ML17329A712
| ML17329A712 | |
| Person / Time | |
|---|---|
| Site: | Cook  |
| Issue date: | 12/15/1992 |
| From: | AMERICAN ELECTRIC POWER SERVICE CORP. |
| To: | |
| Shared Package | |
| ML17329A705 | List: |
| References | |
| 2985-NCF-01, 2985-NCF-01-R01, 2985-NCF-1, 2985-NCF-1-R1, NUDOCS 9212180072 | |
| Download: ML17329A712 (17) | |
Text
REGULATORY REQUIREMENTS AND INDUSTRY STANDARDS ASSOCIATED WITH THE REACTOR PROTECTION PORTION OF THE REACTOR PROTECTION AND CONTROL PROCESS INSTRUMENTATION REPLACEMENT PROJECT December 15, 1992 REPORT NO. 2985"NCF"01, REV.
1 9212180072 921216 PDR ADOCK 05000315 P
Puruose The purpose of this report is to identify the applicable Industry standards and regulatory requirements that apply to the scope of the Reactor Protection Upgrade and discuss the level of compliance with those standards and requirements.
This will be accomplished by:
Identification of the Reactor Protection System equipment that is being replaced and the equipment that is not being replaced.
\\
Identification and grouping together of the applicable industry standards and regulatory requirements for the Reactor Protection Upgrade.
Discussion compliance of the Reactor Protection Upgrade to each requirement in Sections 5 thru 8 of IEEE-603-1980 and the related standards.
IEEE-603-1980 (IEEE-279-1971) is the source document for the design requirements of the Reactor Protection Systems.
Introduction The equipment and functions associated with the Cook Nuclear Plant Reactor Protection System include, sensing of plant parameters, processing that information to determine when protective action is required and initiation of the required protective action.
The Reactor Protection Upgrade is limited in scope to replacing the equipment used to process plant information and to determine when protective action is required (See Figure 1).
In an effort to minimize the impact of what amounts to a hardware upgrade for a portion of the Reactor Protection system, we have chosen a design approach that is limited to duplication of existing functions within the confines of the existing cabinets in a manner to minimize the impact on external cabling and power supply.
This approach was chosen to minimize the impact of the upgrade on continued compliance.
Compliance in areas such as separation, independence, and single failure will not be affected by the change because the overall protection system architecture has been retained.
Compliance in areas such as qualification, system integrity, and test and calibration have the potential to be affected and are discussed in detail.
Reactor Protection E ui ment Not Bein Re laced The scope of the Reactor Protection Upgrade impacts only a limited portion of the Reactor Protection System.
The following equipment and functions belong to the Reactor Protection System but are not part of the Reactor Protection System Upgrade (See Figures 1 and 2).
Report No. 2985-NCF-01 Rev.
Page 1 of 13
FlGURE 1 COOK NUCLEAR PLANT REACTOR PROTECTION SYSTEM REACTOR PROTECTION TRIP LOGIC Process Sensor SPEC 200 Analog Input Signal Condttbntny INPUTSIGNALPROCESSING SPEC 200 MICRO Signal Processing SPEC 200 Anshg a Contact Output Signal Processhg Protecthn Signal hpul botalbn Protectbn Selectbn Logh Protectton Output signal Reactor Trip Breatrer Signals Engtneered Safety Features Actuatbn Signals Process Sensor Process Sensor SPEC 200 Analog Input Signal Condltlonlng SPEC 200 Anahg Input Signal Conditbnlng SPEC 200 MICRO Signal Proc esslny SPEC 200 MICRO Stynet Processing SPEC 200 Analog a Contact Output Signal Processing SPEC 200 Anabg a Contact Output Signal Procassary Channel 2
Channel 3
CONTROL SYSTEM SIGNALPROCESSING OR DIRE CTI.YTot BIDICATORS,RECOROERS, COMPUTER INPUTS, OR ALARMS REACTOR PROTECTIN TRIP LOGIC Process Sensor SPEC 200 Anahg Inpul Signal Condlthnlng SPEC 200 MICRO Signal Processing SPEC 200 Analog a Contact Output Signal Processery Channel 4
H gne Process Repbcement Equipment RZ Proleclhn Signal Input Isotatlon Protectbn Selection Logb Protectbn Output signal Reactor Trip Breaher Signa'Is Engheered Safely Features Actuation Signals Report No. 2985-NCP-01 Rev.
