States) Nuclear Regulatory Commission OOS Out-of-Service OPDT Overpower Delta-T OPTR Overpower Turbine Runback OTDT Overtemperature Delta-T aLTRaf nts 1&2 DC663195-44-8 Pae17 OF 90 DCPP Units I & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 18 of 90 ACRONYM DEFINITION OTTR Overtemperature Turbine Runback PG&E (PGE) Pacific Gas & Electric Company PORV Power Operated Relief Valve P LS Precautions, Limitations, and Setpoints (document)
PPC Plant Process Computer PPS Process Protection System PZR Pressurizer RCS Reactor Coolant System RHR Residual Heat Removal RNARA Rack Nuclear Auxiliary Relay A RNASA Rack Nuclear Auxiliary Safeguards A RNASB Rack Nuclear Auxiliary Safeguards B RNP Rack Nuclear Protection (PPS Racks)RTD Resistance Temperature Detector RTS Reactor Trip System RVLIS Reactor Vessel Level Indication System RX Reactor S/G Steam Generator SI Safety injection SQA2 Sensor Quality Algorithm 2-Input SQA3 Sensor Quality Algorithm 3-Input SSPS Solid State Protection System STP Surveillance Test Procedure TTD Trip Time Delay Abbreviations ABBREVIATION DEFINITiON.
...Delta-T or AT Differential (Reactor)
Coolant Temperature Reg Guide (RG) Regulatory Guide Tavg Average (Reactor)
Coolant Temperature 1.3.3 1.4 References 1.4.1 General References and Standards The following codes, standards, and regulations referenced in this Section are totally or partially applicable to the activities covered by this Specification:
1.4.1.1 Institute of Electrical and Electronics Engineers (IEEE): 1.4.1.1.1 IEEE Standard 1233-1 998, "Developing System Requirements Specifications" 1.4.1.1.2 IEEE Standard 279-1971, "Criteria for Protection Systems for Nuclear Power Generating Stations" a LTRafl Units 1&2 0C663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 19 of 90 1.4.1.1.3 IEEE Standard 308-1971, "Criteria for Class lE Electric Systems for Nuclear Power Generating Stations" 1.4.1.1.4 IEEE Standard 323-1974, "IEEE Standard for Qualifying Class-1 E Equipment for Nuclear Power Generating Stations" 1.4.1.1.5 IEEE Standard 338-1977, "IEEE Standard Criteria for the Periodic Testing of Nuclear Power Generating Station Protection Systems" 1.4.1.1.6 IEEE Standard 344-1987, "Recommended Practices for Seismic Qualification of Class 1 E Equipment for Nuclear Power Generating Stations" 1.4.1.1.7 IEEE Standard 379-1977, "IEEE Application of Single Failure Criterion to Nuclear Power Generating Station Class IE Systems" 1.4.1.1.8 IEEE Standard 384-1981, "IEEE Trial-Use Standard Criteria for Separation of Class 1 E Equipment and Circuits" 1.4.1.1.9 IEEE Standard 472-1974, 'IEEE Guide for Surge Withstand Capability Tests" 1.4.1.1.10 IEEE Standard 603-1991, "IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations" 1.4.1.1.11 IEEE Standard 1050-1996, "Guide for Instrumentation and Control Equipment Grounding in Generating Stations" 1.4.1.1.12 IEEE Standard 7-4.3.2 -2003, 'Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations" 1.4.1.2 American National Standards Institute (ANSI)1.4.1.2.1 ANSI Standard N18.2-1973 and N18.2a-1975, "Nuclear Safety Criteria for the Design of Pressurized Water Reactors" 1.4.1.2.2 ANSI Standard N18.8-1973, "Criteria for Preparation of Design Bases for Systems that Perform Protective Functions in Nuclear Power Generating Stations" 1.4.1.3 1.4.1.3.1 Code of Federal Regulations (CFR)Code of Federal Regulations (CFR), 1 0CFR50, Appendix A, General Design Criteria (GDC)1.4.1.3.1.1 1.4.1.3.1.2 1.4.1.3.1.3 1.4.1.3.1.4 1.4.1.3.1.5 1.4.1.3.1.6 1.4.1.3.1.7 1.4.1.3.1.8 1.4.1.3.1.9 1.4.1.3.1.10 1.4.1.3.1.11 1.4.1.3.1.
12 1.4.1.3.1.13 GDC 1, "QualityStandards and Records" GDC 2, "Design Bases for Protection Against Natural Phenomena" GDC 3, "Fire Protection" GDC 4, "Environmental and Missile Design Bases" GDC 10, "Reactor Design" GDC 12, "Suppression of Reactor Power Oscillations" GDC 13, "Instrumentation and Control" GDC 15, "Reactor Coolant System Design" GDC 17, "Electric Power Systems" GDC 18, "Inspection and Testing of Electric Power Systems" GDC 19, "Control Room" GDC 20, "Protection System Functions" GDC 21, "Protection System Reliability and Testability" a LTRefl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 20 of 90 1.4.1.3.1.14 GDC 22, "Protection System Independence"/1.4.1.3.1.15 GDC 23, "Protection System Failure Modes" 1.4.1.3.1.16 GDC 24, 'Separation of Protection and Control Systems" 1.4.1.3.1.17 GDC 25, "Protection System Requirements for Reactivity Control Malfunctions" 1.4.1.3.1.18 GDC 27, "Combined Reactivity Control Systems Capability" 1.4.1.3.1.19 GDC 28, "Reactivity Limits" 1.4.1.3.1.20 GDC 29, 'Protection Against Anticipated Operational Occurrences" 1.4.1.3.2 I0CFR50, Appendix B, Quality Assurance Criteria for Nuclear Power Plants 1.4.1.3.3 10CFR50, Appendix R, Fire Protection Program for Nuclear Power Plants 1.4.1.3.4 10CFR100, Reactor Site Criteria 1.4.1.4 International Electro-Technical Commission (IEC): 1.4.1.4.1 61131-3, Programmable Controllers
-Part 3: Programming Languages, Ed. 2.0, 21 Jan 2003 (as applicable) 1.4.1.5 United States Nuclear Regulatory Commission (USNRC) Regulatory Guides 1.4.1.5.1 Regulatory Guide 1.22 (Safety Guide 22), "Periodic Testing of Protection System Actuation Functions" 1.4.1.5.2 Regulatory Guide 1.47, "Bypassed and Inoperable Status Indication for Nuclear Power Plant Safety Systems" 1.4.1.5.3 Deleted 1.4.1.5.4 Regulatory Guide 1.89, "Qualification of Class 1 E equipment for Nuclear Power Plants" 1.4.1.5.5 Regulatory Guide 1.97, Rev. 3, "Instrumentation for Light-Water-Cooled Nuclear Power Plants to Assess Plant and Environs Conditions During and Following an Accident" 1.4.1.5.6 Regulatory Guide 1.100, Rev. 2 "Seismic Qualification of Electrical Equipment for Nuclear Power Plants" 1.4.1.5.7 Regulatory Guide 1.118, Rev. 2, "Periodic Testing of Electric Power and Protection Systems" 1.4.1.5.8 Regulatory Guide I1.152, "Criteria for Programmable Digital Computer System Software in Safety Related Systems in Nuclear Power Plants" (as applicable) 1.4.1.5.9 Regulatory Guide 1.1 53, "Criteria for Power, Instrumentation and Control Portions of Safety Systems" 1.4.1.5.10 Regulatory Guide 1.180, Rev. 1, "Guidelines for Evaluating Electromagnetic and Radio-Frequency Interference in Safety Related Instrumentation and Control Systems" 1.4.1.5.11 Regulatory Guide 1.75, Rev. 2, "Physical Independence of Electric Systems" 1.4.2 Documents Provided by Others 1.4.2.1 Deleted 1.4.2.2 1.4.2.2.1 PPS Functional Block Diagrams (Altran Solutions Documents) 08-0015-D-I-1, Protection Set I, Reactor Coolant Flow a LTRaf Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 21 of 90 1.4.2.2.2 08-0015-0-I-1A, Protection Set!I, Reactor Coolant Flow 1.4.2.2.3 08-0015-D-1-2, Protection Set I, Wide Range Temperature 1.4.2.2.4 08-0015-D-I-3, Protection Set I, Delta-TITavg 1.4.2.2.5 08-0015-D-I-3A, Protection Set!I, Delta-TITavg 1.4.2.2.6 08-0015-D-I-4, Protection Set!I, Pressurizer Level 1.4.2.2.7 08-0015-0-I-5, Protection Set I, Pressurizer Pressure 1.4.2.2.8 08-0015-D-I-5A, Protection Set!I, Pressurizer Pressure 1.4.2.2.9 08-001 5-D-I-6, Protection Set!I, Steamflow (S/G 1)1.4.2.2.10 08-0015-D-I-7, Protection Set!I, Steamfiow (SIG 2)1.4.Z.2.1 1 08-0015-D-I-8, Protection Set!I, Steamflow (SIG 3)1.4.2.2.12 08-0015-0-1-9, Protection Set!I, Steamflow (S/G 4)1.4.2.2.13 08-001 5-D-I-10, Protection Set!I, Steamline Break Protection (S/G 1)1.4.2.2.14 08-0015-D-I-11, Protection Set!I, Steamline Break Protection (S/G 2)1.4.2.2.15 08-0015-D-1-12, Protection Set!I, Steamline Break Protection (S/G 3)1.4.2.2.16 08-001 5-D-1-13, Protection Set!I, Steamline Break Protection (S/G 4)1.4.2.2.17 08-0015-D-!-14, Protection Set!I, Steam Generator Level (S/Gs 2 & 3)1.4.2.2.18 08-001 5-D-!-15, Protection Set!I, Turbine Impulse Chamber Pressure 1.4.2.2.19 08-001 5-D-!-16, Protection Set!I, Containment Pressure 1.4.2.2.20 08-0015-D-!-16A, Protection Set!I, Containment Pressure 1.4.2.2.21 08-001 5-D-1-1 7, Protection Set!I, System Alarms 1.4.2.2.22 08-0015-D-1-17A, Protection Set!I, System Alarms 1.4.2.2.23 08-0015-D-lI1-, Protection Set II, Reactor Coolant Flow 1.4.2.2.24 08-0015-D-Il-lA, Protection Set II, Reactor Coolant Flow 1.4.2.2.25 08-0015-D-II-2, Protection Set II, Wide Range Temperature 1.4.2.2.26 08-0015-0-II-3, Protection Set II, Delta-T/Tavg 1.4.2.2.27 08-0015-D-II-3A, Protection Set II, Delta-TFI-avg 1.4.2.2.28 08-0015-03-11-4, Protection Set II, Pressurizer Level 1.4.2.2.29 08-0015-D-II-5, Protection Set II, Pressurizer Pressure 1.4.2.2.30 08-0015-D-II-5A, Protection Set II, Pressurizer Pressure 1.4.2.2.31 08-0015-D-II-6, Protection Set II, Steamflow (S/G 1)1.4.2.2.32 08-0015-D-II-7, Protection Set II, Steamflow (S/G 2)1.4.2.2.33 08-0015-0-II-8, Protection Set II, Steamflow (S/G 3)1.4.2.2.34 08-0015-D-II-9, Protection Set II, Steamflow (S/G 4)1.4.2.2.35 08-001 5-0-lI1-10, Protection Set II, Steamline Break Protection (S/G 1)1.4.2.2.36 08-0015-D-!1-11, Protection Set II, Steamline Break Protection (S/G 2)1.4.2.2.37 08-001 5-D-I1-1 2, Protection Set II, Steamline Break Protection (S/G 3)a LTRSfl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 22 of 90 1.4.2.2.38 08-0015-D-Il-1 3, Protection Set II, Steamline Break Protection (SIG 4)1.4.2.2.39 08-0015-D-I1-14, Protection Set il, Steam Generator Level (S/Gs 1 & 4)1.4.2.2.40 08-0015-D-ll-15, Protection Set II, Turbine Impulse Chamber Pressure 1.4.2.2.41-08-001 5-D-11-16, Protection Set II, Containment Pressure 1.4.2.2.42 08-001 5-D-IlI-16A, Protection Set II, Containment Pressure 1.4.2.2.43 08-0015-D-11-17, Protection Set II, System Alarms 1.4.2.2.44 08-0015-D-II-17A, Protection Set II, System Alarms 1.4.2.2.45 08-0015-D-II1-1, Protection Set III, Reactor Coolant Flow 1.4.2.2.46 08-001 5-D-Ill-i1A, Protection Set Ill, Reactor Coolant Flow 1.4.2.2.47 08-0015-D-III-2, Protection Set Ill, Wide Range Pressure 1.4.2.2.48 08-0015-D-1II-3, Protection Set Ill, Delta-T/Tavg 1.4.2.2.49 08-0015-D-lIII-3A, Protection Set Ill, Delta-T/Tavg 1.4.2.2.50 08-0015-D-III-4, Protection Set Ill, Pressurizer Level 1.4.2.2.51 08-001 5-D-lIII-5, Protection Set III, Pressurizer Pressure 1.4.2.2.52 08-0015-D-llI-5A, Protection Set III, Pressurizer Pressure 1.4.2.2.53 08-0015-D-Ill-6, Protection Set Ill, Steamline Break Protection (S/G 2)1.4.2.2.54 08-0015-D-Ill-7, Protection Set III, Steamline Break Protection (S/G 3)1.4.2.2.55 08-0015-D-Ill-8, Protection Set Ill, Steam Generator Level (S/Gs 1 thru 4)1.4.2.2.56 08-001 5-0-1II-9, Protection Set Ill, Containment Pressure 1.4.2.2.57 08-001 5-D-I II-9A, Protection Set Ill, Containment Pressure 1.4.2.2.58 08-001 5-D-Ill-I10, Protection Set III, System Alarms 1.4.2.2.59 08-001 5-D-Ill-i10A, Protection Set Ill, System Alarms 1.4.2.2.60 08-0015 IV-l, Protection Set IV, Wide Range Pressure 1.4.2.2.61 08-0015 IV-2, Protection Set IV, Delta-T/Tavg 1.4.2.2.62 08-0015 IV-2A, Protection Set IV, Delta-T/Tavg 1.4.2.2.63 08-0015 IV-3, Protection Set IV, Pressurizer Pressure 1.4.2.2.64 08-0015 IV-3A, Protection Set IV, Pressurizer Pressure 1.4.2.2.65 08-0015 IV-4, Protection Set IV, Pressurizer Vapor Temperature 1.4.2.2.66 08-0015 IV-5, Protection Set IV, Steamline Break Protection (S/G 1)1.4.2.2.67 08-0015 IV-6, Protection Set IV, Steamline Break Protection (S/G 4)1.4.2.2.68 08-0015 IV-7, Protection Set IV, Steam Generator Level (S/Gs 1 thru 4)1.4.2.2.69 08-0015 IV-8, Protection Set IV, Containment Pressure 1.4.2.2.70 08-0015 IV-8A, Protection Set IV, Containment Pressure 1.4.2.2.71 08-001 5-D-IV -9, Protection Set IV, System Alarms 1.4.2.2.72 08-0015 IV-9A, Protection Set IV, System Alarms a LTRafl Units 1&,2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 23 of 90 1.4.3 Implementing Documents (Use Latest Revision)1.4.3.1 Technical Specifications, DCPP Units 1 and 2, Appendix A to License Nos. DPR-80 and DPR-82, as amended 1.4.3.2 DCPP Final Safety Analysis Report Update (FSARU), latest revision 1.4.3.3 DC 663229 -47, Precautions Limits and Setpoints Document (PLS), latest revision 1.4.3.4 Reactor Control & Protection Functional Requirements DC 663195-17 1.4.3.4.1 PGE/PEG -300/3, Thermal Overpower and Overtemperature Protection 1.4.3.4.2 PGE/PEG -300/4, Reactor Coolant System Pressure and Level Protection System 1.4.3.4.3 PGEIPEG -300/5, Reactor Coolant System Low Flow Protection 1.4.3.4.4 PGE/PEG -300/6. Safety Injection System Actuation 1.4.3.4.5 PGE/PEG -300/7, Steam Generator Protection System 1.4.3.4.6 PGE/PEG -300/8, Steam Break Protection 1.4.3.4.7 PGE/PEG -300/9, Miscellaneous Protection Systems 1.4.3.4.8 PGE/PEG -300/1 7, Turbine Control System 1.4.3.5 Functional Logic Diagrams (FLD): 1.4.3.5.1 DC 495842, FLD -Reactor Trip Signals 1.4.3.5.2 DC 495845, FLD -Primary Coolant System Trip Signals 1.4.3.5.3 DC 495846, FLD -Pressurizer Trip Signals 1.4.3.5.4 DC 495847, FLD -Steam Generator Trip Signals 1.4.3.5.5 DC 495848, FLD -Safeguards Actuation Signals 1.4.3.5.6 DC 495849, FLD -Rod Controls and Rod Blocks 1.4.3.5.7 DC 495850, FLD -Steam Dump Control 1.4.3.5.8 DC 495853, FLD -Feedwater Control and Isolation 1.4.3.5.9 DC 495855, FLD -Auxiliary Feedwater Pumps Startup 1.4.3.5.10 DC 495856, FLD -Turbine Trips, Runbacks and Other Signals 1.4.3.5.11 DC 495857, FLD -AMSAC Signals 1.4.3.6 PG&E IDAP CF2.1D9, Software Quality Assurance Plan, Software Development (as applicable) 1.4.3.7 Design Criteria Memorandum (DCM) C-17, Hosgri Response Spectra 1.4.3.8 DCM C-25, Design Earthquake Response Spectra for Structures, Systems, and Components 1.4.3.9 DCM C-28, Maximum Building Displacements 1.4.3.10 DCM C-30, Double Design Earthquake Response Spectra a LTRafl Units 1&2 DC663195-44-8 DCPP Units I & 2, Process Protection SYStem Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 24 of 90 1.4.3.11 0CM S-65, 120 VAC System 1.4.3.12 DCM S-38A, Plant Protection System 1.4.3.13 DCM T-10, Seismic Qualification of Equipment 1.4.3.14 0CM T-19, Electrical Separation and Isolation 1.4.3.15 DCM T-24, Design Criteria for DCPP Instrumentation and Controls 1.4.3.16 DCPP HSI Development Guidelines Document 1.4.3.17 Surveillance Test Procedure STP 1-33, Reactor Trip and ESF Response Time Test Program 1.4.3.18 10115-J-NPG, Process Protection System Controller Transfer Functions Design Input Specification 1.5 System Overview The PPS consists of four separate and isolated protection sets with adequate instrumentation to monitor the following reactor plant parameters and provide signals to the Solid State Protection System (SSPS)for use in determining when required Reactor Trip System (RTS) or Engineered Safeguards Features Actuation System (ESFAS) protective actions are required.The PPS provides signals (isolated where appropriate) to drive indicators and/or recorders in the MCR to provide operators with operating plant information and to satisfy the requirements of Regulatory Guide 1.97 [Reference 1.4.1.5.5]
as described in Section 7.6 of the DCPP FSARU [Reference 1.4.3.2].The PPS provides isolated signals to the PPC, the AMSAC system, and to various plant control systems such as the Digital Feedwater Control System (DFWCS) and the Rod Control System. With the exception of Delta-T and Tavg, these signals are derived from the PPS channel sensor input loops and are not processed by the PPS.Refer to the PPS Functional Block Diagrams [Reference 1.4.2.2] for identification of PPS inputs and outputs.The following table identifies the reactor plant parameters that are monitored by the PPS: PARAETERPROTECTION SET Wide Range Rx Coolant Temperature (hot and cold legs), Loops 1, 2 I Wide Range Rx Coolant Temperature (hot and cold legs), Loops 3, 4 II Wide Range Rx Coolant Pressure, Loops 3, 4 IV Wide Range Rx Coolant Pressure, Loop 4 Ill Narrow Range Rx Coolant Temperature (hot and cold legs), Loop 1 I Narrow Range Rx Coolant Temperature (hot and cold legs), Loop 2 II Narrow Range Rx Coolant Temperature (hot and cold legs), Loop 3 Ill Narrow Range Rx Coolant Temperature (hot and cold legs), Loop 4 IV Neutron Flux (from Nuclear Instrument System) I, 11, Il, IV aLTRafl Units 1&2 DC663195-44-8 Page 24 OF 90 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 25 of 90.PARAMETER PROTECTION SET Pressurizer Level 1, II, III Pressurizer Pressure 1, II, Il, IV Pressurizer Vapor Temperature iV Steamfiow, Steamline Pressure, S/Gs 1, 2, 3, 4 III Steamline Pressure, S/Gs 2, 3 III Steamline Pressure, S/Gs 1, 4 IV SIG Narrow Range Level, S/Gs 1, 2, 3, 4 III, IV SIG Narrow Range Level, S/Gs 2, 3I SIG Narrow Range Level, S/Gs 1, 4 II Turbine Impulse Chamber Pressure 1, II Containment Pressure I, II, II, IV a LTRafl Units 1l&2 DC663195-44-8 DCPP Units I & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 26 of 90 2 General System Description 2.1 System Context The PPS is designed to monitor plant parameters that are important to reactor safety during all plant conditions.
