ML17258A402

From kanterella
Jump to navigation Jump to search
SEP Topic VII-2,ESF Sys Control Logic & Design,Ginna Nuclear Power Plant 1, Informal Rept
ML17258A402
Person / Time
Site: Ginna Constellation icon.png
Issue date: 12/31/1981
From: Morken D
EG&G, INC.
To:
Shared Package
ML17258A401 List:
References
CON-FIN-A-6425-1, TASK-07-02, TASK-7-2, TASK-RR EGG-EA-5683, NUDOCS 8112300020
Download: ML17258A402 (19)
v  d  e


Text

0 EGG-EA-5683 DECEMBER 1981 I

SYSTEMATIC EVALUATION PROGRAM, TOPIC VII-2, ESF SYSTEM GONTROL LOGIC AND DESIGN, GINNA NUCLEAR POWER PLANT NO. 1, DOCKET NO. 50-244 D. J. Morken U;S. Department of Energy

. Idaho Operations Office ~ Idaho National Engineering Laboratory P' (fI ml ~ ~

r I' <r i

I

~( ~~+

N~ ~Ense

~~~

grgngygq ~~

I, K...h VII[I Sr l& r& ~

< ~sxmam~~ar~a'a

~~~~r

~Et

~ 9 4 l ~

1g I

E, ~ ~ ~

,[I This is an informal report intended for use as a preliminary or working document Prepared for the U.S. Nuclear Regulatory Commission

-Under DOE Contract No. DE-AC07-76ID01570 n ~~<~maho FIN No. A6425-1 8i i2300020 8i i'W8 ++

ADOCK 05000244 PDR PDRJ

n

+Q E&Z& Idaho. Inc.

FORM EG6G498 (Rev. 11 'I9)

INTERIM REPORT Accession.No.

Report No EGG-EA-5683 Contract Program or Project

Title:

Electrical, Instrumentation, and Control Systems Support for the Systematic

- Evaluation Pro'gram ( II)

Subject of this Document:

Systematic Evaluation Program, Topic VII-2, ESF System Control Logic and Design, Ginna Nuclear Power. Plant No. 1 Type of Document:

Informal Report Author(s):

D. II. Morken Date of Document:

December 1981 Responsible NRC Individual and NRC Office or Division:

Ray F. Scholl, Division of Licensing This document was prepared primarily for preliminary or internal use. It has not received full review and approval. Since there may be substantive changes, this document should not be considered final.

EG&G Idaho, Inc.

Idaho FaIls. Idaho 83415 prepared for the U.S. Nuclear Regulatory Commission D.C. 'ashington, Under DOE Contract No. DE-AC07-76ID01570 5.

. INTERIM REPORT

0632' SYSTEMATIC EVALUATION PROGRAM TOPIC VII-2 ESF SYSTEM CONTROL LOGIC AND DESIGN ~ M GINNA NUCLEAR POWER PLANT NO. 1 Docket No. 50-244 December 1981 D. J. Morken EGEG Idaho, Inc.

h 11/23/81

ABSTRACT This SEP technical evaluation'or the Ginna Nuclear Power Plant No. l, reviews the type of isolation devices used in the Engineered Safety Features (ESF) systems, the isolation between ESF channels and the isolation of ESF'ystems from control and non-safety systems.

FOREWORD This report is supplied as part of the "Electrical, Instrmaentation, and Control Systems Support for the Systematic Evaluation Program (II)" :

being conducted for the U.S. Nuclear Regulatory Commission, Office of

..Nuclear Reactor Regulation, Division of Licensing by EGKG Idaho, Inc.,

ReliabH ity 8 Statistics Branch.

The V.S. Nuclear Regulatory Commission funded the work under the authorization BKR 20-10-02.-05, FIN A6425-1.

11

CONTENTS 1 OO INTRODUCTION o ~ ~ o o o ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ o ~ ~ ~ ~ ~ ~ o o o ~ ~ ~ ~ ~ ~ o ~ o ~ o o

.2 .0 ,CRITERIA ........................................ ~ OOO ~ ~ ~ ~ O ~ ~ ~ ~ ~ OO 3 .0 DISCUSSION ......................................................

