Text

St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 7, Instrumentation and Controls
	ML17171A247
Person / Time
Site:	Saint Lucie
Issue date:	05/03/2017
From:	; Florida Power & Light Co
To:	; Office of Nuclear Reactor Regulation
Shared Package
ML17172A000	List: L-2017-074, Redacted - St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 10, Steam and Power Conversion System; L-2017-074, Redacted - St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 11, Radioactive Waste Management System; L-2017-074, Redacted - St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 12, Radiation Protection; L-2017-074, Redacted - St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 2, Site Characteristics; L-2017-074, Redacted - St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 6, Engineered Safety Features; L-2017-074, Redacted - St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 8, Electric Power; L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 1, Introduction and General Description of Plant Site Characteristics; L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 13, Conduct of Operations; L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 14, Initial Test Program; L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 15, Accident Analysis; L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 16, Technical Specifications; L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 17, Quality Assurance; L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 18, Aging Management Programs and Time-Limited Aging Analyses Activities; L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 2, Site Characteristics; L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 5, Reactor Coolant System; L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 7, Instrumentation and Controls; L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 9, Auxiliary Systems; L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 9.5, Fire Protection Program Report; ML17132A382; ML17171A239; ML17171A240; ML17171A244; ML17171A247; ML17171A249; ML17171A250; ML17171A256; ML17171A257; ML17171A258; ML17171A259; ML17171A261; ML17171A262; ML17298A046; ML17298A047; ML17298A048; ML17298A049; ML17298A050; ML17298A051;
References
	L-2017-074
	Download: ML17171A247 (467)
	v • d • e

{{#Wiki_filter:CHAPTER 7 Section Title Page 7.2.1.7 Redundancy 7.2-27 7.2.1.8 Diversity 7.2-28 7.2.1.9 Comparison 7.2-29 7.2.1.10 Sensors and Set Points 7.2-32 7.2.2 ANALYSIS 7.2-33 7.2.2.1 Conformance to General Design Criteria 7.2-33 7.2.2.2 Conformance to IEEE-279 7.2-36 7.2.2.3 Conformance to Testing Criteria 7.2-41 7.2.2.4 Effects of Other Associated Functions 7.2-41 7.2.2.5 Protection System Setpoint Methodology and Determination of Surveillance Procedure Acceptance Criteria 7.2-42 7.3 ENGINEERED SAFETY FEATURES SYSTEMS 7.3-1 7.

3.1 DESCRIPTION

7.3-1 7.3.1.1 Engineered Safety Features Actuation Systems 7.3-1 7.3.1.2 Engineered Safety Feature Systems Instrumentation and 7.3-10f Control 7.3.1.3 Engineered Safety Features Supporting Systems 7.3-14 Instrumentation and Control 7.3.1.4 Design Basis Information Required by Section 3 of 7.3-22 IEEE Std 279-1971 REFERENCES 7.3-25 7.3.2 ANALYSIS 7.3-26 7.3.2.1 Failure Mode and Effects Analysis 7.3-26 7.3.2.2 Conformance to General Design Criteria 7.3-26

UNIT 1 7-ii Amendment No. 27 (04/15)

CHAPTER 7 Section Title Page 7.6.1.2 Fuel Handling System Interlocks 7.6-2 7.6.1.3 Overpressure Mitigating System (OMS) 7.6-5 7.6.1.4 Anticipated Transient Without Scram (ATWS) 7.6-6 7.6.2 ANALYSIS 7.6-7 7.6.2.1 Shutdown Cooling System Interlocks 7.6-7 7.6.2.2 Fuel Handling System Interlocks 7.6-8 7.6.2.3 Overpressure Mitigating System (OMS) 7.6-8 7.6.2.4 Diverse Scram System 7.6-8 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY 7.7-1 7.

7.1 DESCRIPTION

7.7-1 7.7.1.1 Reactor Control Systems 7.7-1 7.7.1.2 Reactor Coolant Control System 7.7-6 7.7.1.3 Steam Generator Control System 7.7-8 7.7.1.4 Turbine Control System 7.7-10 7.7.2 ANALYSIS 7.7-13 7.7.2.1 Reactor Control System 7.7-13 7.7.2.2 Reactor Coolant Control System 7.7-13 7.7.2.3 Steam Generator Control System 7.7-13 7.7.3 SYSTEM EVALUATION - HUMAN FACTORS ENGINEERING 7.7-14 7.7.3.1 HFE Program 7.7-14 7.7.3.2 Detail Control Room Design Review Implementation 7.7-14a 7.7.3.3 DCRDR Implementation Evaluation 7.7-14d 7.7.4 Leading Edge Flow Meter 7.7-14e REFERENCES 7.7-15

7-v Amendment No. 26 (11/13) INSTRUMENTATION AND CONTROLS CHAPTER 7 LIST OF TABLES Table Title Page 7.2-1 Monitored Plant Variable Instrumentation Ranges Response Times 7.2-43 7.2-2 Deleted 7.2-44 7.2-3 Reactor Protective System Bypasses 7.2-46 7.2-4 Reactor Protective System Sensors 7.2-47 7.2-5 Reactor Protective System Design Margins 7.2-48 7.2-6 Failure Mode, Effects and Criticality Analysis 7.2-49 7.3-1 ESFAS Sensor Parameters and Set Points 7.3-41 7.3-2 Components Actuated on SIAS 7.3-42 7.3-3 Components Actuated on R AS 7.3-48 7.3-4 Components Actuated on CSAS 7.3-49 7.3-5 Components Actuated on CIS 7.3-51 7.3-6 Components Actuated on MSIS 7.3-56 7.3-6A Auxiliary Building, Emergency Exhaust Fan HVE-9A (ECCS Area) 7.3-57 Conformance to IEEE-279-1971 Section 4.11 7.3-7 ESFAS Failure Analysis 7.3-59 7.3-8 ESF Signal Interconnections for 1AB Shared System Equipment Control 7.3-67 Failure Mode Analysis 7.3-9 Components and Actuated Devices Not Tested During Normal Operation 7.3-69 7.3-10 Auxiliary Feedwater Actuation System Failure Modes and Effects Analysis 7.3-70 7.4-1 Instruments Required to Monitor Safe Shutdown 7.4-24 7.4-2 Components Actuated by Auxiliary Feedwater Automatic Initiation System 7.4-25 7.5-1 CEA Position Light Matrix 7.5-27 7.5-2 Safety Related Display Instrumentation 7.5-28

UNIT 1 7-vi Amendment No. 27 (04/15) CHAPTER 7 LIST OF TABLES (Cont'd)Table Title Page 7.5-3 Accident and Incident Instrumentation Requirements 7.5-37 7.5-4 Accid ent and Incident Instrumentation 7.5-38 7.5-5 Excore Neutron Flux Monitoring System 7.5-42 7.7-1 CEA Withdrawal and Motion Inhibit Interlocks 7.7-16 7-vii Am. 11-7/92

CHAPTER 7 LIST OF FIGURES (Cont'd) Figure Title 7.7-3 CEA Position Setpoints

7.7-4 Pressure Control Program

7.7-5 Feedwater Control System - Block Diagram 7.7-6 Deleted

7-xiv Amendment No. 26 (11/13)

a)Reactor Protective system monitoring (1E) [CE]b)Engineered safety features monitoring (1E) [E] c)CEA position indication (non 1E) [CE) d)Boron control display instrumentation (1E and non 1E) [E] e)Plant process display instrumentation (1E and non 1E) [E] f)Control Boards (1E) and Annunciators (non 1E) [E] This instrumentation is described in Section 7.5. 7.1.1.5 All Other Systems Required For Safety The following systems are required for plant safety: a)Refueling interlocks [CE] b)Shutdown cooling interlocks [CE] c)Overpre ssure Mitigating System (OMS) [CE] d)Diverse Scram System and Diverse Turbine Trip [CE] These systems are described in Section 7.6. 7.1-2 Amendment 15, (1/97)

d) Trip Path/Circuit Breaker Tests Each trip path is tested individually by depressing a matrix hold pushbutton (holding four matrix relays), selecting any trip position on the channel trip select switch (opening the matrix), and selecting a matrix relay on the matrix relay trip select switch (deenergizing one of the four matrix relays). This will cause one, and only one, of the trip paths to deenergize, causing two trip circuit breakers to open. CEDM's remain energized via the other trip circuit breakers. Proper operation of all coils and contacts is verified by lights on a trip status panel; final proof of opening of the trip circuit breakers is the lack of indicated current through the trip breakers. Test equipment may be used for monitoring if status lights are not available.

The matrix relay trip select switch is turned to the next position, reenergizing the tested matrix relay and allowing the trip breakers to be manually reset.

This sequence is repeated for the other three trip paths from the selected matrix. Following this, the entire sequence is repeated for the remaining five matrices. Upon completion of this test, all twenty-four matrix relay contacts, all four trip paths, and the eight trip breakers will have been tested. e) Manual Trip Tests The manual trip feature is tested by depressing one of the four manual trip pushbuttons, observing a trip of two trip breakers, and resetting the breakers prior to depressing the next manual trip pushbutton. In this fashion, proper operation of all four manual trip pushbuttons and the eight trip circuit breakers can be verified.

f) Bypass Tests The system bypasses, as itemized in Table 7.2-3, are tested by appropriate test circuitry during the periodic system tests. Testing includes both initiation and removal features.

7.2.1.7 Redundancy Redundant features of the reactor protective system include:

a) Four independent channels, from process sensor through and including channel trip relays

UNIT 1 7.2-27 Amendment No. 27 (0 4/15)

..... N I ..,_ "' No. Name i TABLE 7 .2-6 FAILURE MODE, EFFECTS AND CRITICALITY ANALYSIS figl*re 7.2-22) Failure Mode Cause Symptoms and local Effects Including Dependent Failures i-i '. :, c*1, l(*V*!l Chnrmel tr-ip o!1 hirh J>Ull*'r. .-:1;;-;.: , f.'!ilure 2.<ovr. I) *)-<> !";J'J!'iO'J." ;-,1;.:-. o;;, /._;*.* f;i_c:')[!l ,-..,_; !r o '"f ! £"TISOI" fn111.<.!""* In.,,. flll:": sir;r,'l.] ]CV"! tr> CX-i'.l.c. ps'.l*'r :-up-'":':>".'"" p;.v<'r rr:nr," cb:i.'lrl C!1r:n. i'l:,r :'<oiJ1.:re, 1.rill nnt +:.rip 1.rl:f'n 'ffl"n clrf'*1it pr p'.lw"r "f>nc!iLirtis I I Method ol Detection prr>-trip

v1 Tl;1 011 1;

of P?::-iodfc t<>r.t. NI c!mn'."J<>! inr>I"'r'1ti*1" Inherent Cor;ipensating Provision 11-ch-:!11:1:1 '"".' ! :r.c!r..nc;r. iCry b::iit* :'.5. Ji-channel T"dllr.rl:':i.Cy. Kny byp1.:c; .. Effect Upon: p_:: r :J",'C r Failure,I Level robabil itv of x 10-6 }everit tri 1. of i,c;*.:,-,r . -01;*.-0:- -::. 1 I I I ! I I Renarks and Other Effects C:" _,: .. . r;,_-, c *.::.* _; '..- ':':" cs.-.

"c: :,;' ':

.. ;:-.*,-. .._, "' ' "' 0 No. Name FZP.: '*"" * (c1) Failure Mode Cause r:pu!"ious Sensor fell on, ?..!er. P?'"'SS. ."ig:-iri.l leYe ll ".:" failure *fl::.l of!", C.c. :pove:- !"'lJ)ply

'°nil,

'.);>"n Symptoms and Local Effects Including Dependent Failures High pressw*izer pr'!ssure sienal to: hiish PZR pr**:.;,;1H"'! !3TU TM/IP fil'J :::h.r1nnel. llir:h J'?"<':":.'.'luriz*'r rrer.s'lr<" channel trip:.. Lciv prer.Rurlzer pressur(' Rignnl to hip;h PZR p:-,,.:ir.'-lr"' DTU TM/LP BTU. TABLE 7.2-6 (continued) Method of Detection pre-t:-ip '!.nd trip rtlani, on high l"":-s'Jl"i<'.f':' h"llcO<:'l. Y\n-iur.c!n.t 1 ng; pre-trip hnd trip nlnilll:> ,_ _____________ , ______ ------------- ! I nT1erent Prov1s1on Effect Upon: m::: I Faliure Level it of x 10-6 everil 4-chn.nn'-'"l

ed1m*: fl.'lcy.

H"!r1c*_r-,r Key by1n: s. <:'.:, ine i *i**nc*: 11-cho.nnr>l r<;>dunds.ncy. bypAsB. trin I ! ' : ,,,".i "':"/l.J> C*o"t-*o>' j' 'Td'lt'i*;PnC'*. i -----l----------- l Remarks and Other meets ci::..."'! !'!>.il

-t":' e.:;:l r:::.:: '.' ;""'!"'.:":

! ':<;'.

-. i:l

" * "" I <.n ,.... No. Name ID!":: of w*1 (:*9) l*_ ... *:.;.'.; -:.; Failure Mode ?"?lls r:r-: (:i9 siGTJO.l) 0!11'.' Fnili: on ( C'Jntin":JOUS sii;"nal) Or.':' fnils of:-( l:i\O !,*::>>l l".'\"'l) (-,l *h :-:L:-,,' ]' *:n l) Cause C'?"!! c:mtacts Fur:ensor fail*:re, d.c. ;:irr*"r !'"*1;-:;:>l:1

'r>.11 TABLE 7.2-6 (continued)
Symptoms and local Effects Including Dependent Failures Lo'.'s of Joad !'".ir,nnl to chro..nnrl bi?".tnble Tri!l :.r1it !'".talc-nn*i chn:mPl trip. bistable stays Ch11.nnr'l v111 not trip for bonn fl(]<> signnl. L1,_. rr*<i.;*to!'" r10 .... :*ir,:nnl to lii!'"t"11'l 0* HTtJ 10r:ic r.tnt* 'ln*l toi:;*'* tlJ
0*1. '. ,.,..., t , ..
-1,--,*.-
r!f'.--i'!l
.0 *1::*:

.-tJl t:< *-"' l*>
nn*! *. 1*ir ._. J ,-.1*1:1' rl*, .... "rJ'!.': Method of Detection llnnuncl_utinr:;; loss of trip 11.Jnrl'l. J\ot .. rwd trir *1J 'ff'.'.l ***1 lo,_. rrn<:t*_':- C'.'01'.lnt p Inherent Compensating Provision li-c!iann<'!l r-P..-t'i;;C:incy. K<:>y re(!undancy. K,--.y 4-c!--'L'1n"l ,.,.,,! :'1 '*'..-;cy.
K"y hyr*i* !.-,--.;1'1.:tn"l
-"d\::i
.. ; ..
Effect I Failure level probabilit'* of x 10-6 >everit ,. ... trip l::\*ic !'e>,. }9'.;:: or ! ... ) c'1l ci."!,--.11-:f'. M8k"S i'P1"\Ct":l!' trip lot;lc fO!" Jo;.$-'J loa'l ;_ o:it:-of-3
'1Ce. l*-*nh-.r ; .. ::ctn-t ;! I .. ' .. ,,. ; **,-:; -'*)' Remarks and Other meets
-::..*,:\--
.* C';'S!"".::. - t:*?!!'."? Yil.": ;:.*:: '.;;;, plf.:'.:F !_*; t.:-:..! "- ..
1. -
I '::,_. _j "l ..... , .*1-.* 1:* .. , I ..... N I "' N No. Name to*J !;team .:;enf:'rator \."8tf'r l'O'vel (51,)5) Failure Mode One !::p*1riouz fails off, r-Lo-" signal level;') On<:> !'.purioU!'. /Ril!> on, IJ!igh !':lgna.l Cause Sensor fe.i d.c. pover supply fail; open circuit. Sensor f&.l]J; component !allure TABLE 7.2-6 (continued) Symptoms and Local Effects Including Dependent Failures Lov sterun levPl !'ignal level to auctioneer circuit. lov steam water level BTU chanec. logic state nnd trips channel H!gh steam generator vater sip;nal to auctioneer circuit Channel vlll not trip Vhf'n lov vnte-r lr>vel condit.ior exist inconsidered ste!ll!I Method of Detection Ann1mcirrtinr;; pre-trip a,d trip on lov steam genera.tor vater level. Not annunciating; p-"'riodic te!:t. Inherent Compensating Provision redundri.nc* Key Lypass. L-chAnnel redundAncy generator. Kry bypa:>s. meet I level Upon* of. Rrc
x 10-6 event YD.k**t trip 101'.ic for
('"".'n°rnt:::ir ] Oll" 11'.'V'.'.'] 1-!Jut-Remarks and other Effects Ct!-:-c::a:-.:-.-o>l !n:.*v*r:.t! v":. c:.ar.nel k .. y ar:-:! J:l"'-::'=' !:--* ... f:"-1-of-:_>, '::"<:."::>!" *.r_';<;c!" }.r,*; lsJlc tJ ...
-!Ak"s RP"lctor trl;i lor:1c for lo" "r.'!.tor vat er l<?v<>l 2-out-of-3 co 1 nc ! '!"!'IC* for con-si<l"r"rl c*t,<>2_":1 r;"l* eri ... ':.or. r'ystl'.'CI Vil OP"t" >1.t" on r::m f!tiJo"'d SG l"-'v,,.l.
' l::*.*?rt !°'.'.':-'!:':'"". t?'fp. C'!.r: >: e.:-.J pl!i::'
.-

*.*:: i:i.
3 l':J;-lc 1:*-* stet!:!: ..,'!t<':- r"p'!!r. " "' ' ln w No. Name !..ov E't"..'!ll J.7."."."!ll0!' '.<."! Pr<>:-.rure (:'7 J l..;:o) Failure Mode rp:u-ious oif, 4.,c..., lE'V"!l.) 0:-.-.' fail on, "!l;::h }CV'C'l.) Cause G .. nzo!' faibtre J.c. rower cupply fail opo;-r. cii-cuit fails compone-nt TAllLE 7.2-6 (continued) Symptoms and local Effects Including Dependent Failures Lov r;l"ll!ll r;cnf?"rator rt<>am prf*r;nu:r:r> nul l"v<>l to auctian<:>rr circ11il in channel. llJ\.' Gt.co.m gr*ner11tor
-.tf:>nm p1"'0'S<.1ll"C f"TU ch:'l.Tlf::".':":
lor;ic !elntc and t.rlp:-: HiKh r,te:u:i gcnerntClr r,tenm r-.l,;;n1l to auctiom'"'.'r circuit chflnnr-l. Ch::t:m"'l '"'ill not trip \l'h 0 n ha11<t-fl<l" lov v;it<-r con,Htio11 c1d:-:t in considered t.lf'IUll Method of Detection ?rc-trir and trip on low qt f'nm vat.er lPV':"l. Not nnnunciati!lf';; pr*riodtc t"::;t. Inherent Compensating Provision 4-chlllln<>l rC>dunrlr>.ncy. Key bypa::;s. !:-clinnn,.J J:"n"rrtta!". k"y bypa!';r.. Effect yggn: R?"-ctor trip 1a;:1c f0!* C"'"":""'"":tcr r:t.*.*:<n r;r'"' Stl!"'O' l!'Vf'} iF trip for lo* r.L .. P-r-r-;nt0r p;n:;-":'°" 1 * '-"': ..:111 tl 11 t :it,. on **'""1-rn iJ <">*! Failure Level robabil it of x 10-6 everit Rem2rks and other Effects i'."",:'.,,*C!"S';_.:_;":
"::""_ :..*:-
.... t-... F-..rd
,

-:-_* --:-: :--. *"*:
-: i l""' :'---- ______ , I ..... . N
ln ,,. No. Name .H Failure Mode O:'le falls on {goes high) 0:1'! !'alls lov) ** r.";_'"] I One f<!.113 "":-'."ret
ir cff *.-.* ';,.:-l,..v .. l (go'."s low} ', i J:r"':""llre ( 1:::6, 167) Cause Component failure r*A.llure failure Or.'" !'11ils I Co!'lP'JrlPnt "n fni J 1:1">' Ci:*'"' t-.ii:;'>)
TABLE 7.2-6 (continued) Symptoms and Local meets Including Dependent Failures cont11irun,,.nt pressure sip;nal to channel !ITU logic state, and trip channel for hir,h CO:'ltai!lr.1,,.nt pregsure Low containment pressure s1gnnl to chnnnel IITU ln chnnnPl dC>"S not trip for bonn-fidP high contniruncnt condition. To\J ]rv**l ::l1*n:tl tn cli'Hll:"l fmJ .. :* 1(1P;iC' r.tritn un<I chamwl t-ip in pn*-trip nnrl trip l!ir:h lPv<>l tn bir!rthl ... l!'lU vill not chnrv-. .. ln;::lc ::tnt .. t" rt b0n:t flrir> r.1gnrtl *,h<> c!1:l1ir.nl Md rc*mnln "1:' 1:-:. Method of Detection Annunciating; pre-trip, trip, and ala.ms. Ilot !lnnuncinting; p!:':-iodlc and trip N'">t nnnun-:-1n11np:, O'liC
Inherent Compensating Provision 4-che.nnel redu:1d.'.\1lcy.
key bypass. 1!i-ch:mnel redu!'r!'.!ncy %f'y Effect I I Level Upon: 1ly of RPS I x 10-6 reRct::ir t:-it* fO!' ti t-,f*-_"I;*'tlt j:r*.;* *:1rE 1-0:1"..-'J:'-3 I -I n-ik<:-r. !iti;;h cont.ain.':Tnnt Remarks and Other Effects C:ie
'J,,_-:., l -.:! -:r. ,,;:--
ogic to l:'-0*1t-or-3 coinc-ldPncP l O""iC. ------1r. __ _ +---+----*----* 11-C'in1**
] -,* r
\' ',r Key byn.. i ,c' 1r *.-111 lo.*i 1-c ,' -coin I
I 11-chanrv*l J
f'.'ny t>ypn,--,--. I '*'*-' '_'!"
r-! !' J . ,.,,*. C':-.*
i:. :;.-*:**,* Op**:-**_');
'i...c
.: * *:*'l \.'l :.-; pl';:".' ";n:; ' --_; ,; .: ' _,,. '. ."".
. :1..
':*-* * .. -*:***-:: * *G -,;* -' ..., N I ..,, ..,, No. Name Ex-core Fliu: tor ( l<Jl) Failure Mode Cause Eoth I)o.tec-1 Loe:; of AC tors J Po.,,.,,.r to Lines. Fail Lov T/ncleate )Instrunent. Symptoms and Local Elfecls Including Dependent Failures Zf.ro llnenr po11(>r mPter in<"ilcation. Lo:;s of dntn to local JlO"-'r dPnsity cr.lculation. Chnn11nl ir.o;rrnt 1 V, TABLE 7.2-6 (continued) Method of Detection Annunciati:ir,: nucll'"ar channf'l nln?in, nnd Ni1clC'nr/l.1.T pow<"r alann. 1----+-----f

Both tnrs .. rioration of Internal !-1111 (O:ir Hti:;h J In:-'.llnt!.on of Hip;h pov<"r, local povP.r r]('nsity Rnrl rWLP chnnn"' 1 trip. fllm.inc1'1tlrv::

nffC'ctr>d trip uniti; u.ln.nm;. l*!*wl,..ar/t:i.T Pl'W"r

! I -----On" Lor-r, of !IV to tor Dr-tl"ct0r.

