09 to Final Safety Analysis Report, Chapter 7, Instrumentation and Controls, Section 7.8

ML16256A332
Person / Time
Site:	Waterford
Issue date:	08/25/2016
From:	Entergy Operations
To:	Office of Nuclear Reactor Regulation
Shared Package
ML16256A115	List: ML16256A120 ML16256A121 ML16256A122 ML16256A123 ML16256A124 ML16256A126 ML16256A127 ML16256A128 ML16256A129 ML16256A131 ML16256A132 ML16256A136 ML16256A137 ML16256A138 ML16256A144 ML16256A145 ML16256A150 ML16256A153 ML16256A154 ML16256A155 ML16256A156 ML16256A157 ML16256A159 ML16256A160 ML16256A161 ML16256A162 ML16256A163 ML16256A164 ML16256A165 ML16256A167 ML16256A170 ML16256A171 ML16256A172 ML16256A174 ML16256A175 ML16256A181 ML16256A182 ML16256A183 ML16256A184 ML16256A185 ML16256A186 ML16256A188 ML16256A189 ML16256A190 ML16256A191 ML16256A192 ML16256A193 ML16256A194 ML16256A195 ML16256A196 ... further results
References
W3F1-2016-0053
Download: ML16256A332 (3)
v • d • e

Text

WSES-FSAR-UNIT-3 7.8-1 Revision 10 (10/99) 7.8 ATWS MITIGATION SYSTEMS 7.

8.1 INTRODUCTION

The Diverse Reactor Trip System (DRTS), Diverse Turbine Trip System (DTTS) and Diverse Emergency Feedwater Actuation System (DEFAS) are alternate non-safety systems for Reactor Trip, Turbine Trip and Emergency Feedwater Actuation. These systems are independent and diverse from the Reactor Protection Systems and are intended to reduce the risk from an Anticipated Transient Without Scram (ATWS) event per the requirements of 10CFR50.62.

The condition indicative of an ATWS was chosen to be the presence of a higher pressure in the primary loop than is required for the RTS trip of the reactor. It is assumed that there is no seismic event or significant plant physical damage concurrent with ATWS.

7.8.2 DESIGN BASIS The ATWS mitigation systems are designed to mitigate the consequences of Anticipated Operational Occurrence (AOOs) such as a loss of feedwater, loss of condenser vacuum or loss of offsite power coupled with a failure of the Reactor Protection System to trip the reactor. The ATWS mitigation systems are:

1) diverse from the Reactor Protection System (RPS) and the Engineered Safety Features Actuation Systems (ESFAS);

2) electrically independent from the RPS and ESFAS power supplies and circuitry, and capable of performing their design functions upon a loss-of-offsite power; 3) physically separated from the RPS and ESFAS to the extent practicable, consistent with Regulatory Guide 1.75 and IEEE-384-1974 practices; 4) minimize the potential for inadvertent actuations and challenges to safety systems; 5) testable at power; 6) non-safety related control grade systems designed and selected to withstand anticipated service environments.

7.8.3 SYSTEM DESCRIPTION 7.8.3.1 Diverse Reactor Trip System (DRTS)

The Diverse Reactor Trip System (DRTS) is a dual channel system. It consists of pressure sensors in the pressurizer, a selector switch and two push buttons on the main control board, control room annunciators, and relay logic as depicted in Figures 7.8-1 and 7.8-2.



DRTS actuates on a pressurizer pressure setpoint of approximately 2435 psia as compared to the RTS trip setpoint of 2350 psia and allowable value of 2359 psia. The trip setting is such that it is greater than the RPS High Pressurizer Pressure Trip Setpoint (HPPTS) and less than the Primary Safety Valve (PSV) set pressure of 2500 psia (+/- 1%). Once the DRTS is tripped, it will remain in that state till the ATWS high pressure condition subsides and the controls are reset. Two push buttons are installed on the main control board to provide the means of manual initiation of the DRTS. Depressing both push buttons simultaneously will result in de-energization of the MG set output contactor coils and subsequently trip the reactor.