3 .1 General

, 3.2 Safety Injection System ...................................

3.2.1 Low Pressurizer Pressure .......... ~ OOO ~ OO ~ ~ ~ ~ ~ ~ ~ OO 2 3.2.2 Low Steam Line Pressure ........... ~ ~ ~ O ~ O O O O O ~ O ~ ~ ~ 3 3.2.3 High Containment Pressure .........

3.2.4 Evaluation ........................ 5 3.3 Steam Line Isolation System ......................

3.3.1 High Steam Line Flow and SIS ...... 5 3.3.2 High Containment Pressure ......... 6 3.3.3 Evaluation ........................ ~ OO ~ OOOO OOOO ~ OOO 6 3.4 Containment Spray System .................................. 7 3.4. 1 Hi-Hi Conta.inment Pressure ...... ~ ~ OOO ~ ~ OO ~ OOO ~ OO ~ ~ 7 Evaluation ......................

3.4 .2 ~ ~ ~ ~ O ~ ~ O O O ~ O O ~ ~ ~ ~ ~ 7

3. 5 Containment I so at i on System ................

1 3.5.1, Containment Isolation ........... 8 3.5.2 Containment Ventilation Isolation ~ ~ ~ O ~ ~ ~ ~ ~ ~ O O ~ ~ O ~ 8 3.5.3 Evaluation ~ ~ ~ O O ~ ~ O O O O O O ~ ~ O O O 9 3.6 Feedwater Isolation .......................................

3.6.1 Evaluation ....................... ~ ~ ~ ~ O ~ ~ ~ O O ~ O O ~ ~ O ~ ~ .9 4o0

SUMMARY

o ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

o'

~ ~ ~ ~ 9 5.0 RE,FERENCES APPENDIX A--NRC SAFETY TOPICS RELATED TO THIS REPORT

SYSTEMATIC EVALUATION PROGRAM "-) .

A TOPIC V I I-2 g()%f I g ESF SYSTEM CONTROL LOGIC AND DESIGN a

~ qt GINNA NUCLEAR POWER PLANT NO. 1 1

1.0 INTRODUCTION

The objective of this review is to determine if non-safety systems which are electrically connected to the Engineered Safety Features (ESF) are properly isolated from the ESF and if the isolation devices or-tech--.

niques used meet current licensing criteria. The qualification of safety-.=

related equipment is not within the scope of this review..

Non-safety systems generally receive control signals from ESF sensor .

current loops. The non-safety circuits are required to have isolation-devices to ensure electrical independence of the ESF channels. Operating experience has shown that some of the earlier isolation devices or arrange-ments at operating plants may not meet current licensing criteria.

2.0 CRITERIA General Design Criterion 22 (GDC 22), entitled, "Protective System-Independence," requires that:

The protection system shall be designed to assure that the effects of natural phenomena and of normal operating, maintenance, testing, and postulated accident conditions on redundant channels do not result in loss of the protection function, or that they shall be demonstrated to be acceptable on some other defined bases. Design techniques, such as functional diversity or diversity in component design and principles of operation, shall be used to the extent practical to prevent loss of the protection function.

General Design Criterion 24 (GDC 24), entitled, "Separation of Protection and Control Systems," requires that:

The protection system shall be separated from control systems to the extent 'that failure of any single control system component or channel, or failure or removal from service of any single protection system component or channel which is common to the contro'1 and protection =

system, leaves intact a system that satisfies all reliability, redun-.

dancy, and independence requirements of the protection system. Inter-connection of the protection and control systems shall be limited so as to assure that-safety is not significantly impaired.2

~ l$ W C

IEEE Standard 279-1971, entitled, "Criteria for Protection Systems for Nuclear Power Generating Stations," Section 4.7.2, states:

The transmission of signals from protection system equipment for con-trol system use shall be through isolation devices which shall be

classified as part of the protection system and shall meet all the requirements of this document. No credible failure at the output of an isolation device shall prevent the associated protection system channel from meeting the minimum performance requirements specified in the design bases.