Fails Lov Chr.n."I" J ) toc F:iilr: iiL'.h of Int,.rnal l:itu lc*f. I 0n of (ow* !)-*t "C'.or. Loc:tl pov<>r dcnr-ity chRnnl'l trip. lncal pover chnnnPl trip. j ---------* -*--*--* Annunct'l.tln.c!;: locril po.,,.eJ *l1*n'lity olnrm. Nuclr>nr/ .'\.7 al:tl'Tl. /l.nr.11nclntlnp;! J.-,*:<tl d,.nsl"!.y !1.l*Jm. 'I J< }>>Rr//'}.T Pow<>r nlnm. Inherent Prov1s1on 4 cbannPl T<"<innrl'1ncy kPy hypa!* !", 4 TPrlun1lancy bypnt'"** channf'>l redundancy ].:Py byp1t'l5. I. chRnn,.l reclunr!Rncy k,.y bypn'lr-. Effect Upon: r:1*:-: Failure I Level robabil ity of x 10-6 r 0 ri.ct ri? 1 *, -1 ':' -l t:; 7-"ut -c*:"'"-' <: 0; i:i-l"
t.rtp ]0"1<: !"or !li**'1 J*O .... r!",
no*..-nr d**nt-i1:> 1"1'1 '!":.1/r.r c::iincld<>ncP
.:,)<;,.,.
r<>:,ct Ir 11' ] *J>'.i': :-.., ... ]
i'y.*p

*
.: ... ""l-*itv .i*-1 C'Ji'.1-,. *n .,, ".>>..;"'l r*"l.r:*_
r 1 r J -.; -: J' *r J0 **1 l I ,._.,., .'":I-i * .'" -"" .,_ i*!** -*-*f Remarks and other Effects Cllll ty-,l:.'
P.-. r'-'1::" t::-':.'"=
-:.,-:. t.:>
":.-:.-/:.'.. - t.o .... ::A. 0;"."':':.:)'.'
l'_""l "'"' -: ** i : .*--_-i**l

'!*JC-' . ) -. ... -

ii* : '. :
...,
N ' "' °' No. Name outlet I r.:::J""!'".:lture (Sc, 78) C':>re Inl<>t -:-":::T'"--:'.t"Jre (21,.:12)
Failure Mode /ails Lov (One Channel Cause Power Supply ?nilurf', ffi'D Sbortf'd
TABLE 7. 2-6 (continued)
Symptoms and Local Effects Including Dependent Failures Decrease t:fl' Paver in channel. Method of Detection f\rmunc:l'ltin>;: Nticlen.r/& 1011<>r do;ovi-'ltion nlc.rm. Inherent Compensating Provision 4-cha.nnC'l red11ndancy k'O'y b)'1ll!.£f,, l----+-----f-------------t---------1------------ ratls F.igh IRTD Opl!n (One C'hrurn.e 1 :*nils In,, (Or:e (Cbe L::i0p) f'over 3upply Failurf', RTD :i-.ortf>1. lllgh [R'TD Cp"n (Onr CMnnrl (On" L::i'Jp) Increa.ses !ff pO'J<>r in channel. Non,.. On!y thP hlP:hPst of the corf' 1nlrt ten:p.-.rntnr('G ls util1z*'d in th,.. c:-ilculntin:u; for ch:-innnl. t:J pover in ch!l1111el. l\rtn'mciuting: Nucler:r/& 10\i("T deviation ala.:'!!l.
riodlc SystPm 1TIO'.L'1ci11.tini:i;:
rfucl.,.nr/t:iI t>*ivnr dnv1ri.t1on '1}1!.nn, 4-ch1rnnel k..-.y ':lypasi:;. '1-chm1'l,.l r<>*iundrul'::y kr-y byptl!:".&. rrdundnoC'y "-"Y Effect Upon: Failure I Level *1 rob ab ii ity of x 10-6 severil Remarks and Other Effects RF:"; .'*al':PS T<'<;l.Ctbr t:ir Joo-iC c111t--:i:-- 3 c0inci<l.'OJlC':
.

-J:t>S
"<>;J.Ct l*r trip f:-:-t:Jr-:-'1"".1 1:1 ;-;_ o,..it-of-3 c olr.-:-1-i<?n"-"'
T-:-ip l'J<'1C '."*rict.':":i .-._1 rud f')r T-:/r:r, JJ1d1 JVJ\.'"!'"
>011t 'l!'-4 'Jir.cl

"*1':" r.*."1.;.-,.,, T<'ClCt t!'"ip l1wi(' f--,r ] *>C".l ,._.,.!'" !nn-J ,, __ ,. : I . I
"' :::-*.-* l'.;..:e f_::***--"'.:!' h"!.. -:,:*.:* :-:/TY o
1

-.ci t':'.C"'*
>'.'!'"'l'

.:J!'" *. 't::_:o;:
C t* --:!. ; : --:-/:J> t:i :.>!nc!d.,.;.c<>. \."ill .. . .., c:::-e !.:;:;_F':. ': --* ::-e.:: .i:e f!"= o;:; 7 * ::op . :'perator ca."! ty-un_r r_*,
-*n

:
-lr,cr

;_ ':'."T.<>!'" ' , __ ._ -.. . (' -'
..... . ..., I ..,, ..... No. Name
-:.::.or
{01) C:ir'!" Frotection C11lc'Jle.tor (1ro) Failure Mode Cause Pnils Lo-.- Su;:iply frl.e CJ,annel}er 7ransmltter ailur,.. 'r..lls orr of AC One Channel) er to :ilculator. TABLE 7.2-6 (continued) SymRtoms and Local meets Including Dependent Failures WM/LP chnnn"-"1 trip '[J)cal power dE"nsl ty channel trip, high mRy trip and TM/'!J' will not trip ;in chtmnel. Method of Detection Anr:unciatinr,: Tf*v'LP chn.nnf"l trip alarm. Annuncicttln,;i;: Affected trip functions alams. T:.irbin'? r.::i!ls Off of Digital of load. channel tr1p. J\rmunclating: Lo:;s of lor.d trip nlflnn. T:-ip Che.nnPl)rignal Voltnge. ('./?) Inherent Compensatin9 Provision 4-chnnnf'l k"-"Y meet Upon: !'lF::: Failure I level robability of x 10-6 severit :.1;lf;,*s 1o:'.ic i'<)r T:.:/LP l-out-of-3 4-channel redunrl'.lncy 1:-hk"'s ?""'net kt>y hypas:;. tr1p for locr.l >O"-'"r tt,y ]--: :+ -*
1; T:*'./1.l'

,-rrnt-,,f-c:olnc l*I* ncr> 4-chftnnel redundnncy r"e.ct1r kr>y bypa.ss. rcr lo>l*I *,r-3 C'Ji:"I-J Remarks and Other Effects
"'::. * - ... CM feil'?d t:.1 C"-"l ';yT:>.: fet!n._: C :;.:-.n 3 1 .. "::: ---*-***------l---------**

* ( 1"7)

On Svitch!Loss of load will not trip in chnnnPl, htuck Non"' durlnp; OJY'l"d.tion. li-chmmel reduwlrincy lc.;ic: f0r o:' )""! l , -O'lt* ',:*-" f".'11 *:-.,-;;ot a !"'! r"'la.t,.d t:-ip
----*----**---------
.....
N ' Ln 00 No. Name Tr..-.r floY ( ::_.;.:; :.0:-:--( l'*:-; !<tor water l":'Vcl( 5G) :'."!:"= e':.or rt,.n."!I rr":-:::.u!""( 42.) One Failure Mode ?!!.!.ls off' (goes lcv) Le. A chan-"'l) On* Fn1ls on (go.-ii high) : Le. A Cause Open circuit d.c, p;,,,,.cr< .t.upply failure. Co!l!Ponent dri'rt ::;,,.t point not adJusted TABLE 7.2-6 (continued)
Symptoms and Local meets Including Dependent Failures Method or Detection th.trix rn]::i_y:- in chann"l ]ryi;ir:' <1"-f"'n"r-tITTnuncint1n,'.; g!.zQ"' n.nd A portion or thn alarm:-.. colncid**ncf' ch:inr;'"'s lor:lc prf'-trip, trip occur:" in broth Rn 1 i trip circult. Inherent Compensating Provision 4-chann('l rf'dunrlancy. bypa:;s. ln channel r'?muln tiot nnnunciating; f'tl"rcl:>:r:d, nnd channel /I. it. 1nop<!ra.tlve. tl"r.t. ; Ch.-inn"l will not trip for 1,ona.-fltlC' 'pr.,-trlp end trip slr,nal. rf'dun<inncy. K.-y bypa.::;s. Effect I Failure I Level Upon: ily of """ Ix 10-6 rl'nct'Jr trip l<wic 1-c-ut-'J".*- j c ;inc!<:"nC*' !'or l'-'n.kr-s renctor trip lop,ic !-out-of-3 ror "tl"rt.. Remarks and other Effects ir.?:;"':"!'.:.l*:,.. O;..nr"-"':::.r
<,_-i
.:::::-.-.,.: ..-1:.ro r._ ... :,. ;.lE:. *:* f/':t'?::: or-:o. 1-: .. ;lc, {)pP:-et.o:i ... C!'-"l J:*"l-'."t. ..,ft;; 1: .. y en-1 ;il!'!.C<> l\\*:::te:-: 1:1
"-l::::L*.

. h.*ic.
.._. * "' I \J> "' No. Name !!4:-h Re.t"' o of P:n.ter {75) \'a!"inble Ov'.'r rover (7') Loc!ll e:- (:*.') Lcr.r ( '.1<') F:-<>::;::
1:-e ('.:)'..>)
Failure Mode 0!1"' I-'a.ils Off' (i=t;oes lov) (i.e. f>. chan nel) On'!' Fnils On (gof'S high) (i.e. A chnnnel) Off (.;oes 1011) ( 1.<>. A cba.nnel) Cause Open Circuit, de POV<:'r supply failtO"e. Component Fa.ilurf". Set Point F1.djusted not Cr lft failur'.'. circuit; ,le !' ... ,._.,_,, ,:1pply fn.il. TABLE 7.2-6 (continued) Symptoms and Local Effects Including Dependent Failures Mrttrix relnyr, in channel lor,ic izer., r111d A p::>rtion of the 2-ot.:t-or-4 coi:icidenc,. chang<>G logic state. n"'l trip occ1,r trip, pre-trip, alarm. Mn.trix: reln.ys in dm.nnels rPme.in "TI"rglzer'I for clm.nn.;>lA condltionr,. Chn..'ln".'l trip will not occur for trip, p!"<>-trip, A.lllrm, nnd CWP circuits for bonn-fid"' signals. Method of Detection Annunciating; pre-trip nnd trip
p*,riodic ter.t. r.t,trix r ...
1n d:.nnnel for hl r7.R I /\n:J.unr-intin,'.; pre-trip t'r" ln1;ic """w*n*izn ,, r:,rtion of mid trlr I.I'*' 2-rJut-of-1. e0lncidnncn 1og1< . .-.. Chnnn"l t1*ip 111 p!*"-t.riJ' clrc:1it.,, I nherenl Compensating Provision Effect Uoon: Pfis li-charqiel redundancy. ,Mak.-s Key bypasr;. rea'.:tor trip 10."'.iC <tnc! f:",,'? lo.: ic ]-out-or j coinci-'1,,.nc".

1-----

li-cha.nnel redundancy. Key bypn:;s. 4-ch:*1*:1,,; 1*,. lu1ic!:mey_ K"Y t,:qa: r"nctor trip lol{ic ."-out-of-3 1md C"T lop;ic: 2-out of-3 !)lnc:irl"nC" ;;,;.;.' r "1 **_,-,r *.rt ;i 1 !-')'.ii,- _,f-J ---+ -------r---- <):1r ;.-'11lr: 0:1 ( l.". A f,1llw-,. ,'ir1ft., * *t rol:1t not *1<l.J1rt.-.,l. 1-nlnyr. in chnrtn<>l for hi rr,,.' lo-:lr rrro:n1n rind liiP,h r;*11 <"! 1mn,...l A v-in.ip*rntion. 1.'i]J fl'_>t. '.!""iJ' f11r 'innri-1'1dr
-;J JP: r 'r"

tnt ,um\JncintiniJ;;

>"!""iorlic tn

:t.
h*1*hn.-::
1 ::: . t .-,r :"lp lr, .*,. *:-'1l f*":'" Failure I level robabil ity of x rn-6 Remarks and other Effects O:":e c:!-.a.:-.::el
!:-:- 'l.:-1*: !-l:!Z 00 ln ;-ou':.-::o:"-3 l'.'.!;ie. .::-:,*J";.-c,;"-!.c c.-.? :!.-out-a:""-3. ,,1.:-:-: ... 1 ... !. :.:. !(.<>y e.n::! ;ll':.C:" svi:t<>::; in l:;.;:lc
-r::'!'..:-_

.'-c;':.-:f'-".,
')p"::-at
r C'ln
". Jo

.-"! '*-':""-:
"!-... r* ':' [-: -* . : j: r'*: ..., * "' I "' 0 No. Name H1.!7:h pr<?r sure Pl !;; r'<t"' of :t.*::--.... ., .. <17:>) Variabl .. OVf'r p?'<lf'T ( l"r-*) Loci:!."!. PDY('r (!"-*) 1 .. :-,,,1 *'. i * . .i'."..t rr' :-*.:-n ( *, I I Failure Mode !he F:Iils off {goes low) (i.e. A channel) Cne Fails on high) (Lt>. A c!m.r.nel) U:Jr_;lc F11ilz open Cause Comp.,n<::-nt drif' failure. Open circult d.c. rover supply fall. Componf'nt drift i;et point not lldjustt-d. Op?n circuit TABLE 7.2-6 (continued) Symptoms and local Effects Including Dependent Failures Matrix r"Jriys in chunn('l for hi tr.irun"nt f'T('f:f.urr:- dP-':'n"rr:jzps and A portion* /.-out-or-4 rl.fl.tf'. Chm1t1el t.rlp and pre-trip occurr .* Method or Detection AnnunciAtinr,; pre-trip ll!'.d trip Alanns. ------*----*--------- M"ltrix Tf']Ay3 Jn chlltmel for hi loP,ic Tf'.mnin energized -channel A will not trip fe>r honn-fld<! hi condition:- .* annunciating; J>('riodic tl'tt. 0-.'P nn<1 AJ..-:nn ncc11r,; *!OJ*' to J.--,1*lr l/\nnunc'a'.lnr c...,rrC'::pondln.; to t.;;o ch"nn"' (1.IJ> in ti:' ?-out-or-4 colnciil"nc .. circuit.. Loeic 1'1itin1,"!' (",.rp a,*tlo:'. ---f !-----------+-------- Lo.;;;ic r::1ort circuit Fnil,; cl05'!d ;1,, c*.*1ne1<1r-r1t 1<lll nnt rP,;J'('nd to r. fl<l" C'.'ndlt.lnn, r,,;p 1*ill not 0cc*.:-1.*)w!\ :-h**rtl:-. orlf'1n-1+,.. 1'1 only r!l.'\nn**l.
ot n.nn1mcl'ltinP, :..,rlodic t,,.-t. I nherenl Prov1s1on 4-c!umnel r":l11:ir!:mcy.
k"Y bypo.r:r; li-chRnn"'l r!".Jundancy. key bypnsf; flW' Nnn<> Effect Upon: Rrs Mnk!:s 1"NlCtO!" trip lo.i;ie 1-uut-r;f-
, coi:icidPnc f-t!b;,; rt" RC tor trJp
/, l c onlfli'll:lnr. ?-ouf-'"lf-: lr,,;p . ""!l ?f *n I I Failure I Level robabil ity of x 10-6 ?everil Remarks and other Effects C':le ';!3.!: Ly_::,*_:*r a k'.'y .'..:: 10,-lc c!.&:.n<?l 'T?"rr.t!\*,,._ "rntc:.r c*_;i. -.d.':.:. a-;j ."::."te= ..., * "' I "' 0 No. Name H1.!7:h pr<?r sure Pl !;; r'<t"' of :t.*::--.... ., .. <17:>) Variabl .. OVf'r p?'<lf'T ( l"r-*) Loci:!."!. PDY('r (!"-*) 1 .. :-,,,1 *'. i * . .i'."..t rr' :-*.:-n ( *, I I Failure Mode !he F:Iils off {goes low) (i.e. A channel) Cne Fails on high) (Lt>. A c!m.r.nel) U:Jr_;lc F11ilz open Cause Comp.,n<::-nt drif' failure. Open circult d.c. rover supply fall. Componf'nt drift i;et point not lldjustt-d. Op?n circuit TABLE 7.2-6 (continued) Symptoms and local Effects Including Dependent Failures Matrix r"Jriys in chunn('l for hi tr.irun"nt f'T('f:f.urr:- dP-':'n"rr:jzps and A portion* /.-out-or-4 rl.fl.tf'. Chm1t1el t.rlp and pre-trip occurr .* Method or Detection AnnunciAtinr,; pre-trip ll!'.d trip Alanns. ------*----*--------- M"ltrix Tf']Ay3 Jn chlltmel for hi loP,ic Tf'.mnin energized -channel A will not trip fe>r honn-fld<! hi condition:- .* annunciating; J>('riodic tl'tt. 0-.'P nn<1 AJ..-:nn ncc11r,; *!OJ*' to J.--,1*lr l/\nnunc'a'.lnr c...,rrC'::pondln.; to t.;;o ch"nn"' (1.IJ> in ti:' ?-out-or-4 colnciil"nc .. circuit.. Loeic 1'1itin1,"!' (",.rp a,*tlo:'. ---f !-----------+-------- Lo.;;;ic r::1ort circuit Fnil,; cl05'!d ;1,, c*.*1ne1<1r-r1t 1<lll nnt rP,;J'('nd to r. fl<l" C'.'ndlt.lnn, r,,;p 1*ill not 0cc*.:-1.*)w!\ :-h**rtl:-. orlf'1n-1+,.. 1'1 only r!l.'\nn**l.
ot n.nn1mcl'ltinP, :..,rlodic t,,.-t. I nherenl Prov1s1on 4-c!umnel r":l11:ir!:mcy.
k"Y bypo.r:r; li-chRnn"'l r!".Jundancy. key bypnsf; flW' Nnn<> Effect Upon: Rrs Mnk!:s 1"NlCtO!" trip lo.i;ie 1-uut-r;f-
, coi:icidPnc f-t!b;,; rt" RC tor trJp
/, l c onlfli'll:lnr. ?-ouf-'"lf-: lr,,;p . ""!l ?f *n I I Failure I Level robabil ity of x 10-6 ?everil Remarks and other Effects C':le ';!3.!: Ly_::,*_:*r a k'.'y .'..:: 10,-lc c!.&:.n<?l 'T?"rr.t!\*,,._ "rntc:.r c*_;i. -.d.':.:. a-;j ."::."te= ..... "' ' "' ,.... No. Name High !"ate of of (TT) Vriat*le :J("fii) pover Le.cal pmt'!r d<:?n&ity (98)
.:i:-i;ln lov (94 F!!.*h Loi.-R':'nctor

oC>! 1.r:t flv:. {

i!' im< (1D4) w\ .. 3teM1 £nnnnt<:Jr vat'!!r i ... vel < sa) Lev pr"'s-llUT" ('.})) !:1<:"1l CO:"I-f 'lir_-::r*:"lt.
r '.' :-*1:-n (: "> Failure Mode One logic pair Fails off (i.e. A3 logic) One logic pair F'9.11s on {i.e'. AB loeic) TABLE 7.2-6 (continued) Symptoms and Local Effects Method Cause of Including Dependent Failures Detection Component Reactor trips occurs due to logic Annunciating; pre-trip failure coincidence correspondins to tvo and trip ale.l't!ls. de powe/ suppl) channel sisnals in the 2-out-of-4 ps.ir failure. coinciGence logic circuit. AB coin-logic gates initlnte trip action. - -. -----**------------ Coaponent Coincidence logic corresponding to AB Not anntmciating periodic failure channels vill not to a bona fld .. condition. Rcnctor v!ll not trip vhen originates only in the A, B chnnnels.