1 Page 2 of 13
FIGURE 2 CABINET/RACKCONFIGURATION EXISTING CABINET NEST1 NEST2 NEW INPUT SIGNAL CONDITIONING PROCESSING AND OUTPUT CONDITIONING NESTS TEST PANEL NEW POWER DISTRIBUTION MODULES BULKPOWER SUPPLIES NEST3 NEST4
+ OR -15 VDC AND75 VDC POWER SUPPLIES ANDFIELD I/O TERMINALBLOCKS
4 3
I jr
The process sensors that continually measure and yroduce and provide input signals reyresenting the value of imyortant plant yarameters.
These sensors are not being replaced, and will provide input to the new instrumentation.
2.
The Reactor Protection logic equipment Solid State Protection System (SSPS) performing the following functions:
Input and isolation of the trip signals from the protection group cabinets.
Processing the trip signals through predetermined logic to establish the need for and the type of required protection function.
Generation of signals to accomylish the required protection function.
3.
The existing cabinets housing the Reactor Protection Process Instrumentation equipment.
Cabinet internals will be replaced and internal structures and grounding modified to accommodate the new instrumentation.
4.
The cables between the Reactor Protection and Control System equipment.
5.
- Cables, conduit and tray are not to be added or modified except within the Reactor Protection Process Instrumentation cabinets on a very limited basis.
Reactor Protection E ui ment Bein Re laced The following equipment and functions are part of the Reactor Protection Upgrade (See Figures 1 and 2).
This equipment will perform the same functions as the equipment it reylaces.
Foxboro SPEC 200 type analog input signal conditioning equipment that changes the various types and values of input signals from the sensors into a common type of analog output signal that represents the input values at the channel level.
2.
Foxboro SPEC 200 MICRO digital signal processing equipment take the analog signals from the SPEC 200 analog input equipment at the channel level and:
~
Changes the analog signals to digital signals.
Process the digital signals including comyarison against predetermined limits and when the limits are exceeded produces Report No. 2985-NCF-01 Rev.
1 Page 4 of 13
0 discrete trip signals to initiate the required protective action.
Changes the Processed digital signals back to analog output signals at the channel level.
3.
Fozboro SPEC 200 type analog output signal conditioning equipment which take the analog output signals from the SPEC 200 Micro and condition them for control system, indication and recording use.
4.
Fozboro SPEC 200 type contact output equipment produces discrete trip signals from the SPEC 200 MICRO and provides trip signals for input to the Reactor Protection logic equipment Solid State Protection System (SSPS).
5.
6.
Foxboro SPEC 200 type power distribution equipment powering the signal conditioning and signal processing equipment discussed above.
75 VDC Multiloop and +15VDC Multi-Nest Power supply which provides power for the field transmitters and SPEC 200 equipment.
Re laced Reactor Protection E ui ment Com liance The Reactor Protection Upgrade is provided by Foxboro Company and is in compliance with the applicable standards and regulatory requirements as follow:
~
General safety system requirements are identified in the following three standards and regulations:
IEEE 603-1980, "Standard Criteria for Safety Systems for Nuclear Power Generating Stations".
IEEE 279-1971, "Criteria for Protection Systems for Nuclear Power Generating Stations."
Reg.
Guide 1.153, "Criteria for Power, Instrumentation, and Control Portions of Safety Systems".
Reg.
Guide 1,153 states that compliance with IEEE-603-1980, as supplemented in Section C of the guide satisfy the provisions of IEEE-279-1971.
The items in Section C of Reg.
Guide 1.153 are covered as follows:
C1 Term "Safety System" in IEEE-0603-1980 is understood to be synonymous with "Safety-related System".
Report No. 2985-NCF-01 Rev.
1 Page 5 of 13
~
C2 Relates to IEEE-603-1980 Section 5.8.
~
C3 Relates to IEEE-603-1980 Section 6.3
~
C4 Relates to IEEE-603-1980 Section 6.3.
~
C5 Standards referenced in IEEE-603-1980 will be used in a manner consistent with current regulatory practice.
Items C2, C3, and C4 in Section C are not relevant to the scope of the Reactor Protection Upgrade.
~
IEEE-603-1980 establishes the minimum functional design criteria for the power, instrumentation, and control portion of safety system.