'I ~ I Examples of credible failures include short c'ircuits, open circuits,

'grounds, and the application of the maximum credible AC and DC poten-tial. A failure in an isolation device is evaluated in the'same man-

. ner as a failure of other equipment in the protection system.

3.0 DISCUSSION AND EVALUATION e 0

3.1 General. The Engineered Safety Features (ESF) as defined by the Standard Review Plan Section 7.1-III are those systems which are required to mitigate the consequences of a postulated accident. The ESF systems for the Robert Emmett Ginna Nuclear Station-Unit No. 1, as identified in Tech-"

nical Specifications4 are as follows: 'I

'I '

J Safety Injection System ~ a e Steam Line Isolation System Con'tainment Spray System Containment Isolation System Feedwater Isolation System 3.2 Safety Injection System. The Safety Injection System (SIS) delivers borated water. to the reactor core following a loss of coolant accident. The principle components of the SIS are two passive accumula-tors (one for each loop), -three safety injection pumps, two residual heat removal (RHR) pumps and the essential piping and valves. The accumulators, being passive devices, discharge into the cold leg of each loop and do not require automatic initiation.

~

The safety injection system may be actuated by two-out-of-three (2/3) low pressurizer pressure signals, 2/3 low steam line pressure signals, 2/3 nigh containment pressure signals or it can be actuated manually. Any SIS signals will open the SIS isolation valves, start the high head SI of'he pumps and the low head RHR pumps.

~

3.2.1 Low Pressurizer Pressure. Low pressurizer pressure is monitored by three pressure transmitters, PT 429, PT 430 and PT 431. Each transmitter feeds a current loop. The current loops are identified as channel 1 (red), channel 2 (nhite) and channel 3 (blue). The three c)lrrent loops are identical, thus only the channel 1 (red) is described here.

The channel 1 current loop is comprised of a pressure transmitter (PT-429), a power supply (Pt}-429), a lead/lag module,(PM-4298), an isolation alarm'odule (PC-429E), an isolation current repeater module (PC-429A),. a second lead/lag module (TM-401B), isolation module (TM-405 0), and isolation module (PC-429 D/C). PC-429E, PC-429A, an'd PC-429 D/C.are Foxboro..isolation .-

devices, Model M/63S with bistable. output signals. PM-429A and TM-405 0 are Foxboro isolation current repeaters, Model M/66-BR with current input and current output signals.

I I

Lead/lag module PM-4298 conditions the signal from transmitter PT-429;;.:-

and provides, an output signal to isolation device PC-429E', which'nitiates'"-

a bistable output signal to the RPS low pressurizer pressure trip relay logic. PC-429A provides a bistable output signal to the RPS high pressure relay logic. PM-429A provides an isolated current output pres-'-'urizer to the p'ressurizer control system indicators 'and recorders.

TN-401B mixes and conditions the pressurizer pressure current signal

'Lead/lag'odule with 'input from the RPS nuclear instrumentation and an RPS average tempera--

ture (Tav ) input signal and PT-429 current signal. However, the s'ignals .

are all d1rived from the same channel and there are no interconnections between channels. TM-405 0 provides an isolated .current output signal to:

.indiCators and a three pen recorder. PC-429 0/C provides two bistable output signals. Output from PC-429C feeds a 2/3 relay logic in the SIS logic initiation circuit. PC-4290 output feeds a 2/3 SIS unblock relay

'ogic circuit.

Output signals from bistables PC-430 E/F, channel IK and PC-431 I/G, channel III complete the input signals to the 2/3 pressurizer pressure logic of the SIS initiation circuitry. Output signals from the 2/3 logic modules provide redundant inputs to a one-out-of-four OR gate, latching .

relays and the safeguard sequence unit. The safeguard sequence unit opens the SIS isolation valves and starts the high head and low head safety injection pumps. The safeguard sequence unit also loads two of the service water pumps, the two'uxiliary feedwater pumps and the four containment fan coolers onto the safeguard buses.

Circuitry from the output 'of the pressurizer pressure current loops is composed of relay logic, with auxiliary relay contacts used for starter indication, annunciation and event recording inputs.