. -------------***

--Inherent Effect b Failure level Remarks robabilit of and Prov1s1on u,gqn: x 10-6 ever it Other Effects Reactor fel:!.-.i:e trip :Jf tll? er.t re:i.s.:* !"ets; d.c. J:':.:'"J<::- !es.in A3 l::i,i:lc ciatrtx. ---BC, BD, AC, AD, CD Loss of AB Re:;,:ilres !':?!:!:..;re coincidenc o!' ..... ::i logic for <<:r.t C?:-.tac':.
":.:-.
parameter 1 ?rip v!.11 for trip. oecur for th"' 5 coincl:!n-_: EC, ED, AC, AD, a'.;.! I *----* ----r-----* -------*---- ..... * "' ' "' "' No. Name '.!!.t:t rate of of t>C--.1er (76) tv!\riable ove t;io*er {1'3) L.,cnl Pover , .. ,,ity (97) fr!er'$1'll in lmr J>!'"l"SS*
-lz!'r (6'

>) V.,.,.. :!*::i-::tor
.ol!i.."1t
!'1011 ( ir.*) !..cv stt"OJ:I ,:'*:i":-nt'.)r
-t'!e.:::
press* (-i9) 1.o;; ::-tnf'.r::J
n"l:*;-r.to!'" ,.'<1.l_n!" ]f'V<!l (<7) *;1.-1 1 -:;on-
_-.**r.t -. --J!"P. failure Cause Mode One Component F:til off' failure (g<:>es lmr) CMe Component r*ails on failure {i:r;oes hi13h) TABLE 7, 2-6 (continued) Symptoms and Local Effects Method Inherent Effect Failure Level Remarks of Compensating robabilil , of and Including Dependent Failures Detection Provision Upon: x 10-6 ever ii Other meets RPS elann circuit activated, Au<lible and Or--... !"':!t ;:r :::*.:;t nlnrm in control room. cf.eek '.:c lf bcna ":!"i;' t'Xists er if in a !'ai::.*.N" in the ale.r:: ci:-cuit. loss of alann signal for single channel. Not annunciating Redundant chnnnel. Makes Operator vill b"' Protective action vill still occur, vith periodic test. alarm logic un11"'1l?'e of on other channel. l-out-of-3 fnilu..-e until coincldenc!" test. -----* **----

**

...., * "' ' "' w No. Name !'rC'S!:'lll"i7.er reli<:'r valve (169) Failure Cause Mode Fnils On Component {sends failure signal) Fails off Co:iponent (no signal) failure TABLE 7.2-6 (continued) Symptoms and local Effects Method of Including Dependent Failures Detection Sends signal to relief valve assembly. Valves open. Pre-trip alarm on thermal marr;in/lov pressure. Valve does not open for high pressure f\ot annunciating; conditions. periodic test. High pressurizer pr"'-trip and trip nlan:is. Inherent mect Failure level Remarks orobabilit of and Prov1s1on x 10-6 everi< other Effects Dr.op in reactor i..;.!"'i:er trip on co:::l.--?. c'..:..;;::-;o
...<,,

-g'..n/
rnnY-f',in/ lov lov trip. pre::sure. of SIAS. Safety valVf"s. No auto-mat le higi . p!"'es:;ure relif"f in pressuriz. . by RPS. ..... * "' I "' ,,. No. Name Fath (::::>,) {119) GA 7:-i;> (
11) Failure Mode F!!ils ;noi;h {One Fnth) :**a1lr-;
Low (Om* Pnth) TABLE 7.2-6 (contirued) Cause Symptoms and Local Effects Including Dependent Failures 7'."'lp Path Rell!.yl Losg or trip f\mctlO!l for t*.10 (nils to Dr>-trip t...,itch p*'ir tir,,nkr>rn. Losn tif l:'lnnua.l trip funct!.fln ro:- of trip 1u1r!1 1_'11t.tonn. Method of Detection Inherent CompensiJling Prov1s1on fC'rio<iic tPnting. IHr-dunrl:lnt lrip
---------Open Coil on I f.ystP111 Half-trip, Trip F11th

re .. iod!c r:ystf'r.1

-!;"ntinp, IR*'<l'Jn.-lnn1, trip rnt'r. tr! p :-.tnt.un p'1n"l 1ndicnt!on. !r.lls Hii;:h I 2-out-o'."-l Inns of CWT' functton. r:yr.t"m trr.ti11g. l:'Jom* Fails Lov ::*o.ils !Dv I, lrn:;lc C!llltHCt
1..--::!
r.n.i*;t,ln "llf'r.:;i;:nd. r;,,1' R<_>lOy Coil I in ('ff,.*:t. t/o \llthrlr'llllll 1:1'1tion O!>**nr: in ruiy mo*!*'. CEA'r: arf' inhlhlt* .. 1 frC'm 1!1C.1viduR1Iy V . .<::--: 11** j .r::r.-t"r.i trip p')..,'o'r Trlr :*"'ttch r{'rlodfC Gyr.lPffi t<"Stlng, l"/fJ!J" AJ11r.i1:-: Effect Upon: Ri';'. *;o i""\.tf' I Failure I Level I ity of x 10-6 Remarks and Other Effects t"."':;:
i *, * ) ti."."'* .I !' f1i:i::t >:-:-. '., ., ,,.-:'.;'
f._i.** ** i ., -_ ,1 * :-:;.. '.'* ::<<'.: . -.. -'". .. . . 1 * **' - Cll'Jf" r"'.l _- 1'." ... l/*J Trir I
en §:: .,, .,, r r :;:a-0 m:::! :::a I >m Cl' -(')0 i,, . > .,, Oc r-.,, :::oz Co C'l .,, (') !J =E c ;:u -l mm ;o o-:::a -io "'O rn mz r-"" ..... (') >
i-.J -lr . -o -4 G"> --<-c: :I: m> en C> z-i -< ;:u en> -l!::'. mo .,, 3:: ,, -l -< :x: m
INPUTS FROM NSSS MEASUREMENT CHANNELS 12345678N 1234 5 6 7 BN l2345678N TRIP UNITS LOGIC MATRICES LOGIC MATRIX RELAYS TRIP TO 120V a c -----, VITAL BUS *1 TRIP PATHS CIRQJIT E!REAKER CXlNTROL RELAYS 1------------------------TO 120Vac TO 120Vac -----. VITAL VITAL BUS *2 BUS *'3 48 i?Js 0:ii 3' 49 gj'5J2 31 AC2::r: l A A02i *ti ) MAIN CIRQJIT MOTOR GENERATORS CD2 .... ..2 II us r K2 AB3 IAC3 IA03 IBC3 IB03 ICD3

t2345678N 1'0 120Vac 'VITAL BUS '*4 AB4 AC4::r: A04::r: BC4::r: BD4I CD4I MANUAL TRIP *z +125Vd-c BUSq lrB 1 a.f-------
, = =-= -;

: :: _ -----*-*-

-_-_-

_-_-_
---' I ' _I 1 __ CEOM POWER SUPPLIES l_2--r------------ L -T _SJJ c E CONTROL ELHJENT l_c:o1Ls lJ: co1Ls ,: co11 s V co1Ls I i:o1Ls DRIVE MECHANISMS
-l -< lJ lJ n ::u.,, )> mer tnZ .,, V> n :s::: -c-1m G) ::u-)> c -0<.n :::U Nz C mml>::u :::Orm :-"' lJ CJ 3:: N :::0-m
ml>Z WtnG)-l
U )>I m3::l> z z m r * .,, r 0 ;;o -tCJ * )> .... -0 c:o n ::E -m m:::o
..... G) I C-1 z -n ,, -<
Copped Test and Fill To Sequence of Events Recorder Test Inputs Solid State Individual 75 Vdc Power Supply (Fused Both Sides Ungrounded)
Connection Containment I Penetration To 2/4 Logic Matrices of Reactor Protective System Bypass Key Switch :1 11 11 11 11 Alarm High Pressure Bistable Trip Unit Monl'al Setpoirt Adjust Pre-Trip Alarm Power Supply Note: All oc Power9 Connected to 120 Voe Vital Instrument Bus Control Board Terminals de Power Supply To Sequence of Events Recorder Pressurizer Steam Pressure Pressure Transmitter Pree is ion Resistor Precision Resist or Pre-Trip Alarm To 2/4 logic } Matrices of Reactor Protective System ----Variable TM-Pressure Setpoint Signal Amendment No. 16, (1/98)
Amendment No. 15 (1/97)
Amendment No. 15 (1/97)
< )> ;:o ,, );: r 0 CD ;:o r "'-m -tO * )> :r: .,, G"l ,... '"O Co Ci :r: c: ""CJ mm Al 0 -0 ;:o rn m ,-Ii" :-"' ;:o >r N -I z_ ..... G"l I "° ;:o CI I ""CJ z-1 0 -n \J -to m ..... :s:: ;:o \J )> -I 0 -< z MAXIMUM TRIP LIMIT 100% 1-----Q 80% (LARGER OF NUCLEAR OR THERMAL POWER) 60% r 20% 0 , TRIP MARGIN * * ---_____ ___.. _____________
_ / QTR 7-\ v . JNIVE J \_ MANUAL RESET TIME > "11. r ;::l r o* 0 .,, "Tl *. )> z .Cr 0 :!! ... ,, -Co "° Cl O:E ,..-_ -m 0 C: O:;o m:o :::0 zo 0 m >-i ;! e-N '-' rm on iv --i -t G'l . )>-::r: ...... G'l < c -4 0 ;um z )>(I> -n J:-< -t 0 (I> -.J: -4 m ,, J: -< HOW SENSORS FLUX SENSOR LOOP TEMPS [ _ THT TT J J . 1 1 -SIGNAL PROCESSOR so PRESs*. se. '. FJ 1 Hz C1 Cz CORE PROTECTION,_ ___ _ CALCULATOR I r :-----------*-.. . 1 I . . . . I r --- -. -1 I , ' I I I TRIP TRJP I I I I I . POWER I I TRIP TRIP PRE-1 UNIT TRIP I -I L ------_ _: __ 1_J L . -__________ _J OP[N >60J. POWER ' ClOSEO >6(tf., POWIH snPOJNT REDUCTION .__-----VARIABLf SHPOINTS ------SElPOINT SELECTOR 1 4P 3P 2P
2P 2P l

T llJj 2 . CHANNEL A SHOWN. CHANNEL B. C. 0 SIMILAR HOTE: At power. operation with less than four (4) Reactor Coolant Pumps is not allowed by plant Specifications, and lhe Flow Dependen:
Setpoint Selector Switch has been hardwired in the 4-?ump position.
*

FLORIDA POWER & LIGHT CO. St. Lucie Plant Unit 1 I * < a; .. i :z ... "' ::E 'i z c g v e g .. t; ... i! "' STEAM GENERATOR PROTECTIVE CHANNEL BLOCK DIAGRAM .llll 0 ... ..; < ... Ill 2 ..; <( u c. ..
7. 2-11 I
*

AUTO TEST _5:_ MAN. TEST PWR SUPPLY COMMON + 15 V DC TU5 PWR SUPPLY L N BYPASS MAN. SW S2 OFF UNLATCH PRESS SG-1 BYPASS 0 AUTO PRESS SG-2 0 0 ,-LATCH ---, I _J K22 + NORMAL TEST 1-f TEST 2 0 0 ----TEST SELECT ,--
r ------, 1 +15V, NO TRIP I I I OPEN, TRI p I I OPEN FOR SG 1 ALLOWED I I PRESSURE > I I I L -------_J L -SETPOINT ---_J TRIP UNIT 5 LOW PRESS, SG BISTABLE DEVICE IN AUX. LOGIC DRAWER FLORIDA POWER & LIGHT COMPANY ST. LUCIE PLANT UNIT 1 SCHEMATIC LOW STEAM GENERATOR PRESSURE TRIP BYPASS FIGURE 7.2-12 " .......
m _,, Cr-""r-2. 90 0 .... -* r-:;;o .... m---aG> !2 -:r.....-g -I ...,.() p to 0 0 """ 0 Q) \C ..., Q) 3 ("') 0 ..., (I) -0 ., s. (I) 0 ...... 0 ::J --i ..., "O en ;'.J N ' VJ -n c cD * * ---PRIMARY PRESSURE

T THERMAL THERMAL HER MA l C POWER LOW MARGIN TH " CALCULATION POWER MSAEC POWER

PRES s URE TR Ip .....-+ 2: ..-el+ UPPER b-LOWER DET. ( u ) I I DET. ( L) 41+ 2: --:-1-L + U 1 I GAIN ADJ -c -NUCLEAR POWER LIMIT PTRIP .--e AXIAL I LIMITS POWER DENSITY TRIP I AXIAL L-U J OFFSET 11----J-1--
6 0--------. __ MANU/\L RESET , .. t (REF: Fig 7. 2-10) HIGH POWER " TRIP SETPOINT HIGH POWER TRIP
.. (J.'.) z 0 u ! z .,.. :::> I() 0 At power operation with less than four (4) Reactor Coolant Pumps I + is not allowed by plant Technical Specifications, and the Flow Dependent Setpoint Selector Switch has been hardwired in the 4-Pump position. coo** zc. 0-1 FLORIDA POWER & LIGHT COMPANY ST. LUCIE PLAtoiT 1 LIT POWER CALCULATION FIGURE 7 .2-15
*

co z 0 0 I-1-w V) u.. u.. 0 >-
wU zz -LL ..... I I I I lz I -' I :::::> + e x:::::i 0 0.. 0 u 0 0 x_, <Cw __, __, + :J 0... >-N a::: 0 0.. 0 >-"' a::: 0 z >-z 0 >-0.. 0 u -, I I I I I I FLORIDA POWER & LIGHT COMPANY ST. LUCIE PLANT UNIT 1 LOCAL POWER DENSITY TRIP FIGURE 7.2-16
-0 tot '" d c: :;;o ,, ::sneo,...
........ ,...o rt It -:;;o ..... "" G> a .... ::i: )> g -* f't () p co )> "' -() '° '"O "' -t m "' -t -z G') "' -< "' -t m "'Tl ..., l.O I c ., CD " CHANNEL A SIGNAL fTRiPuNiT "A,-------1 1SETPOINT COMPAr!ATOR I I . r-I I I I TU RELAY! +<DOU3LE I COIL) &... ________ .__ ---* CHANNa B SIGNAL I I* Tnll' SRECT
AB MATRIX rJ MATRIX POWER SU?PLYa..., loll l FOWER SUPPLY MATRIX RELAY K>LO ! AB-I

120 Voe RELAY I I
[!j I , I j_1 il RPS LAY TEST (DOU3LE -HOLD [!j ' + PO'l/ER COIL) ORCX' SUPPLY OUT TRIP SELECT AO-I + MG-I MG-2 AB-18----------o""o 6 BUS TIE r-1 120 Vac ST I IUV ST I ---r i I ----J --IUV CECJt.1 POWER SUPA...Y POWER SUPPLY
* * +18 NEXT Kl.._ lfil_ ----TYP. MEAS. LOOP FLORIDA POWER & LIGHT CO. St. Lucia Plant Unit 1 TESTER t I ' -+15 UNIT I I ---1+ DVM f, OTHER POSITIONS S6 NOT RELATED (f 0 TO TE:TER 9 ? \TRIP PRETRIP1 "=' .... SET POINTS AUCT. No. 1 AUCT. No. 2 TO TRIP a PRETRIP BIS TABLES +8.4 TO TESTER Figure SCHEMATIC TRlP TEST SYSTEM 7. 2-18 i PATH NO I TOU*ll'
'::r----r**
-' ,._,
___ 1-:l I --1_. E i;:: c: r=,... r::__ -- .. ------,--------- I I ,-__ J i -R
l

---<>ewi
'L-&woTQ!llJ ... ll" TC8'ii=t:i\)*t Tl!(A}J**l ) "" (IOU00.1. Tll.IP P ... 1H NO Z '"'"' ,. .... a .. ..... , t ...,, cowourr U=IT*.l t'"'-*' t?2:: IllW.,..Jl-8 t"'"".-. 1:::: lt,.,,.,,,,_, .. I 0""4*J*** .. , ............ l I I I I I I I
. 1 I IJIO*TBll'
_..,,, , .. *:J --_:i.. I w"" '---, I " . .* "*""' I I : I -_J I *0*w*'O*" .....
_,,---: ____ 11!1(1\jl<O
.. ' l___ "'"" } " "'"'° ) "" """ **O'CM*ON _,; .. 1 l-". (<f,H <"<. J I I TRIP PATH >JO 3 FLORIDA " \ ...... c ... " .. r1 ...... r.__:J .... o ""'""" --*><i IC(BC)*-*r l<fao)3*1f ll:(AC)"!o*I t C"°"-J4"C.f e*.,......t* ..,__,,_,!
1 k{,o.O}l*fJ OWC.-.14-C I "" T8**tf '"" ""'-. " :L=g '"'"' * """ }-" .
...... } } "". ""' ' } '"""'"'" "'"' } ... '""' } ... , .. I TRlP PAl'll NO .... "' I I n,,.,,. I L__'.l ...... """""'T I . I .. ... :.:1 I .,.,:! I ::.1 I::{ I K(.\1.)4-tr I -*" ... I I "'"""r "'-1 I ::;:I I . u - -I lo* .. I I , . TB""'"' I !i------. } j Tlll():>>J*I T"C84T1llf>(Qol. I .. ,_, . I 'L*w><*M* }"" I ' , ' '""""" , .... j CW\."lll*ft. I J "*. uvc I :rtl(O}I** I I }"' * "" I . ! *'i:'c_.*w* .. ,_,. } .............. . !-*---1l------c.,.ll(oH-s- "1"<11 # TJl1,.<C>t1. I I I }"' * ,.,,'"" I Tat u. '"";:.'{"'"O'i 1..1Qwt I }"*. ""' I *,-({\w** .. ,. t*MH __ " } _ nou<ott. lme /u01.tmo. POWER & LiffiT co. I TRIP PATH CHANNEL INDEPENDENCE SCHEMATIC DIAGRAM St. Lucie Plant Fi9Jre 7.2-19 Unit 1
.... '""""""" ,.,,..,,,,. i---'°Olt'F,e l l'rlrL rYJn..&.r I I k,J SNir; _ L J !4L,_ 4r' .-....r;e NF"4rtl7VCT / 7'1/l'r.iP.AtML ,....A'A'!41.V /i:#IV 77!".tl" C,,,LCVl..Ar>>.E' rNfo"r "r ""/<<'.I"'?" srr_,r nt'r?wnr 1------: f I i'.¥Jnt <AH_,,....A A"l.A<l"'At e-#t.t.A ... r ,.. RI/':,, -r;:,:,rA,o-I I I l_ .,,,.,.,,,.,..,, ' I : I n> t"KAMIV.r<,. A I ----,AJM'P,81 I' I: l I I I L Jl'T<"IM >SI Amendment No. 19.(!0/02) FLORIDA LIGHT CO. St. i e Plant Urit l ------)'ote: <',4'1of'Nk.IZ3 p .MlJJl'r. ,...,,, s"""" ----I . I l IDr#nCAL TIJ

---I. I nJ (OW114 #-nn.J -NI-""') ---_,, TYP CAL PROTECTIVE CHANNEL INPUT INDEPENDENCE FUNCTIONAL DIAGRAM figure 7.2-20 _, >-< <: v ;:;3 0:: "" >-,_
*