The PPS provides partial trip/ESFAS actuation signals to the SSPS whenever pre-established setpoints are exceeded.
The SSPS initiates a Reactor Trip or actuates safeguards functions as described below whenever the design coincidence logic for the required protective action is satisfied.
PPS channel protective functions are identified in the following sections.
More detail is provided in Sections 3 and 4. Refer to the FLDs [Reference 1.4.3.5] for additional detail regarding these protective functions.
2.1.1 Reactor Coolant Flow Channels 2.1.1.1 Low Flow Reactor Trip Provides Departure from Nucleate Boiling (DNB) protection.
2.1.2 Wide Range Reactor Coolant Temperature Channels 2.1.2.1 Input to Low Temperature Overpressure Protection System (LTOPS)Provides protection against overpressurization at low plant temperature.
2.1.3 Wide Range Reactor Coolant Pressure Channels 2.1.3.1 Input to LTOPS Provides protection against overpressurization at low plant temperature.
2.1.3.2 Input to Residual Heat Removal (RHR) valve interlock circuit Provides protection against improper operation of RHR isolation valves.2.1.4 Delta-T/ Tavg (DTT-IA) Channels 2.1 .4;1 Overtemperature Delta-T (OTDT) Reactor Trip Provides DNB protection.
The setpoint for the OTDT reactor trip is continuously calculated by the PPS for each of the four reactor coolant loops.2.1.4.2 Overpower Delta-T (OPDT) Reactor Trip Provides protection against excessive power (fuel rod rating protection).
The setpoint for the OPDT reactor trip is continuously calculated by the PPS for each of the four reactor coolant loops.2.1.5 Pressurizer Level Channels 2.1.5.1 Pressurizer High Water Level Reactor Trip a LTRafl Units 1&,2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 27 of 90 Provides backup protection to the Pressurizer High Pressure Reactor Trip and prevents the pressurizer from becoming water solid during low worth and low power rod withdrawal accidents.
2.1 .6 Pressurizer Pressure Channels 2.1.6.1 Pressurizer Low Pressure Reactor Trip Provides protection against low pressure that could lead to DNB, and limits the necessary range of protection afforded by the OTDT Reactor Trip.2.1.6.2 Pressurizer High Pressure Reactor Trip Provides protection for the reactor coolant system against system overpressure.
2.1.6.3 Pressurizer Low-Low Pressure Safety Injection (SI)Initiate the automatic starting of decay heat removal systems to provide protection against loss of primary or secondary coolant accidents.
This actuation signal may be manually blocked when pressurizer pressure is below the P-I11 interlock setpoint (Pressurizer Pressure Not High) with the manual block automatically removed by an increasing pressurizer pressure above the P-i11 setpoint.2.1.7 Pressurizer Vapor Temperature Channel 2.1.7.1 Pressurizer Vapor Space Temperature Low RHR valve V-8701 interlock circuit input.2.1.8 Steamline Break Protection Channels 2.1.8.1 Steamline Pressure Low SI and Steamline Isolation Initiate the automatic starting of boron injection and decay heat removal systems and to provide protection against steamline break accidents.
2.1.8.2 Steamline Pressure High Negative Rate Steamline Isolation Provide protection in the case of a steamline break when Pressurizer Pressure is less than the P-Il setpoint and Low Steamline Pressure SI is blocked.2.1.9 Steam Generator Narrow Range Level Channels 2.1.9.1 Steam Generator (SIG) High-High Level Turbine Trip and Feedwater Isolation (P-14, S/G High Level Permissive)
Provides protection against S/G overfill and damage to the main steamlines or main turbine.2.1.9.2 S/G Low-Low Level Reactor Trip and Auxiliary Feedwater (AFW) Pump Start Protects the reactor from loss of heat sink in the event of loss of feedwater to one or more S/Gs or a major feedwater line rupture.The signals to actuate reactor trip and start AFW pumps are delayed through the use of a Trip Time Delay (TTD) for reactor power levels below 50% of rated thermal power. The use a LTRSfl Units 1&2' DC663195-44-8 DCPP Units I & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 28 of 90 of the TTD allows added time for natural SIG level stabilization or operator intervention to avoid an inadvertent protection system actuation.
2.1.10 Turbine Impulse Chamber Pressure Channels 2.1.10.1 Turbine Impulse Chamber Pressure High to P-13 Interlock The purpose of the P-i13 permissive is to provide an input to P-7 indicative of low turbine power when less than the setpoint.The purpose of the P-7 permissive is to disable selected Reactor Trip signals while operating at low power levels.2.1.10.2 Turbine Impulse Chamber Pressure Low Interlock C-5 Blocks control rod withdrawal.
The purpose of the C-5 interlock is to prevent automatic outward rod motion when power is less than the design limit for the Rod Control System.2.1.11 Containment Pressure Channels 2.1.11.1 Containment Pressure High SI, Phase A Containment Isolation Initiates the automatic starting of safeguards equipment to provide protection against a high energy line break inside containment.
2.1.11.2 Containment Pressure High-High Phase B Containment Isolation, Containment Spray Actuation Purpose is to protect the containment integrity and limit fission product release by closing containment isolation valves and initiating containment cooling spray and chemical addition.2.2 System Modes and States The PPS is required to be operational during all plant modes in accordance with the requirements of the Plant Technical Specification
[Reference 1.4.3.1].2.2.1 Operating Modes There are no special operating modes associated with the PPS. It is an instrumentation system that continuously monitors the plant parameters identified in Section 1.5 and provides status indication to the main control room and partial trip inputs to the SSPS whenever protection channel setpoints are exceeded.2.2.2 Manual Trip Switches 2.2.2.1 Manual trip switches independent of the PPS instrumentation shall be provided for each PPS comparator reactor trip and safeguards actuation output to the SSPS in accordance with Section 3.2.1.3.4.
2.2.2.2 The manual trip switches shall be configured to match the TRIP/ACTUATE action (de-energize or energize to TRIP/ACTUATE) of the associated PPS comparator output.2.2.2.3 The manual trip switches shall be functional at all times including when the channel is in a a LTRafl: Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 29 of 90 bypass condition.
2.2.3 Manual Bypass Switches 2.2.3.1 Manual bypass switches independent of the PPS instrumentation shall be provided for each Containment High-High Pressure (Containment Spray) comparator output to facilitate on-line maintenance and testing.2.2.3.2 Manual bypass switches independent of the PPS instrumentation shall be provided for each Turbine Impulse Pressure High (P-i13) comparator output to facilitate on-line maintenance and testing.2.2.3.3 The manual bypass switches shall be configured to maintain the normal non-tripped status (energized or de-energized) of the associated PPS comparator output.2.3 Major System Capabilities The following system capabilities shall be provided: 2.3.1 Signal Validation 2.3.1.1 Signal validation is required for the DTTA channels as described in Sections 3.2.5.1.5 and 3.2.5.1.6.
Signal validation other than range checking per Section 2.3.1.2 is not required for any other PPS channel.2.3.1.2 Input signal range checking is required for all PPS channel input signals. Alarming of Out-of-Range High or Out-of-Range Low input signals is required.
Unless otherwise specified, Out-of-Range (QOR) setpoints shall be as follows: 2.3.1.2.1 QOR Low: -5% span, reset: -2.5% span 2.3.1.2.2 OOR High: 105% span, reset: 102.5% span 2.3.1.2.3 Input OCR alarms per Section 2.3.1.2 shall be suppressed (or cleared) when the affected input is placed in an out'of service condition.
2.3.2 System Level Diagnostics 2.3.2.1 The PPS processing instrumentation shall be provided with sufficient diagnostic capability to isolate'system faults to the card/module level.2.3.2.2 MCR alarms and annunciators (PPS Failure and Trouble) are actuated by signals from the PPS when PPS diagnostics detect conditions that are indicative of degraded performance or failure of some system component.
Conditions requiring alarming are identified in Section 3.2.1.5.2.3.3 Testability at Power 2.3.3.1 The capability for testing while at power shall be provided for all PPS channels as required by I10CFR50, Appendix A, GDC 21 [Reference 1.4.1.3.1.13].
Refer to Section 3.2.1.15 for guidance.a LTRar~ Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 30 of 90 2.4 Major System Conditions Refer to Section 2.2, "System Modes and States." 2.5 Major System Constraints Implementation of the requirements specified in this document will ensure that applicable constraints per Design Criteria Memorandum (DCM) S-38A, Plant Protection System [Reference 1.4.3.12]
have been addressed.
2.6 User Characteristics 2.6.1 2.6.1 Operations The primary user of the PPS is Operations.
Operations will require access to Human System Interface (HSI) displays with the exception of displays dedicated to system maintenance activities.
2.6.2 I&C Maintenance l&C Maintenance will require access to all displays and functions associated with the PPS HSI and processing instrumentation for purposes of performing Technical Specification
[Reference mandated surveillance testing and for maintaining the system.Maintenance display access will require security access measures for any maintenance function that has the capability of changing system configuration.
2.6.3 Engineering
Engineering will require access to all displays and functions associated with the PPS HSI and processing instrumentation to facilitate configuration control of the system.2.7 Assumptions and Dependencies Implementation of the requirements specified in this document will ensure that assumptions and dependencies per Design Criteria Memorandum (0CM) S-38A, Plant Protection System [Reference 1.4.3.12]
have been addressed.
2.8 Operational Scenarios Refer to Section 2.2, "System Modes and States." a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 31 of 90 3 System Capabilities, Conditions, Constraints 3.1 Physical 3.1 .1 Construction The PPS instrumentation will be installed within 16 equipment racks (per unit) located in the Cable Spreading Rooms at elevation 128 of the Auxiliary Building.3.1.1.1 The PPS equipment racks are divided into four separate Protection Sets which are physically separated and electrically isolated from each other.3.1.1.1.1 Protection Set I a) Protection Set I shall consist of five (5) racks.b) One rack shall be dedicated to Class II PPS equipment.
c) Deleted 3.1.1.1.2 Protection SetlII a) Protection Set II shall consist of five (5) racks.b) One rack shall be dedicated to Class II PPS equipment.
c) Deleted 3.1.1.1.3 Protection Set III a) Protection Set III shall consist of three (3) racks.b) One rack shall be dedicated to Class II PPS equipment.
c) Deleted 3.1.1.1.4 Protection Set IV a) Protection Set IV shall consist of three (3) racks.b) One rack shall be dedicated to Class II PPS equipmeht.
c) Deleted 3.1.1.2 PPS instrumentation shall be accessible via full length frontand rear cabinet doors.3.1.1.3 Required physical separation shall be maintained between Class IE and non-Class 1E circuits as required by DCM T-19 [Reference 1.4.3.14].
3.1.1.4 Each PPS Protection Set will be powered from a separate 120 VAC vital bus via a Class IE uninterruptible power supply. Refer to DCM S-65 [Reference 1.4.3.11].
3.1.1.5 Each PPS Protection Set will be provided with a 120 VAC control grade (non-vital) utility power source.3.1.1.6 Each PPS Protection Set will be provided with redundant loop power supplies capable of powering all 4-20 mA instrument loops associated with that Protection Set.3.1.1.6.1 Deleted.3.1.1.6.2 The initial full load design current for each loop power supply should not exceed 75% of a T ~lUnits 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 32 of 90 rated power supply capacity to provide margin for future expansion.
3.1.1.6.3 Failure of a loop power supply shall be alarmed (see Section 3.2.1.5).3.1.1.7 Non-vital 125 VDC from the Main Annunciator will be provided for interrogation of alarm output contacts.3.1.1 .7.1 Output contacts provided for interrogation by the MAS shall be rated at 125 Vdc, 50 mA (minimum).
3.1.1.8 The HSI equipment is Instrument Class lIand shall be isolated from the PPS processing instrumentation as required by General Design Criteria (GDC) 24 [Reference 1.4.1.3.1.16].
Refer to 0CM T-24 [Reference 1.4.3.15]
for guidance.3.1.1.9 PPS processing instrumentation will be qualified and installed to satisfy Seismic Category I requirements applicable to DCPP. Refer to Section 3.1.5 for guidance.3.1.1.10 The PPS HSI equipment will be seismically supported to prevent damage to or loss of* operability of the safety related PPS instrumentation should a seismic event occur. Refer to Section 3.1.5 for guidance.3.1.2 Durability The PPS equipment shall be capable of continuous operation in the environment specified in Section 3.1.4.3.1.3 Adaptability The PPS is a mature system and it is not anticipated that many changes to processing instrumentation or inputs and outputs will be required over the life of the system. However, it is desirable that the system have the capability for additional inputs/outputs within the existing environs so that any required changes to system function can be readily accommodated.
3.1.3.1 There shall be adequate rack space available to accommodate at least 10% additional inputs of each type used within the system for future use.3.1.3.2 There shall be adequate rack space available to accommodate at least 10% additional outputs of each type used within the system for future use.3.1.4 Environmental Conditions The Cable Spreading Rooms at DCPP are considered to be a mild environment.
3.1.4.1 The PPS instrumentation shall be qualified for the following conditions which define this environment:
3.1.4.1.1 Temperature:
3.1.4.1.2 Relative Humidity: 3.1.4.1.3 Pressure: 3.1.4.1.4 Radiation:
40 to 104°F 0 to 95% (non-condensing)
Atmospheric N/A (mild environment) 3.1.5 Seismic Requirements aLTRar Units 1 &2 DC6631 95-44-8 Page 32 OF 90 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 33 of 90 The PPS Class I equipment shall be qualified to Seismic Category I levels by test, analysis, or a combination thereof, to satisfy the requirements of IEEE Std. 344 [Reference 1.4.1.1.6](endorsed by Regulatory Guide 1.100 [Reference 1.4.1.5.6])
as supplemented by the following DCPP requirements:
3.1.5.1 Seismic Response Spectra The seismic inertial loads acting on the PPS are defined in DCM 0-17 [Reference 1.4.3.7], 0CM C-25 [Reference 1.4.3.8], and DCM C-30 [Reference 1.4.3.10].