3.2.2 Low Steam Line Pressure. ,Low steam line pressure will initiate the SIS.'wo sets of three pressure transmitters monitor the two steam line loops. Pressure transmitters PT-468, PT-469 and PT-482 monitor steam line loop A while PT-478, PT-479, and PT-483 monitor steam line loop B. The four current loops for PT-468, 469, 478 and 479 are identical.

Current loops for PT-482 and 483 are also identical but are different from the other four loops. Therefore, current loops for both PT-468 and PT-482 will be discussed.

Channel I. current loop is comprised of a pressure transmitter (PT-468), a series current repeater (FM-464A), a lead lag module (PM-468A), .

~ a series current repeater (PN-468B), an alarm bistable module (PC-468A) and a power supply (P(}-468). The current repeater FN-464A is a Foxboro s'eries- .

multiplier-divider Model M/66 DR with two inputs, steam line flow and steam line pressure, with an output to a square root extractor. The series multi-plier does not provide isolation between the steam line flow input and the steam line pressure input. It does provide isolation between the'nput signals and the output signal. The 'input signals are from the same channel and there are no interconnections between channels.. FM-464A signal from.

the square root extractor feeds a series current -repeater isolation module .

FM-464C, Foxboro Model.N/66BR. The lead/lag module PM-46BA conditions the steam line pressure current signal and feeds the bistable module PC-468A.

The module provides'low and low-low bistable output signals which initiate

relays for the first out annunciator and the SIS 2/3 logic. PC-468A is a.

Foxboro isolation device model N/63BR. PM-4688 is a Foxboro model N/66BR current repeater and provides an isolated output current to pressure indicators and the recorder.

Channel III current loop (PT-482) is similar to Channel I with the .

exception it does not have a steam flow/steam pres'sure input module as in Channel I (FM-464A): Otherwise, the current loop and the isolation modules .

are identical to Channel I as described above.

Output signals from the steam line pressure current loop bistables .

PC'-468A, PC-469A and PC-482A feed a 2/3 relay logic module. PC-478A, PC-479A and PC-483A feed a second 2/3 relay logic module. The output of the two 2/3 logic modules feed separate 2/2 modules which also require inputs from the pressurizer pressure SIS unblock logic to produce output signals, Each 2/2 logic module feeds the one-out-of-four OR 'gate to the SIS. The output of the OR gate is described in Section 3.2.1 above.

Auxiliary relay contacts in the 2/2 module provide annuciator status si.gnals.

'3.2.3 Hi h Containment Pressure. High containment pressure will initiate the SIS. High containment pressure is monitored byfeeds three pressure transmitters, PT-945, PT-947 and PT-949. Each transmitter a current loop. The current loops are identified as Channel I (red), Channel II

'(white) and Channel 3 (blue). The three current ]oops are identical,

-thus only Channel I (red) will be described here.

Channel I current loop is comprised of the pressure transmitter (PT-945), Power .Supply (Pg-945), an isolation current repeater (PN-945) and an isolation alarm module (PC-945 A/B). The current repeater PN-945 is a Foxboro isolation device Model N/66BR with an output to a remote indicator.

PC-945 A/B is a dual output bistable alarm module, Foxboro Model N/63S with the "A" output feeding the SIS relay logic circuitry and the. "B" output feeding the containment spray logic.7 (See Section 3.4 for evaluation of containment spray). The output of PC-945A is fed to a 2/3 relay logic and, in conjunction with PC-947A (Channel II) and PC-949A (Channel III), provides the three Hi containment pressure signals to a 2/3 relay logic module. The output of the 2/3 logic module feeds the SIS one-out-of-four OR gate to initiate SIS as described in Section 3.2.1.

Manual switches on the analog instrument cabinets as well as manual pushbuttons on the relay logic cabinets permit logic testing. Remote manual switches are provided for manual operation of the pumps and valves.

'C Power for the SIS analog logic circuit is supplied from four instru-ment buses, lA, 1B, 1C and 1D. Buses lA and 1C are powered from inverters tl and 02 which are fed fro'm the 125V DC buses 1 and 2. Buses 1B and 1D are powered by constant voltage transformers fed by 480V NCC 1B and MCC 1D respectively. The relay logic is separated into train A and tra'in B.