CHOSEN &.OOP LOOP 1 U)()P2 NO. 1 LOW STEAM GENERATOR WATER LEVE VARIABLE OVER POWER ... " DEVIATION
{ \ PRE TIUP /\ ,:,.wP a. Al.ARM { > I\ r:.w a. AUlRM I \ /\ I \ MANUAL TRIP l--------------The Turbine Runback feature has been deleted. This item is maintained for historical purposes. Amendment No. 16, (1/98) FLORIDA POWER & LIGHT COMPANY ST. LUCE PLANT UNIT 1 REACTOR PROTECTIVE SYSTEM INTERFACE LOGIC DIAGRAM FIGURE 7.2-22
TABLE 7.3-1 ESFAS SENSOR PARAMETERS AND SET POINTS Sensor Location Tag Nos. Instrument Range(4) Normal Operating Conditions Sensor Accuracy(4) Pre-Trip Alarm Set Point Actuation Set Point Response Times Standard For Testing Response Times Pressurizer Pressure See Fig. 7.3 -24 PT-1102 A,B,C,D 2155-2315 psig - 1600 psia (SIAS) 32 sec - Note 1. Containment Pressure See Fig. 7.3 -25 PT-07-2 A,B,C,D 0 2.5 psig 5 psig (SIAS) 5 psig (CIS) 10 psig (CSAS) 0.5 sec. - Note 1. Steam Generator Pressure See Fig. 7.3 -25 PT-8013 A,B,C,D PT-8023 A,B,C,D 800-885 psig 585 psig (MSIS) 0.2 sec - Note 1. Containment Radiation El. 90 ft Sec Figures 1.2 -8 & 1.2-10 RE-26-3-2A RE-26-4-2B RE-26-5-2C RE-26-6-2D 5-100 mR/hr 3.0 R/h r 10 R/hr (CIS) 4 sec - Note 2. Refueling Water Tank Level See Fig. 7.4 -24 LT-07-2 A,B,C,D 33-3 7.5 ft. Note 3. - 4 ft (RAS) 0.5 sec Note 1. Steam Generator Low Level See Fig. 7.3-25 LT-9013 A,B,C,D LT-9023 A,B,C,D 64% 19%(AFAS) 25 msec Note 1. Notes: (1) For 63% of final value for step change. ISA Standards and Practices for Instrumentation, ISA-S-68. (2) For a 0-10R ramp input in 2 seconds from N This sensor is a GM tube. Its response time is insignificant compared to its associated integration circuit. The time constant for this circuit is periodically tested through a test switch in the control room. GM tube accuracy is determined according to ANS N42.3.
(3) Minimum tank level per Technical Specifications is 477,360 gallons, equivalent to 32.5 ft according to calculation PSL-1FJI-92-009. (4) Instrument ranges are selected in accordance with standard engineering practices. Instrument accuracies are selected such that existing instrument loop performance and safety analysis assumptions remain valid. Where applicable, instrument accuracies are also evaluated for their impact on setpoints in accordance with the FPL Setpoint Methodology.
UNIT 1 7.3-41 Amendment No. 27 (04/15)
Component Actuated on SIASTABLE 7.3-2 (Cont'd) ESFAS SafetyChannel(12) ReturnsTo NormalUpon ESF-ESFAS TestActionComponentABABAS ResetGroupCWDStartInhibitRCP 1A-2 Oil Lift Pump P-1A2-B XYes(9)0A 111Start InhibitCP 1B-2 Oil Lift Pump P-1B2-B XYes(9)0B 115StartReactor Aux Bldg. Main Supply FanHVS-4A XNo 1A 505StartReactor Aux. Bldg. Main Supply FanHVS-4B XNo 1B 506StartECCS Area Exhaust Fan HVE-9A XNo(14) 1A 503StartECCS Area Exhaust Fan HVE-9B XNo(14)1B 504OpenAir Supply Dampers to ECCS Pump Room AD-1, D-2 XN o(10)1A 465OpenAir Supply Dampers to ECCS Pump Room BD-3, D-4 XN o(10)1B 465CloseECCS Area Isolation Dampers D-8A, D-9A XNo(10)1A 465CloseECCS Area Isolation Dampers D-8B, D-9B XNo(10)1B 465CloseECCS Area Isolation Dampers D-7A, D-5A XNo(10)1A 466CloseECCS Area Isolation Dampers D-7B, D-5B XNo(10)1B 466CloseECCS Area Isolation Dampers D-11A, D-6A XNo(10)1A 467CloseECCS Area Isolation Dampers D-11B, D-6B XNo(10)1B 467CloseECCS Area Isolation Dampers D-12A XNo(10)1A 466CloseECCS Area Isolation Dampers D-12B XNo(10)1B 466StartContainment Fan Cooler HVS-1A XNo 8A 307StartContainment Fan Cooler HVS-1B XNo 8A 308StartContainment Fan Cooler HVS-1C XNo 8B 309StartContainment Fan Cooler HVS-1D XNo 8B 3107.3-46Amendment No. 20 (4/04) Components Actuated on SIASTABLE 7.3-2 (Cont'd) ESFAS SafetyChannel(12) Returns To Normal Upon ESFAS ESFAS TestActionComponentABABResetGroupCWDTripCEDM Cooling Fan HVE-21A XNo 2 507TripCEDM Cooling Fan HVE-21B XNo 2 508TripReactor Cavity Cooling Fan HVS-2AXNo 2 522TripReactor Cavity Cooling Fan HVS-2B XNo 2 523TripReactor Support Cooling Fan HVE-3AXNo 2 524TripReactor Support Cooling Fan HVE-3B XNo 2 525CloseRCP Cooling Water Supply Isolation ValveHCV-14-1 XNo (13)0A 212CloseRCP Cooling Water Supply Isolation ValveHCV-14-7 XNo (13)0B 212CloseRCP Cooling Water Supply isolation Valve HCV-14-2 XNo (13)0A 212CloseRCP Cooling Water Supply Isolation Valve HCV-14-6 XNo (13)0B 212CloseReactor Cavity Sump Pump Isolation ValveLCV-07-11A XNo5 A 5 7 6CloseReactor Cavity Sump Pump Isolation ValveLCV-07-11B XNo5B5 7 6TripPressurizer Htr Xfmr Fdr Bkr from 1A3X No 2943TripPressurizer Htr Xfmr Fdr Bkr from 1B3 X No 2944TripMCC 1A8 Non-Essential Load Breaker (15)XNo 2 1015TripMCC 1B8 Non-Essential Load Breaker (16)XNo 2 1016CloseCCW Heat Exchanger Inlet Strainer DebrisDischarge Valve HCV-21-7A XNo28 4 0CloseCCW Heat Exchanger Inlet Strainer DebrisDischarge Valve HCV-21-7B XNo28 4 31)Deleted2)Valve(s) may be closed following SIAS reset if pressurizer pressure close interlock satisfied. 3)On SIAS, all L.O. relay trips except overspeed and differential current are disconnected. L.O. relaytrips will be reinstated when bus tie breakers are reclosed and SIAS reset.4)Returns to auto control. 5)Requires operator action to return equipment to normal. 6)Deleted. 7)Returns valve to level controller (signal isolated). 8)SIAS reset returns valve to pre-SIAS position. 9)SIAS inhibits auto loading of RCP oil lift pumps on loss of DG power. Reset of SIAS will returnpumps to auto control.10)Dampers are actuated by HVE 9A and 9B and will not return to normal upon reset of SIAS.Operator has to stop fan HVE-9A, 9B in order to return dampers to normal position.11)See Table 7.3-5 for components actuated on CIS. 12)See Section 7.3.1.1.8. "Returns to Normal" means, for active components, a return to that statusthey were in prior to the ESFAS initiation.13)Valve(s) can be overridden open with SIAS present. 14)The starting of ECCS area exhaust fans HVE-9A & 9B is delayed ten (10) seconds following a SIASactuation. This delay was added via PC/M 04014 to provide degraded voltage protection.15)Tripping the Non-Essential Load breaker de-energizes the CCW Heat Exchanger inlet strainercontrol panel. This results in loss of air to HCV-21-7A (Fail Close). Reference Section 9.2.1.2.16)Tripping the Non-Essential Load breaker de-energizes the CCW Heat Exchanger inlet strainercontrol panel. This results in loss of air to HCV-21-7B (Fail Close). Reference Section 9.2.1.2.17)The closing of MV-09-1 and MV-09-2 is delayed 30-seconds following a SIAS actuation. This delaywas added via PC/M to provide degraded voltage protection.7.3-47 Amendment No. 21 (12/05)
TABLE 7.3-7 (Continued) Number of Components Component Identification Function Failure Mode Effects on ESFAS Logic Detection Failure Mechanism Remarks 4 Pressurizer Pressure SIAS Trip Bistable A,B,C,D Converts analog signal
to digital on-off One fails off Makes both channel logics 1-out-of-3 Bistable indicator low
reading Open circuit, dc supply
failures A,B 4 Containment Pressure
SIAS Trip Bistable, A,B,C,D Channel trip alarm auto test
alarm Physical damage 4 Containment Pressure CIS Trip Bistable A,B,C.D One fails on Makes both channel logics 2-out-of-3 Manual and automatic test Electronic circuit failure A,B 4 Containment Pressure
CSAS Trip Bistable A,B,C,D Automatic test alarm 4 Refueling Tank Level
RIS Trip Bistable A,B,C,D Bistable removed Makes both channel logics 2-out-of-3 Alarm when cabinet door
opened A,B 4 Steam Generator 1 A Pressure MSIS Trip Bistable A,B,C,D Automatic test alarm 4 Steam Generator 1 B Pressure MSIS Trip Bistable A,B,C,D Module removed alarm 64 Isolation Module
for Trip Bistables Provides optical
separation between
logic channel inputs One fails off One fails off
Module removed Makes one channel logic 1-out-of-3 Makes one channel logic 2-out-of-3 Makes one channel logic 1-out-of-3. Manual and automatic test, auto test alarm Automatic and manual test Alarm when cabinet door opened Module removed alarm; automatic test alarm Open circuit Bad photo transistor Physical damage Electronic circuits shorted A Immediate detection with automatic tester A,B 7.3-63 Amendment No. 17 (10/99)
TABLE 7.3-7 (Continued) Number of Components Component Identification Function Failure Mode Effects on
ESFAS Logic Detection Failure Mechanism Remarks 2-out-of-4 Matrix and Deenergizes out-One fails off Deenergizes output ESFAS channel Open circuit A,B Actuation Module put relays when relays and starts actuation alarm 2-out-of-4 in-components listed dc supply failure 2 SIAS A,B Test Group 0 puts satisfied in Tables 7.3-2, 7.3-5, 7.3-6 asso-Physical damage 2 SIAS A,B Test Group 1 ciated with failed test group Electronic circuit 2 SIAS A,B Test Group 2 shorted 2 SIAS A,B Test Group 3 One fails on Prevent auto start Manual and A of components automatic test Immediate 2 SIAS A,B Test Group 4 listed in Tables detection 7.3-2, 7.3-5 Auto test alarm with auto 2 SIAS A,B Test Group 5 associated with tester failed test group 2 SIAS A,B Test Group 6 2 SIAS A,B Test Group 7 2 SIAS A,B Test Group 8 2 SIAS A,B Test Group 9 Module removed Deenergizes output Alarm when cabinet A,B relays and starts door opened 2 CIS A,B Test Group 0 components listed
in Tables 7.3-2, 2 CIS A,B Test Group 1 7.3-5, 7.3-6 asso-ciated with failed 2 CIS A,B Test Group 2 test group 2 CIS A,B Test Group 3 2 CIS A,B Test Group 4 2 CIS A,B Test Group 5 2 CIS A,B Test Group 6 2 CIS A,B Test Group 7 2 MSIS A,B Test Group 0 2 MSIS A,B Test Group 7.3-65 TABLE 7.3-7 (Continued) Number of Components Component Identification Function Failure Mode Effects on
ESFAS Logic Detection Failure Mechanism Remarks Pushbutton "think" Permits manual One fails Blocks ESFAS Manual test Wear, corrosion, A,C actuation of open channel manual mechanical damage 2 SIAS A,B ESFAS actuation Pushbutton and control switch 2 CIS A,B actuated alarm 2 RAS A,B 2 CSAS A,B One fails None Pushbutton and Wear, Corrosion A,B closed control switch mechanical damage 2 MSIS A,B actuated alarm Control switch Manual actuation One fails Blocks ESFAS Manual test Wear, corrosion A,C of ESFAS channel open channel manual mechanical damage 2 CS A,B actuation Pushbutton and control switch 2 CIS A,B actuated alarm 2 RAS A,B 2 CSAS A,B One fails None Pushbutton and Wear, corrosion, A,B 2 MSIS A,B closed control switch mechanical damage actuated alarm Output relays Deenergize to One relay coil Starts components Component running Heat effects, A,C start components fails open or assigned to this lights on control physical damage, 36 SIAS A,B listed in Tables shorted relay board on corrosion, wear 7.3-2, 7.3-5, 4 CIS A,B 7.3-6 4 MSIS A,B One relay's contacts fail to open One relay's Prevents automatic Manual test Heat effects, A,B contacts fail start of compo-physical damage, in actuating nents assigned to corrosion, wear position this relay Output relays Energize to start One relay coil Prevents auto Manual test components listed fails open to start of compo-6 CSAS A,B in Tables 7.3-3 shorted nents assigned to 7.3-4 this relay A 10 RAS A,B One relay's Prevents auto Heat effects, contacts fail start of compo-physical damage, to actuate nents assigned to corrosion, wear this relay One relay's Starts components Component running Heat effects, A,C contacts fail assigned to this lights on control physical damage, in actuated relay board on corrosion, wear position 7.3-66 TABLE 7.3-8 ESF SIGNAL INTERCONNECTIONS FOR 1AB SHARED SYSTEM EQUIPMENT CONTROL FAILURE MODE ANALYSIS Component Function Failure Mode Effects on ESF System Detection Failure Mechanism Remarks AB Equipment Centralized AB Control AB Equipment Circuit Open Circuits Immediate Control Board Control of Power Control Lost Monitoring Or Cables Detection AB Equipment Failure Alarms, Power Supply Indicating Failure ESF A and B Lights Not Effected Control AB Equipment Imposed High Possible Power High Control Lost Voltage on AB Immediate Voltage or Including Circuit Detection Fire Relay Contact Relay Coils, Failure in Shorted Wires ESF A & B System Relay Boxes Not Effected AB1 & AB2 ESF Logic Centralized Control Failure or Various Power Supply Immediate Cabinet SA ESF A & B Power ESF A & B Alarms Failure Detection Initiation Failure Initiation, Electronic or Spurious Components ESF B System Initiation Shorted Not Effected Fire Shorted Wires ESF Logic Centralized Control Failure of Various Power Supply Immediate Cabinet SB ESF B & AB Power ESF B & AB Alarms Failure Detection Initiation Failure Initiation Electronic or Spurious Components ESF A System Initiation Shorted Not Effected Fire Shorted Wires 7.3-67 TABLE 7.3-8 (Cont'd) Component Function Failure Mode Effects on ESF System Detection Failure Mechanism Remarks Box AB1 Provides Fire Failure of Various Shorted Wires Immediate Located in Separation ESF AB Alarms Faulty Relays Detection ESF Cabinet Between Initiation SA A & AB ESF A & B System
Not Effected Box AB2 Provides Failure of Immediate Located in Separation ESF AB Detection ESF Cabinet Between Initiation SB B & AB ESF A & B System Not Effected 7.3-68
Amendment No. 15 (1/97) Amendment No. 15 (1/97) Amendment No. 15 (1/97) .)
1t * -II--TO l!UIOTf. INDIC.*TOQ Pli:.ESSURIZER PeESSUlft£ CH.A.l<Ml!LS Slut1A.L 1-SvllC ll.

I* S'I DC. TO lEMOT£ 1NOICATOI I* Sii DC TO lEJ.l:TOI!
1'f1P COWTAlNMEl.IT Pfil'E5SUllE ME.4SUlEMEt.IT CIUMIJl!LS W-4 l"IL 14.6. \CwD 37l) M& (C."P MC (C"'O l>4) su.s oo.i..i.ia. " TO C5A.S.OIA. I 'IUC( .. 1>1'S) 14C(<w111.jS) hlDl'"'J) S1S} I . ..A.._ I I a TO cs.+.s CM .. ro 1 f I ., k.-1110-14' ( Sii.. &'770-145 .t.CTVJ.T f:D lllh10T£ +k'ICrUAJIDS l..O<orl(. L.ll Qi ll l*U> LG -LOW 11 * \IQ. OP' lVt.loiTS l.O*LO
1..0W*L.O'W UU>ILnll !Ml -Wlfttl A._

li.Altl'1 COM"1ACTS CLOSE 'liO' TO INITlATti-0

WT4TV'ft Ll ..... T:S (Ul) ( 4UU.) -NOT Ji'D -e l>>.$C:O owe;. 1770 !}Z7 .. (U 1WO*C.*TEC>)
M4 I 10 CIS CH A .. J
SK-8770-145 SH J (F JG. 7.3-141 !:t2.!.ll*
I
IU.WU"-L lliirMJLI.$
Lall -£.><TUlY i*rTC:'4 CO'<TACT
z. ll.l$ c.ui M aLOCitU> 1'14io<IJ
.. LLY TO PIOV1J)! S><UTJ>OoCM OlPUSJivllf1.A.Tl011. lol.OCJL ti UHO'<tl) .t. U> l"W.USUlllUll P<<.f.SSutt.
l. tit. Wl'Pl.lli Foa IU. 4. >IC ' WD. SM a fO CIS CH B SK-8770-145 SH 3 (FIG. 7.3-141 * * $1Grl.IAL FAIL\llt!
TO MUSIJl..E"llWT C._.\.IJ>Cf:L Sk4LL. T1!.1P MUSVlttMl!IJT
t.*ST..aLf. ) -IUW0/11**
.. OWf. MlA$UitEwew-c: CHA""'"L ll04l 1'1.'-iN* Tll<.u<C:I LOG IC. K <:Dol\IRT-al) Tl) t OUT e# J Ttll' "10Pf. Am. 1-7 /83 FLORIDA POWER & LIGHT COMPANY St. Lucie Plant $1AS LOGIC DIAGRAM FIGURE 7.3-4
Amendment No. 15 (1/97)
Amendment No. 15 (1/97)
Amendment No. 15 (1/97)
Amendment No. 15 (1/97) Amendment No. 16, (1/98)SCHEMATIC DIAGRAM HP INJECTION PUMP 1C Amendment No. 15 (1/97) Amendment No. 15 (1/97) Amendment No. 15 (1/97) ' * *
It* TO 111.IHOTE IW'DICATOll ltEFUE.LIWG WATEfl"TANk LEVEL MfASUR.f:Ml:NT CMl.MMElS SIGNl.L 4*10 MA l Ml>(CWI> 1,(,) .-L-,
'T!ST &1GNAL -.:_* r-SIG-NAL aio".n. f-SICiiNAL.
.. ,.. .. lSOLATIGH DEVICE 2./'4 LOGIC a.t.t. otANNlL " It.AS c.H f> O\L Tlli\TIOM ftLA'tS 'I I l(omt,llEI>
10 j llA.S .. ll.L Jj, @-CONT,6,.IWt\EITT PIU\:SSUSlE t'\U$UREMl:NT r:tOM IHI FROl'I Sli I N.011 SH I S:ROM SIA I r:ro11 SH I M.t.. MB MC Mt:> TEST SIGN"-L SIGNAL rTEST hT!ST SIC:.NlL "t: LOGIC SIAS Fl.OM SH I .. TION tfl.AYS t.HAHNl.I..
l. l _J c L 2/4 LOGrlC SUS FllOM ftH I cs;.s c" e. llCTllATIOW ltllU.YS CSAS CIUNNH. r. 1 .......__(ENEltG,IZIE\)
lO AC.TVAT!)Pfl! _ __J FAILURE OF aATTl!!RY IA SHALL &LOCK ACTUATION Ol'I llSTA&LES A ANO C: _fl.ILUl.E OF 8ATTUY IA SHAU. f,LDCk AC1"0ATION OF llSTA,L.iS A Al<tl) C Rll..\JlE OF IATTER'I' II SM*L.L. 8LOCIC AeTUATIOW 01' llSTA&LU & At.ID l) FAILURE. OF BATTERY 1& SffALL P.LOCIC. ACTUATION OF llSU6L!5 8 4NP D ---------*-"*--------..: 8770-145 SH. 2 FLORIDA POWER & LIGHT COMPANY St. Lucie Plant RAS AND CSo.5 LOGIC DIAGRAM FIGURE 7 .3-11 Amendment No. 15 (1/97) Amendment No. 15 (1/97)
* * * -TO RE.MOT! IN!)IC.ATOR.
RADIATION MONITORING MEASURl!MEHT C.HANNE I.$ SIGNAi. 4 *ZO MA I -*1 MA (C.Wf) 451)
r--* TO SIAS CHA SK-8170-145 SH 1 (FIG. 7.3*4) M e.cc.wo 4;1) r MC(C.Wp 457)

r**---, MD(CWI> 457)