The seismically induced inter- and intra- structural displacements are defined in 0CM C-28 [Reference 1.4.3.9].3.1.5.2 Seismic Qualification Design Class I PPS equipment and components shall meet the design bases for seismic qualification in accordance with 0CM T-1 0 (Seismic Qualification of Equipment)
[Reference 1.4.3.13].
Non-Class 1E (Class II) PPS equipment is not subject to the seismic requirements of Section 3.1.5. The Class II equipment shall be mounted and supported in such a fashion that it cannot become a missile during a seismic event and possibly damage or disable a safety-related structure, system, or component.
3.1.6 Electromagnetic Compatibility 3.1.6.1 Susceptibility:
The PPS shall be qualified by test, analysis, or a combination thereof, to function without fault or error in an electromagnetic environment in accordance with the guidance of Regulatory Guide 1.180 [Reference 1.4.1.5.10].
3.1.6.2 Emissions:
the PPS equipment shall be qualified by test, analysis or a combination thereof, to not create an electromagnetic environment that will adversely affect the operation of safety-related Class 1 E equipment operating in the same location (cable spreading room).The qualification shall follow the guidance of Regulatory Guide 1.180, as above.3.1.6.3 Grounding:
the PPS equipment shall support the grounding methods described in IEEE Std.1050 [Reference 1.4.1.1.11]
and endorsed by Regulatory Guide 1.180 to limit adverse effects of susceptibility and emissions (both radiated and conducted).
3.1.7 Deleted 3.2 System Performance Characteristics The PPS is required to monitor plant parameters that are important to safety. The PPS provides signals for parameter monitoring, indication, recording, and to the MAS for alarming in the MCR for use by operations personnel and to satisfy the Post-Accident Monitoring requirements of Regulatory Guide 1.97[Reference 1.4.1.5.51 as defined in Chapter 7.5 of the DCPP FSARU [Reference 1.4.3.2].With the exception of Delta-T and Tavg from the Delta-T/Tavg (DTTA) channels, where required, the PPS will provide isolated signals from the channel sensor (prior to processing by the PPS instrumentation) via qualified isolation devices for use by Class II control systems such as the DFWCS, the Rod Speed and Direction System, the Pressurizer Pressure Control System, the Pressurizer Level Control System, and the AMSAC.The PPS will provide isolated (Class Il) level signals from level channel sehsors (prior to processing by the PPS instrumentation) via qualified isolation devices for use by the Class I Auxiliary, Feedwater a LTR~fl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Req uir6m~ents Specification Page 34 of 90 System.The PPS provides partial trip output signals to the SSPS whenever established RTS or ESFAS parameter setpoints are exceeded.
The SSPS will initiate a Reactor Trip and/or actuate ESFAS whenever the design logic (coincidence) for the required protective action is satisfied.
The DCPP FLDs [Reference 1.4.3.5] provide detailed information regarding the SSPS Reactor Trip and ESFAS functional operation.
The following Sections (3.2.1 thru 3.2.13) define the specific requirements for each PPS channel that must be satisfied to ensure that the PPS performs as designed.3.2.1 Requirements Applicable to All PPS Channels The following requirements are applicable to all PPS channels.
Requirements specific to a particular channel will be identified in the specific Section (3.2.2 through 3.2.13) dealing with that channel.3.2.1.1 Functional Description Refer to the "Functional Description" requirement Section associated with each individual PPS channel.3.2.1.2 Special Environmental Requirements This Specification applies only to the PPS instrumentation that is located in the Unit 1 and Unit 2 Cable Spreading Rooms at DCPP (elevation 128). These areas are considered to be a mild environment.
See Section 3.1.4 for specific environmental conditions applicable to these areas.3.2.1.3 -indicators, Status Lights, and Contr'ols The following status requirements are applicable to all PPS channels: 3.2.1.3.1 Status indication (ON/OFF) shall be provided locally at the PPS instrumentation racks for all comparator outputs.-, 3.2.1.3.2 For energize to trip/actuate comparator outputs, feedback shall be provided to the PPS to facilitate detection of open circuits, short circuits, or actual output not matching command unless specified otherwise in Sections 3.2.2 through 3.2.13 of this document.S3.2.1.3.3 Signals for status indication to satisfy .the requirements of Regulatory Guide 1.47[Reference 1.4.1.5.2]
shall be provided to the MCR from each protection set for indication that a protection channel has been placed in an inoperable condition (e.g., bypassed).
3.2.1.3.4 Manual trip switches shall be provided locally at the PPS instrumentation racks for all deenergize to trip comparator outputs except for those provided for alarm purposes only.This Specification does not require nor does it preclude the use of manual trip switches for energize to trip comparator outputs. Where used on energize to trip circuits the requirements of this section shall apply.a) These manual trip switches shall provide an independent trip capability that will override the PPS comparator output.b) Channel status downstream of the manual trip switch shall be determinable by the PPS.c) Exceptions to this requirement for a particular comparator output will be identified in the "Trips and Trip Logic" subsection of the Section (3.2.2 thru 3.2.13) associated with that comparator.
3.2.1.3.5 Manual bypass switches shall be provided for each Containment High-High Pressure a T ~lUnits I8&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 35 of 90 (Containment Spray) comparator Output...a) When in bypass, these switches shall maintain the normal (non-tripped) condition of the comparator output independent of the PPS.b) Indication of Bypass shall satisfy the requirements of Section 3.2.1.5.3.
c) Deleted 3.2.1.3.6 Manual bypass switches shall be provided for each Turbine Impulse Pressure High (P-13)comparator output.a) When in bypass, these switches shall maintain the normal (non-tripped) condition of the comparator output independent of the PPS.b) Indication of Bypass shall satisfy the requirements of Section 3.2.1.5.3.
3.2.1.3.7 A method shall be provided for placing a PPS channel out-of-service (e.g. manual OOS switch) for the purpose of performing maintenance activities (e.g., parameter updates)without requiring that a Protection Set be declared inoperable.
a) Indication of Out-of-Service shall satisfy the requirements of Section 3.2.1.5.5 or b) An alternative indication of Out-of-Service shall be provided.3.2.1.4 Outputs for Monitoring, Indication, Recording, and Control Analog outputs shall be capable of driving an impedance of up to 1000 ohms without loss of accuracy.Refer to the "Outputs for Monitoring, Indication, Recording, and Control" requirement Section associated with each individual PPS channel.Note: "Outputs" includes:
outputs processed through the PPS instrumentation (e.g., RCS Flow); and outputs processed through qualified hardware isolation devices on the sensor Tnput loop (e.g., PZR Level to process control).3.2.1.5 Alarms and Annunciators The following system level alarms and annunciators will be provided by PG&E for each Protection Set. Separate input signals shall be provided to these alarms from processing instrumentation for each Protection Set. Refer to PPS System Level Alarm drawings: Protection Set I [References 1.4.2.2.21, 1.4.2.2.22], Protection Set II [References 1.4.2.2.43, 1.4.2.2.44], Protection Set Ill [References 1.4.2.2.58, 1.4.2.2.59], and Protection Set IV[References 1.4.2.2.71, 1.4.2.2.72].
3.2.1.5.1 PPS Failure [Output to MAS Deenergizes to Alarm with Reflash capability]
System failure conditions determined to impact a safety function that results in a Technical Specification
[Reference 1.4.3.1] Limiting Condition for Operation (LCO) entry shall provide signals to actuate a "PPS Failure" annunciator in the Main Control Room (MCR).The following system level conditions are to be alarmed: a) Failure to set trip on demand (condition exists for longer than 1 second) with the exception of alarm comparators and the C-3, C-4, and C-5 control interlock comparators b) Critical component failure or failures that result in entry into a Technical Specification LCO Channel specific inputs to the PPS Failure alarm are identified in Sections 3.2.2.5 through 3.2.13.5.a LTRafl Units 1&2 0C663t95-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 36 of 90 3.2.1.5.2 PPS Trouble [Output to MAS Deenergizes to Alarm with Reflash capability]
System failure conditions that do not impact a safety function that results in a Technical Specification LCO entry shall provide signals to actuate a "PPS Trouble" annunciator in the MCR.The following system level conditions are to be alarmed: a) Trip output set without a demand (condition exists for longer than 1 second) with the exception of alarm comparators and the C-3, 0-4, and 0-5 control interlock comparators b) Loss of one critical instrument power supply (redundant supply working)c) Loss of one or both non-critical instrument power supplies d) Component failures that do not result in entry into a Technical Specification LCO Channel specific inputs to the PPS Trouble alarm are identified in Sections 3.2.2.5 through 3.2.13.5.3.2.1.5.3 PPS Channel in Bypass [Output to MAS Energizes to Alarm with Reflash capability]
a) Actuation of any comparator bypass in a Protection Set will provide a signal to the MAS for alarming the bypassed condition in the Main Control Room.b) Where utilized, comparator manual bypass switches shall be provided with two (2)separate and independent output contacts.1) One contact will be used to physically bypass the comparator trip/actuation output maintaining the non-tripped/non-actuated state.2) The other contact will be for use in satisfying Bypassed indication requirements per part a) of Section 3.2.1.5.3.
c) Deleted.3.2.1.5.4 PPS RTD Failure [Output to MAS Energizes to Alarm with Reflash capability]
The following conditions shall actuate an "RTD Failure" annunciator in the MCR: a) Input deviation
-SQA2 b) Two bad inputs -SQA2 c) Less than two good inputs -SQA3A and SQA3B d) The alarms per a), b), and c) shall be suppressed when the OTTA channel is out of service.3.2.1.5.5 PPS Out of Service [Output to MAS Energizes to Alarm with Reflash capability (for Item b below)]Where utilized, external Channel Out-of-Service (OOS) switches shall be provided with two (2) separate and independent output contacts [Contacts Close on OOS].a) One contact without reflash capability will be provided for use by the MAS (independent of the PPS instrumentation) to indicate that a manual OOS switch has been actuated and a channel OOS permissive has been set.b) The other contact will be for use in establishing the proper HSI/PPS interfaces for performing maintenance and parameter/setpoint updates. A signal shall be provided for use by the MAS to indicate the channel OOS condition once it is confirmed and established.
a LTRaf Units 1&2 DC66319S-44-8 Pag 36OF 90 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 37 of 90 3.2.1.6 Interlocks and Permissives Refer to the "Interlocks and Permissives" requirement Section associated with each individual PPS channel.3.2.1.7 Trips and Trip Logic PPS comparators determine when established setpoints have been exceeded and provide outputs for use by other systems such as the RTS and ESFAS. Refer to the "Trips and Trip Logic" requirements Section associated with each individual PPS channel for comparator requirements associated with that channel.3.2.1.8 Accuracy A statistical analysis of PPS rack accuracy allowances, including a detailed description of the methodology used to determine rack accuracy allowance value(s), shall be performed by the equipment supplier and provided for use by PG&E to evaluate the need for changes to PPS setpoints.
Section 3.2.1.8.1 includes typical rack allowances that shall be considered.
This is a non--inclusive list and may be supplemented depending on the type of equipment utilized.3.2.1.8.1 Typical Rack Allowances include the following:
a) Rack Calibration Accuracy (RCA): The reference (calibration) accuracy rating for a process loop string. A process ioop includes all modules in a specific channel. It is assumed that the individual modules are calibrated to a particular tolerance and that the process loop is verified to be calibrated to a specific tolerance.
- 1) The following tolerances for input signal conditioning shall be applicable:
- i. 4-20 mA input signal conditioning accuracy tolerance shall not exceed:+ 0.13% span ii. RTD input signal conditioning accuracy tolerance shall not exceed : o + 0.375 °F (narrow range)o +/- 1.05 0 F (wide range)2) 4-20 mA analog output signal accuracy tolerance shall not exceed + 0.5% of span unless otherwise specified.
b) Rack Comparator Setting Accuracy (RCSA): The reference (calibration) accuracy of.the instrument loop comparator (bistable).
- 1) For a single input bistable the tolerance shall not exceed + 0.2% span.2) For a dual input bistable the tolerance shall not exceed + 0,5%. span.3) No uncertainty is included for this term for channels that do not have an electronic comparator.
c) Rack Temperature Effects (RTE): The change in input-output relationship for the process rack module string due to a change in the ambient environmental conditions.
- 1) Fo)r an analog system the tolerance shall not exceed _+ 0.5% span.2) As applicable, for a digital system the following tolerances shall be applicable:
- i. 4-20 mA input signal conditioning temperature effects shall not exceed:+/- 0.25% span ii. RTD input signal conditioning temperature effects shall not exceed: a T ~lUnits 1&2 DC663195-44-8 D)CPP Units I & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 38 of 90 o + 1.2°0 F (narrow range)o + 5.6 °F (wide range)d) Rack Drift (RD)): The change in input-output relationship over a period of time.1) For an analog system the tolerance shall not exceed +/- 1.0% span.2) As applicable, for a digital system the tolerance shall not exceed: i. 4-20 mA input signal conditioning rack drift tolerance shall not exceed:+ 0.2% span ii. RTD input signal conditioning rack drift tolerance shall not exceed: o +/- 0.3 °F (narrow range)o + 1.4 °F (wide range)3) The drift requirements per this Section shall be valid for a period of 30 calendar months (minimum).
3.2.1.8.2 As applicable (digital system), Processor Time Base (Loop Cycle Time)Where input and output signals are updated on a time-dependant cyclic basis, a method for verifying the time base shall be provided.a) The measurable time base shall have an accuracy of+/-+ 0.1% of the utilized time base (e.g., for a 100 msec time base this would be+/-+ 0.1 msec).3.2.1.9 Range (for Inputs, Calculated Values, and Outputs)Instrument Range requirements are function dependent.
Refer to the "Range (for Inputs, Calculated Values, and Outputs)" requirements Section associated with each individual PPS channel.3.2.1.9.1 Analog inputs shall be provided with the capability to adjust input scaling (see Section 3.2.1.13).
3.2.1.10 Time Response The time response of the PPS processing instrumentation (from input signal conditioner to conditioned output signal) shall not exceed 0.409 seconds [Reference 1.4.3.17].
The time delay mentioned above is defined as the elapsed time following a step change at the signal conditioner input from 5% below (above) to 5% above (below) the comparator setpoint with all externally adjustable transfer functions set to 1 (as applicable) and all externally adjustable time delays set to 0.0 (as applicable).
3.2.1.11 Overload and Recovery Characteristics Overload (overrange) of any instrument channel or component in an affected protection system shall result only in the saturation of the affected components in the direction of the overload.3.2.1.11.1 After the out-of-range signal causing the overload returns from the overload condition, all component units of the system shall recover from the saturated condition and return to their correct output values (within nominal accuracy limits) within 1 second.Note: The 1 second recovery time specified need be met only when all externally adjustable time delays are set to 0.0.3.2.1.11.2 During recovery from overload, the output of all affected component units shall progress smoothly from the saturated value to the correct value without oscillation or overshoot a LTRaF~ Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 39 of 90 larger than 1% (peak-to-peak) of channel range exclusive of the theoretical amplification of lead/lag and rate/lag units.Note: The requirements on oscillation and overshoot should be met even with all externally adjustable time delays set to 0.0.3.2.1.12 Noise Levels 3.2.1.12.1 Deleted 3.2.1.12.2 For analog inputs, an adjustable low pass filter with a cutoff frequency range of 0 -15 Hz (minimum bandwidth) shall be provided.Filter attenuation requirements:
o 10 Hz =-20 dB minimum* 60 Hz = -45 dB minimum 3.2.1.13 Controller Transfer Functions Refer to the "Controller Transfer Functions" requirement Section associated with each individual PPS channel for channel specific transfer functions.
3.2.1.13.1 All PPS instrumentation shall have the capability to provide a hysteresis/deadband setting for comparator setpoints as follows: a) Comparator reset for increasing signal trips shall be 1% of input span below trip setpoint.b) Comparator reset for decreasing signal trips shall be 1% of input span above trip setpoint.3.2.1.13.2 All PPS analog inputs must be provided with the capability to adjust scaling. Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Sections 3.2.2.14 through 3.2.13.14.
3.21.14 Setpoints and Tunable Parameters (Range of Setting)3.2.1.14.1 All comparator setpoints shall be capable of being entered and changed locally under administrative controls.3.2.1.14.2 All tunable parameters shall be capable of being entered and changed locally at the PPS instrumentation racks under administrative controls.3:'2.1.14.3 Deleted 3.2.1.15 Test and Calibration The capability must be provided for PPS channel calibration and test at power as required by IEEE Std. 338 [Reference 1.4.1.1.5]
with the following constraints:
3.2.1.15.1 The capability shall be provided for testing at power in either Test in Bypass mode (where the partial trip/actuation outputs associated with the channel in test are maintained in the non-tripped/non-actuated condition) or Test in Trip mode (where the partial trip/actuation outputs associated with the channel in fest are maintained in the tripped/actuated condition).
3.2.1.15.2 In the case of 1/N (one-out-of-N) logic, a bypass shall (must) be provided to prevent the actuation of a protection system during a channel test.3.2.1 .15.3 As applicable, the capability to verify that all analog-to-digital (A/D) conversions are calibrated independently of each other shall be provided.a LTReflb units, &2DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 40 of 90 3.2.1.15.4 As applicable, the capability to verify that digital-to-analog (D/A) conversions are calibrated independently of the A/Ds shall be provided (i.e., the inputs to the D/As are independently verifiable from the inputs to the AIDs for calibration purposes).