WSES-FSAR-UNIT-3 7.8-2 Revision 11 (05/01) 7.8.3.2 Diverse Emergency Feedwater Actuation System (DEFAS)

The Diverse Emergency Feedwater Actuation System (DEFAS) consists of steam generator pressure and level sensors, a selector switch with two push buttons and annunciation in the main control room, interlocks with the DRTS and the Emergency Feedwater System, and relay logic as depicted on Figures 7.8-3 and 7.8-4. The initiation signal for the DEFAS is a two-out-of-two logic configuration of low level signals (55% of wide range) in both steam generators.

The DEFAS actuation signals are interlocked with DRTS to assure actuation only on conditions indicative of an ATWS. The DEFAS actuation signals are interlocked with steam generator pressure and with the EFAS. The steam generators pressure parameters assist in identifying a spurious MSIS and are used as a permissive for actuation of the emergency feedwater system. The interlock with the EFAS is provided to ensure that the DEFAS actuates the emergency feedwater equipment only in case of EFAS failure.

Two push buttons are installed on the main control board to provide the means of manual initiation of the DEFAS. Depressing both push buttons simultaneously will actuate DEFAS.

DEFAS initiates the following control action:

1.

Start motor driven emergency feedwater pumps, 2.

open steam valves to the turbine of the turbine driven emergency feedwater pump, 3.

close steam generator steam blowdown valves, and 4.

open emergency feedwater isolation valves.

The existing feedwater emergency control system regulates the initial flow of the emergency feedwater to the steam generators and subsequently maintains a preset level in the steam generators.

The emergency feedwater system will continue to function properly as long as the pressure in the steam generators remains above the setpoints of the steam generators pressure interlock signals and consequently the DEFAS actuation relays remain energized. As the cool down of the plant progresses, the pressure in the steam generators will decrease and will approach the setpoint value of the steam generators pressure interlock signals. At this point, operator intervention will be required to either bypass the DEFAS or manually lower the steam generator pressure interlock setpoints in order to ensure completion of the plant cool down.

7.8.3.3 Diverse Turbine Trip Inherent to DRTS design is a turbine trip independent and diverse from PPS, which is initiated by undervoltage conditions sensed in the CEA drive control system. This arrangement satisfies the ATWS rule requirements for a diverse turbine trip.

WSES-FSAR-UNIT-3 7.8-3 Revision 11 (05/01) 7.8.4 SAFETY EVALUATION The ATWS mitigation systems are non-safety related control grade systems which use equipment that is diverse from the Reactor Protection System (RPS) and Engineered Safety Features Actuation System (ESFAS). The systems will respond effectively to anticipated operational occurrences coupled with a failure of the RPS to trip the reactor; assuming the availability or unavailability of offsite power.

The DRTS and DEFAS are designed with features to minimize inadvertent actuations and challenges to safety systems. The systems will not interface with the expected RPS and ESFAS response to design basis accidents.

The actuation of the DRTS and DEFAS is designed to operate equipment upon energization of the initiating relays. This design is opposite of the PPS in that the PPS initiation relay actuates equipment on de-energization.

The setpoints for initiating the DRTS or DEFAS are selected such that the initiation of the DRTS and DEFAS prior to PPS initiation is prevented. The design of the DRTS and DEFAS incorporates Class 1E isolation devices, single-failure criterion, and enhanced logic (e.g. 2-out-of-2 channels, steam generator pressure permissive) to further assure that the inadvertent actuation of those systems is precluded.

No common mode failures exist that could affect the PPS (RPS and ESFAS) and the DRTS/DEFAS simultaneously. The ATWS mitigation systems are electrically independent of the RPS power supplies.

Faults within the non-safety related equipment ATWS mitigation circuits will not degrade safety related equipment.

The DRTS and DEFAS logic circuitry is located in cabinets which are physically separated (different room) from the RPS logic cabinets. Cable routings and electrical isolation are maintained in accordance with Regulatory Guide 1.75 and IEEE-384-1974 as described in FSAR Sections 7.2, 7.3, and 8.3. Thus, the DRTS and DEFAS are protected from any postulated common-cause failure which may catastrophically destroy the RPS logic cabinets.

7.8.5 INSPECTION AND TESTING REQUIREMENTS Periodic calibration and functional tests are performed on the ATWS mitigation systems. The systems are designed to be tested at power such that inadvertent challenges to safety systems are precluded.

Functional tests, verification of alarms and actuation relay status, are performed at the same frequency as the RPS and ESFAS test intervals. At refueling intervals, the complete system is tested for 2-out-of-2 logic to actuate final equipment.