r---i t_l_"...._L TEST
_:.,_:_ f-SIC.NA.I. "A* 2/4 LOC#IC. c.ts AC.TU AT ION I I ClS (.HANNEI.. b.. RELAYS I J L{DE *fNEltC..llEO TO M:.TUt..TE) PU LIST 2(4 CONTAINMENT MEA!>Uif:l'IENT CMA.NNE\..S FROM SH I l FROM SH I FROM SM I SH I f=F!OM MA MB MC MD .Sl{OWAL LOr;1C AUTO TEST CHE.CK. ASNORMAL CA.81"4ET OPEN HOPVLE ClS CH 8 AC.TUt..TIOt-1 TEST ;1GNAI. CIS ACTUATION RELA8S j TEST SIG-toU.L. TO SIAS CH 8 SK-8770-145 SH 1 (FIG. 7.3-41 C"tS CMA.t.INEL a TO ACTU4TE) PU. LIST SK-8770145 SH. 3 FLORIDA POWER & LIGHT COMPANY St. Lucie Plant CIS LOGIC DIAGRAM FIGURE 7.3-14 Amendment No. 15 (1/97) Amendment No. 15 (1/97) Amendment No. 15 (1/97) Amendment No. 15 (1/97)
taj H H H 11> i -.I C1 1111 § i i g i5 rt .... 0 ....... IO IO .... I * * -* TO tfHQ"l t INOICl.TOR nu .... C.llfflATOll , ... fltESSURe t1USUl!t!NtNT 4 *lO t'IJ. MAl<woU1)
M.g(,wllHI) .. Ojll) H_P((woJla) .. ,----.., Tt.ST aTe .... 1 llOt..A.TION CM A. SW OM* ...... .__ _ _, 11110*11\lr
Otl<HA l.CTUUI TO CLOSI 5TUt1 ISO(.A.TIOll VAL\/' A r----1 HST .---, TtST 1£MOT£ CM 1. )TEAM <iENEllA.TOR PtlSSUllE HE ... SUIU!t1f>{T CIU.MWf:LS 4*ZO "'"" I KA.(t<N#O t-llS(<w*D
)19) )l') MluO(c:0\1') r---, .---, r-' ,-----., ' TEST IJ\ TE!>T TEST Tl!ST --zsaJ-S*GNA.L I.JOA SIGt.j.A.t.. Hor. SIG-HAL l 1B I I _J '-\?----**-*-i ©-i MllHHt "'"""'tt TO CLO'>f. STElH ISOL.\ltO .. 114.LVE ll ULA.lS I i.-at.OO. sw R£1101f. CM I (Oi*i1tlRC,tllQ 10 l[.TUAll) Ol't'IG£ It-------(U*htl4tl1D TO Mll!ATE) r.n 00 --.! --.! Q I -th r.n = .. CLOSE CH. B MSIV, MFIV & MFW PUMP DISCHARGE VALVE Diii.CE ,,_.------+_J e CLOSE CH. A MSIV, MFIV & MFW PUMP DISCHARGE VALVE
u w w :E j:::

l 10 'l¥ ! I ' ' J'X--l I tit * '*l*j* ti* *1\iH *1 Ii Ill I 11 *: il*i I ,, 1: 'I I I I Iii.I: ,i:,1:1 1.1*1:t: 1:1!fl"tJ:
I I I llLli!1*1:i!}::l:1i1:: ! : I ' ' ' I I' 1 11'*1
I r:* i' I , .. Ii I :11*1: i 11 I'1 '1 1'":1:":1I"II1**
1*1*1 *1:1 * ., . " 1*:1 :*.1:" I' *.1' ,:: ' .j ' ' ; ; : '/ 11 1' j, :;;. ,:: 11: .. ::: ' : ' : ' 111: .!:: 1;.: .. l ;1:: 1 1 :ti ,.. . . , ,
ii f 1 , 1. *.i* *1* , !* .i ... , ! , 1 . , : i *t*. 111. **' *ti1ifrf P1 I! "i..:. Iii 111 1 '.1!' :: :;, .'ti: i ii +fSIASHIGHCONTAINMENT f !Ji: 11 1:::: q1: ::j: *: i 1:*. __ \; l t.
SPSIG1 I l 'j1l""1*11*
1 *1'} I'!' ... , .... ,1, .
jl'"" 1* . l j I * : '1 1 "" ,. ' 'I '"'I 11' I ll 1 ".' i I f I "I' ' I' l I 1 " ' I 1,. .j, 1 '" t j, j,,,. j l 'f* ... t *I! *t* I 10 211111111: 1 1*,,: 1 * \,11u11*:ll* ... 11\I-i/1 ..... lif. *. I l I! *It*** ,,, t *! ..** ,. 1 It* '!I *1** I ! I If>> '!I .. , ........ 1, tl1* !**If 11* *t'* "' I'. 1111 ... ,..... l 'It!..' *Iii I""" l:l"*i* j .. I I' 'HI 1111 """ ,. tll!Hl:H*:*I ,,,,. I 11 ltlil*I flfitil::*l::t'!"I
I 11 i I! i: li; J,'I:: T : I i I ! 111 :LI : i i i l1 I:; ::l:;d ii' Ii!: I >I :I i 1:111 111 i I! il: Ii:::! : I: i:: I::: !. rn1--111T:1:;1
..** ,,.,,:I: I :1 'I i 111* I! :::1:: 1:1!1*1:1:11:1:i:l1' 111!I1'11r*l11il:111:1*11:' 1 1iii 1 li':.1*1: . f 'lj. ,. , 1 , * , , f , * *. t f 1 tl*a.** '"* t ** .,,. /,,. I , * -I i1* !I* ** ***I ,J;o *** 111'!1 1 1*1'11:.n:.i:: I; 1; 11 1.l I ll!!!lf 1 T1* l!J 1iii 1 ITI ;!:I 1 1-1* 111!l:Ltt 1. !IJ!ll!J::1.1*;:11i 1 1* :11*1::1:*1: If l I *** ' 't 1 * .* , **. ' I I ii t ' 1 ** 1!;;1:1'.. ,, .. , .. **I* 1 l I -t+t t . ,j* ti 1 I ***. ' I 1 l 1 l 1 l.l1! 11 1 !'l':lj: :::*ljlill !II ii:;: l . : ' ' I t t j 10 1 ' llllllllliA ll:ir:l l!d ! I! Ill!! i: :lllTllr!Hliim IITTm!HTTl I !lTTl l'N.l ll!!liii'l'i:k !l;1 11 , lli!11 1::: I I! iiji :i:1 1 1.:.i11* I j I II :1 !*l* l ! 11* !' 1' 1*1: 1 1'ilii::1 iii :1 !iii ;:111 ! l i I :11 : l 1' l iJ I 'll!Jljiiij i:: 'I::, iff 'u I: Ill' 1*!1 it" ! l .. ,l ! ....... , ,, '.,, j *
t !Id .... t I i I! 1 11' ll:l!.:;*1::
1: iiil::;:1H.:!1 1 Jll 1.lll 1lI1' l!1.l'l'li1'i!ll::11i 1'.il i'.:1:!:1 1 111i1:1 ! !j ! : .... 1 tt, "1* ... '"!'I" .. r , . 11 1 * '".i *' ., ..... 1 , 1 . 11 111 .N. ..... illlllillttY i::VfI 'l!lil 11 I 111 i1i:ilnin ..... 11 .. ,:1!1:11:. .. 1 .. 111 !;;;"ff""'
.;r*1,r*1..
I' . l
1 .,ffi.*m=1=1 * ., *. , .... I. '" ' 1' ' "" I ' t t I , .. "* ' * ' ' "' ' . l . ' 'I.. . ... ' I tt ';:* .,, . ' ,' *::* .;:* t , ,1;'. ;,; '., .:'.: , *;:* ' ; * : ; ; ! l! '.:. , .._ ' ***. * " ; .... '* )*'* .. " ! ! I qi. ... ! ; .. : .: ...... : .: : .. ' I I t l 'i'i i'li .: 1*:. :: i : : ' I :i:: *::Ii I 1 I * ; : '.: : l : : ' ; ' : ; I I 1 I I j I ii ! t! 11 ! I i !: i ; ; : : I' LI I -f 1 l I! i "1 " 0.1 l.0 10 BREAK AREA (FT2) ---T T 1 I I II 2 3 6 12 ?4 42 EQUIVALENT PIPE DIAMETER (INCHES) (SINGLE. ENDED RUPTURE)

FLORIDA POWER & LIGHT COMPANY St. Lucie Plant TIME TO SIAS ACTUATION VS. LOCA BREAK SIZE FIGURE 7 .3-21

a w e w ::£ t=:

I'-10 3 f rsmJ .J
[J=tfi=t+-itUJ
'I
-. -H ' -I. 11 I I 11 I I -+--1--+-+-+-++H Ii' I,! t----r--+--+-t-I I I . I I . I ' ; I : I . -- HIGH COtH AIMMEHT
1 PRESSURE SET POINT 10 PSIG : i i-1 Hi : ... , .. *-+--
H-1-l 102 I i * 't ! ; :!l ! i 11: .. I ;! , I I " ! j t. 1 ll!l! il1ll It! *1 * :1 i Ii \ * .. ,.,.,, ... 1 I! f ijltl i"1" 1*1 "1'. 1'.'l!i:i!i'i:l:iL .l\.i ; : Ii l i; ! 1 1 1'1""1""1 1' , I f ; : ; '. ;:: -i If t ! *1 rH 'j 1:1!. l Ii I: I :1 ! 11 f '.i I; iii::: t ' ' .... f .t. -** ....... . ! I I I; I :J _;:j1*1*' I' 1 1. ; *1:::1*.:*1:
,I;

I ' I' ; **I i.1*l* .,. + j* ...... "'. I . ' **'-1 ' ..; '* .*. , .* ,, ... , i :i If>: I-: i ! l l J'.._l_l JUX.I L I ; t' r11:1: -:: ;,; i;; ,, il.1:1).l*lj':.:1 1.:::1 !.:1:!: * *
J .. ; ..... 1 11* 11 1"1 1*1*11 ' . -... 111' -:* .** '.t1 f** ! ** ***lf:,.f*'l*ltl*tl*
I l!l*l*l'l':'tl**"I* p:,.fi;ril1H l:l!ITl!*iillt1'l:'\;f*:*l**1*
* *ttil 1 .. 1 .. 1111;1: 1 1*111*1:1:1t11i11;r:;rr::m;1v1r111i1:i11t1HfTIIL:*l\.I t1i1*1**1* .. 11 l u I i Ii L Jid I i ii I' IL l'I i I 1:1 i : ! :I : ; i l i: I:: Jiirn ! ! 11 : I : 1:1 :! i l i : I l : i !!' H :\, r ;;: I* . 'II :;i I:: p I 11!'1 Vl' I 1I1']iT;TTT!Fl'ji'1I:lFJ
1*:*.1*I'l:lilI!
11 I;, ;:1 1 1:1 ::1 ... . 1 *.... , .... 1. I, ..... I 11'1 >I ::1.:,1, .. .... .. . . * ... * * * ,.,. *'1* ... ::'l\,, * : : ;t:' 1 '"ll'l 1'l'"l!'l 1 l'l'l!!'l'l 1., 1 l"lI *1 .. 1*1*1*1*1*11***1** .. , .. , .... , ... J\." *" I* t .,... .... ' I . ' ..... ,. . .. ' . ' I. ***1 .. ,, "' .... I'" ...... :, If,, 1 11! '.!t . ; ! '. 1.
l ,t:t 1:;: :. ,:.: .::* ** i : : : *:, 1 ::1: :::: ::: .::. 1 *1: itr+P'::
i;fllll i:; *'i+ffitt'I '"l:f't +* H+l*tf--Hi'j , ... :; *H* : I: i**1** 1* ;,,;: : ;: ' °T:J:; *; ::; c: --:-::: ... . :::: ::: :: <: t-:-t+ : ... :: '.'.'..' '. ' : : : l '.:' :t:. :'.!' :*:* .:'. :;: .. '. : : : : : .:;: :::: :: *: .. -: --t:-*1**.**1.. ... *.
1 I I""'. f;!I I:.: .. :: : : :::: . : .. 1"1
.:: -: ; iiii1j .
I I : *

t I / 1 t 1 * : Ii ; fr O. l 1.0 BREAK AREA (FT2) EQUIVALENT PIPE t>IAMl:TER (IMCHES) (SIMGLE-EMDED RIJPll.IRE) 10

FLORIDA POWER & LIGHT COMPANY St. Lucie Plant TIME TO CSAS ACTUATION VS. LOCA BREAK SIZE FIGURE 7.3*22

G ... ... 2 .............,,r::r::r=++Ffffi:=+=H=Ftttt+++=itJ:tJ=ff f 11111 "'-J I I I I* I i i II . J

I I I I I I I I I I , I' I' I 1 1 1 1 1 11111 1 HIGH PRESSURE SETPOINT SPSIC jl: 0 Cl)
Rf<D)A SETP?IHT 10 R 'liR I lj ililild if iii;:, ,*, l-1,: *I: I; l'l I
llflil l llil::L: I I> I; T 102 .J>:I!'.*
I: l j; I I Llli+;_µf+l-ttten1 I : r i!t: ),' '.I; .... * "*1 .. 1 ;; i: ; j ,,.,,,.,"'"'"I
II: *l1i'l**l1
... , Ii*
'l**tl* I' ..
I. ' ' , ., ... 11* "t " .. , , . 1". t ', .. I*, .,' \I , It It*' li \..*11' l ll i I llttt!l',1 1111 l I lllHHl!'i: illilillk 1rnrn1111111w: !' i:* t'.;i *. t1;; '1: : ., ,,. I .. , II : I ! 1
1 ! : I 1 I : : 1 * :

1: i' l l II 1 I

1 : I : I; 1

1 i ; ! ' I i . 1 l : I: . *1 1 : ! : I L!Ji Ii,: 111 j l 1 j ::ll :::; l:i'li! 1:* 1111\. i ! ! 'l-fli lit:,'. ... jj;i'";'.
I 10 1 1 1 t I

; [Iii II ,I I 111 1 l!il .1 .. 1 ***f"I . tftj dl* *
II::* I* I! I*!* 111: 11: ii *1* ,. .I jll** *t'*l"*l"I I d1tl1;;1 1 .. 1 11 ': *1'":.i 'I'!: **lf:J*J 1 I\ ::.*1 'iliU;!:ili!
1 l<!:l:lll ! llil ! t !il!ii:lii!:l!Wll!rV: I* I il1l l;I i 'I :11\.I :: 'l** 1* 1 r 1 ..i:l :-: . !... i:i.11: iii 11 , I : i I I I 1 1 fT!TJ;:li
I i ' 1
1

111 ; I 1 I: I '1 j l 1 I 1 l:' . ! 'I I :1i'l1:1 ;, 111: ' ' ! ! ; I t
,, : .I .. I I If :! .. ' . . -. i' il!*J*, I* I: llitft : : i: l!i! : 1: * .. ' t I. 1 'I l 4 !> tt '1 HI 2 J 4 2 _. 8 9 10 .01 0.1 1.0 10 BREAK AREA (fT2) r------i 2 3 6 12 24 42 EQUIV ALEHT PIPE DIAMETER (INCHES) (SIMGLE-EHDED RUPTURE) *
Note: For CIS actuation on SIAS time see Fig. 7.3-21 FLORIDA POWER & LIGHT COMPANY St. Lucie Plant TIME TO CIS ACTUATION VS. LOCA SREAK SIZE FIGURE 7.J.23
Amendment No. 15 (1/97)
A.l..)TC Tl:.*;:, ..... .
-!'.. nilQM L\1--li...."'-* .AMFl.IFIE R -----,. +Z4 L;;J.
t .* i;._,p _ _:_---* tt:iC:ct.;,;,,1Jc.r Pc:io::1oc p ( ___,. ./\l\r --... ---t i

_: . -. -2.4 . ---*11*-r
- IOeK '> -t>i---1 f , b.,;, I 't . ..,-] I I *.,_ **-----** . -'\/Vv---* ---------*---------
.....,.. 10 f"*'::-1.:l..F-..F
('y....,*t;- ... _ QC., II H.ol \, C'(. /. 4 rAA1. < ,,, J-c;----r p ,,-c *. ,,...,. r -tZ4 *:;;r;,/.'.,- F._1 P /777 -*../\.,'\.'\,- ", ? I -Q,_)Qi li?e T Py\...c;.£, -*z4 FLORIDA POWER & LIGHT COMPANY St. Lucie Plant ESFAS AUTOMATIC TEST CIRCUIT FIGURE 7.J.27 . ---_...__
SIA..S-TRIP TRIP 0 / '
MEASJREMENT CHANNEL MA MANUAL

CHANNELS MS, MC MD ARE lDENTICAL TO CHANNEL MA 6 fROM CHANNEL M3, MC & MD B!S'ABLE MODULES 0 .\NNUNCIATOR
______________ J r LOGIC CHANNEL -s' I I I --1 }@ SIAS LOGIC I { CH A I /':,, 2 A CONTD ON I FIG 7.J-*J I f-------::::---7ociC" OONNEL 581 . __ ,}0 SIAS LOGIC 28 SAME AS CH A AMENDMENT NO. 10 t7/91) FLORIDA POWER & LIGHT COMPANY ST. LUCIE PLANT UNIT 1 PRESSURIZER PRESSURE & CONTAINMENT PRESSURE ESFAS MEASUREMENT CHANNELS F!GURE 7.3-4-0
* * ,-1 CH-A I I I I CONTAINMENT RAOIA. TION 12*V AC SUPPLY I MEASUREMENT CHANNEc

120V AC SUPPLY CH*A mV/'& CONVERTER R*9A 2SO 0 +/-0.01 "9 R-10A 2so n :!:0.01*.
L __ :_ __ --..., CHANNEL PRE*TRIP OR FAILURE ALARM * -MEASURE!>' ENT CHANNELS MB, MC & MO ARE IDENTICAL TO CHANNEL MA. t1 -Ff.OM CHANNEL NB, MC &'\Mo etsr ASL E MODULES 0-ANNUNCIATOR I I I I I I I I I I I I CONTAINMENT PRESSURE CONT*D. FRO.:;) '" ( < I L_ OC SUPPL" ---, ------ I I BISTABLE I I MODULE M.1 A I CIS TRI p ISOl..A TION I a TRIP MODULE 11 I I A=A LIGHT .. /::,. { I -----1 MlNUAL TEST 1 .. PUT AUTOMATIC TEST INPUT DC iUPPLY A ltSTABLE MODULE LOCIC CH*NMEL 58
I { ;}8 CIS . 1 ,6. ----J LOGIC ----4 SAME AS CH.A I I ----7oG;-;;.A:;:
-1 I I { CIS*TRIP 'SOLATIOH I }e a TR IP
{ 7 A .. 0 LIGHT 1,6. 4 -F J MANUAL TEST INPUT AUTOMATIC TEST INPUT DC SUPPLY A BISTABLE MODULE TRIP 'SOLATION MODULE I r-----. -LOGIC CHANNEL SB I 2 CISLOGIC 1,6.{:_-:=_ -==--==--.:.; SAME AS CH.A 0 >-"'(TRIP { CSAS*TRIP TRIP LIGHl ... CHANCE ISOLATION MODUlE A I I L _ ----;;:;;.;-;:: 1 I I
l.6.{ ===:. '}e 2 CSAS "OCIC 3 CONTD. OH I FIG. 7.J*AJ UNUAL TEST INPUT AtJTOMA TtC TEST INPUT
---1 I H--

-----{ CSASCOC*C I L___j jt:,.1 ===: :) ;*/ W<EAS CH.A I I ISOLATION MODULE A _L ______ J __ FLORIDA POWER & L!GHT COMPANY ST. LUCIE PLANT JNIT 1 CONTAIN"ENT
& PRESSURE ESFAS MCASUPP 1 fNT \'-'ANNELS FIGURE 7.3-41
* * ,-----------------------------------=-su:;-------r-----::1c-::::;1 I I I I I I LT-01.01" oc iwv 2 sofl MODULE I I TRAMS.. AC +ool"'e R-11A I MITTER Stlf>PLY fl -. RAS TRIP ISOLATION
osoo1* Q TRIP WANG" MODULE l-+-------1
}e RAS I I L...--------------- .... . . LIGHT . A I 6.{ ; lOA D. OH I I R* l 2 A MANUAL .t FIG. 7.3*5.C REFIJELING TEST I INPUT j----------------; WATER TANK ISOLATION LOGIC CHANNEL SB I I LEVEL ,..... _ _,, ___ ....., MODULE l I AUTOMATIC 8 I A { }sos . I L.:::,. SAME AS TEST 4 CHAH"'fL A I INPUT I STEAM GENERATOR f 8 (TYPICAL) I I I I 110V AC llOV AC DC SUPPLY 'I _J SUPPL' SUPPL< I 1PT*8023A,) A 1------- I Pl-80131io.. BISTABLE I PT-801JA DC '(P 1*80'2.31l.) R.JAA MODULE TRIP I TRANS. PowcR s--uM GEN. . ,,., I MITTER SUPt' *' --2H (TYP"' MSiS* ISOLATION I ' 0 TRIP LOGIC CHANGE MODULE 1-..L..------1 }e I STEAM CEHEf!ATOR.. . LIGHT A I { 2 MSIS I '"' RL ..
6. llA LOGOC: I PRE SSL RE INPUT I c ONT D. ON FIG. 1.J .. J '1 sd.l AUTOMATIC I I TEST I I I DC SUPPLY I ,. I 81ST:8LE I 1* .. ODULE I MSIS TRIP I BLOCK ISOLATION LOGIC CHANGE MODULE
}e MSIS I a TRIP A I 2 I LIGHT A{ 1 lA BLOCK LOGIC L.:. ----4 CONi'O. ON I I I FIG. 7.J*d MANUAL I TEST INfU1 I I L_

_ --___ ---------------

________ j_ ____ _____ j
MfASUREMENT CHANNELS MB, MC & MO ARE IDENTICAL TO CHANNEL MA. STEAM GENERATOR 18 fNHRUMENTATtOJJ IS IDENTICAt..
TO STEAM GENERATOR 2A. -FROM CHANNEL MB, MC & MD BISTABLE NOOULES -ANNUNC! A roR FLORIDA POWER & LIGHT COMPANY ST. LUCIE PLANT UNIT 1 REFUELING WATER TANK & STEAM GEN* F.RATOP ESFAS l.IEASt (HANNFLS FIGURE 7:3-42
*

_I ESFS LOGIC CHANl<E* -------r Ho ---,

MSIS &LOC<< --------COil. .--l ' . I PERMISSIVE OFF DN I D co .. PONE*T l' __
I I r-:1';* +/- =r I *cTuAToR "* 11 r I I A c R I I TAllLfS 7J.2,l.*.S,6 . ---I ACTIVATE RESET I ,-------------

K2l 1 1 ..