3.2.1.15.5 Overlap test capability shall be provided for both periodic and time response testing.3.2.1.15.6 Periodic testing shall not require the need for the use of temporary jumpers or lifting of leads.3.2.1.15.7 A method shall be provided for verification of allowed changes to setpoints and/or tuning constants prior to and following initiation of the change.3.2.1.15.8 Deleted 3.2.1.16 Failure Mode Requirements 3.2.1.16.1 Deleted 3.2.1.16.2 Deleted 3.2.1.16.3 Deenergize to Trip comparator outputs shall be designed such that upon loss of electrical power, the resultant output is the tripped (deenergized) condition.
3.2.1 .16.4 Energize to Trip comparator outputs shall be designed such that upon loss of electrical power, the resultant output is the non-tripped (deenergized) condition.
3.2.1.16.5 Detectable failures that could result in loss of ability to perform a required safety function should result in affected Deenergize to Trip comparators being placed in the tripped (deenergized) condition.
This requirement does not apply to functions that are out of service.3.2.1.16.6 Detectable failures that could result in loss of ability to perform a required safety function should result in affected Energize to Trip comparators being placed in the non-tripped (deenergized) condition.
This requirement does not apply to functions that are out of service.3.2.1.16.7 The capability shall be provided to transit from Test in Bypass to Test in Trip for any channel to support Technical Specification
[Reference 1.4.3.1] requirements.
3.2.1.16.8 The capability shall be provided to transit from Test in Trip to Test in Bypass for any channel to support Technical Specification
[Reference 1.4.3.1] requirements.
3.2.2 Specific Requirements for Reactor Coolant Flow The following specific requirements apply to the Reactor Coolant Flow channels and are in addition to the requirements specified in Section 3.2.1.3.2.2.1 Functional Description Reactor Coolant Flow channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.2.1.1 Reactor Coolant Flow, Loops 1 thru 4 (Protection Set I): Reference 1.4.2.2.1, 1.4.2.2.2 3.2.2.1.2 Reactor Coolant Flow, Loops 1 thru 4 (Protection Set II): Reference 1.4.2.2.23, 1.4.2.2.24 3.2.2.1.3 Reactor Coolant Flow, Loops 1 thru 4 (Protection Set Ill): a LTRar Uis & DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 41 of 90 Reference 1.4.2.2.45, 1.4.2.2.46 3.2.2.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.2.3 Indicators, Status Lights, and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.2.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Reactor Coolant Flow channels: 3.2.2.4.1 Reactor Coolant Flow Loop 1 (Protection Sets I, If, Il)a) MCR Indication b) PPC Monitoring 3.2.2.4.2 Reactor Coolant Flow Loop 2 (Protection Sets 1, I1, II)a) MCR Indication b) PPC Monitoring 3.2.2.4.3 Reactor Coolant Flow Loop 3 (Protection Sets I,II, III)a) MCR Indication b) PPC Monitoring 3.2.2.4.4 Reactor Coolant Flow Loop 4 (Protection Sets I, 11, I1l)a) MCR Indication b) PPC Monitoring 3.2.2.5 Alarms and Annunciators The following alarm outputs shall be provided for the Reactor Coolant Flow channels: 3.2.2.5.1 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range 3.2.2.5.2 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.2.6 Interlocks and Permissives There are no interlocks or permissives associated with PPS Reactor Coolant Flow channel processing.
3.2.2.7 Trips and Trip Logic The following comparator outputs shall be provided by the Reactor Coolant Flow channels: 3.2.2.7.1 Reactor Coolant Loop I Flow Low (Protection Sets I, II, Il)For use by the SSPS Low Reactor Coolant Flow Reactor Trip logic [Deenergize to Trip].3.2.2.7.2 Reactor Coolant Loop 2 Flow Low (Protection Sets I, II, 1l)a LTRafl units &2DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 42 of 90*For use by the SSPS Low Reactor Coolant Flow Reactor Trip logic [Deenergize to Trip].3.2.2.7.3 Reactor Coolant Loop 3 Flow Low (Protection Sets I, If, 1l)For use by the SSPS Low Reactor Coolant Flow Reactor Trip logic [Deenergize to Trip].3.2.2.7.4 Reactor Coolant Loop 4 Flow Low (Protection Sets I, I1, ill)For use by the SSPS Low Reactor Coolant Flow Reactor Trip logic [Deenergize to Trip].3.2.2.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.2.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.2.9.1 Input Variables:
a) Reactor Coolant Flow: 4 -20 mA = 0 to 100 XMTR dp%3.2.2.9.2 Calculated Variables:
Refer to Section 3.2.2.13.*3.2.2.9.3 Output Variables:
a) Reactor Coolant Flow: 0 to 100 XMTR dp% = 4 -20 mA Note: equivalent to 0 to 120% of normalized flow.3.2.2.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.2.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.2.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.2.13 Controller Transfer Functions The following controller transfer functions are used in the processing of Reactor Coolant Flow channels: 3.2.2.13.1 Reactor Coolant Flow Normalization Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.2.14.2.
3.2.2.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Reactor Coolant Flow channels: a LTR~fl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 43 of 90 3.2.2.14.1 Reactor Coolant Flow Low Reactor Trip: 40.000 to 70.000 normalized dp%3.2.2.14.2 Tunable Parameters a) Input Scaling m (normalizing constant) 0.5000 to 1.9000 b) Input scaling b (offset) -1 0.000 to 10.000 dp%3.2.2.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.3.2.2.16 Failure Mode Requirements No additional requirements to those identified in Section 3.2.1.16.3.2.3 Specific Requirements for Wide Range Reactor Coolant Temperature The following specific requirements apply to the Wide Range Temperature channels and are in addition to the requirements specified in Section 3.2.1.3.2.3.1 Functional Description Wide Range Temperature channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.3.1.1 Wide Range Temperature, Reactor Coolant Loops 1 and 2 (Protection Set I): Reference 1.4.2.2.3 3.2.3.1.2 Wide Range Temperature, Reactor Coolant Loops 3 and 4 (Protection Set II): Reference 1.4.2.2.25 3.2.3.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.3.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.3.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Wide Range Temperature channels: 3.2.3.4.1 Hot Leg Temperature Loop 1 (Protection Set I)a) MCR Recording b) ERFDS Monitoring c) RVLIS Train B Monitoring d) PPC Monitoring 3.2.3.4.2 Hot Leg Temperature Loop 2 (Protection Set I)a) MCR Recording a LTRaFP Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 44 of 90 b) ERFDS Monitoring c) RVLIS Train B Monitoring d) PPC Monitoring 3.2.3.4.3 Hot Leg Temperature Loop 3 (Protection Set II)a) MCR Recording b) ERFDS Monitoring c) RVLIS Train A Monitoring d) PPC Monitoring 3.2.3.4.4 Hot Leg Temperature Loop 4 (Protection Set II)a) MCR Recording b) ERFDS Monitoring c) RVLIS Train A Monitoring d) PPC Monitoring 3.2.3.4.5 Cold Leg Temperature Loop 1 (Protection Set I)a) MOR Recording b) ERFDS Monitoring c) PPC Monitoring 3.2.3.4.6 Cold Leg Temperature Loop 2 (Protection Set I)a) MCR Recording b) ERFDS Monitoring c) PPC Monitoring 3.2.3.4.7 Cold Leg Temperature Loop 3 (Protection Set II)a) MCR Recording b) ERFDS Monitoring c) PPC Monitoring 3.2.3.4.8 Cold Leg Temperature Loop 4 (Protection Set II)a) MCR Recording b) ERFOS Monitoring c) PPC Monitoring 3.2.3.5 Alarms and Annunciators The following alarm outputs shall be provided for the Wide Range Temperature channels: 3.2.3.5.1 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range 3.2.3.5.2 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System "08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 45 of 90 a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.3.6 Interlocks and Permissives There are no interlocks or permissives associated with PPS Wide Range Temperature channel processing.
3.2.3.7 Trips and Trip Logic The following comparator outputs shall be provided by the Wide Range Temperature Channels: 3.2.3.7.1 Cold Leg Temperature Low Loop 2 (Protection Set I)For use by the LTOPS [Energize to Trip].3.2.3.7.2 Cold Leg Temperature Low Loop 3 (Protection Set I1)For use by the LTOPS [Energize to Trip].3.2.3.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.3.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.3.9.1 Input Variables a) Wide Range Temperature Hot Leg:[4-wire 200 ohm platinum RTD] = 0 to 700 0 F (minimum range)b) Wide Range Temperature Cold Leg:[4-wire 200 ohm platinum RTD] = 0 to 700 0 F (minimum range)3.2.3.9.2 Calculated Variables:
None 3.2.3.9.3 Output Variables:
a) Wide Range Temperature Hot Leg: 0 to 700 0 F =4 -20 mA b) Wide Range Temperature Cold Leg: 0 to 700 0 F = 4 -20 mA 3.2.3.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.3.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.3.12 Noise Levels No additional requirements to those identified in Section 3.2.1 .12.3.2.3.13 Controller Transfer Functions The following controller transfer functions are used in the processing of Wide Range a LTRar~ Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 46 of 90 Temperature channels: 3.2.3.13.1 RTD Resistance to Temperature Calculation Refer to Reference 1.4.3.18 for details.3.2.3.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Wide Range Temperature channels: 3.2.3.14.1 Cold Leg Temperature Low LTOPS (Protection Sets 1, II): 0.000 to 700.000 0 F 3.2.3.14.2 Tunable Parameters a) Input scaling m (gain) 0.5000 to 1.9000 b) Input scaling b (offset) -70.000 to 70. 000 °F c) RTD a constant 150.000 to 250.000 ohms d) RTD b constant 0.200000 to 0.600000 ohms/°F e) RTD c constant -0.500000E-04 to -0.I00000E-04 ohms/(°F*°F) 3.2.3.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.3.2.3.16 Failure Mode Requirements 3.2.3.16.1 Detected RTD failures shall result in a low-going signal (failed low).3.2.3.16.2 Deleted 3.2.4 Specific Requirements for Wide Range Reactor Coolant Pressure The following specific requirements apply to the Wide Range Pressure channels and are in addition to the requirements specified in Section 3.2.1.3.2.4.1 Functional Description Wide Range Pressure channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.4.1.1 Wide Range Pressure, Reactor Coolant Loop 4 (Protection Set Ill): Reference 1.4.2.2.47 3.2.4.1.2 Wide Range Pressure, Reactor Coolant Loops 3 and 4 (Protection Set IV): Reference 1.4.2.2.60 3.2.4.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.4.3 Indicators, Status Lights and Controls a LTRSfl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 47 of 90 No additional requirements to those identified in Section 3.2.1.3.3.2.4.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Wide Range Pressure channels: 3.2.4.4.1 Wide Range Pressure Loop 4 [PT-403] (Protection Set Ill)a) MCR Recording b) EREDS Monitoring c) RVLIS Train B Monitoring d) PPC Monitoring 3.2.4.4.2 Wide Range Pressure Loop 4 [PT-403A] (Protection Set IIl)a) MCR Indication b) ERFDS Monitoring c) PPC Monitoring 3.2.4.4.3 Wide Range Pressure Loop 3 [PT-405] (Protection Set IV)a) MCR Indication b) ERFDS Monitoring c) PPC Monitoring d) RVLIS Train A Monitoring, 3.2.4.4.4 Wide Range Pressure Loop 4 [PT-405A] (Protection Set IV)a) MCR Indication b) PPC Monitoring c) ERFDS Monitoring 3.2.4.5 Alarms and Annunciators The following alarm outputs shall be provided for the Wide Range Pressure channels: 3.2.4.5.1 Reactor Coolant Pressure Hi, Loop 4 [PT-403A] (Protection Set Ill)Input to RHR Valve 8702 Not Isolated alarm circuit (RHR Interlocks, see Section 3.2.4.6.3).
3.2.4.5.2 Reactor Coolant Pressure Hi, Loop 4 [PT-405A] (Protection Set IV) .Input to RHR Valve 8701 Not Isolated alarm circuit (RHR Interlocks, see Section 3.2.4.6.4).
3.2.4.5.3 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range 3.2.4.5.4 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.4.6 Interlocks and Permissives The following comparator outputs shall be provided by the Wide Range Pressure channels: 3.2.4.6.1 Reactor Coolant Pressure Low, Loop 4 (Protection Set III)a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 48 of 90 For use by the RHR system interlocks Valve 8702 control circuit [Energize to Trip].3.2.4.6.2 Reactor Coolant Pressure Low, Loop 4 (Protection Set IV)For use by the RHR system interlocks Valve 8701 control circuit [Energize to Trip].The Wide Range Pressure Low Loop 4 comparator output to the RHR Valve 8701 Interlock circuit shall be interlocked with the Pressurizer Vapor Space Temperature Low comparator output. A graphical presentation is shown on References 1.4.2.2.60 and 1.4.2.2.65.
3.2.4.6.3 Reactor Coolant Pressure High, Loop 4 (Protection Set Ill)For use by the RHR system interlocks Valve 8702 alarm circuit (see Section 3.2.4.5.1)
[Deenergize to Trip].3.2.4.6.4 Reactor Coolant Pressure High, Loop 4 (Protection Set IV)For use by the RHR system interlocks Valve 8701 alarm circuit (see Section 3.2.4.5.2)
[Deenergize to Trip].3.2.4.7 Trips and Trip Logic The following comparator outputs shall be provided by the Wide Range Pressure channels: 3.2.4.7.1 Reactor Coolant Pressure High, Loop 4 (Protection Sets III, IV)For use by LTOPS [Energize to Trip].3.2.4.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.4.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.4.9.1 Input Variables:
a) Reactor Coolant Wide Range Pressure: 4 -20 mA = 0 to 3000 psig 3.2.4.9.2 Calculated Variables:
None 3.2.4.9.3 Output Variables:
a) Reactor Coolant Wide Range Pressure: 4 -20 mA [0 to 3000 psig] = 4-20 mA (input loop Class IA/Il isolator)1 3.2.4.10 Time Response No additional requirements to those identified in Section 3.2.1 .10.3.2.4.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1 .11.3.2.4.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.4.13 Controller Transfer Functions No additional requirements to those identified in Section 3.2.1.13.a LTRafl Units 1&,2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 49 of 90 3.2.4.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Wide Range Pressure channels: 3.2.4.14.1 Reactor Coolant Wide Range Pressure High LTOPS (Protection Sets III, IV): 0.00 to 3000.00 psig -3.2.4.14.2 Reactor Coolant Wide Range Pressure High RHR Interlocks (Protection Sets III, IV): 0.00 to 3000.00 psig 3.2.4.14.3 Reactor Coolant Wide Range Pressure Low RHR Interlocks (Protection Sets Ill, IV): 0.00 to 3000.00 psig 3.2.4.14.4 Tunable Parameters a) Input scaling m (gain) 0.5000 to 1.9000 b) Input scaling b (offset) -300.00 to 300.00 psig 3.2.4.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.3.2.4.16 Failure Mode Requirements No additional requirements to those identified in Section 3.2.1.16.3.2.4.16.1 Deleted 3.2.5 Specific Requirements for DTTA The following specific requirements apply to the DTTA channels and are in addition to the requirements specified in Section 3.2.1.3.2.5.1 Functional Description DTTA channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).The following sub-sections provide information regarding the development of the Thot, Tcold, Tavg, and Delta-T signals used in calculating the Thermal Overpower and Overtemperature Protection trip setpoints.
The information is presented in a "per DTTA channel" basis. The same process shall be performed in all four DTTA channels.
Each DTTA channel is associated with a particular reactor coolant loop (e.g., DTTA channel 1 is for reactor coolant loop 1 ).3.2.5.1.1 DTTA Reactor Coolant Loop 1 (Protection Set I): Reference 1.4.2.2.4, 1.4.2.2.5 3.2.5.1.2 DTTA Reactor Coolant Loop 2 (Protection Set II): Reference 1.4.2.2.26, 1.4.2.2.27 3.2.5.1.3 DTTA Reactor Coolant Loop 3 (Protection Set Ill): Reference 1.4.2.2.48, 1.4.2.2.49 3.2.5.1.4 DTTA Reactor Coolant Loop 4 (Protection Set IV): a LTRafl- Units 1&,2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 50 of 90 Reference 1.4.2.2.61, 1.4.2.2.62 3.2.5.1.5 Tcold Signal Development A filtered Tcold average (Tfcavg) signal shall be calculated from the two (2) Tcold RTD inputs configured for use in a single DTTA channel for use in the DTTA channel protection function calculations.
The following constraints apply: a) All Tcold inputs shall be processed through a Lag Filter per Section 3.2.5.13.1.
b) Only Tcold signals that have been validated by the Sensor Quality Algorithm (SQA2)[Reference Section 3.2.5.13.81 shall be used in the Tfcavg calculation.
c) Alarm conditions and outputs associated with the SQA2 are provided in Reference 1.4.3.18.d) The Tfcavg shall be the output of the SQA2 Algorithm.
3.2.5.1.6 Thot Signal Development A filtered Thot average (T~havg) signal shall be calculated from the six (6) Thot RTD inputs configured for use in a single DTTA channel for use in the DTTA channel protection calculations.
a) All Thot inputs shall be processed through a Lag Filter per Section 3.2.5.13.1.
b) Each Thot input shall be compensated by application of a Thot streaming factor determined per Section 3.2.5.13.10.
c) The SQA3A algorithm
[Reference Section 3.2.5.13.9]
shall be used to calculate a Tfhavg value for the three (3) Thot "A" inputs.d) The SQA3B algorithm
[Reference Section 3.2.5.13.9]
shall be used to calculate a mfhavg value for the three (3) Thot "B" inputs.e) Only Thot signals that have been validated by the SQA3A or SQA3B algorithm shall be used in the mfhavg calculation for that group.f) Alarm conditions and outputs associated with the SQA3A, SQA3B, and SQA3 are provided in Reference 1.4.3.18.g) The Tfhavg for the DTTA channel shall be calculated from the outputs of the SQA3A and SQA3B algorithms.