Train A receives power from the 125V DC control board panel lA and train B

. from the 125V .DC control board panel lB. Power to the SIS pumps is from 480V Bus 814 for train A and 480V Bus 816 for train B. Motor-operated

'I valves receive power from 480V MCC klC for train A and 480V MCC,PlD for train B. ~ )

3.2.4 SIS Evaluation. The analog logic is separated'n three--

separate channels and are electrically isolated from each other.'.- .Foxboro., =.

'solation devices provide adequate isolation between the ESF safety system

logic and the control and non-safety systems.'solation between the ESF's two digital logic trains is by relay logic. Isolation between power sys-tems is by the use of separate power buses for each tr'ain and thermal-magnetic breakers isolate individual pumps arid valves from other devices on-

,the same bus. Valve status indication is from position switches on the-valves. Pump status is from auxiliary relay contacts in the motor breaker

'ircuits.

3.3 Steam Line Isolation System. The steam line isolation valves are closed upon receipt of high steamline flow in conjunction with an, SIS sig-nal, by Hi-Hi containment pressure or by manual initiation..

3.3.1 Hi h Steam Line Flow and SIS.10 High steam line. flow is monitored by two flow transmitters in each flow loop (A:and B). FT-464, .

Channel I (red), and FT-465, Channel II (white), monitor steam flow in,.

loop A. FT-466, Channel I (r'ed), and FT-467, Channel. IE (white). monitor steam'flow in loop B. Each transmitter feeds separate current 'loops and the four current loops are identical. 'Therefore, only Channel I (red) will be described. 4 A flow transmitter (FT-464) feeds a current loop comprised of a power supply (Pg-464A), isolation current repeaters (FM-464D and FM-464C), model M/66 BR, a series multiplier-div'ider (FM-464A), Foxboro model M/66 DR and an isolation alarm module (FC-464A), Foxboro model M/66 3S. The current repeater GM-464D supplies an isolated current signal to remote instruments.

The multiplier-divider FM-464A, mixes an RPS steam line flow input signal with the pressure input signal from the steam line pressure transmitter PT-468 to provide a modified output flow signal. The multiplier-divider module FM-464A does not provide isolation between the flow and pressure input signals. It does provide isolation between the output and the input signals. The flow and pressure signals are both from Channel, I and there is no intertie between channels. FM-464A output signal feeds the isolation amplifier FM-464C 'which provides input signals to instrumentaton and con-trols, Hi. flow and Hi-Hi flow.

Hi flow output signal - from either Channel I (PC-464A) or Channel II (PC-465A) of loop A provides one .input to a two input relay logic AND gate. The other input to the AND gate comes from a low,Tave bistable will signal. An output from the AND gate when combined with an SIS signal initiate closure of loop A steam line isolation valves MSIV lA. The logic .

for loop B is identical to that of loop A.

- 4

~ q ~ 1 The loop A Hi-Hi output bistable signals, PC-464B and PC-465B, feed a two input relay logic OR gate. The output of the OR gate when combined with an SIS signal will also close the steam, line isolation valve in loop A.

The logic for loop B is identical.

Manual control switch PB/MNSl will close loop A steam isolation valve-MSIV lA and PB/NNS2 will close loop 8 steam isolation valve MSIV 18.."

Each isolation alarm module provides a status indicator light for both Hi and Hi-Hi indication. Hi flow input signals to the flow SIS ANO gate rovide an annunciator output signal. Steam line valve status is indicated':

y position switches on the valve.

Power to valve MSIV lA is from the 125V OC battery 1A and to NSIV.18 is from the 125V OC battery 18. Both valve actuation circuits are isolated froof other functions on the same battery bus by line fuses. The current loop power supplies for Channel I and Channel II are fed from instrument buses 1A and 18.