1 r-----I-I J. QITPUT *o ACTUATE +-SEQUENCE OF COMM 120 V AC. R£LAU ,. EVENTS RECORDER I 0 KA RESET DC SU,PL y CC SUPPLY ... -, I
L K3A :;! TRIP RELAY 3-0UT-OF-4 MATRIX & I o.: ,_"" 2-0UT.OF-4 MATRIX & -ACTUATIOll MOOULE A S ::>"' ACTUTIOH MODULE A :i I ! (TEST CROUP ll li UIP SIGNAL CSIAI OR MSIS OllLYI I ..... 0 0 " ... .. TRIP TRIP ... I J-OUT-OF-*
LOGIC I I y F * ?OUT OF* )::':( TO AMO FROM 1---i . 2 0 L 0 oGPc ;;;; OTHER IDEMTICAL I I I r----i ' ' -ESFS 2-0UT-OF-4 I I I I I I AC TUA TIOM MODULES MA TRICES AllO I SIAS@{ , CIS I . I I '1 1Jll Miii SIAS ACTUJ.TED CCSAS MODULE> OllLYJ --I I I I SIAS @ ( ====::==================:=============== MSIS @t=================3 MOTE ESFS LOGIC CHAMll EL sa IS IDENTICAL TO CHANNEL SA '?= K2A l ::A; f .?m I SFfttNC Rf TURN TO HORMAL !KEY LOCK! t K2A -1 I I i I I I I I I I I I I I I I I I I L--. -------------------_______________ ! FLORIDA POWER & LIGHT COMPANY ST. LUCIE PLANT UNIT I ESFAS L('C-;c ..... FiGUl<E 7.3-43
TO I. EQUIPMENT CIRCUITS SA {2/4 ACTUATION MODULE USED FOR AB CHANHEL ONLY 24V DC RELAY OUTPUT TERMINAL BLOCK MEASUfiEMENT CABIN:'T MA l lNTERFACING WIRES BETWEEN CHANNEL "A" & CHANNEL "AB" TOTAL 2WIRES

MEASUR fMENT CABINE r MC 1 2 HERMETICALLY SEALED ROTARY RELAYS. if--INSULATION RESISTANCE 1000 MEGOHMS. DIELECTRIC STRENGTH IOOOV RMS, 60\.!Z MINIMUM, RELAY SHELL -STEEL. S1EEL CONDUIT AB -CABLES MEASUREMENT CABINET MD Q--o-Q--0-AB
-CABLES TO AB CIRCUITS AB -EQUIPMENT I CON1 fiOL SOARD MEASUREMENT CABINET MB B -CABLES LOGIC CABINET SB SAME AS CABINET SA BOX AB2 SAME AS ABl .. FLORIDA POWER & LIGHT COMPANY ST. LUCIE PLANT UNIT 1 ESFAS iNTERCONNECTIONS FOR AB SHARED SYSTEM EQUIPMENT FIGURE 7.3.44
* * ..: .... " :2
\J::: wJ '!tor.. -I :r"' i;:{ 2 z,Jt.. <-:t I I .... 1: VI di ' . .., :::i I .. t1' ..J .. .:J (:;) ... c::: f:)J :' -... ::2 --,.,,_ ... " 0 0 I...) a: f E 1't 0 ::2 UJ > ::::,] ::z <: r-i.L) \!) t>.I :::> Ul <:). u u1 .:i ';) ....;. AMENDMENT NO. ' 2 ( 12/93) FLORIDA POWER & LIGHT COMPANY ST. LUCIE PLANT -UNIT 1 COMPONENT COOLING WATER SURGE TANK VENT CONTROL FIGURE 7.3-45
.,, o:J r G') o:i> c ::0 m OUl _..._ "'-l )>0 w G) (/) :0 (/) I .s::. )> co s:
11 r 0 :0 (/) 0 :-t )> r " co :E mm "'O :0 r 12'> )> r Z--I G) c :c z -I -('") -I 0 .... s: "'O )> z -< RTGB PRZ PT-CONV. 1102A PRZ PRESS LI..a-J Ill PT-I I -I CONV. 11028 PRZ PRESS LI..a-J Ill PT-I I -I CONV. 1102C PRZ PRESS LI..a-J M PT-I I -1 CONV. 11020 ESFAS-MA

ST. LUCIE UNIT 1 A TWS/DSS BLOCK DIAGRAM ISOL SA ISOL SB ISOL SA ISOL SB ISOL SA ISOL SB ISOL SA ISOL SB ESFAS-SA 214 I , ... I LOGIC ESFAS-SB 214 I , ... I LOGIC

_J_ SAFETY RELATED -, NON-SAFETY CEA DRIVE MG SETA CONT ACTOR ISOL SA I I .. rc? LOCAL BYPASS ACTUATE ACTUATE BYPASS LOCAL ISOL SA ISOL SB ISOL SB ISOL SB I I llt rec CEA DRIVE MG SET B CONT ACTOR CONTROL ROOM ANNUNCIATORS
For safe shutdown, plant procedures include the following sequence of operations assuming concurrent loss of off-site power: a)Automatic actuation of emergency diesel generators b)Maintenance of hot standby conditions which requires: 1)Actuation and oper ation of auxiliary feedwater system 2)Actuation and control of atmospheric dump valves 3)Monitoring of reactor coolant system pressure, temperature and pressurizer level 7.4-1a Amendment No. 18, (04/01)
7)Closing minimum recirculation flow valves 8)Operating the low pressure injection valves for system flow control, as required
9) Operating FCV-3306, MV-03-2 (SDC Heat Exchanger Bypass Valves) and HCV-3657 (SDC Heat Exchanger common outlet control valve), as required to control the amount of flow through the SDC Heat Exchangers

10) Operating the LPSI pump discharge isolation valves, as required, to start or isolate a LPSI pump.
Reactor coolant system cooldown to approximately 325F is accomplished through the dumping of secondary steam as discussed in Sections 7.4.1.1 and 7.4.1.2. The shutdown cooling system is brought into use when the reactor coolant system conditions are satisfactory for shutdown cooling operations as indicated in the Technical Specifications. The shutdown cooling system interlocks, as discussed in Section 7.6.1.1, prevent any possibility of overpressuring the low pressure portions of the system. Control panel hand switches and valve position limit indicating lights are provided for the shutdown
cooling isolation valves, the shutdown cooling heat exchanger common inlet, outlet, and bypass valves and the low pressure injection valves. b)Control of System Operation The shutdown cooling system is designed to be manually initiated upon the attainment of the required reactor coolant system conditions of temperature and pressure. Once the system is in operation, the
cooldown rate is adjusted by controlling the flow through the heat exchanger(s) and, consequentially , the heat removal rate. There are several heat exchanger flow control methods. Throttling total system flow with the injection valves while maintaining the heat exchanger outlet and bypass valves at fixed positions will vary flow through the heat exchanger(s). Throttling the heat exchanger outlet valve by means of the control board mounted indicating controller or manually adjusting the heat
exchanger bypass valve is another method. In automatic control, the shutdown cooling flow indicator-
controller can maintain a constant total shutdown cooling flow rate to the core by adjusting the heat exchanger bypass flow to compensate for changes in flow rate through the heat exchangers. Manual
control is the preferred method due to considerations for system component maintenance. c)Monitoring of System Operation Control board process indication and status instrumentation is provided to enable the operator to evaluate system performance and detect malfunctions. In addition to the valve status instrumentation mentioned in part (a), indication is provided of low pressure safety injection pump discharge header
pressure and temperature, shutdown cooling heat exchanger outlet temperature, and shutdown cooling injection flow and temperature. Low pressure safety injection pump operating status is also indicated on the control board. d)Interlocks, Sequencing and Bypasses The shutdown cooling system has been provided with electrical interlocks and alarms to prevent any possibility of overpressurizing the low pressure portions of the system. The redundant interlocks allow opening the isolation valves only when the reactor coolant system pressure is below 267 psia.7.4-6 Amendment No. 18, (04/01) and an alarm will annunciate if the valves are not fully closed and pressure were to increase above that point. Section 7.6 contains a detailed description and analysis of the interlocks. System sequencing is controlled manually by the operator in accordance with approved operating procedures. The shutdown cooling system instrumentation has no bypass features which would allow an operator to jeopardize the protection afforded by the interlocks or degradation of any other control functions. e)Redundancy Sufficient instrumentation is supplied to assure adequate system monitoring during all modes of system operation. The redundant isolation valves for each pump suction line are controlled by redundant instrument channels powered from separate supplies. f)Supporting Systems The shutdown cooling system relies upon the low pressure safety injection pumps for motive force and the component cooling water system for heat transfer. Either of the two pumps and two heat exchangers is sufficient for proper system operation. 7.4.1.4 Component Cooling Water System Instrumentation The component cooling water system is discussed in Section 9.2.2. The system P&ID is shown on Figure 9.2-2. Location of system components is shown on the plant general arrangement drawings. The system instrumentation and controls necessary to achieve plant shutdown are as follows: a)Actuation of System Components To achieve safe shutdown the system component actuation steps required are: 1)Starting the component cooling water pumps 2)Opening the outlet valves from the shutdown heat exchangers b)Control of System Operation The component cooling water system is designed to operate without automatic or manual process control after the system is actuated. The pumps, heat exchangers and components operate with unmodulated flow. Accordingly there are no control valves, controllers or other control instrumentation which are required for safe shutdown. 7.4-7 Amendment No. 17 (10/99) The pumps are started manually by means of control switches located on the main control panel or by means of the respective switchgear cubicle control switch. Pump logic and control diagrams are shown on Figures 7.4-3 through 7.4-5. Electrical schematic diagrams of pump control circuits are
shown on Figures 7.4-6 through 7.4-8. Control panel switches are provided to actuate the shutdown heat exchanger outlet valves (HCV 3A and B). In the event of a LOCA, the component cooling pumps, heat exchanger and header isolation valves are actuated automatically upon SIAS. The actuating instrumentation and controls for SIAS actuation are part of the engineered safety features actuation system and are discussed in Section 7.3. The component cooling water surge tank is normally vented to the atmosphere through a three-way valve (RCV-14-1) in the tank vent line. Upon a high radiation signal the valve will change position and venting will be diverted to the waste management system. The high radiation signal is derived from either of the two radioactivity monitors (see Figure 7.3-45) located in the component cooling water discharge headers. The operation of this interlock is not required for safe shutdown and is not designed as seismic Class I. c)Monitoring of System Operation Control room process indication alarm and status diverse instrumentation (flow, pressure) is provided to enable the operator to evaluate system performance and detect malfunctions. Component cooling surge tank low level is alarmed in the control room by redundant instrumentation. The outlet
temperature, pressure and flow from each component cooling heat exchanger is indicated in the control room. High temperature, low flow and low pressure are alarmed. CCW flo w outlet from the shutdown heat exchanger is similarly indicated and alarmed. Temperature indication of CCW outlet from the shutdown heat exchanger is available in the control room. The shutdown heat exchanger outlet valves and header isolation valves are provided with position indicating lights in the control room. Component cooling pump operating status is also indicated in the control room.
Refer to Section 7.5 for further discussion of safety related monitoring instrumentation. d)Interlocks, Byp asses and Sequencing Upon loss of off-site power, the pumps are automatically restarted and loaded on the emergency diesel generators. Their sequencing is shown in Table 8.3-2. As discussed in Section 8.3.1.2.4, if all three pumps are available for starting, pump 1C which is part of electrical load group AB will not be started if off-site power is lost to avoid overloading the diesel generator. If either pump 1A or 1B is
out of service, pump 1C will replace that pump and will start automatically as part of the corresponding electrical load group. 7.4-8 Amendment No. 18, (04/01) e) Redundancy Separate switches and actuation circuitry are provided for redundant components. Physical and electrical separations are provided as discussed in Section 7.4.2.1. f) System Supporting Equipment Control switches are also provided locally and in the control room to operate the cross-connection valves (I-MV-14-1 ,2,3,4) on the suction and discharge pump headers. This allows the operator to
control alignment of pump flow to each of the redundant headers. 7.4.1.5 Intake Cooling Water System Instrumentation The intake cooling water system is discussed in Section 9.2.1. The system P&ID is shown on Figure 9.2-1 and 1a. Location of system components is shown on the plant general arrangement drawings. The system instrumentation and controls necessary to achieve plant shutdown are discussed as
follows: a) Actuation of System Components To achieve safe shutdown the only system component actuation step required is starting the intake cooling water pumps. b) Control of System Operation The pumps are started manually either by means of switchgear cubicle control switches or control room switches. Pump logic and control diagrams are shown on Figures 7.4-9 through 7.4-11. Electrical schematic diagrams of pump operation are shown on Figure 7.4-12 through 7.4-14. In the event of a LOCA, the intake cooling water pumps and essential header isolation valves are actuated automatically upon SIAS. The actuating instrumentation and controls for SIAS actuation are part of the engineered safety features actuation system and are discussed in Section 7.3. Following actuation of the pumps, the intake cooling system is designed to operate with automatic temperature controlled modulation of the intake cooling water flow through the component cooling
heat exchangers. The heat exchanger outlet flow control valves (TCV-14-4A and TCV-14-4B) are controlled by pneumatic temperature controllers TIC-14-4A and TIC-14-4B which sense outlet temperature on the component cooling water side of the heat exchangers. The temperature
controllers are provided for efficient system operation during normal plant operation. The control valve pneumatic controls have been designed and qualified as seismic Class I to assure proper operation of the control valves during safe shutdown. As temperature increases, intake cooling water
flow is automatically increased. The control valves are pneumatically operated and fail wide open on loss of instrument air. In the event of loss of air the intake cooling system will operate in the full unmodulated flow mode. Although these valves are normally operated while placed in automatic, manual control is used when under Operations administrative control to perform testing. 7.4-9 Amendment 18, (04/01) No other automatic or manual control of system operation is required for safe shutdown. c) Monitoring of System Operation Control room process indication, alarm and status instrumentation is provided to enable the operator to evaluate system performance and detect malfunctions. Pump discharge pressure to the essential redundant headers is indicated and low pressure is alarmed. Separate instrumentation serves each of
the redundant headers. Outlet flow for each of the component cooling heat exchangers is indicated locally by separate instrumentation and low flow is alarmed. Intake cooling water pump operating status and header isolation valve position are indicated in the control room. Pump failure is alarmed in the control room. Refer to section 7.5. d) Interlocks, Sequencing and Bypasses Upon loss of off-site power, the pumps are automatically restarted and loaded on the emergency diesel generators. Their sequencing is shown in Table 8.3-2. If all three pumps are available for
starting, pump 1C which is part of electrical load group AB will not be started to avoid overloading the diesel generator. Refer to Section 8.3.1.2.4. If either pump 1A or 1B is out of service, pump 1C will
replace that pump and will start automatically as part of the corresponding electrical load group. e) Redundancy Separate control panel switches and actuation circuitry are provided for starting the pumps. Physical and electrical separation are provided as discussed in Section 7.4.2.1. 7.4.1.6 Emergency Power System Instrumentation The emergency power system is discussed in Section 8.3. Location of system components is shown on the plant general arrangement drawings. The system instrumentation and control required to achieve safe plant shutdown are discussed as follows: a) Actuation of System Components: 1)Starting the emergency diesel generators 2)Tripping the circuit breakers between the normal and emergency 4.16 kv buses 3)Tripping the circuit breakers for non-essential loads on the emergency buses 4)Closing the diesel generator circuit breakers to the 4.16 kv buses 7.4-10 Amendment No. 18, (04/01) 5)Closing the circuit breakers for loads required for safe shutdown b)Control of Syst em Operation Once the system is actuated the diesel generator voltage and frequency are automatically controlled. Each diesel generator set has its own speed control system and voltage regulator. No other manual
or automatic controls are necessary for proper system functioning. Manual backup for voltage and frequency controls are provided locally and in the control room. Control switches are also provided locally and in the control room for manually starting the diesel generators and operating the generator breakers. c) Monitoring of System Operation Control room indication, alarm and status instrumentation is provided to enable the operator to evaluate system performance and detect malfunctions. Diesel generator current voltage and
frequency are indicated. Alarms are provided to indicate diesel generator malfunction or trip. Refer to Sections 7.5 and 8.3.1.1.7. d) Bypasses, Interlocks, and Sequencing Upon loss of off-site power, the emergency diesel generators are automatically started, the breakers between normal and emergency buses are automatically tripped and loads are automatically stripped
from the emergency buses. When the emergency diesel generators reach operating frequency and voltage, the diesel generator breakers are automatically closed and the loads required for safe shutdown which were previously running are automatically restarted and loaded on the diesel
generators in the proper sequence as shown in Table 8.3-2. Additional loads are manually connected as required. The automatic starting and loading sequence is discussed fully in Section 8.3.1.1.7. Diesel generator logic and electrical schematic control diagrams are shown in Section 8.3. In the event of a LOCA, the emergency diesel generators are automatically started on SIAS. The actuating instrumentation and controls for these signals are part of the engineered safety features actuation system and are discussed in Section 7.3. e) Redundancy Separate control switches and actuation circuitry is provided for starting emergency diesel generators and actuating emergency bus breakers. Physical and electrical separations are provided as discussed in Section 7.4.2.1. 7.4.1.7 Boron Addition and Charging Subsystems The boron addition and charging subsystems are portions of the chemical and volume control system which are used in the shutdown process. The chemical and volume control system is discussed in Section 9.3.4. The 7.4-11 Amendment 15, (1/97)
The following instrumentation and controls are provided on the hot shutdown panel in the ReactorAuxiliary Building (EL. 43 ft): a):Control SwitchesPower Operated Relief Valve (1)PORV Block Valve (1)Pressurizer Aux spray valve (2)Pressurizer heater (8)(480v MCC)Charging pumps (3)(480v SWGR)Letdown valves(1 Containment Isolation Valve, 1 Prz Level LetdownControl Selector Switch)Pressurizer Pressure Control Selector SwitchHand indicating controllersLetdown control valves (1)Pressurizer spray valve (1)ReadoutsPressurizer pressure indicators (2)Pressurizer level indicators (1)Reactor Coolant System temperature indicatorsRCS Cold Leg Temperature (2) Excore Wide Range Reactor Power (2)Excore Source Range Reactor Power (2) b)Control switchesMotor driven auxiliary feedwater pumps (2)Motor operated auxiliary feedwater pump valves (6)Turbine driven auxiliary feedwater pump 1C 7.4-14Amendment No. 20 (4/04) Hand/Pressure indicating controllersAtmospheric dump valves (2)ReadoutsSteam generator 1A level indicator Steam generator 1A wide range level indicatorSteam generator 1B level indicatorSteam generator 1B wide range level indicatorSteam generator 1A pressure indicator*Steam generator 1B pressure indicator** Indicators on atmospheric steam dump controllers provide this function.7.4-15Amendment No. 20 (4/04) The operator trips the reactor before leaving the control room and the control of hot shutdown is accomplished by means of the emergency controls located on the hot shutdown panel. The hot shutdown panel room is located within a security area and therefore, is not required to be locked, but
may include security access control that does not inhibit the ability of the operator to gain access to the room during safe shutdown. Isolation switches, located at the emergency control station, are provided to electrically isolate the control room circuitry from the emergency controls. The isolation
switch "Isolate" position is annunciated in the control room in order to preclude inadvertent isolation during normal operation. Verification of reactor trip is accomplished through visual check of the CEA trip breakers. The instrumentation and control provided enables the plant operators to maintain the unit at hot
shutdown conditions. Pressurizer pressure and level can be monitored by means of the pressurizer
pressure and level indicators and controlled by operation of the pressurizer heaters, letdown control valves and charging pumps. Reactor coolant temperature (T-Cold) indication is provided at the hot shutdown panel. The usage of T-Cold indication alone as the means of primary system temperature indication during alternate shutdown was accepted by the NRC in their letter, J A Norris (NRC) to C O Woody (FPL), Alternate Shutdown Capability; T-Cold Indication and High Impedance Faults; St. Lucie Plant, Unit No. 1, dated August 16, 1989. Removal of residual heat through the secondary steam
system can be controlled through operation of the atmospheric dump valves and auxiliary feedwater pumps and control valves. Secondary side conditions can be monitored by means of steam generator pressure and level indicators. Shutdown boron concentration can be monitored through the sample room and boration can be achieved through manual valve line-up from the boric acid makeup tanks and/or the refueling water
tank to the charging pumps. 7.4-16 Amendment No. 16, (1/98) 7.4.2ANALYSIS7.4.2.1Conformance to IEEE-279IEEE 279-1971, "Criteria for Protection Systems for Nuclear Power generating Stations," establishesminimum requirements for the reactor protective and engineered safety features instrumentation and control systems. The instrumentation and controls associated with the safe shutdown systems are not defined as a protective system in Section 1.0 of IEEE-279; nevertheless, many criteria of IEEE-279 have been incorporated in the design of the safe shutdown system instrumentation and control.Conformance with the applicable portions of IEEE-279, Section 4, is discussed in the following sections.7.4.2.1.1General Functional RequirementsFor events other than a LOCA, the safe shutdown systems are provided with sufficient controls andmonitoring instruments to allow the operator to manually initiate a safe shutdown in a reasonable time and monitor the performance of shutdown components. Automatic start of the safe shutdown systems is not provided as required by paragraph 4.1 of IEEE-279. However, in the event of loss of off-site power, the emergency diesel generators are started automatically in conformance with the applicable portions of IEEE-279 (1971) Section 4.1.7.4.2.1.2Single Failure CriterionThe instrumentation and controls required for the maintenance of a hot safe shutdown condition aredesigned and arranged such that no single failure can prevent a safe shutdown, even in the event ofloss of offsite power. Single failures considered include electrical faults (e.g., open, shorted orgrounded circuits) and physical events (e.g., fires, missiles) resulting in mechanical damage. Compliance with the single failure criterion is accomplished by providing redundancy of power supplies, actuation circuits, and by separating the redundant elements electrically and physically to achieve the required independence. Each of the provisions is discussed below:a)RedundancyEach of the systems required for safe shutdown consists of redundant subsystems and/orcomponents for maximum system reliability. These are the auxiliary feedwater, component cooling water, intake cooling water systems and boron addition and charging subsystems. The emergencypower system consists of two redundant emergency diesel generator sets. Each of the redundantcomponents has automatic and/or manual actuation circuits which are separate from those providedfor its redundant counterpart. Redundant instrumentation is provided to monitor reactor coolant system conditions. Each steam generator is provided with separate pressure and level monitoring instrumentation, (See Section 7.5.1.5).7.4-17Amendment No. 17 (10/99)
7.4.2.1.3 Quality Control of Components and Modules The quality control enforced during design, fabrication, shipment, field storage, installation and component checkout used for instrumentation and control components required for safe shutdown and the documentation of control has been in accordance with the quality assurance program. 7.4-18a Am. 9-7/90 7.4.2.1.4 Equipment Qualification The instrumentation and control necessary to achieve safe shutdown are designed to operate in the design ambient conditions in the area in which they are located. Components located in the control room, which is normally air conditioned, are designed to operate in the ambient conditions associated with loss of air conditioning for the time necessary to achieve safe shutdown. Environmental design
and qualification of electrical and instrumentation equipment for loss of air conditioning is discussed in Section 3.11. Seismic qualification and testing are discussed in Section 3.10. 7.4.2.1.5 Channel Integrity Preoperational testing and inspection is performed to verify that all components, automatic and manual controls and sequences of the integrated systems provided for safe shutdown accomplish the intended design function. Specific component testing is performed as described in Chapter 14. Essential instrumentation and controls required for safe shutdown are designed as seismic Class I equipment to ensure their ability to function during and following a design basis earthquake. All components have seismic Class I supports and are located in seismic Class I structures. Purchase specifications specify the horizontal and vertical acceleration forces associated with the design basis earthquake based on the floor response spectra for the equipment location. Seismic design and
qualification requirements are discussed in Section 3.10. All components are provided protection from hurricane and tornado winds, external missiles and flooding as discussed in Sections 3.3, 3.4 and 3.5. 7.4.2.1.6 Channel Independence Safe shutdown system channel independence is achieved by electrical and physical separation as described in Section 7.4.2.1.2. 7.4.2.1.7 Control and Protection System Interaction Any portion of the safe shutdown system controls which is used for both control and protection functions is designed in accordance with IEEE-279 as shown in Section 7.3 and Chapter 8. 7.4.2.1.8 Derivation of System Inputs The safe shutdown system monitoring signals are direct measures of the desired variables. Refer to Table 7.4-1. 7.4.2.1.9 Capability for Sensor Che cks The-safe shutdown system monitoring sensors are checked by perturbing the monitored variable, by introducing and varying a substitute input to 7.4-19 the sensor similar to the measured variable, or by cross-checking between channels. 7.4.2.1.10 Capability for Test and Calibration The instrumentation and control components required for safe shutdown which are not normally in operation will be periodically tested. This includes instrumentation and controls for the auxiliary feedwater system, atmospheric dump valves, and emergency power system. All automatic and manual actuation and control devices will be tested to verify their operability. Periodic testing is described in the Technical Specifications. 7.4.2.1.11 Manual Initiation The safe shutdown systems may be manually actuated. No single failure will prevent the safe shutdown.7.4.2.1.12 Identification of Protective Action Indication lights or annunciators are provided for all safe shutdown system actions and operating status of all equipment. 7.4.2.1.13 Information Readouts All safe shutdown system monitoring and control channels are indicated in the control room. 7.4.2.1.14 System Repair Replacement or repair of components can be accomplished in reasonable time when the systems are not actuated as limited by the Technical Specifications. 7.4.2.1.15 Identification Identification of safe shutdown system channels is as described in Sections 7.1.2.5 and 8.3.1.2.3.
7.4.2.2 Conformance to IEEE-308 The electrical circuitry associated with the safe shutdown systems conforms to IEEE-308 , "IEEE Standard Criteria for Class 1E Electric Systems for Nuclear Power Generating Stations". The safe shutdown electrical systems are described in Section 8.3. During normal operation, power is supplied to the automatic control of all three charging pumps from
125v dc bus 1A. Upon receipt of an SIAS, the automatic control is isolated and the pumps receive a start signal. Figure 7.4-25 demonstrates the manner in which physical and electrical separation is
achieved between the normal portion and the safety related portion of the charging pumps control, and their power supplies. 7.4-20 Amendment No. 18, (04/01) 7.4.2.3 Conformance to the Requirements of AEC GDC 19 As described in Section 7.4.1.8, local emergency control stations are provided to maintain the plant in the hot standby condition in the event that the control room must be abandoned. Adequate instrumentation is provided to enable operator control of equipment necessary to maintain reactor coolant system and secondary system pressure, temperature and levels. 7.4-21 Amendment No. 18, (04/01) It is also possible to achieve plant cold shutdown from outside the control room by use of suitable procedures. Components of systems required to bring the plant from hot standby to cold shutdown can be actuated locally at the electrical switchgear. System valving can be operated manually to align
proper flow paths. Local instrumentation can be utilized to monitor system functioning. 7.4.2.4 Loss of Instrument Air Systems Pneumatically operated valves in systems required for safe shutdown will fail in the position required for system operation in the plant shutdown mode. Except for the atmospheric dump valves which fail
closed, valves which are in required flow paths will fail open on loss of instrument air. The atmospheric dump valves may be opened by local manual means in the event of loss of air. Valves which isolate nonessential portions of the system from portions required for safe shutdown fail closed.
Valve failure positions are shown on the system P&I diagrams.None of the essential control or monitoring instrumentation is pneumatic. Electrical instrumentation is
powered from the emergency power system. The intake cooling outlet flow from the component cooling heat exchangers is pneumatically controlled. The valves will fail wide open on loss of air. Flow modulation is not required for safe shutdown. The pressurizer spray valves (PCV-1100E and PCV-1100F) fail closed on loss of instrument air. Pressurizer pressure is controlled by operation of the electric pressurizer heaters. Therefore, the loss of instrument air will not interfere with the safe shutdown of the plant. 7.4.2.5 Loss of Cooling Water to Vital Equipment None of the instrumentation and controls required for safe shutdown rely on cooling water for operation. 7.4.2.6 Plant Load Rejection, Turbine Trip and Loss of Off-Site Power In the event of loss of off-site power associated with plant load rejection or turbine trip, power for safe shutdown is provided by the on-site emergency power system. The description and analysis of the
emergency power system are discussed fully in Section 8.3. The emergency diesel generators will provide power for operation of pumps and valves. The station batteries will provide dc power for operation of control and instrumentation systems required to actuate and control essential components. The emergency diesel generators will automatically start and begin supplying power to components necessary to achieve safe shutdown. The station batteries will maintain continuity of dc control power if offsite power is lost. The emergency power system is designed to meet the single failure criterion and withstand severe natural phenomena. Adequate on-site emergency power will be available to
safely shutdown the 7.4-22
TABLE 7.4-1 INSTRUMENTS REQUIRED TO MONITOR SAFE SHUTDOWN Measured Quantity Sensor Tag Numbers Component Cooling Water System 1)CCW pressure at HX outlet PT-14-8A ,PT-14-8B 2) CCW flow , headers A&B FT-14-1A ,FT-14-1B 3) CCW flow at shutdown HX outlet FT-14-10A ,FT-14-10B Intake Cooling Water System
1) Intake cooling water flow @ HX outlet FIS-21-9A ,FIS-21-9B (Non-safety)