3.2.5.1.7 Delta-T Signal Development Delta-T (calculated loop differential temperature, 0 F) shall be determined for each OTTA channel [Reference Section 3.2.5.13.4].
3.2.5.1.8 Tavg Signal Development Tavg (calculated average loop temperature, 0 F) shall be determined for each DTT-A channel [Reference Section 3:2.5.13.4].
3.2.5.1.9 Normalized Power (PB) Signal Development PB (calculated value for normalized power, unitless) shall be determined for each DTTA channel [Reference Section 3.2.5.13.111].
3.2.5.1.10 Overtemperature Delta-T (OTDT) Setpoint An Overtemperature Delta-T (OTDT) Setpoint shall be determined for each DTTA channel[Reference Section 3.2.5.13.6].
3.2.5.1.11 Overpower Delta-T (OPDT) Setpoint a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 51 of 90 An Overpower Delta-T (OPDT) Setpoint shall be determined for each DTTA channel[Reference Section 3.2.5.13.7].
3.2.5.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.5.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.5.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the DTTA channels: 3.2.5.4.1 Calculated Delta-T (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set Ill[Loop 3], Protection Set IV [Loop 4])a) MCR Indication b) MCR Recording c) Delta-T Auctioneering Circuit d) PPC Monitoring e) Associated Steam Generator Level Channel (Trip Time Delay)3.2.5.4.2 Calculated Tavg (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set Ill[Loop 3], Protection Set IV [Loop 4])a) MCR Indication b) Alarming (Deviation Alarm Circuit)c) PPC Monitoring d) To Control (Tavg Auctioneered
-High to Rod Speed and Direction, Steam Dumps, Pressurizer Level)3.2.5.4.3 Calculated Overpower Setpoint (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set III [Loop 3], Protection Set IV [Loop 4])a) MCR Indication b) MCR Recording c) PPC Monitoring 3.2.5.4.4 Calculated Overtemperature Setpoint (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set Ill [Loop 3], Protection Set IV [Loop 4])a) MCR Indication b) MCR Recording c) PPC Monitoring 3.2.5.5 Alarms and Annunciators The following alarm outputs shall be provided for the DTTA channels: 3.2.5.5.1 Tcold sensor(s) failed as determined by the SQA2 algorithm (see Section 3.2.5.13.8).(Actuation input to "RTD Failure' annunciator).
3.2.5.5.2 Thot sensor(s) failed as determined by the SQA3 algorithm (see Section 3.2.5.13.9).
a LT alUnits 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 52 of 90 (Actuation input to "RTD Failure" annunciator).
3.2.5.5.3 Deleted 3.2.5.5.4 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Power Range Flux input out of range b) Power Range Flux input is open circuit (as constrained by Section 3.2.5.5.4 e))c) Pressurizer Pressure sensor input is out of range (as constrained by Section.. 3.2.5.5.4 d))d) Pressurizer Pressure out of range alarm shall be disabled when Tavg is less than or equal to 530°F and enabled when Tavg is greater than 531°0 F.e) Power Range Flux input open circuit alarm shall be disabled when the associated DTTA channel is out of service.3.2.5.5.5 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) Tcold temperature input signal out of range b) Thot temperature input signal out of range c) Thot temperature deviation as determined by SQA3A or SQA3B algorithm d) Alarms per subsection
- ) shall be disabled when the DTTA function is out of service.3.2.5.6 Interlocks and Permissives The following comparator outputs shall be provided by the DTTA channels: 3.2.5.6.1 OPDT Interlock C-4 (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set III[Loop 3], Protection Set IV [Loop 4])For use by Interlock C-4 logic [Deenergize to Trip].Note: Comparator output voltage provided externally from RNARA.3.2.5.6.2 OTDT Interlock C-3 (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set III[Loop 3], Protection Set IV [Loop 4])For use by Interlock C-3 logic [Deenergize to Trip].Note: Comparator output voltage provided externally from RNARA.3.2.5.6.3 Low-Low Tavg Permissive P-12 (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set III [Loop 3], Protection Set IV [Loop 4])For use by SSPS Protection Interlock P-12 logic [Deenergize to Trip].3.2.5.7 Trips and Trip Logic The following comparator outputs shall be provided by the DTTA channels: 3.2.5.7.1 Overpower Delta-T (OPOT) Reactor Trip (Protection Set I [Loop 1], Protection Set II [Loop 2], Protection Set IlI [Loop 3], ProtectionSet IV [Loop 4])For use by the SSPS OPOT Reactor Trip logic [Deenergize to Trip].3.2.5.7.2 Overtemperature Delta-T (OTOT) Reactor Trip (Protection Set I [Loop 1], Protection Set II[Loop 2], Protection Set III [Loop 3], Protection Set IV [Loop 4])For use by the SSPS OTDT Reactor Trip logic [Deenergize to Trip].a LTRanl Unts"" C639.4 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 53 of 90 3.2.5.7.3 Low Tavg Feedwater Isolation (Protection Set!I [Loop 1], Protection Set II [Loop 2], Protection Set Ill [Loop 3], Protection Set IV [Loop 4])For use by SSPS Feedwater Isolation logic [Deenergize to Trip].3.2.5.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.5.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.5.9.1 Input Variables a) Thot (Th):[4-wire 200 ohm platinum RTD] = 350 to 6500°F (minimum range)b) Tcold (To):[4-wire 200 ohm platinum RTD] = 350 to 650°F (minimum range)c) Pressurizer Pressure 4 -20 mA = 1250 to 2500 psig d) Lower Flux, NIS Power Range: 0 -10 VDC = 0 to 60% (power)e) Upper Flux, NIS Power Range: 0 -10 VDC = 0 to 60% (power)3.2.5.9.2 Calculated Variables a) Power Range Axial Flux Difference
[Calculated]
= -60 to +60% (power)b) PB (Normalized Power Factor)[Calculated]
= 0 to 1.5 c) Delta-T (AT):[Calculated]
=0 to 150% (power)d) OPDT Setpoint[Calculated]
= 0 to 150% (power)e) OTDT Setpoint[Calculated]
= 0 to 150% (power)f) Tavg:[Calculated]
=530 to 630 0 F 3.2.5.9.3 Output Variables a) Tavg: 530 to 630°F = 4-20 mA (low limited to 530°F)b) Delta-T (AT): 0 to 150% (power) = 4 -20 mA (as constrained by Section 3.2.5.9.3 e))a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 54 of 90 c) OPDT Setpoint -0 to 150% (power) = 4 -20 mA d) OTDT Setpoint 0 to 150% (power) =4 -20 mA e) Delta-T output shall be set to zero when Tavg is less than or equal to 530°F and set equal to calculated value of Delta-T when Tavg is greater than 531°0 F 3.2.5.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.5.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.5.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.5.13 Controller Transfer Functions The following controller transfer functions are used in the processing of DTTA channels: 3.2.5.13.1 Lag Units Lag units shall be provided for each of the loop Thor and Tcold input signals used for OTDT and OPDT Protection.
Lag units shall be provided for each of the loop Thot Streaming Factor calculated outputs., Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.2 Lead/Lag Units Lead/Lag units shall be provided for each of the measured loop Tavg and AT signals used for OTDT and OPOT Protection.
Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.3 Rate/Lag Units A Rate/Lag unit shall be provided for each of the loop Tavg signals used for OPDT Protection.
Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.4 Tavg and Delta-T Calculations The loop average temperature (Tavg) and temperature delta between hot and cold legs (AT)shall be calculated by each DTTA channel.Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with~this function are provided in Section 3.2.5.14.3.2.5.13.5 RTD Resistance to Temperature Calculation Refer to Reference 1.4.3.18 for details.a LTRaI Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 55 of 90 3.2.5.13.6 OTDT Setpoint Calculation The OTOT Setpoint shall be calculated for each DTTA channel.Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.7 OPOT Setpoint Calculation The OPOT Setpoint shall be calculated for each DTTA channel.Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.
-3.2.5.13.8 Sensor Quality Algorithm 2 (SQA2)The SQA2 Algorithm shall be used in development of the average filtered TCoId signal in each DTTA channel.Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.9 Sensor Quality Algorithms 3A and 3B (SQA3A/SQA3B)
The SQA3A and SQA3B Algorithms shall be used in development of the average filtered Thot signal in each DTTA channel.Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.10 Thor Streaming Factor Calculation A temperature streaming correction factor shall be calculated for each Thot RTD as constrained by the following:
a) The streaming factors (for each group) that are made available to the HSI (output of lag filters) shall be set to zero until the following validation checks are satisfied:
The sum of the streaming factors (output from lag filters) for the group is 0.0+/-+0.2 0 F ii. The streaming factors forthe group (output from calculation) are not equal to zero for more than six time constants (Thot lag filter streaming constant)
[Section 3.2.5..14.7 if)].Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.5.14.3.2.5.13.11 Normalized Power (PB) Calculation Normalized Power (PB) shall be calculated for each DTTA Channel as constrained by the following:
a) PB shall be set to 0.0 whenever Tavg is less than or equal to 530°F b) PB shall be the calculated value of PB whenever Tavg is greater than 531°F Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided-in Section 3.2.5.14.3.2.5.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the DTTA channels: 3.2.5.14.1 OPDT Turbine Runback (OPTR): -20.000 to 20.000 percent (usually negative)a LTRan nt 12D63154-Page 55 OF 90 DCPP Units I & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 56 of 90 3.2.5.14.2 OTDT Turbine Runback (OTTR): -20.000 to 20.000 percent (usually negative)3.2.5.14.3 OPDT Reactor Trip: -20.000 to 20.000 percent (usually zero)3.2.5.14.4 OTDT Reactor Trip: -20.000 to 20.000 percent (usually zero)3.2.5.14.5 LOW Tavg Feedwater Isolation:
530.000 to 630.000°F 3.2.5.14.6 LOW-LOW Tavg P-12: 530.000 to 630.000°F 3.2.5.14.7 Tunable Parameters:
a) fl(AI)A (OTDT Flux Imbalance) 0.000 to -50.000%b) fl(AI)B (OTDT Flux Imbalance)
-0.010000 to -0.030000/percent c) fl(AI)C (OTDT Flux Imbalance) 0.000000 to 1.9000000 d) fl(AI)D (OTDT Flux Imbalance) 0.000 to 50.000%e) f2(AI)F (OPDT Flux Imbalance) 0.000 to -50.000%f) f2(AI)H (OPDT Flux Imbalance) 0.000000 to 1.000000 g) f2(AI)l (OPOT Flux Imbalance) 0.000 to 50.000%h) f2(AI)J (OPDT Flux Imbalance) 0.010000 to 0.030000/percent i) fl(AI)N (OTDT Flux Imbalance) 0.01 0000 to 0.030000/percent j) fl(AI)Q (OTDT Flux Imbalance) 0.000000 to 1.000000 k) f2(AI)V (OPDT Flux Imbalance)
-0.01 0000 to -0.030000/percent I) f2(AI)W (OPDT Flux Imbalance) 0.000000 to 1.000000 m) p 0 (OTDT Setpoint) 1700.00 to 2500.00 psig n) AT 0 (PB Calculation) 30.000 to 80.000°F O) m~avg (OTOT Setpoint) 540.000 to 590.000°F p) T'avg (OPDT Setpoint) 540.000 to 590.000°F q) DELTAC (Tcold SQA2 Algorithm) 0.000 to 10.000°F r) DELTAH (Thot SQA3A(B) Algorithm) 0.000 to 25.000°F s) K 1 (OTDT Setpoint) 0.700 to 1.500 t) K 2 (OTOT Setpoint) 0.010000 to 0.030000/°F u) K, (OTDT Setpoint) 0.000350 to 0.00 1000/psig v) K 4 (OPDT Setpoint) 0.700 to 1.500 w) K 5 (OPOT Setpoint) 0.01 0000 to 0.030000/°F x) K 6 (OPDT Setpoint) 0.001000 to 0.003000/°F Y) t 1 Lead Constant (Tavg Lead/Lag) 0.000 to 60.000 seconds z) t2 Lag Constant (Tavg Lead/Lag) 0.000 to 60.000 seconds aa) t3 Rate and Lag Constant (Tavg Rate/Lag) 0.000 to 30.000 seconds bb) t4 Lead Constant (AT Lead/Lag) 0.000 to 60.000 seconds cc) t5 Lag Constant (AT Lead/Lag) 0.000 to 60.000 seconds a LTRafli Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 57 of 90 dd) 6 Lg Costat (T~t ag) .00 to 0.00 seond ee) z 7 Lag Constant (Thotd Lag) 0.000 to 30.000 seconds if) "t 8 Lag Constant (Thor Streaming Lag) 0.000 to 600.000 seconds gg) SXY Calculated Thot Streaming Factor -20.000 to 20.000 0 F Note: X= 1, 2, or3; Y =A orB hh) PLOW PB Threshold (User entered constant) 0.000 to 1.000 ii) SCAL FLUX CALiB fl(AI)/f2(AI) (User entered constant) 1.000000 to 10.000000 jj) m Tcold input scaling (gain) 0.5000 to 1.9000 kk) b Tcold input scaling (offset) -1 2.000 to 12.000°F I1) a Tcold RTD constant 50.000 to 250.000 mm) b Tcold RTD constant 0.200000 to 0.600000 ohms/oF nn) c Tcold RTD constant -0.500000E-04 to -0.I00000E-04 ohms/(OF*°F) oo) m Thot input scaling (gain) 0.5000 to 1.9000 pp) b Thor input scaling (offset) -12.000 to 12.000°F qq) a Thor RTD constant 50.000 to 250.000 rr) b Thot RTD constant 0.200000 to 0.600000 ohms/°F ss) c Thot RTD constant -0.500000E-04 to -0.I00000E-04 oh ms/(°F*°F) tt) m Power Range Flux input scaling (gain) 0.5000 to 1.9000 uu) b Power Range Flux input scaling (offset) -6.0000 to 6.0000%w) m Pressurizer Pressure input scaling (gain) 0.5000 to 1.9000 ww) b Pressurizer Pressure input scaling (offset) -125.00 to 125.00 psig*3.2.5.14.8 All displays of measured AT and AT setpoints shall be in percent of full power AT with scales reading 0 -150%.3.2.5.14.9 During initial plant operation, the AT channels will be calibrated to indicate 100% at 100%power such that the channels do not reflect minor flow variations between loops or minor variations from design flow. Provisions to allow this calibration shall be available in each channel before the AT signal is used for any alarm or protective function.3.2.5.14.10 It is recommended that different tuning constants be used in the OTDT and OPDT setpoint calculations (T~avg and T'avg respectively) to represent the nominal Tavg at rated thermal power so that they can be set and changed independently should the need arise in the future. In most applications, both constants will have the same range setting.3.2.5.14.11 Deleted 3.2.5.15 Test and Calibration The following shall apply to all OTTA channels: 3.2.5.15.1 The capability shall be provided to locally monitor the following variables from all DTTA channels in addition to those that are manually entered: a) Filtered Thot for all Thor sensors b) Filtered ToGld for all Tcold sensors a LTRa l Units 1&2 D6663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 58 of 90 3.2.5.15.2 The capability shall be provided for determining the RTD element resistance without lifting field terminations.
3.2.5.15.3 The capability shall be provided to transmit the following variable quantities from all DTTA channels to the PPC for recording and storage: a) Deleted b) Deleted c) Deleted d) Deleted e) Filtered Thot values (refer to Section 3.2.5.1.6 a))f) Filtered Tcold values (refer to Section 3.2.5.1.5 a))g) Thot Inputs (refer to Section 3.2.5.9.1 a))h) T 0 oox Inputs (refer to Section 3.2.5.9.1 b))i) PB (refer to Section 3.2.5.1.9) j) Filtered Thot Average value (refer to Section 3.2.5.1.6 g))k) Filtered Tcold Average value (refer to Section 3.2.5.1.5 d))I) Filtered Thot Streaming Factor values (refer to Section 3.2.5.13.10) m) Lead/Lag compensated value of AT (refer to Section 3.2.5.13.2) n) Lead/lag compensated value of Tavg (refer to Section 3.2.5.13.2) o) Rate/Lag compensated value of Tavg (refer to Section 3.2.5.13.3) p) Thot-EST values (refer to Section 3.2.5.1.6 b))q) SQA3A Filtered Thor Average value (refer to Section 3.2.5.1.6 c))r) SQA3B Filtered Thot Average value (refer to Section 3.2.5.1.6 d))3.2.5.16 Failure Mode Requirements Detected RTD failures shall result in a low-going signal (failed low).3.2.6 Specific Requirements for Pressurizer Level The following specific requirements apply to the Pressurizer Level channels and are in addition to the requirements specified in Section 3.2.1.3.2.6.1 Functional Description Pressurizer Level channels are presented graphically in the PPS Functional Block Diagrams[Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.6.1.1 Pressurizer Level (Protection Set I)Reference 1.4.2.2.6 3.2.6.1.2 Pressurizer Level (Protection Set II)Reference 1.4.2.2.28 a LTR~fl Units 1&2 DC663t95-44-8 DCPP Units I &2., Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 59 of 90 3.2.6.1.3.