3.3.2 Hi h Containment Pressure. Steam line isolation may also be initated from Hi-Hi containment pressure. Hi-Hi containment pressure is, monitored by three pressure transmitters, PT-946 Channel II (white), PT-948, Channel III (blue) and PT-950 Channel IV (yellow). Each transmitter feeds a separate current loop and the three current loops are identical. There-fore, only Channel II (white) wil.l be described.

Pre'ssure transmitter PT-946 feeds a current loop comprised of a power supply (Pg-946), an isolator current repeater (PM-946), Foxboro model M/66 BR and an isolation alarm module (PC-946 A/8), Foxboro model M/63S. The current repeater PM-946 provides an isolated output current to an indicat-

ing instrument on the control board. The isolation alarm module PC-946 'A/8 provides two bistable output signals; A and B. Bistable output signal A goes to .a 2/3 Hi-Hi containment pressure trip logic. Bistable output 8 goes to the containment spray logic (see Section 3.4 for details on con-tainment spray).. PC-948A and PC-950A also feed the 2/3 Hi-Hi containment pressure trip logic. The 2/3 trip module provides an output closing signal to each of the steam line isolation valves MSIV 1A and NSIV 18.

Auxiliary re1ay contacts from the containment pressure bistable alarm modules provide annunciator status in the control room. Manual pushbutton swiches provide testing of the individua1 trains of relay 'logic. Other pushbutton switches provide testing'f the analog channels.

Power to the analog logic circits is from instrument bus 18, 1C and

10. Popover for .the relay logic is from the 125V OC control board lA for train A and the 125V OC control board 18 for train 18. Isolation of safety functions from other functions on the same bus is by thermal-magnetic cir-cuit breakers and fuses.

I'.3.3 Evaluation. Tne analog channels are separated into four steam flow channels and three containment pressure channels. Each channel is independent and electrically .isolated from the others. Foxboro isola-.

tion devices provide adequate isolation of the analog channels from control and non-safety systems. The analog channels feed relay logic separated into two independent logic trains. The relay logic provides adequate isolation between the trains and from control and non-safety systems.

. Isolation between power sources 'is by the.use of separate power buses and

in-line fuses. System status indication is by aux'iliary relay contacts and valve position switches.

3.4 Containment Spray System. The containment spray system 'consists..

of two pumps, one spray additive tank, valves, piping and spray nozzles.

Initiation of containment spray is from coincident signals. from two sets of 2/3 high'c'ontainment pressure signals monitoring containment Hi-Hi pressure.

The actuation signal will start the pumps and open the discharge'valves to.

the spray header.- Valves for the spray additive tank open after 'a time delay and may be controlled by the operator.

3.4.1 Hi-Hi Containment Pressure. Hi-Hi containment pressure is monitored by the 'same pressure transmitters used for SIS initiation, PT-945, PT-947 and PT-949 (Section 3.2.3) and steam line isolation PT-946, PT-948 and PT-950,- (Section 3.3.2). The analog current loops are as described in the above referenced section and will not be repeated here.

The "B" bistable output from each of the isolation alarm modules PC-945 A/B, PC-946 A/B, PC-947 A/B, PC-948 A/B, PC-949 A/B and PC-950 A/B provide the Hi-Hi pressure level setpoint for actuation of the containment spray.

PC-9458, PC-9478, and PC-949B feed a 2/3 relay logic in logic train A.

PC-946B, PC-948B and PC-590B feed a 2/3 relay logic in logic train B. The output of the two 2/3 logic units feeds a two input relay AND gate. With input signals from both 2/3 logic circuits, the AND gate output signal goes to a second two input relay AND gate with a momentary manual reset signal

.as the second input. Operation of the reset signal will only momentarily reset containment spray as long as a Hi-Hi containment pressure signal or a manual actuation signal is present.

Manual actuation of containment spray requires simultaneous operation of two push button switches, PB/NSl and PB/NS2. Manual test switches also permit testing the relay logic. Auxiliary relay contacts provide 2/3 logic annunciation for each train and annunciation of the core spray actuation signal. Bistable output signals from the analog logic channels actuate trip status lights and annunciators for each channel.

Power for the analog cir'cuits are from the four instrumentation buses.