2) Intake cooling water header A&B PT-21-8A ,PT-21-8B pressure Auxiliary Feedwater System

1) Auxiliary feedwater discharge FT-09-2A ,FT-09-2B,FT-09-2C header flow

2) Auxiliary feedwater discharge PT-09-8A ,PT-09-8B,PT-09-8C header pressure

3) Condensate storage tank level LT-12-11 ,LT-12-12 4) Steam Generato r level LT-9013 A ,B,C,D LT-9023 A ,B,C,D 5)Steam pressure to steam driven PT-08-5 auxiliary feedwater pump Atmospheric Dump System

1) Steam generator pressure PT-08-1A ,PT-08-1B Shutdown Cooling System

1) HX outlet temperature TE-3303 X ,Y 2) Shutd own cooling return flow FT-3306 Boron Addition & Charging System

1) Charging pump header pressure PT-2212 2) Charging header flow FT-2212 7.4-24 Amendment 15 (1/97)
TABLE 7.5-2 SAFETY RELATED DISPLAY INSTRUMENTATION REQUIRED FOR PARAMETER TAG NO. INSTRUMENT RANGE (1) RPS ESF SHUT-DOWN ESF & SHUTDOWN SYS SUPPORT
POST ACCIDENT MONITORING
NOTES
RTGB-101 4.16KV BUS 1AB AMPS AM-942 X X R.G. 1.97 TYPE D, CAT 2 DIESEL GENERATOR 1A AMPS AM-954D X X R.G. 1.97 TYPE D, CAT 2 DIESEL GENERATOR 1B AMPS AM-964D X X R.G. 1.97 TYPE D, CAT 2 FLOW INDICATOR FOR CONTROL
ROOM (NORTH) OUTSIDE AIR INTAKE FI-25-18A X FLOW INDICATOR FOR CONTROL ROOM (SOUTH) OUTSIDE AIR
INTAKE FI-25-18B X DIESEL GENERATOR 1A
FREQUENCY FM-954 X DIESEL GENERATOR 1B
FREQUENCY FM-964 X PRESSURE DIFFERENTIAL
INDICATOR FOR CONTROL ROOM
OAI PRESSURE PDI-25-14A X PRESSURE DIFFERENTIAL
INDICATOR FOR CONTROL Room
OAI PRESSURE PDI-25-14B X DG 1A VARS VARM-954 X 7.5-28 Amendment No. 18, (04/01)
TABLE 7.5-2SAFETY RELATED DISPLAY INSTRUMENTATIONREQUIRED FORPARAMETER TAG NO. INSTRUMENTRANGE(1) RPS ESF SHUT-DOWN ESF & SHUTDOWN SYS SUPPORT POST ACCIDENT MONITORING NOTES RTGB-102 AFW PUMP 1A AMPSAM-629XXAFW PUMP 1B AMPSAM-630XXICW PUMP 1A AMPSAM-832 XICW PUMP 1B AMPSAM-833 XICW PUMP 1C AMPSAM-834 XFLOW INDICATOR FOR AUXILIARYFEEDWATER PUMP 1A DISCHARGEFI-09-2AXX XR.G. 1.97 TYPE D, CAT 2FLOW INDICATOR FOR AUXILIARY FEEDWATER PUMP 18 DISCHARGEFI-09-2BXX XR.G. 1.97 TYPE D, CAT 2FLOW INDICATOR FOR AUXILIARYFEEDWATER PUMP 1C DISCHARGEFI-09-2CXX XR.G. 1.97 TYPE D, CAT 2LEVEL INDICATOR CONTROLLER FORSTEAM GENERATOR 1A DOWNCOMERLEVELLIC-9013AXXX XR.G. 1.97 TYPE D, CAT 1R.G. 1.97 TYPE A, CAT 17.5-30Amendment No. 20 (4/04) TABLE 7.5-2 SAFETY RELATED DISPLAY INSTRUMENTATION REQUI RED FOR PARAMETER TAG NO. INSTRUMENT RANGE (1) RPS ESF SHUT-DOWN ESF & SHUTDOWN SYS SUPPORT
POST ACCIDENT MONITORING
NOTES LEVEL INDICATOR CONTROLLER
FOR STEAM GENERATOR 1A DOWNCOMER LEVEL LIC-9013BXXX X R.G. 1.97 TYPE A, CAT 1 R.G. 1.97 TYPE D, CAT 1 LEVEL INDICATOR CONTROLLER
FOR STEAM GENERATOR 1A
DOWNCOMER LEVEL LIC-9013CXXX X R.G. 1.97 TYPE A, CAT 1
R.G. 1.97 TYPE D, CAT 1 LEVEL INDICATOR CONTROLLER LIC-9013DXXX X R.G. 1.97 TYPE A, CAT 1 FOR STEAM GENERATOR 1A R.G. 1.97 TYPE D, CAT 1 DOWNCOMER LEVEL LEVEL INDICATOR CONTROLLER LIC-9023AXXX X R.G. 1.97 TYPE A, CAT 1 FOR STEAM GENERATOR 1B R.G. 1.97 TYPE D, CAT 1 DOWNCOMER LEVEL
LEVEL INDICATOR CONTROLLER LIC-9023BXXX X R.G. 1.97 TYPE A, CAT 1 FOR STEAM GENERATOR 1B R.G. 1.97 TYPE D, CAT 1 DOWNCOMER LEVEL
LEVEL INDICATOR CONTROLLER LIC-9023CXXX X R.G. 1.97 TYPE A, CAT 1 FOR STEAM GENERATOR 1B R.G. 1.97 TYPE D, CAT 1 DOWNCOMER LEVEL
LEVEL INDICATOR CONTROLLER LIC-9023DXXX X R.G. 1.97 TYPE A, CAT 1 FOR STEAM GENERATOR 1B R.G. 1.97 TYPE D, CAT 1 DOWNCOMER LEVEL LEVEL INDIC SWITCH FOR LIS-12-11 X X R.G. 1.97 TYPE D, CAT 1 CONDENSATE STORAGE TANK LEVEL LO/LO ANN LEVEL INDIC SWITCH FOR LIS-12-12 X X R.G. 1.97 TYPE D, CAT 1 CONDENSATE STORAGE TANK LEVEL LO/HI ANN STEAM INLET TO AUX FEEDWATER PI 5 X PUMP TURBINE DRIVEN 7.5-31 Amendment No. 18, (04/01) TABLE 7.5-2 SAFETY RELATED DISPLAY INSTRUMENTATION REQUIRED FOR PARAMETER TAG NO. INSTRUMENT RANGE (1) RPS ESF SHUT-DOWN ESF & SHUTDOWN SYS SUPPORT
POST ACCIDENT MONITORING
NOTES PRESSURE INDICATOR FOR PI 8AXX AUXILIARY FEEDWATER PUMP 1A
DISCHARGE PRESSURE INDICATOR FOR PI 8BXX AUXILIARY FEEDWATER PUMP 1B DISCHARGE PRESSURE INDICATOR FOR PI 8CXX AUXILIARY FEEDWATER PUMP 1C DISCHARGE PRESSURE INDICATOR FOR PI 9AXX FEEDWATER HEADER STEAM GENERATOR 1A INLET PRESSURE INDICATOR FOR PI 9BXX FEEDWATER HEADER STEAM GENERATOR 1A INLET PRESSURE INDICATOR FOR PI 9CXX FEEDWATER HEADER STEAM GENERATOR 1A INLET PRESSURE INDICATOR FOR PI 9DXX FEEDWATER HEADER STEAM GENERATOR 1A INLET PRESSURE INDICATOR FOR PI-09-10AXX FEEDWATER HEADER STEAM GENERATOR 1B INLET PRESSURE INDICATOR FOR PI-09-10BXX FEEDWATER HEADER STEAM GENERATOR 1B INLET PRESSURE INDICATOR FOR PI-09-10CXX FEEDWATER HEADER STEAM GENERATOR 1B INLET 7.5-32 Amendment No. 17 (10/99) TABLE 7.5-2 SAFETY RELATED DISPLAY INSTRUMENTATION REQUIRED FOR PARAMETER TAG NO. INSTRUMENT RANGE (1) RPS ESF SHUT-DOWN ESF & SHUTDOWN SYS SUPPORT
POST ACCIDENT MONITORING
NOTES PRESSURE INDICATOR FOR PI-09-10DXX FEEDWATER HEADER STEAM
GENERATOR 1B INLET PRESSURE INDICATING SWITCH PIS-21-8A X FOR INTAKE COOLING WATER PP DISCH HDR PRESSURE INDICATING SWITCH PIS-21-8B X FOR INTAKE COOLING WATER PP DISCH HDR RTGB-103
LEVEL INDICATOR FOR LI-1110X X X R.G. 1.97 TYPE D, CAT 1 PRESSURIZER LEVEL LEVEL INDICATOR FOR LI-1110Y X X R.G. 1.97 TYPE D, CAT 1 PRESSURIZER LEVEL LEVEL RECORDER FOR LR-1110 X X R.G. 1.97 TYPE D, CAT 1 PRESSURIZER DIFFERENTIAL PRESSURE PDI-1101A X INDICATOR FOR STEAM GENERATOR 1A & 1B DIFFERENTIAL PRESSURE PDI-1101B X INDICATOR FOR STEAM GENERATOR 1A & 1B DIFFERENTIAL PRESSURE PDI-1101C X INDICATOR FOR STEAM GENERATOR 1A & 1B 7.5-33 Amendment No. 17 (10/99)
TABLE 7.5-2 SAFETY RELATED DISPLAY INSTRUMENTATION REQUIRED FOR PARAMETER TAG NO. INSTRUMENT RANGE (1) RPS ESF SHUT-DOWN ESF & SHUTDOWN SYS SUPPORT
POST ACCIDENT MONITORING
NOTES RCS SUBCOOLED MARGIN QSPDS (TMAR-SA)
1) ICC DISPLAY A