Pressurizer Level (Protection Set Ill)Reference 1.4.2.2.50 3.2.6.1.4 Isolated signals (not processed by the PPS) from all Pressurizer Level channel sensors shall be provided for use by the Pressurizer Level Control System.3.2.6.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.6.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.6.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Pressurizer Level channels: 3.2.6.4.1 Pressurizer Level (Protection Sets I,1II)a) MCR Indication b) PPC Monitoring c) Hot Shutdown Panel Indication d) Pressurizer Level Control (Control Set I)e) Pressurizer Level Control (Control Set II)f) ERFOS Monitoring 3.2.6.4.2 Pressurizer Level (Protection Set LiII)a) MCR Indication b) PPC Monitoring c) Pressurizer Level Control (Control Set I)d) Pressurizer Level Control (Control Set II)e) EREDS Monitoring 3.2.6.5 Alarms and Annunciators The following alarm outputs shall be provided for the Pressurizer Level channels: 3.2.6.5.1 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range 3.2.6.5.2 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.6.6 Interlocks and Permissives There are no interlocks or permissives associated with PPS Pressurizer Level channel processing.
3.2.6.7 Trips and Trip LogicUnits 1 &2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 60 of 90 The following comparator outputs shall be provided by the Pressurizer Level channels: 3.2.6.7.1 Pressurizer Level High Reactor Trip (Protection SetsI, II, Ill)For use by the SSPS Pressurizer Level High Reactor Trip logic [Deenergize to Trip].3.2.6.8 Accuracy.No additional requirements to those identified in Section 3.2.1.8.3.2.6.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.6.9.1 Input Variables:
a) Pressurizer Level: 4 -20 mA = 0Oto 100%3.2.6.9.2 Calculated Variables:
None 3.2.6.9.3 Output Variables:
a) Pressurizer Level: 4 -20 mA [0 to 100%] = 4 -20 mA (from input loop)b) Pressurizer Level: 4- 20 mA [0 to 100%] =4 -20 mA (input loop Class IA/Il isolator)3.2.6.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.6.11 Overload and Recovery Characteristics , No additional requirements to those identified in Section 3.2.1.11.3.2.6.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.6.13 Controller Transfer Functions No additional requirements to those~identified in Section 3.2.1.13.3.2.6.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Pressurizer Level channels: 3.2.6.14.1 Pressurizer Level High Reactor Trip: 40.000 to 100.000%3.2.6.14.2 Tunable Parameters a) Input scaling mn (gain) 0.5000 to 1.9000 b) Input scaling b (offset) -10.000 to 10.000%3.2.6.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.a T ~lUnits 1&2 D6663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 61 of 90 3.2.6.16 Failure Mode Requirements No additional requirements to those identified in Section 3.2.1 .16.3.2.7 Specific Requirements for: Pressurizer Pressure The following specific requirements apply to the Pressurizer Pressure channels and are in addition to the requirements specified in Section 3.2.1.3.2.7.1 Functional Description Pressurizer Pressure channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.7.1.1 Pressurizer Pressure (Protection Set I)Reference 1.4.2.2.7, 1.4.2.2.8 3.2.7.1.2 Pressurizer Pressure (Protection Set II)Reference 1.4.2.2.29, 1.4.2.2.30 3.2.7.1.3 Pressurizer Pressure (Protection Set Ill)Reference 1.4.2.2.51, 1.4.2.2.52 3.2.7.1.4 Pressurizer Pressure (Protection Set IV)Reference 1.4.2.2.63, 1.4.2.2.64, 3.2.7.1.5 Each Pressurizer Pressure channel shall provide a Pressurizer Pressure signal for use by the DTTA channel processed in the same Protection Set.3.2.7.1.6 Isolated signals (not processed by the PPS) from all Pressurizer Pressure channel sensors shall be provided for use by the Pressurizer Pressure Control System.3.2.7.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.7.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.7.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Pressurizer Pressure channels: 3.2.7.4.1 Pressurizer Pressure (Protection Set I): a) MCR Indication b) PPC Monitoring
-Pressurizer Pressure c) Hot Shutdown Panel Indication d) Pressurizer Pressure Control e) PPC Monitoring
-Pressurizer Pressure Lead/Lag 3.2.7.4.2 Pressurizer Pressure (Protection Sets il, Ill, IV): a LTR~ i~ units 1& c.63195-44-8 DCPP Units I & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 62 of 90 a) MCR Indication b) PPC Monitoring
-Pressurizer Pressure c) Pressurizer Pressure Control d) PPC Monitoring
-Pressurizer Pressure Lead/Lag 3.2.7.5 Alarms and Annunciators The following alarm outputs shall be provided for the Pressurizer Pressure channels: 3.2.7.5.1 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.1.
b) Pressurizer Pressure input sensor out of range will be per Section 3.2.5.6.4.
Note: Pressurizer Pressure sensor input is provided to DTTA channel and Pressurizer Pressure channel The alarming function for out of range required by Section 2.3.1.2 will be performed by the DTTA channel.3.2.7.5.2 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.7.6 Interlocks and Permissives The following comparator outputs shall, be provided by the Pressurizer Pressure channels: 3.2.7.6.1 Pressurizer Pressure High P-il Interlock (Protection Sets 1, II, Il)For use by the SSPS P-Il Interlock logic [Deenergize to Trip].3.2.7.6.2 Pressurizer Pressure High PORV Control (Protection Sets I, II, III, IV)For use by the PORV Control logic [Energize to Trip].3.2.7.7 Trips and Trip Logic (RTS and ESFAS)The following comparator outputs shall be provided by the Pressurizer Pressure channels: 3.2.7.7.1 Pressurizer Pressure Low Reactor Trip (Protection Sets I, II, Ill, IV)For use by the SSPS Pressurizer Pressure Low Reactor Trip logic [Deenergize to Trip].3.2.7.7.2 Pressurizer Pressure Low-Low Safety Injection (SI) (Protection Sets iII, III, IV)For use by the SSPS Pressurizer Pressure Low-Low SI logic [Deenergize to Trip].3.2.7.7.3 Pressurizer Pressure High Reactor Trip (Protection Sets I, I1, III, IV)For use by the SSPS Pressurizer Pressure High Reactor Trip logic [Deenergize to Trip].3.2.7.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.7.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be as follows: 3.2.7.9.1 Input Variables:
a) Pressurizer Pressure: a LTR~a Units 1&2 DC663195-44-8 DCPP Units I & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 63 of 90 4 -20 mA = 1250 to 2500 psig 3.2.7.9.2 Calculated Variables:
a) Pressurizer Pressure Compensated:
[Calculated]
= 1250 to 2500 psig 3.2.7.9.3 Output Variables:
a) Pressurizer Pressure: 4 -20 mA [1250 to 2500 psig] = 4 -20 mA (input loop Class IA/Il isolator)3.2.7.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.7.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.7.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.7.13 Controller Transfer Functions The following controller transfer functions are used in the processing of Pressurizer Pressure channels: 3.2.7.13.1 Lead-Lag for Pressurizer Low Pressure Reactor Trip Compensation Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.7.14.3.2.7.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Pressurizer Pressure channels: 3.2.7.14.1 Pressurizer Pressure Low Reactor Trip: 1700.00 to 2250.00 psig 3.2.7.14.2 Pressurizer Pressure Low-Low SI Actuation:
1700.00 to 2250.00 psi 9 3.2.7.14.3 Pressurizer Pressure High Reactor Trip: 2250.00 to 2500.00 psi 9 3.2.7.14.4 Pressurizer Pressure High P-Il Permissive:
1700.00 to 2250.00 psi 9 3.2.7.14.5 Pressurizer Pressure High PORV: 1250.00 to 2250.00 psig a) Deleted b) Deleted 3.2.7.14.6 Tunable Parameters a) Lead Time Constant 0.000 to 60.000 seconds b) Lag Time Constant 0.000 to 10.000 seconds c) Input scaling m (gain) 0.5000 to 1.9000 d) 'Input scaling b (offset) -125.00 to 125.00 psig 3.2.7.15 Test and Calibration a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 64 of 90 No additional requirements to those identified in Section 3.2.1.15.3.2.7.16 Failure Mode Requirements 3:2.7.16.1 Deleted 3.2.8 Specific Requirements for Pressurizer Vapor Temperature The following specific requirements apply to the Pressurizer Vapor Temperature channel and are in addition to the requirements specified in Section 3.2.1.3.2.8.1 Functional Description The Pressurizer Vapor Temperature channel is presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
This drawing identifies all inputs, outputs, and external interfaces and provides a simplified representation of the channel functionality (logic).3.2.8.1.1 Pressurizer Vapor Temperature (Protection Set IV): Reference 1.4.2.2.65 3.2.8.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.8.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.8.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Pressurizer Vapor Temperature channel: 3.2.8.4.1 Pressurizer Vapor Temperature (Protection Set IV)a) MCR Indication b) PPC Monitoring c) Deleted 3.2.8.5 Alarms and Annunciators The following alarm outputs shall be provided for the Pressurizer Vapor Temperature channel: 3.2.8.5.1 Deleted 3.2.8.5.2 The following conditions shall produce an output to the "PPS Failure" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.1.
3.2.8.5.3 The following conditions shall produce an output to the "PPS Trouble" annunciator in the MCR: a) Input sensor out of range 3.2.8.6 Interlocks and Permissives The following interlocks and/or permissives are applicable to the Pressurizer Vapor Temperature channel: aLT aN Units 1 &2 DC6631 95-44-8 Page 64 OF 90 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 65 of 90 3.2.8.6.1 Pressurizer Vapor Temperature Low (Protection Set IV)For use by the RHR Valve 8701 Interlock Circuit [Energize to Trip].The Pressurizer Vapor Space Temperature Low comparator output shall be interlocked with the Wide Range Pressure Low Loop 4 comparator output to the RHR Valve 8701 Interlock circuit. A graphical presentation is shown on References 1.4.2.2.60 and 1.4.2.2.65.
3.2.8.7 Trips and Trip Logic The following comparator outputs shall be provided by the Pressurizer Vapor Temperature channel: None 3.2.8.7.1 Deleted 3.2.8.8 Accuracy No additional requirements to those identified in Section 3.2.8.8.3.2.8.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.8.9.1 Input Variables:
a) Pressurizer Vapor Temperature:
[3-wire 200 ohm platinum RTD] = 100 to 700°F (minimum range)3.2. 8. 9.2 Calculated Variables:
None 3.2.8.9.3 Output Variables:
a) Pressurizer Vapor Temperature:
100 to 700°F = 4 -20 mA 3.2.8.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.8.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.8.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.8.13 Controller Transfer Functions 3.2.8.13.1 RTD Resistance to Temperature Calculation Refer to Reference 1.4.3.18 for details.3.2.8.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Pressurizer Vapor Temperature channel: 3.2.8.14.1 Pressurizer Vapor Temperature Low (RHR Interlock):
100.000 to 700.000°F a LTRafl Units 1 &2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 66 of 90 3.2.8.14.2 Deleted 3.2.8.14.3 Tunable Parameters a) Input scaling m (gain) 0.5000 to 1.9000 b) Input scaling b (offset) -60.000 to 60.000 0 F c) RTD a constant 150.000 to 250.000 ohms d) RTD b constant 0.200000 to 0.600000 ohms/°F e) RTD c constant -0.500000E-04 to -0.I00000E-04 ohms/(OF*°F) 3.2.8.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.3.2.8.16 Failure Mode Requirements Detected RTD failures shall result in a low-going signal (failed low).3.2.9 Specific Requirements for Steamfiow The following specific requirements apply to the Steamflow channels and are in addition to the requirements specified in Section 3.2.1.3.2.9.1 Functional Description Steamfiow channels are presented graphically in the PPS Functional Block Diagrams[Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.9.1.1 Steamflow Loops 1 thru 4 (Protection Set I): References 1.4.2.2.9 thru 1.4.2.2.12 3.2.9.1.2 Steamflow, Loops 1 thru 4 (Protection Set II): References 1.4.2.2.31 thru 1.4.2.2.34 3.2.9.1.3 The Steamline Pressure signal used for Steamflow compensation shall be from the Steamline Break Protection channel processed in the same Protection Set (see Section 3.2.10), 3.2.9.1.4 The following isolated signals (not processed by the PPS) shall be provided for use by the Digital Feedwater Control System (DFWCS): a) Steamflow channel sensor input, Steam Generators 1, 2, 3, 4 (Protection Sets I, If)3.2.9.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.9.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.9.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided from the Steamflow channels: a LTRafl Units &2Dc663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 67 of 90 3.2.9.4.1 Steamflow Steam Generator 1, 2, 3, 4 (Protection Set!I)a) [Compensated]
MCR Indication b) [Compensated]
ERFDS Monitoring c) DFWCS d) [Compensated]
PPC Monitoring 3.2.9.4.2 Steamflow Steam Generator 1, 2, 3, 4 (Protection Set II)a) [Compensated]
MCR Indication b) [Compensated]
ERFOS Monitoring c) DFWCS d) [Compensated]
PPC Monitoring 3.2.9.5 Alarms and Annunciators The following alarm outputs shall be provided for the Steamflow channels: 3.2.9.5.1 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.1.
3.2.9.5.2 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) In put sensor out of range 3.2.9.5.3' The following conditions shall produce an output to actuate the "PPS Out Of Service" annunciator in the MCR: a) A Steam Flow Indicator (Fl) out of service alarm condition shall be set any time the associated Steamline Pressure channel (Section 3.2.9.1.3) is out of service.3.2.9.6 Interlocks and Permissives There are no interlocks or permissives associated with Steamflow channel processing.
3.2.9.7 Trips and Trip Logic The following comparator outputs shall be provided by the Steamflow channels: None 3.2.9.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.9.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.9.9.1 Input Variables:
a) Steamflow:
4 -20 mA = 0 to 100 XMTR dp%3.2.9.9.2 Calculated Variables:
a) Steamflow (compensated):
a LTRar~ Units 1&2 DC663195-44-8 DCPP. Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 68 of 90 Refer to Section 3.2.9.13.3.2.9.9.3 Output Variables:
a) Steamflow (compensated):
0 to 4.5 million pounds per hour = 4 --20 mA b) Steamflow:
4 -20 mA [0 to 100 XMTR dp%] =4 -20 mA (input loop Class IA/Il isolator)3.2.9.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.9.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.9.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.9.13 Controller Transfer Functions 3.2.9.13.1 Steamfiow Compensation Algorithm Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.9.14.3.2.9.13.2 Steamfiow Normalization Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.9.14.1.
3.2.9.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Steamflow channels: 3.2.9.14.1 Tunable Parameters The following tunable parameters are applicable to the Steamflow Compensation Algorithm:
a) Deleted b) Deleted c) SFmin Value equivalent to user-desired SFDP value d)e)f)g)h)A (Used in Steam Density Calc)B (Used in Steam Density Calc)(Steam Density)ref Input scaling m (gain)Input scaling b (offset)between 0.000 and 1.000% of full scale DP 0.002230 to 0.002540 lb/ft3/psig
-0.263000 to 0.000000 lb/ft3 1.570000 to 2.520000 lb/ft3 0.5000 to 1.9000-1 0.000 to 10.000 %DP 3.2.9.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.aLTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification .Page 69 of 90 3.2.9.16 Failure Mode Requirements No additional requirements to those identified in Section 3.2.1 .16.3.2.10 Specific Requirements for Steamline Break Protection The following specific requirements apply to the Steamline Break Protection channels and are in addition to the requirements specified in Section 3.2.1.3.2.10.1 Functional Description Steamline Break Protection channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic): 3.2.10.1.1 Steamline Break Protection Loops 1, 2, 3, 4 (Protection Set I)References 1.4.2.2.13 thru 1.4.2.2.16 3.2.10.1.2 Steamline Break Protection Loops 1, 2, 3, 4 (Protection Set Il)References 1.4.2.2.35 thru 1.4.2.2.38 3.2.10.1.3 Steamline Break Protection Loops 2, 3 (Protection Set Ill)References 1.4.2.2.53 and 1.4.2.2.54 3.2.10.1.4 Steamline Break Protection Loops 1, 4 (Protection Set IV)References 1.4.2.2.66 and 1.4.2.2.67 3.2.10.1.5 The following isolated signals (not processed by the PPS) shall be provided for use by the Digital Feedwater Control System (DFWCS): a) Steamline Pressure channel sensor input, Steam Generators 1, 2, 3, 4 (Protection Sets I, 1I, II, IV)3.2.10.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.10.3 indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.10.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Steamline Break Protection channels: 3.2.10.4.1 Steamline Pressure Loops 1, 2, 3, 4 (Protection Set I)a) MCR indication b) ERFDS Monitoring c) Hot Shutdown Panel Indication d) DFWCS e) PPC Monitoring
-Steamline Pressure f) PPC Monitoring
-Steamline Pressure Lead/Lag aLTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 70 of 90 g) PPC Monitoring
-Steamline Pressure Rate/Lag 3.2.10.4.2 Steamline Pressure Loops 1, 2, 3, 4 (Protection Set II)a) MCR Indication b) ERFOS Monitoring c) DEWCS d) PPC Monitoring
-Steamline Pressure e) PPC Monitoring
-Steamline Pressure Lead/Lag f) PPC Monitoring
-Steamline Pressure Rate/Lag 3.2.10.4.3 Steamline Pressure Loops 2, 3 (Protection Set Ill)a) MCR Indication b) DFWCS c) PPC Monitoring
-Steamline Pressure d) PPC Monitoring
-Steamline Pressure Lead/Lag e) PPC Monitoring
-Steamline Pressure Rate/Lag 3.2.10.4.4 Steamline Pressure Loops 1, 4 (Protection Set IV)a) MCR Indication b) DFWCS c) PPC Monitoring
-Steamline Pressure-d) PPC Monitoring
-Steamline Pressure Lead/Lag e) PPC Monitoring
-.Steamline Pressure Rate/Lag 3.2.10.5 Alarms and Annunciators The following alarm outputs shall be provided for the Steamline Break Protection channels: 3.2.10.5.1 Steamline Loop 1 Pressure Low (Protection Set IV); alarm output to be suppressed when channel is out of service 3.2.10.5.2 Steamline Loop 2 Pressure Low (Protection Set Ill); alarm output to be suppressed when channel is out of service 3.2.10.5.3 Steamline Loop 3 Pressure Low (Protection Set Ill); alarm output to be suppressed when channel is out of service 3.2.10.5.4 Steamline Loop 4 Pressure Low (Protection Set IV); alarm output to be suppressed when channel is out of service 3.2.10.5.5 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range; alarm output to be suppressed when channel is out of service 3.2.10.5.6 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 71 of 90 3.2.10.6 Interlocks and Permissives There are no interlocks or permissives associated with PPS Steamline Break Protection channel processing.