Power to the relay logic is supplied by the 125V DC control board panels.

(See Sections 3.2.3 and 3.3.2 of this report for details.) Power to the containment spray valves MOV 860A and MOV 860C is from the 480V NCC 5'lC while NOV 8608 and MOV 860D are powered from the 480V MCC 010. Containment spray pumps 1A and 1B receive power from 480V Bus f14 and Bus 816, respec-tively. Pump status indication is from auxiliary contacts on the pump motor breaker and valve status indication is from position switches on the valves.

3.4.2 Evaluation; Isolation of analog channels are described in

~ Sections 3.2.3 and 3.3.2 of this report. Relay logic circuits are ade-quately isolated by relay contacts. Power systems use separate power buses for the two trains and thermal-magnetic breakers for isolation from other functions on the same buses.

3.5 Containment Isolation System. Cont'ainment isolation is initiated by an SIS signa or manua y. Actuation of containment isolation trips, the ,

containment sump pumps, closes all containment isolation valves (contain-ment sump pump discharge isolation valves, steam generator, isolation blow-down valves, reactor coolant drain tank vent header and pump suction valve, containment ventilation purge valves, containment depressurization valves, .

containment air test supply valve, and containment air test valves), and .

trips the purge supply and exhaust fans. Containment .ventilation valves are also isolated on high containment activity or, from a manual containment .

spray signal.

3.5.1 Containment Isolation. Containment isolation is initiated by an SIS'signal or by manual operation of two pushbutton switches, PB/MCl and PB/MC2. The analog logic is'escribed under SIS actuation, (Sec-tions 3.2.1, 3.2.2 and 3.2.3) and will not be repeated here.

Contacts from the SIS latching relay provide containment isolation actuat'ion. A momentary reset pushbutton will reset the containment isola-tion valves only upon loss of the SIS signal.'nnunciation of containment isolation is from auxiliary contacts on the actuation latching relay.

Remote actuated containment isolation valves are either motor-operated or air-operated. Single air-operated valves have two relays in series powered from separate DC sources and from separate control logic channels.

Where two air-operated isolation valves are in series there is one solenoid for each valve, each supplied from a different DC power source. Motor-operated valves are fed from one of two 480V MCCs.

~

Control switches provide individual control of certain isolation valves while other isolation valves are manual controlled by valve groups from com-mon switches.

3.5.2 Containment Ventilation Isolation. The containment ven-tilation isolation system, initiated by SIS, Hi contyinment activity or manually, is adequately described in SEP Topic VI-4.~3 SIS initiation isolation logic isdiscussed in Section 3.2.3 of this report. Drawings of the Containment Radioactivity Detectors RCll and RC12 were not available for detail review. However, as identified in SEP VI-4, Section 2.3, the radiation monitors used to initiate isolation are not class 1E equipment.

The digital logic of the radiation monitor system is derived from bistable 'outputs from RCll and RC12. Either monitor can initiate contain-ment ventilation isolation actuation through relay logic OR gates.

SIS or manual actuation of either containment isolation or containment spray will also initiate containment ventilation isolation.

tl Power to the relay logic as well as to the air-operated valves is pro-'*

vided from the two 125V DC sources. Power for the ventilation fans is from 480V buses ¹14 and ¹16 and motor-operated valves are power from MCC 1C and MCC 1D. Isolation of the fan motors and motor-operated valves from other

functions on the same buses is by thermal-magnetic breakers. Solenoid operated va'lve circuits are individually fused; 3.5.3 Evaluation. With the exception that the containment radio-activity monitor analog circuits are not class lE equipment, isolation of the channels and trains of the containment isolation from other ESF "*

systems, controls arid non-safety systems is adequate.' . .

3.6 Feedwater Isolation System. The feedwater iso1ation system is comprised of. the four main feedwater and feedwater bypass isolation valves (AOV 4269, AOV 4270, AOV 4271 and AOV 4272). These valves close upon receiving an SIS signal or by' safeguards sequence'nitiate signal. They will fail c'losed on loss of power or air.

An evaluation of the SIS analog initiation channels and the digital actuation trains are contained in the discussion of the SIS, Section 3.2 of this report.