2) R.G. 1.97 TYPE B, CAT 2 TEMPERATURE INDICATOR FOR TI-1102A X REACTOR COOLANT LOOP TEMPERATURE INDICATOR FOR TI-1102B X REACTOR COOLANT LOOP TEMPERATURE INDICATOR FOR TI-1102C X REACTOR COOLANT LOOP
TEMPERATURE INDICATOR FOR TI-1102D X REACTOR COOLANT LOOP LEVEL INDICATOR FOR S/G #1A LI-9012 X R.G. 1.97 TYPE D, CAT 1 (WIDE RANGE) (NOT NUCLEAR AS MODIFIED PER FPL AND SAFETY BUT HAS ITS NRC AGREEMENT TRANSMITTER QUALIFIED FOR POST ACCIDIENT ENVIRONMENT) LEVEL INDICATOR FOR S/G #1B LI-9022 X R.G. 1.97 TYPE D, CAT 1 (WIDE RANGE) (NOT NUCLEAR AS MODIFIED PER FPL AND SAFETY BUT HAS ITS NRC AGREEMENT TRANSMITTER QUALIFIED FOR POST ACCIDIENT ENVIRONMENT) RTGB-104 CORE EXIT THERMOCOUPLES QSPDS (CET-SB) X ICC DISPLAY B R.G. 1.97 TYPE C,CAT 1 R.G. 1.97 TYPE B,CAT 3 REACTOR VESSEL LEVEL QSPDS (HJTC-SB) X 1) ICC DISPLAY B
2) R.G.1.97 TYPE B, CAT 1 PRZR PRESSURE QSPDS (PT-1108)
X 1) ICC DISPLAY B
2) R.G. 1.97 TYPE A, B & C CAT 1 7.5-36 Amendment No. 18, (04/01)
TABLE 7.5-2 SAFETY RELATED DISPLAY INSTRUMENTATION REQUIRED FOR PARAMETER TAG NO. INSTRUMENT RANGE RPS ESF SHUT-DOWN ESF & SHUTDOWN SYS SUPPORT
POST ACCIDENT MONITORING
NOTES RCS COLD LEG TEMP LOOP 1A1 QSPDS(TE-1112CB) X 1) ICC DISPLAY B
2) R.G. 1.97 TYPE A & B, CAT 1 RCS NOT LEG TEMP LOOP 1A QSPDS (TE-1112HB)
X 1) ICC DISPLAY B
2) R.G. 1.97 TYPE A & B, CAT 1 RCS COLD LEG TEMP LOOP 1B2 QSPDS (TE-1122CB)
X 1) ICC DISPLAY B
2) R.G. 1.97 TYPE A & B, CAT 1 RCS HOT LEG TEMP LOOP 1B QSPDS (TE-1122HB)
X 1) ICC DISPLAY B
2) R.G. 1.97 TYPE A & B, CAT 1 RCS SUBCOOLED MARGIN QSPDS (TMAR-SB)
X 1) ICC DISPLAY B
2) R.G. 1.97 TYPE B, CAT 2 WIDE RANGE POWER INDICATOR RI-26-80A1 X X R.G. 1.97 TYPE A & B, FOR EX-CORE NEUTRON CAT 1 MONITORING SOURCE RANGE POWER INDICATOR RI-26-80A2 X FOR EX-CORE NEUTRON MONITORING RATE OF CHANGE POWER RI-26-80A3 X INDICATOR FOR EX-CORE NEUTRON MONITORING WIDE RANGE POWER INDICATOR RI-26-80B1 X X R.G. 1.97 TYPE A & B, FOR EX-CORE NEUTRON CAT 1 MONITORING
SOURCE RANGE POWER INDICATOR RI-26-80B2 X FOR EX-CORE NEUTRON MONITORING RATE OF CHANGE POWER RI-26-80B3 X INDICATOR FOR EX-CORE NEUTRON MONITORING RTGB-106 CCW PUMP 1A AMPS AM-201 X 7.5-36a Amendment No. 18, (04/01) TABLE 7.5-2 SAFETY RELATED DISPLAY INSTRUMENTATION REQUIRED FOR PARAMETER TAG NO. INSTRUMENT RANGE (1) RPS ESF SHUT-DOWN ESF & SHUTDOWN SYS SUPPORT
POST ACCIDENT MONITORING
NOTES CCW PUMP 1 B AMPS AM-205 X CCW PUMP 1C AMPS AM-209 X HPSI PUMP 1A AMPS AM-237 X HPSI PUMP 1B AMPS AM-238 X LPSI PUMP 1A AMPS AM-251XX LPSI PUMP 1B AMPS AM-252XX CONTAINMENT SPRAY PUMP 1A AMPS AM-287 X CONTAINMENT SPRAY PUMP 1 B AMPS AM-290 X FLOW INDICATOR FOR SHUTDOWN
HEAT EXCHANGER 1A FLOW TO CNTMT SPRAY FI-07-1A X X R.G. 1.97 TYPE D, CAT 2 7.5-36b Amendment No. 17 (10/99) TABLE 7.5-2 SAFETY RELATED DISPLAY INSTRUMENTATION REQUIRED FOR PARAMETER TAG NO. INSTRUMENT RANGE (1) RPS ESF SHUT-DOWN ESF & SHUTDOWN SYS SUPPORT
POST ACCIDENT MONITORING
NOTES FLOW INDICATOR FOR SHUTDOWN FI-07-1B X X R.G. 1.97 TYPE D, CAT 2 HEAT EXCHANGER 1B FLOW TO CNTMT SPRAY FLOW INDICATOR CONTROLLER FIC-3306 X X R.G. 1.97 TYPE D, CAT 2 FOR SHUTDOWN COOLING RETURN
FLOW INDICATOR SWITCH FOR FIS-14-1A X X R.G. 1.97 TYPE D, CAT 2 COMPONENT COOLING WATER HX 1A OUTLET FLOW INDICATOR SWITCH FOR FIS-14-1B X X R.G. 1.97 TYPE D, CAT 2 COMPONENT COOLING WATER HX 1B OUTLET FLOW INDICATOR SWITCH FOR FIS-14-10A X COMPONENT COOLING WATER FROM S/D HX 1A FLOW INDICATOR SWITCH FOR FIS-14-10B X COMPONENT COOLING WATER FROM S/D HX 1B HAND INDICATOR CONTROLLER HIC-3657 X FOR HCV-3657 LEVEL INDICATING SWITCH FOR LIS 2A X X R.G. 1.97 TYPE D, CAT 2 REFUELING WATER TANK LEVEL LEVEL INDICATING SWITCH FOR LIS 2B X X R.G. 1.97 TYPE D, CAT 2 REFUELING WATER TANK LEVEL LEVEL INDICATING SWITCH FOR LIS 2C X X R.G. 1.97 TYPE D, CAT 2 REFUELING WATER TANK LEVEL 7.5-36c Amendment No. 18, (04/01)
TABLE 7.5-2 SAFETY RELATED DISPLAY INSTRUMENTATION REQUIRED FOR PARAMETER TAG NO. INSTRUMENT RANGE (1) RPS ESF SHUT-DOWN ESF & SHUTDOWN SYS SUPPORT
POST ACCIDENT MONITORING
NOTES PRESSURE INDICATING ALARM PIA-1102ALLXX FOR PRESSURIZER PRESSURE INDICATING ALARM PIA-1102BLLXX FOR PRESSURIZER PRESSURE INDICATING ALARM PIA-1102CLLXX FOR PRESSURIZER PRESSURE INDICATING ALARM PIA-1102DLLXX FOR PRESSURIZER PRESSURE INDICATING SWITCH PIS-07-2A X FOR CNTMT BUILDING ATMOSPHERE PRESSURE PRESSURE INDICATING SWITCH PIS-07-2B X FOR CONTAINMENT ATMOSPHERE PRESSURE PRESSURE INDICATING SWITCH PIS-07-2C X FOR CONTAINMENT ATMOSPHERE PRESSURE PRESSURE INDICATING SWITCH PIS-07-2D X FOR CONTAINMENT ATMOSPHERE PRESSURE PRESSURE INDICATING SWITCH PIS-07-3A X FOR SHUTDOWN HX 1A OUTLET
PRESSURE INDICATING SWITCH PIS-07-3B X FOR SHUTDOWN HX 1B OUTLET 7.5-36f Amendment No. 18, (04/01) TABLE 7.5-2 SAFETY RELATED DISPLAY INSTRUMENTATION REQUIRED FOR PARAMETER TAG NO. INSTRUMENT RANGE (1) RPS ESF SHUT-DOWN ESF & SHUTDOWN SYS SUPPORT
POST ACCIDENT MONITORING
NOTES PRESS INDICATING SWITCH FOR PIS-07-7 X SODIUM HYDROXIDE TK 1A PRESS PRESSURE INDICATOR SWITCH PIS-14-8A X FOR COMP CLG WTR HX 1A OUTLET PRESSURE PRESSURE INDICATOR SWITCH PIS-14-8B X FOR COMP CLG WTR HX 1B OUTLET PRESSURE ELECTRONIC INDICATOR & RIS 3-2 X SWITCH FOR CONTAINMENT RADIATION (CIS MA) ELECTRONIC INDICATOR & RIS 4-2 X SWITCH FOR CONTAINMENT RADIATION (CIS MB) ELECTRONIC INDICATOR & RIS 5-2 X SWITCH FOR CONTAINMENT RADIATION (CIS MC) ELECTRONIC INDICATOR & RIS 6-2 X SWITCH FOR CONTAINMENT RADIATION (CIS MD) TEMPERATURE INDICATOR FOR TI-3303X X X R.G. 1.97 TYPE D, CAT 2 SDC HEAT EXCHANGER 1A OUTLET TEMPERATURE INDICATOR FOR TI-3303Y X X R.G. 1.97 TYPE D, CAT 2 SDC HEAT EXCHANGER 1B OUTLET 7.5-36g Amendment No. 18, (04/01)
.
7.6 ALL OTHER INSTRUMENTATION SYSTEMS REQUIRED FOR SAFETY 7.
6.1 DESCRIPTION
This section includes a description of those systems which are required for safety which have not been discussed in Sections 7.2 through 7.5. These systems include instrumentation to prevent overpressurization of the Reactor Coolant System and low pressure systems and to prevent or mitigate the consequences of possible refueling accidents. 7.6.1.1 Shutdown Cooling System Interlocks a)Description The shutdown cooling system described in Section 9.3.5 is designed as a low pressure system. Each shutdown cooling suction line contains two normally closed, locked-closed, motor operated valves in series, ensuring that the low pressure piping is not exposed to normal reactor coolant system pressure. Administrative controls and procedures prevent opening these valves before the reactor coolant system has been depressurized. In addition, open permissive interlocks (OPI) prevent energizing the valve operators above acceptable pressures. The interlocks are derived from two separate, redundant pressure
transmitters, PT-1103 and PT-1104, sensing pressurizer pressure. PIC-1104 prevents opening valves V3652 and V3480. PIC-1103 prevents opening the back-up valves, V3651 and V3481. These four shutdown cooling isolation valves were originally designed to automatically close on high pressurizer pressure. In response to Generic Letter 88-17, the auto closure interlock (ACI) was deleted to reduce the potential for a spurious loss of shutdown cooling due to inadvertent valve closures.b)Design Basis As noted above, the design basis for these interlocks is to provide a means of preventing an operator
action which could produce an unsafe condition. The interlock has no protective function as defined in IEEE 279. However, Section 3 of IEEE 279 is used as a guideline. The following discussion responds to the concerns identified in Section 3, insofar as they are applicable: 1)The interlocks shall function to prevent opening the shu tdown cooling line isolation
valves whenever pressurizer pressure exceeds 267 psia 2)Pressurizer pressure shall be monitored to provide the required function 3)Two separate, physically independent sensors shall be provided, either of which will perform the required function 4)Reactor coolant system pressure will be at a nominal pressure of approximately 2235
psig during plant operation. Reactor coolant system pressure will be at or below 267 psia when the shutdown cooling system is in operation and the isolation valves are
open 7.6-1 Amendment No. 18, (04/01) 5)The design pressure of the shutdown cooling system suction piping is 350 psig. Procedures, administrative controls and the interlocks all serve to ensure that the isolation valves are not open at a pressure of greater than 350 psig. 6)Protective action is provided as follows: If the RCS pressure exceeds the setpoint, the interlock prevents energizing the valve open contacts. If RCS pressure exceeds the setpoint and any of the SDCS isolation valves are open, a control room alarm will be initiated to alert the operator. Valve position indication is provided in the control room. Two separate and physically independent circuits have been provided for
each valve to monitor valve position and annunciation. 7.6.1.2 Fuel Handling System Interlocks Interlock Design Criteria Interlocks have been provided to ensure the readiness of system components, to simplify the performance of sequential operations, and to limit travel and loads such that design conditions are not exceeded. In no case are they utilized to prevent inadvertent criticality or the reduction of shielding
water coverage for personnel protection. The interlocks have been designed in accordance with the equipment specifications and the following: 1.Section #4 of Specification for Electrical Overhead Traveling Cranes - EOCI #61 (Note
EOCI #61 was published by the Electric Overhead Crane Institute prior to 1970. A UFSAR review in 1998 identified that EOCI has now become the Crane Manufacturers Association of America -CMAA-. The superceding specifications are #70 and #74) 2.ANSI Standards C6.1, C19.1, C50 3.NEMA Standards IC-I and WC-5 Safety Significance of Single Failures No single interlock failure will result in a condition which will allow equipment malfunction or operator initiated procedures to cause inadvertent criticality, damage to the fuel or the reduction of shielding water coverage. Where these results were considered possible, redundant switches, mechanical restraints and physical barriers have been employed.
Interlocks Details Prior to equipment operation, preoperational tests were performed to ensure that all control circuits, interlocks, safety and alarm devices are functioning. Recommended maintenance was performed and a dummy fuel assembly was handled to further assure safe and reliable equipment performance. Where possible, in the design of this equipment, mechanical stops and positive locks have been provided to prevent damage to or dropping of the fuel assemblies. In the design of the refueling machine, positive locking between the grapple and the elements is provided by the engagement of
the actuator arm in vertical channels running the length of the hoist assembly so that relative rotational movement and uncoupling is not possible, even with inadvertent initiation of an uncoupling signal to the actuator assembly. Therefore, failure of an electrical interlock will not result in the dropping of a fuel assembly. 7.6-2 Amendment No. 17 (10/99) The following list identifies and defines the function of the interlocks contained in the fuel handlingequipment. In no case has a method been provided to directly inform the operator that an interlock isinoperative, however, in most cases a redundant device has been provided to perform the samefunction as the interlock or to present information to the operator allowing him to deduce that an interlock has malfunctioned. An interlock status display panel is provided for operator information.Refueling Machine Interlocksa.Interrupts hoisting of a fuel assembly if the load increases above the overload set point. Thehoisting load is visually displayed so that the operator can manually terminate the withdrawaloperation if an overload occurs and the hoist continues to operate.b.Interrupts hoisting of a fuel assembly when the correct vertical position is reached. Amechanical up-stop has been provided to physically restrain the hoisting of a fuel assemblyabove the elevation which would result in less than the minimum shielding water coverage.c.Interrupts insertion of a fuel assembly if the load decreases below the underload set point.The load is visually displayed so that the operator can manually terminate the insertionoperation if an under load occurs and the hoist continues to operate.d.Interrupts lowering of the hoist under a no-load condition. The weighing system interlock isbacked-up by an independent slack cable switch which terminates lowering under a no-load condition.e.Denies translation of the bridge and trolley while the fuel hoist is operating.f.Hoisting is denied during translation of the bridge and/or trolley. No back-up or additionalcircuitry is provided for this interlock.g.Denies motion of the bridge and/or trolley with the spreader extended. The underwater TVsystem can be used by the operator to determine whether the spreader has been raised, andlights on the control console indicate whether the spreader is withdrawn or extended.h.Stops translation of the bridge and/or trolley when the collision ring on the mast is contactedand deflected. Redundant switches are provided to minimize the possibility of this interlockbecoming inoperative and slow bridge and trolley speeds are mandatory for movement of the refueling machine in areas other than its normal travel route which might containobstructions. Travel limits also restrict running the mast into the pool wall.7.6-3Amendment No. 20 (4/04) i.Mandatory slow hoisting speed while fuel assembly is within the core if not in "Open Water"and below "Entering Core" height. During insertion and withdrawal the change in hoist speedcan be monitored by observation of the hoist vertical position indicator. A change in thesound of the hoist will accompany the change in hoist speed.j.Prevents rotation of the upender while the RFM is at the upender station unless the hoist is atFull Up, and the spreader is retracted. Failure of this interlock while the refueling machine is at the upending station will allow an upending signal by the transfer equipment operator atthe station only to initiate rotation of the fuel carrier by the upender. In the event that thissignal is erroneously initiated while the fuel assembly is being lowered from or raised into the refueling machine, a bending load will be applied to the fuel assembly.Transfer System Interlocksa.Terminates winching of the fuel carriage through the transfer tube if the load increases bymore than 10 percent above the set point. The winching load is visually displayed at theReactor Side Console so that the operator can manually terminate the transfer operation if an overload occurs and the interlock fails. An overload is indicated by a light on both consoles and by an audible alarm.b.Prevents the winch from attempting to pull the fuel carriage through the transfer tube with anupender in a vertical position. If this interlock fails and a transfer signal is initiated, winching will be terminated when the load reaches 10 percent above the set point.c.Prevents rotation of the upender unless the fuel carrier is correctly located for upending.Failure of this interlock will: 1) with the fuel carrier in the transfer tube allow the upender to rotate with no affect on the carrier or fuel assembly, and 2) with the fuel carrier partially in the upender, attempt to but not be successful in rotating the carrier since a mechanical lock prevents premature carrier rotation.d.The isolation valve limit switch interlock prevents movement of the fuel carrier unless thevalve is fully opened. If this interlock fails with the valve partially closed, the fuel carrier will contact the valve and winching will be terminated by an overload signal. No damage to the fuel assembly will result since the fuel assembly is enclosed in the carrier.Spent Fuel Handling Machine Interlocksa.Interrupts hoisting if the load increases above the set point. Since the tool is manuallycontrolled by the operator, failure of the tool to move or reduction in tool speed as a result ofan overload can be sensed by the operator if the interlock becomes inoperative. In addition, digital display of hoist cable load is provided.b.Interrupts hoisting if the load decreases to below the tare value. Since the tool is manuallycontrolled, a slack cable condition can be visually determined by the operator and hoisting terminated.c.The bridge and trolley are restricted to slow speed with a bundle weight if the hoist is not inthe full up position. If this interlock fails, the mandatory slow speed restriction is removed.However, since the translation speed controls are infinitely variable, the operator can run atslow speed when the interlock malfunction is recognized.d.Boundary Encoder System protect against running the load into walls or the gate of thestorage area. No back-up or additional circuitry is provided for this interlock. However, the operator has direct vision of the tool and the attached load so that translation can beterminated if an interlock fails to operate.7.6-4Amendment No. 21 (12/05)
and the Reactor Trip Switchgear. The consequential loss of voltage on the Reactor Trip Switchgear buses causes the reactor to shut down. This system, diverse and independent from the RPS except at the instrument loops, satisfies the ATWS Rule requirements for ATWS prevention. The DSS utilizes the four pressurizer pressure transmitters and their respective current loops for the source of the DSS input signals. These transmitters are also used for the RPS (high pressurizer pressure reactor trip and low pressurizer pressure reactor trip), indications, high and low pressurizer pressure annunciation, Engineered Safety Features Actuation System (ESFAS-low pressurizer pressure/safety injection actuation), and as input to the Sequence of Events Recorder (SER). Two I/I (current-to-current) converters in each instrument loop isolate the RPS and DSS inputs from each other. The pressurizer pressure input signals are wired into the ESFAS cabinets where they are routed to four bistable modules, one in each measurement cabinet. Digital outputs (ON) are produced from the bistable modules when the pressurizer pressure reaches 2450 psia. This is the DSS actuation setpoint recommended by Combustion Engineering in Combustion Engineering Owners Group (CEOG) report CE NPSD-354. Each of the four bistable modules produce an output for two digital isolators, SA and SB, located in the same measurement cabinets as their associated bistable modules. The outputs of the four SA isolators are routed to ESFAS cabinet ESC-SA while the four SB isolator outputs go to ESFAS cabinet ESC-SB. In each
safety cabinet (ESC SA and ESC SB), there is an actuation module which accepts the four isolated digital signals and applies two-out-of-four (2/4) logic to produce a digital output. Each 2 /4 actuation module sends its output through an isolator to a CEA drive MG set load contactor, the SER, and to an
annunciator window. Both actuation modules must function and trip both load contactors to produce a reactor trip in a 2 /2 output logic. There are two bypass switches , one each located on safety channel cabinets ESC SA and ESC SB. Both switches have two positions, NORMAL and BYPASS, and are controlled by keys removable
only in the NORMAL position. When in the NORMAL position, the DSS operates as designed and sends actuation signals to the MG set load contactors to trip the reactor. In the BYPASS position, however, the DSS actuation signals are blocked to allow operators to test and maintain the DSS with
the plant at power without the potential for reactor trip. Complete testing overlap, from the sensors to the trip coils may be accomplished with the plant shut down. There are also four bistable bypass switches, one for each bistable device. Their function is to bypass bistable devices individually to test
or maintain them without causing bistable output signals to be sent to the 2 /4 actuation modules. Since the logic of the DSS is integrated into the ESFAS, the existing ESFAS cabinet automatic testing
instrument (ATI) is utilized to check the functions of the DSS components from the bistable devices through the 2/4 actuation modules by using pulses from an auto-test generator. ATI operates continuously as long as ESFAS circuits are energized. An annunciator window is used to alert the operator when a DSS actuation signal is obtained from either 2/4 actuation module. Another is provided to alarm when either of the two safety channel bypass switches is placed in the BYPASS position. Local indicating lights on the ESFAS cabinets provide status indication of the same conditions. 7.6-6a Amendment No. 18, (04/01)
7.6.2 ANALYSIS
7.6.2.1 Shutdown Cooling System Interlocks a)Requirements There are no AEC Safety Guides or General Design Criteria which apply to these interlocks. The requirements of IEEE 279-1971 and IEEE 338-1971 are written expressly for protection systems, and as such, they are not directly applicable to these interlocks. The requirements of these IEEE Standards are discussed in the following paragraphs to the extent that they apply. b) IEEE 279 - 1971, Section 4 The following discussion refers to the requirements set forth in Section 4 of IEEE 279-1971: 1)The interlocks are designed for the normal plant operating environment and are not required to function under abnormal or accident conditions. 2)Any single failure leading to loss of one channel will not permit overpressurization of
the low pressure piping. Loss of both interlock channels, coupled with violation of administrative controls and procedures would be required. 3)The sensors for these interlocks are to the same specification and quality
requirements that are imposed on protective system instrumentation. 4)Type tests are performed on the instrumentation that will ensur e their operation during expected conditions of seismic activity. 5)The interlocks are designed to maintain functional capability in the normal plant operating environment. They serve no function during abnormal or accident situations. 6)The pressur e transmitters are located on separate pressurizer nozzles, and separation is maintained between channels. 7.6-7 Amendment No. 18, (04/01)
Amendment No. 18, (04/01) FLORIDA POWER & LIGHT CO. St. Lucie Plant Reactor Regulating System - Block Diagram Amendment No. 15 (1/97)}}

L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 7, Instrumentation and Controls

Contents

Text

3.1 DESCRIPTION

7.1 DESCRIPTION

6.1 DESCRIPTION

7.6.2 ANALYSIS

Navigation menu

L-2017-074, St. Lucie, Unit 1, Updated Final Safety Analysis Report, Amendment No. 28, Chapter 7, Instrumentation and Controls

Text

3.1 DESCRIPTION

7.1 DESCRIPTION

6.1 DESCRIPTION

7.6.2 ANALYSIS

Navigation menu

Search