3.2.10.7 Trips and Trip Logic The following comparator outputs shall be provided by the Steamline Break Protection channels: 3.2.10.7.'1 Steamline Pressure Low Loop I (Protection Sets I, I1, IV)For use by the SSPS Low Steamline Pressure Safety Injection (SI) and Steamline Isolation logic [Deenergize to Trip]. -...3.2.10.7.2 Steamline Pressure Low Loop 2 (Protection Sets I,II, III)For use by the SSPS Low Steamline Pressure SI and Steamline Isolation logic [Deenergize to Trip].3.2.10.7.3 Steamline Pressure Low Loop 3 (Protection Sets I,li,1III)
For use by the SSPS Low Steamline Pressure SI and Steamline Isolation logic [Deenergize to Trip].3.2.10.7.4 Steamline Pressure Low Loop 4 (Protection Sets I, 1I, IV)For use by the SSPS Low Steamline Pressure SI and Steamline Isolation logic [Deenergize to Trip].3.2.10.7.5 Steamline Pressure High Negative Rate Loop 1 (Protection Sets I, II, IV)For use by the SSPS Steamline Isolation logic [Deenergize to Trip].3.2.10.7.6 Steamline Pressure High Negative Rate Loop 2 (Protection Sets I,II, II1)SFor use by the SSPS Steamline Isolation logic [Deenergize to Trip].3.2.10.7.7 Steamline Pressure High Negative Rate Loop 3 (Protection Sets 1, II, Il)For use by the SSPS Steamline Isolation logic [Deenergize to Trip].3.2.10.7.8 Steamline Pressure High Negative Rate Loop 4 (Protection Sets 1, II, IV)3.2.10.7.9 Deleted 3.2.10.7.10 Deleted 3.2.10.7.11 Deleted 3.2.10.7.12 Deleted 3.2.10.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.10.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be as follows: 3.2.10.9.1 Input Variables a) Steamline Pressure: 4 -20 mA = 0 to 1200 psig 3.2.10.9.2 Calculated Variables:
None a LTR~ Units & ageC67195OF490 DCPP Units I & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 72 of 90 3.2.10.9.3 Output Variables:
a) Steamline Pressure: 4 -20 mA [0 to 1200 psig] = 4 -20 mA (from input loop)b) Steamline Pressure: 4 -20 mA [0 to 1200 psig] = 4 -20 mA (input loop Class IA/I I isolator)3.2.10.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.10.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.10.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.10.13 Controller Transfer Functions The following controller transfer functions are used in the processing of Steamline Break Protection channels: 3.2.10.13.1 Steamline Pressure Lead/Lag Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.10.14.
3.2.10.13.2 Steamline Pressure Rate/Lag Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.10.14.
3.2.10.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Steamline Break Protection channels: 3.2.10.14.1 Steamline Pressure Low SI and Steamline Isolation:
385.000 to 88!3.2.10.14.2 Steamline Pressure High Negative Rate Steamline Isolation:
5.000 to 200.0'3.2.10.14.3 Steamline Pressure Low Alarm: 0.00 to 1200.0!3.2.10.14.4 Tunable Parameters a) Lead Time Constant (Lead/Lag function) 0.000 to 60. 000 secon b) Lag Time Constant (Lead/Lag function) 0.000 to 10.000 secon(c) Rate Time Constant (Rate/Lag function) 0.000 to 200.000 secor d) Lag Time Constant (Rate/Lag function) 0.000 to 200.000 secor e) Input scaling m (gain) 0.5000 to 1.9000 f) Input scaling b (offset) -120.00 to 120.00 psi 9 3.2.10.15 Test and Calibration No additional requirements to those identified in Section 3.2.1.15.i.000 ps~g 00 psi 9 0 psi 9 as is nds nds a LTRanT Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 73 of 90 3.2.10.16 Failure Mode Requirements No additional requirements to those identified in Section 3.2.1.16.3.2.10.16.1 Deleted 3.2.10.16.2 Deleted 3.2.11 Specific Requirements for Steam Generator Narrow Range Level The following specific requirements apply to the S/G Narrow Range Level channels and are in addition to the requirements specified in Section 3.2.1.3.2.11.1 Functional Description S/G Narrow Range Level channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external-interfaces and provide a simplified representation of the channel functionality (logic).3.2.11.1.1 Steam Generator Narrow Range Level, Loops 2 and 3 (Protection Set I): Reference 1.4.2.2.17 3.2.11.1.2
- Steam Generator Narrow Range Level, Loops 1 and 4 (Protection Set II): Reference 1.4.2.2.39 3.2.11.1.3 Steam Generator Narrow Range Level, Loops 1 thru 4 (Protection Set IlI): Reference 1.4.2.2.55 3.2.11.1.4 Steam Generator Narrow Range Level, Loops 1 thru 4 (Protection Set IV): Reference 1.4.2.2.68 3.2.11.1.5 Isolated signals (not processed by the PPS) from all S/G Narrow Range Level channel sensors shall be provided for use by the DFWCS.3.2.11.1.6 Isolated signals (not processed by the PPS) from all S/G Narrow Range Level channel sensors shall be provided for use by the AFW control system.3.2.11.1.7 Isolated signals (not processed by the PPS) from S/G Narrow Range Level channel sensors shall be provided for use by the AMSAC system as follows: a) S/G Narrow Range Level -Loop 1 (Protection Set IV)b) S/G Narrow Range Level -Loop 2 (Protection Set IIl)c) S/G Narrow Range Level -Loop 3 (Protection Set I)d) S/G Narrow Range Level -Loop 4 (Protection Set Il)3.2.11.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.11.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.11.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Steam Generator Narrow Range Level a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 74 of 90 channels: 3.2.11.4.1 Steam Generator Narrow Range Level Loop 1 (Protection Set il)a) MCR indication b) DFWOS c) AFW 3.2.11.4.2 Steam Generator Narrow Range Level Loop I (Protection Set Ill)a) MCR Indication b) ERFDS Monitoring c) DFWCS d) AFW 3.2.11.4.3 Steam Generator Narrow Range Level Loop 1 (Protection Set IV)a) MCR indication b) ERFDS Monitoring c) DFWCS d) AFW e) AMSAC 3.2.11.4.4 Steam Generator Narrow Range Level Loop 2 (Protection Set I)a) MCR indication b) DFWCS c) AFW 3.2.11.4.5 Steam Generator Narrow Range Level Loop 2 (Protection Set Ill)a) MCR Indication b) ERFDS Monitoring c) DFWCS d) AFW e) AMSAC 3.2.11.4.6 Steam Generator Narrow Range Level Loop 2 (Protection Set IV)a) MCR indication b) ERFDS Monitoring c) DFWCS d) AFW 3.2.11.4.7 Steam Generator Narrow Range Level Loop 3 (Protection Set i)a) MCR Indication b) DFWCS c) AFW d) AMSAC a LTRcflq Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 75 of 90 3.2.11.4.8 Steam Generator Narrow Range Level Loop 3 (Protection Set Ill, IV)a) MCR Indication b) ERFDS Monitoring c) DFWCS d) AFW 3.2.11.4.9 Steam Generator Narrow Range Level Loop 4 (Protection Set II)a) MCR Indication b) DEWCS c) AFW d) AMSAC 3.2.11.4.10 Steam Generator Narrow Range Level Loop 4 (Protection Set Ill, IV)a) MCR Indication b) ERFOS Monitoring c) DFWCS d) AFW 3.2.11.5 Alarms and Annunciators The following alarms and annunciator outputs shall be provided by the Steam Generator Narrow Range Level channels: 3.2.11.5.1 Steam Generator Low-Low Level Loop 2 or Loop 3 Trip Time Delay Timer Actuated (Protection Set I); alarm output to be suppressed when TTD is out of service 3.2.11.5.2 Steam Generator Low-Low Level Loop 1 or Loop 4 Trip Time Delay Timer Actuated (Protection Set II); alarm output to be suppressed when TTD is out of service 3.2.11.5.3 Steam Generator Low-Low Level Loop 1, Loop 2, Loop 3, or Loop 4 Trip Time Delay Timer Actuated (Protection Set Ill); alarm output to be suppressed when TTD is out of service 3.2.11.5.4 Steam Generator Low-Low Level Loop 1, Loop 2, Loop 3, or Loop 4 Trip Time Delay Timer Actuated (Protection Set IV); alarm output to be suppressed when TTD is out of service 3.2.11.5.5 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range; alarm output to be suppressed when Steam Generator Narrow Range Level channel is out of service 3.2.11.5.6 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.11.6 Interlocks and Permissives The following interlocks and/or permissives are applicable to the Steam Generator Narrow Range Level channels: 3.2.11.6.1 Steam Generator Low-Low Water Level Trip Time Delay (TTD)All S/G Low-Low Water Level Reactor Trip signals shall be interlocked with a TTD timer that functions as follows: a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 76 of 90 a) Low-Low Water Level detected in any SIG shall generate a signal which will start an elapsed time trip delay timer.b) The allowable TTO shall be based upon the prevailing power level (PL) at the time the Low-Low Water Level Reactor Trip setpoint is reached.c) The PL shall be determined from the Delta-T signal calculated in the DTTA channel of the same Protection Set.d) PL will be used to calculate the allowable time delays for Low-Low Water Level in a single SIG (TO).e) Partial trip actuation shall not occur until the elapsed time is greater than or equal to the allowable TTD.f) Logic and interlocks shall be provided to delay transmission of the SIG Low-Low Water Level signal according to the following:
- i. PL < PHL (PHL = Power High Limit): Time Delay = TO ii. PL >PHL: Time Delay = No Delay g) The TO delay shall be selected when the Low-Low Water Level setpoint is reached in any S/G.h) Should PL increase at any time after TO has been calculated, TO shall be recalculated and the newer (shorter)
TTD shall be applied.i) Should PL decrease after TO has been calculated, there shall be no change in the TO TTO.j) In any Protection Set, restoration of all SIG water levels to a level above the Low-Low Water Level setpoint shall result in termination of the TTD (without trip) and all trip logic signals shall be reset.3.2.11.6.2 Steam Generator Level High-High Loop 1 (Protection Set II, Ill, IV)For use by the SSPS P-14 Permissive logic [Deenergize to Trip].3.2.11.6.3 Steam Generator Level High-High Loop 2 (Protection Set I, III, IV)For use by the SSPS P-14 Permissive logic [Deenergize to Trip].3.2.11.6.4 Steam Generator Level High-High Loop 3 (Protection Set I, Il1, IV)For use by the SSPS P-14 Permissive logic [Deenergize to Trip].3.2.11.6.5 Steam Generator Level High-High Loop 4 (Protection Set II, IIl, IV)For use by the SSPS P-14 Permissive logic [Deenergize to Trip].3.2.11.7 Trips and Trip Logic The following comparator outputs shall be provided by the Steam Generator Narrow Range Level channels: 3.2.11.7.1 Steam Generator Low-Low Level Loop I (Protection Set II, IlI, IV)For use by the SSPS Low-Low Level Reactor Trip and Auxiliary Feedwater (AFW) Pump Start logic [Deenergize to Trip].The Steam Generator Low-Low Level Trip is constrained by the TTD function described in Section 3.2.11.6.1.
3.2.11.7.2 Steam Generator Low-Low Level Loop 2 (Protection Set I,1II1, IV)aLTR~a Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 77 of 90 For use by the SSPS Low-Low Level Reactor Trip and AFW Pump Start logic [Deenergize to Trip].The Steam Generator Low-Low Level Trip is constrained by the TTD function described in Section 3.2.11.6.1.
3.2.11.7.3 Steam Generator Low-Low Level Loop 3 (Protection Set I,1III, IV)For use by the SSPS Low-Low Level Reactor Trip and AFW Pump Start logic [Deenergize to Trip].The Steam Generator Low-Low Level Trip is constrained by the TTD function described in Section 3.2.11.6.1.
3.2.11.7.4 Steam Generator Low-Low Level Loop 4 (Protection Set Il, III, iV)For use by the SSPS Low-Low Level Reactor Trip and AFW Pump Start logic [Deenergize to Trip].The Steam Generator Low-Low Level Trip is constrained by the TTD function described in Section 3.2.11.6.1.
3.2.11.8 Accuracy The following accuracy requirements are applicable to the Steam Generator Narrow Range Level channels: 3.2.11.8.1 The accuracy of the effective time delay for the TTD circuit shall be within +/-1% of adjustable range.3.2.11.9 Range (for inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.11.9.1 input Variables:
a) Steam Generator Narrow Range Level: 4-20 mA = 0 to 100%3.2.11.9.2 Calculated Variables:
a) Delta-T: Calculated in associated DTTA channel per Section 3.2.5.13.4
=0 to 150% power b) Low-Low Level TTD (TD): Calculated per Section 3.2.11.6.1
= 0 to 700 seconds 3.2.11.9.3 Output Variables:
a) Steam Generators 2, 3 Narrow Range Level (Protection Set I): 4 -20 mA [0 to 100%] 4 4-20 mA (from in put loop Class IA/Il isolator)b) Steam Generators 1, 4 Narrow Range Level (Protection Set il): 4 -20 mA [0 to 100%] = 4 -20 mA (input loop Class IA/vil isolator)c) Steam Generator 3 Narrow Range Level (Protection Set I): 4 -20 mA [0 to 100%] = 4 -20 mA (input loop Class IA/VIl isolator to AMSAC)d) Steam Generator 4 Narrow Range Level (Protection Set iI): 4 -20 mA [0 to 100%] = 4 -20 mA (input loop Class IA/VIl isolator to AMSAC)a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 78 of 90 e) Steam Generator 1, 2, 3, 4 Narrow Range Level (Protection Sets Ill and IV): 4 -20 mA [0 to 100%] =4 -20 mA (from input loop)f) Steam Generator 1, 2, 3, 4 Narrow Range Level (Protection Sets Ill and IV): 4 -20 mA [0 to 100%] = 4 -20 mA (input loop Class IA/lI isolator)g) Steam Generator 2 Narrow Range Level (Protection Set Ill): 4 -20 mA [0 to 100%] = 4 -20 mA (input loop Class IA/Il isolator to AMSAC)h) Steam Generator 1 Narrow Range Level (Protection Set IV): 4 -20 mA [0 to 100%] = 4 -20 mA (input loop Class IA/Il isolator to AMSAC)3.2.11.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.11.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.11.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.11.13 Controller Transfer Functions The following controller transfer functions are used in the processing of Steam Generator Narrow Range Level channels: 3.2.11.13.1 The delay units provided for the Steam Generator Low-Low Water Level signals shall have the following transfer function: t -A-4-l A =time delay input ---I --- output 3.2.11.13.2 Upon loss of signal to the delay unit, the output of the unit must reset to its initial state.3.2.11.13.3 Trip Time Delay Algorithm Refer to Reference 1.4.3.18 for details. Ranges for tuning constants associated with this function are provided in Section 3.2.11.14.
3.2.11.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Steam Generator Narrow Range Level channels: 3.2.11.14.1 Steam Generator Water Level Low-Low Reactor Trip: 0.000 to 45.000% of Narrow Range Span Note: Percent of Narrow Range Span refers to percent of span as measured from the narrow range level tap.a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 79 of 90 3.2.11.14.2 Steam Generator Water Level High-High Turbine Trip and Feedwater Isolation:
45.000 to 90.000% of Narrow Range Span Note: Percent of Narrow Range Span refers to percent of span as measured from the narrow range level tap.3.2.11.14.3 Tunable Parameters
- a. (TTD) Power High Limit (PHL)b. (TTD) A c. (TTD) B d. (TTD) C e. (TTD) 0 f. Input scaling m (gain)g. Input scaling b (offset)0.000 to 100.000% of Rated Thermal Power 0.000000 to -0.010000 0.000000 to 1.000000 0.000 to -1 00.000 0.00 to 1000.00 0.5000 to 1.9000-1 0.000 to 10.000%3.2.11.15 Test and Calibration The following Test and Calibration requirements are applicable to the Steam Generator Narrow Range Level channels: 3.2.11.15.1 For the purpose of testing the Delta-T signal that provides input for the TTD logic, the design shall automatically enable a zero second allowable trip delay for all narrow range level channels in the affected Protection Set.3.2.11.15.2 3.2.11.15.3 For the purpose of testing the TTD function, the design shall automatically enable a zero second allowable trip delay for all narrow range level channels in the affected Protection Set.For the purpose of testing a steam generator narrow range level channel, the design shall automatically disable the steam generator low-low level trip input to the TTD algorithm.