Each valve has redundant relay inputs with redundarrt solenoids for closing and a single relay. contact input to a s'ingle solenoid to open..

Power to the feedwater valve solenoids is divided by trains between the two 125V OC sources. Isolation of each valve actuation circmt from its power bus is by fqpes. Interlocks between the redundant valves is by relay con-tact logic.'~

3.6.1 Evaluation. The analog channels initiation logic and the digital train logic for feedwater valve isolation actuation is evaluated in Section 3.2.4 of this report. Isolation of redundant valve circuit inter-locks is by relay contacts. Power to the redundant valves is from separate buses with fuse isolation of each valve circuit from other functions on the same bus.

4.0

SUMMARY

Based on current licensing criteria and review guidel ines, the ESF system complies with all licensing criteria listed in Section 2.0 of this rePort except for the following:

1. The containment radioactivity monitors do not qualify as class lE

. equipment. The isolation of the containment ventilation isola-tion ESF system is not adequately isolated from non class lE equipment.

5.0 REFERENCES

1. General Design Criterion 22, "Protection System Independence," of Appendix A, "General Design Criteria for Nuclear Power Plants," 10 CFR Part 50, "Domestic Licensing of Production and UtiTization Facilities."
2. General Design Criterion 24, "Separation of Protection and Control Systems," of Appendix A, "General Design Criteria for Nuclear Power Plants," 10 CFR P'art 50, "Domestic Licensing of Production and Utilization Facilities."
3. IEEE Standard 279-1971, "Criteria for Protection Systems for Nuclear Power Generating Stations."
4. Table 3.5-2, Appendix A to Pr ovisional Operating License No. DPR-18, Technical Specifications for R. E. Ginna Nuclear Power Plant No. 1, Rochester Gas and Electric Corporation.
5. Foxboro drawings BD-10, Rev. 4 and BD-2, Rev. 6.

L I

6. Foxboro drawing BD-13, Rev. 6.
7. RGEEC Logic Diagram 882D612, Sh 6, Rev. 7,RGEEC Safeguard System.

Drawings 33013-660; Rev. 2 and 33013-662, Rev. l.

8. Foxboro Drawings BD-6, Rev. 5 and BD-7, Rev. 5.
9. Foxboro Drawings BD-12, Rev. 5 and BD-14, Rev. 4.
10. RGEEC Logic Diagrams 8820612, Sh 6, Rev. 7 and Sh 14, Rev. 5. Foxboro drawing DB-6, Rev. 5, BD-7; Rev. 5 and CD-5, Rev. 8. RGEEC 4998425, Sh .298, Rev. 5.

ll. Foxboro drawings BD-12, Rev. 5 and BD-14, Rev. 4. RGEEC

~

drawings 882D612, sh .6, Rev. 7, 330-13-661-Rev. 0 and 33013-663-Rev.. 0.

.-12. RGEEC Drawings 499B425-301, 10905-79/222/223/224/225/287 and 300, and 10995-229.

13. SEP'Topic'I-4, "Electrical, Instrumentation, and Control Aspects of

~

the Override of Containment Purge Valve Isolation," Final Draft, Dated July 1981.

'4.

RGSEC Drawings 33013-664-Rev. 4 and 882D612-Rev. 7.

15. RGEEC Drawings 33013-554-Rev. 4, 10905-274-Rev. 0 and 499B425, Sh. 298, Rev. 5.

10

APPENDIX A NRC SAFETY TOPICS RELATED TO THIS REPORT .

"Classification of Structures, Components, and Systems"

2. V I-7.A.3 "ECCS Actuation System"

~ 3 ~ VI-10.A. "Testing of Reactor Trip Systems and Engineered Safety Fea-tures, Including Response Time Testing" VI I- 1 .A "Reactor Protection System Isolation"

5. VI I-3 Systems Required for Safe Shutdown"
6. VI I-4 "Effects of Failures of Nonsafety-Related Systems on

\ ~

Selected ESFs"

Retrieved from "https://kanterella.com/w/index.php?title=ML17258A402&oldid=2433978"