3.2.11.16 Failure Mode Requirements The following Failure Mode requirements are applicable to the Steam Generator Narrow Range Level channels: 3.2.11.16.1 Failures (other than loss of power or isolation device) within the PPS processing instrumentation shall not affect the operability of the AMSAC system.3.2.12 Specific Requirements for Turbine Impulse Chamber Pressure The following specific requirements apply to the Turbine Impulse Chamber Pressure channels and are in addition to the requirements specified in Section 3.2.1.3.2.12.1 Functional Description Turbine Impulse Chamber Pressure channels are presented graphically in the PPS Functional Block Diagrams [Reference 1 .4.2.2]. These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.12.1.1 Turbine Impulse Chamber Pressure (Protection Set I): Reference 1.4.2.2.18 a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 80 of 90 3.2.12.1.2 Turbine Impulse Chamber Pressure (Protection Set il): Reference 1.4.2.2.40 3.2.12.1.3 Isolated signals (not processed by the PPS) from all Turbine Impulse Chamber Pressure channel sensors shall be provided for use by the following:
a) AMSAC 3.2.12.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.12.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.12.4 Outputs for Monitoring, Indication, Recording, and Control The following outputs shall be provided by the Turbine Impulse Chamber Pressure channels: 3.2.12.4.1 Turbine Impulse Chamber Pressure (Protection Set I): a) MCR Indication b) PPC Monitoring c) AMSAC 3.2.12.4.2 Turbine Impulse Chamber Pressure (Protection Set II): a) MCR Indication b) PPC Monitoring c) AMSAC 3.2.12.5 Alarms and Annunciators The following alarm outputs shall be provided for the Turbine Impulse Chamber Pressure channels: 3.2.12.5.1 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range 3.2.12.5.2 The following conditions shall produce an output to actuate the "PPS Trouoble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.12.6 Interlocks and Permissives The following comparator outputs shall be provided by the Turbine Impulse Chamber Pressure channels: 3.2.12.6.1 Turbine Impulse Pressure High (Protection Sets I, II): For use by the SSPS P-i13 Permissive logic [Deenergize to Trip].3.2.12.6.2 Turbine Impulse Pressure Low (Protection Set I)For use by the Turbine Low Power Interlock C-5 logic [Deenergize to Trip].Note: Comparator output voltage provided externally from RNARA.a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 81 of 90 3.2.12.7 Trips and Trip Logic The following comparator outputs shall be provided by the Turbine Impulse Chamber Pressure channels: None 3.2.12.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.12.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.12.9.1 Input Variables:
a) Turbine Impulse Chamber Pressure: 4 -20 mA =0to 110% of Turbine Power 3.2.12.9.2 Calculated Variables:
None 3.2.12.9.3 Output Variables:
a) Turbine Impulse Chamber Pressure: 0Oto 110% of Turbine Power =4-20 mA b) Turbine Impulse Chamber Pressure: 4 -20 mA [0 to 110% of Turbine Power] = 4 -20 mA (input loop Class IA/Il isolator)3.2.12.10 Time Response No additional requirements to those identified in Section 3.2.1.10.3.2.12.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1 .11.3.2.12.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.12.13 Controller Transfer Functions No additional requirements to those identified in Section 3.2.1.13.3.2.12.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Turbine Impulse Chamber Pressure channels: 3.2.12.14.1 Turbine impulse Pressure High to P-13: 5.000 to 20.000%.3.2.12.14.2 Turbine Impulse Pressure Low to C-5: 5.000 to 20.000%.3.2.12.14.3 Tunable Parameters a) Input scaling m (gain) 0.5000 to 1.9000 a LTRafl Units 1&2 DC663195-44-8 Pag 81OF 90 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 82 of 90 b) Input scaling b (offset) -11.000 to 11.000%3.2.12.15 Test and Calibration A manual bypass switch shall be provided for the Turbine Impulse Pressure High to P-i13 comparator output to facilitate test and calibration.
When in Bypass, the switch shall maintain the non-tripped condition of the comparator.
3.2.12.16 Failure Mode Requirements The following Failure Mode requirements are applicable to the Turbine Impulse Pressure channels: 3.2.12.16.1 Failures (other than loss of power or isolation device) within the PPS processing instrumentation shall not affect the operability of the AMSAC system.3.2.13 Specific Requirements for Containment Pressure The following specific requirements apply to the Containment Pressure channels and are in addition to the requirements specified in Section 3.2.1.3.2.13.1 Functional Description Containment Pressure channels are presented graphically in the PPS Functional Block Diagrams [Reference 1.4.2.2].
These drawings identify all inputs, outputs, and external interfaces and provide a simplified representation of the channel functionality (logic).3.2.13.1.1 Containment Pressure (Protection Set I): Reference 1.4.2.2.19, 1.4.2.2.20 3.2.13.1.2 Containment Pressure (Protection Set Il): Reference 1.4.2.2.41, 1.4.2.2.42 3.2.13.1.3 Containment Pressure (Protection Set Ill): Reference 1.4.2.2.56, 1.4.2.2.57 3.2.13.1.4 Containment Pressure (Protection Set IV): Reference 1.4.2.2.69, 1.4.2.2.70 3.2.13.2 Special Environmental Requirements No additional requirements to those identified in Section 3.2.1.2.3.2.13.3 Indicators, Status Lights and Controls No additional requirements to those identified in Section 3.2.1.3.3.2.13.4 Outputs for Monitoring, Indication, and Control The following outputs shall be provided by the Containment Pressure channels: 3.2.13.4.1 Containment Pressure (Protection Sets I, IV)a) MCR Indication b) PPC Monitoring 3.2.13.4.2 Containment Pressure (Protection Sets II, III)a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 83 of 90 a) MCR Indication b) PPC Monitoring c) ERFDS Monitoring 3.2.13.5 Alarms and Annunciators The following alarm outputs shall be provided for the Containment Pressure channels: 3.2.13.5.1 Deleted 3.2.13.5.2 The following conditions shall produce an output to actuate the "PPS Failure" annunciator in the MCR: a) Input sensor out of range" 3.2.13.5.3 The following conditions shall produce an output to actuate the "PPS Trouble" annunciator in the MCR: a) No additional requirements to those identified in Section 3.2.1.5.2.
3.2.13.6 Interlocks and Permissives There are no interlocks or permissives associated with PPS Containment Pressure channel processing.
3.2.13.7 Trips and Trip Logic The following comparator outputs shall be provided by the Containment Pressure channels: 3.2.13.7.1 Containment Pressure High (Protection Sets II, Ill, IV)For use by SSPS SI and Phase A Containment Isolation logic [Deenergize to Trip].3.2.13.7.2 Containment Pressure High-High (Protection Sets I, II, III, IV)For use by SSPS Phase B Containment Isolation, Containment Spray, and Steamline Isolation logic [Energize to Trip].3.2.13.8 Accuracy No additional requirements to those identified in Section 3.2.1.8.3.2.13.9 Range (for Inputs, Calculated Values, and Outputs)Ranges for input, calculated, and output variables shall be scaled as follows: 3.2.13.9.1 Input Variables:
a) Containment Pressure: 4 -20 mA = -5 to 55 psig 3.2.13.9.2 Calculated Variables:
None 3.2.13.9.3 Output Variables:
a) Containment Pressure: 4 -20 mA [-5 to 55 psig] = 4 -20 mA (from input loop)3.2.13.10 Time Response No additional requirements to those identified in Section 3.2.1.10.a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 84 of 90 3.2.13.11 Overload and Recovery Characteristics No additional requirements to those identified in Section 3.2.1.11.3.2.13.12 Noise Levels No additional requirements to those identified in Section 3.2.1.12.3.2.13.13 Controller Transfer Functions No additional requirements to those identified in Section 3.2.1.13.3.2.13.14 Setpoints and Tunable Parameters (Range of Setting)The following shall apply to the comparator setpoints and tunable parameters of the Containment Pressure channels: 3.2.13.14.1 Containment Pressure High SI, Phase A Isolation:
0.0000 to 10.0000 psig 3.2.13. 14.2 Containment Pressure High-High Phase B Isolation, Containment Spray, Steamline Isolation:
0.0000 to 40.0000 psig 3.2.13.14.3 Tunable Parameters a) Input scaling m (gain)b) Input scaling b (offset)0.5000 to 1.9000-6.0000 to 6.0000 psig 3.2.13.15 Test and Calibration A manual bypass switch independent of the PPS shall be provided for the Containment Pressure High-High comparator output to facilitate test and calibration.
When in Bypass, the switch shall maintain the non-tripped condition of the comparator.
3.2.13.16 Failure Mode Requirements No additional requirements to those identified in Section 3.2.1.16.3.2.13.16.1 Deleted 3.3 System Security Access to the PPS will be administratively controlled by the end user(s). The following features shall be available to support configuration control/management of the system and shall be described in the Configuration Management Plan for the system.3.3.1 Physical Security The PPS processing instrumentation shall have provisions for accommodating physical security devices such as keylocks, cabinet locks, etc. to ensure that only appropriate personnel have access to the PPS processing instrumentation.
3.3.2 System Logon Protection Access to the PPS processing instrumentation will be administratively controlled using physical security and/or password Iogon security measures (as applicable).
a LTRaAl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 85 of 90 3.3.3 Communications With External (Non-PPS)
Systems All communications between external systems/devices and the PPS instrumentation shall be read only by the external system.3.4 Information Management There are no information management requirements imposed on the PPS.3.5 System Operations 3.5.1 System Human Factors 3.5.1.1 The PPS HSI design should follow the guidance provided in the DCPP HSI Development Guidelines Document [Reference 1.4.3.16].
3.5.2 System Maintainability 3.5.2.1 The PPS processing instrumentation shall have the capability for removal and replacement of all cards/modules at power (hot swap capability) with the system on-line without adverse effect to any protection function.3.5.2.2 System power supplies shall provide hot swap capability.
3.5.2.3 Test and Calibration requirements are identified in Section 3.2.1.15.3.5.2.4 The capability shall be provided to place and maintain multiple channels Out of Service (trip or bypass).3.5.3 System Reliability System diagnostics and self-testing features shall be incorporated in the design to provide automatic detection (where possible) of component failures or degradation of operability.
3.6 Policy and Regulation Section 1.4 provides a listing of References that are utilized in the development of the PPS and all changes thereto to ensure that system design bases requirements are satisfied and the PPS will function as required within the Plant Protection System to ensure that the health and safety of the general public is not jeopardized by the operation of DCPP. The listed References include documents defining design requirements, documents providing guidance for implementation of design requirements, and licensing documents that provide definitive direction for ensuring that operation of the PPS will be maintained within design requirements.
3.7 System Life Cycle Sustainment This Section is only applicable if the PPS equipment subject to this FRS is digital and requires software to be developed for its use.3.7.1 PPS Software Software shall be maintained in accordance with the Software Quality Assurance Plan a LTRanh Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 86 of 90 developed for the PPS as required by IDAP CF2.1D9 [Reference 1.4.3.6].a LTRaMl Units 1&2 0C663195-44-8 DCPP Units 1 & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 87 of 90 4 System Interfaces 4.1 External Interfaces The PPS has external interfaces with the following systems. The exchange of information is strictly from the PPS to the identified system. There is no return of information from the receiving system.4.1.1 Plant Process Computer (PPC)The PPS will interface with the PPC to provide monitoring and status information.
4.1 .1.1 Appropriate signal isolation shall be provided between the PPS and PPC.4.1.2 Main Annunciator System (MAS)The PPS will provide contact outputs where needed to interface with the MAS.4.1.2.1 The MAS will provide the contact interrogation voltage.4.1.2.2 Appropriate signal isolation shall be provided between the PPS and MAS.4.1.3 Main Control Panels The PPS will provide appropriately qualified analog outputs and/or appropriately qualified isolation devices to interface with the main control panels in the MCR for purposes of indication and status monitoring (i.e., indicators, recorders, ERFDS, etc.).4.1.3.1 Appropriate signal isolation shall be provided between the PPS and main control panel devices.4.1.4 Hot Shutdown Panel The PPS will provide analog outputs from Pressurizer Level, Pressurizer Pressure, and Steamline Pressure channels to interface with the Hot Shutdown Panel.4.1.4.1 Appropriate signal isolation shall be provided between the PPS and the Hot Shutdown Panel.4.1.5 Solid State Protection System (SSPS)The PPS will provide partial trip outputs to interface with the SSPS as shown on the Functional Block Diagrams [Reference 1.4.2.2].4.1.6 AMSAC The PPS will provide shared signals from the SIG Narrow Range Level and Turbine Impulse Chamber Pressure channel sensor inputs to interface with the AMSAC.Refer to Sections 3.2.11 and 3.2.12.4.1 .6.1 These signals shall be from the raw sensor input and shall not be processed by the PPS.4.1.6.2 Appropriate signal isolation shall be provided between the PPS and the AMSAC.a LTRafl unit 1& DC663195-44-8 DCPP Units I & 2, Process Protection System 08-0015-SP-001, Revision:
9 Functional Requirements Specification Page 88 of 90 4.1.7 Digital Feedwater Control System (DFWCS)The PPS will provide signals from the SIG Narrow Range Level, Steamfiow, and Steamline Pressure channel sensor inputs to interface with the DFWCS. , Refer to Sections 3.2.11, 3.2.9, and 3.2.10.4.1.7.1 These signals shall be from the raw sensor input and shall not be processed by the PPS.4.1.7.2 Appropriate signal isolation shall be provided between the PPS and the DFWCS.4.1.8 Rod Speed and Direction The PPS will provide analog outputs from the DTTA channels to interface with Rod Speed and Direction in the Process Control System (PCS).Refer to Section 3.2.5.Note: The alternative of sharing RTD input signals is not considered a feasible option with today's technology but would be allowable should the technology become available.
4.1.8.1 Appropriate signal isolation shall be provided between the PPS and the PCS.4.1.9 Pressurizer Pressure Control The PPS will provide signals from the Pressurizer Pressure channel sensor inputs to interface with Pressurizer Pressure Control in the PCS.Refer to Section 3.2.7.4.1.9.1 These signals shall be from the raw sensor input and shall not be processed by the PPS.4.1.9.2 Appropriate signal isolation shall be provided between the PPS and the PCS.4.1.10 Pressurizer Level Control The PPS will provide signals from the Pressurizer Level channel sensor inputs to interface with Pressurizer Level Control in the PCS.Refer to Section 3.2.6.4.1.10.1 These signals shall be from the raw sensor input and shall not be processed by the PPS.4.1.10.2 Appropriate signal isolation shall be provided between the PPS and the PCS.4.1.11 Auxiliary Feedwater (AFW) Control The PPS will provide signals from the S/G Narrow Range Level sensor inputs to interface with AFW Control in the PCS.Refer to Section 3.2.11.4.1.11.1 These signals shall be from the raw sensor input and shall not be processed by the PPS.4.1.11.2 Appropriate signal isolation shall be provided between the PPS and the PCS.a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System 08-001 5-SP-001, Revision:
9 Functional Requirements Specification Page 89 of 90 4.1.12 Reactor Vessel Level Indicating System (RVLIS)Outputs from the PPS Wide Range Temperature and Wide Range Pressure channels will be provided to interface with the RVLIS.Refer to Sections 3.2.3 and 3.2.4.4.1.12.1 The PPS Wide Range Temperature (hot leg) channels will provide analog outputs to interface with the RVLIS.4.1.12.2 The PPS Wide Range Pressure channels (reactor coolant loops 3 and 4) will provide raw sensor input signals not processed by the PPS to interface with the RVLIS.4.1.12.3 Appropriate signal isolation shall be provided between the PPS and the RVLIS.4.1.13 Low Temperature Overpressure Protection System (LTOPS)Outputs from the PPS Wide Range Temperature and Wide Range Pressure channels will be provided to interface with the LTOPS.Refer to Sections 3.2.3 and 3.2.4.4.1.13.1 The PPS Wide Range Temperature (cold leg) channels will provide comparator outputs to interface with LTOPS via isolation relays in the Aux Safeguards (RNASA) relay rack.4.1.13.2 The PPS Wide Range Pressure channels will provide comparator outputs to interface with LTOPS via isolation relays in the Aux-Safeguards (RNASA) relay rack.4.1.14 Pressurizer Power Operated Relief Valve (PORV) Control System The PPS will provide comparator outputs from Pressurizer Pressure channels to interface with the PORV Control System via isolation relays in the Aux Safeguards (RNASA) relay rack.Refer to Section 3.2.7.4.1.15 Residual Heat Removal (RHR) Interlocks The PPS will provide comparator outputs from Wide Range Pressure channels to interface with the RHR system RHR suction valve (V-8701 and V-8702) "OPEN" actuation logic and alarming circuits via isolation relays in the Aux Safeguards (RNASA and RNASB) relay racks.Refer to Section 3.2.4.4.1.16 Pressurizer Level Control The PPS will provide analog outputs from the DTTA channels to interface with Pressurizer Level Control in the Process Control System (PCS).Refer to Section 3.2.5.Note: The alternative of sharing RTD input signals is not considered a feasible option with today's technology but would be allowable should the technology become available.
a LTRafl Units 1&2 DC663195-44-8 DCPP Units 1 & 2, Process Protection System Functional Requirements Specification 08-0015-SP-001, Revision:
9 Page 90 of 90 4.1.17 Steam Dump Control The PPS will provide analog outputs from the DTTA channels to interface with Steam Dump Control in the Process Control System (PCS).Refer to Section 3.2.5.Note: The alternative of sharing RTD input signals is not considered a feasible option with today's technology but would be allowable should the technology become available.
4.2 Human System Interface A Human System Interface (HSI) shall be provided that will provide the primary interface between plant personnel and the PPS instrumentation for purposes of testing, maintenance, and troubleshooting.
aLTRafl Units 1&2 DC663195-44-8