As such, most criteria pertains to the overall system functions rather than to individual pieces of equipment.
The Reactor Protection Upgrade project is limited to replacing existing signal processing equipment with SPEC 200 replacement equipment at the channel level with minimal effect on the overall protection system.
The requirements of IEEE 603-1980 apply to the SPEC 200 replacement equipment as follows:
~
IEEE-603-1980, Section 5.1, Single Failure Criterion and IEEE-379-1988 Standard for the Application of Single Failure Criterion to Class 1E Systems.
Single failure criteria is applied at the overall safety system level.
The compliance of the existing system is not being compromised because the existing qualified Reactor Protection equipment is being replaced by qualified SPEC 200 input signal processing equipment.
The SPEC 200 replacement equipment performs the same functions with the same overall level of dependency, separation and isolation and testability.
~
IEEE-603-1980, Section 5.2, Completion of Protective Action Compliance is applied at the overall safety system level.
The replacement equipment function is limited to the initiation of protective action when required at the channel level.
Completion of protective action is a Solid State Protective System (SSPS) logic design requirement, hence not within the scope of this modification.
Report No. 2985-NCF-01 Rev.
1 Page 6 of 13
~
IEEE-603-1980, Section 5.3, Quality The Reactor Protection Upgrade equipment is designed, manufactured, inspected and tested under the Foxboro Company quality Assurance program (CQA-2) that includes when needed the requirements of ANSI/IEEE-ANS-7-4.3.2, Application Criteria for Programmable Computer Systems in Safety Systems of Nuclear Power Generating Stations.
Installation will be controlled under our Corporate Quality Assurance program as described in Section 1.7 of the UFSAR.
~
IEEE-603-1980, Section 5.4, Equipment Qualification The SPEC 200 replacement equipment is qualified by type test, operating experience and analysis to assure no compromise in the qualification of the safety system.
Qualification includes:
Environmentally qualified for a mild environment in accordance with:
~
IEEE-323-1983, "General Guide for qualifying Class 1E Electrical Equipment for Nuclear Power Generating Stations".
~
IEEE-420-1982, "Standard for Design and Qualification of Class 1E Control Boards,
- Panels, and Racks Used in Nuclear Power generating Stations".
With the replacement equipment mounted in existing
- cabinets, testing will include a cabinet heat rise test to establish continuing environmental acceptability.
2.
Seismic qualification of the replacement equipment by type test and its operation in the existing cabinets by analysis per:
IEEE-344-1975, "Recommended Practices for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations".
IEEE 381-1977, "Standard for Type Tests of Class 1E Modules Used in Nuclear Power Generating Stations".
UNSRC Reg.
Guide 1.100, "Seismic qualification of Electrical Equipment for Nuclear Power Plant".
IEEE-420-1982, "Standard for the Design and Report No. 2985-NCF-01 Rev.
1 Page 7 of 13
Qualification of Class 1E Control Boards, Panels and Racks Used in Nuclear Power Generating Stations".
3.
EMI and RFI testing of the SPEC 200 replacement equipment per:
~
Mil-STD-461C August 1986, "Electromagnetic Emission and Susceptibility Requirements for Control of Electromagnetic Interference".
Note: In some cases we have increased the test levels identified in the standard to cover specific energy levels at the Cook Nuclear Plant.
4.
Surge withstand capability testing of the Reactor Protection Upgrade equipment per:
~
IEEE-472-1974, "Guide for Surge withstand capability (SWC) tests" was specified.
This testing is planned to be done per more recent standards, ANSI/IEEE Standard C62.41-1991 and C62.45-1987.
5.
With the SPEC 200 replacement equipment mounted in the existing cabinets, there will be a minimum of changes to the input cabling, splices and connections.
When
- required, qualified cable, field splices and connections qualified in accordance with:
IEEE 383-1974, "Standard for Type Test of Class 1E Electric Cables, Field Splices, and Connections for Nuclear Power Generating Stations" will be used.
~
IEEE-603-1980, Section 5.5, System Integrity While system integrity is generally the consideration of the overall safety system's, (process to actuation) ability to respond to the full range of design basis conditions, in the specific instance of this upgrade, careful consideration is being given to EMI/RFI ambient as well.
~
IEEE-603-1980, Section 5.6, Independence IEEE 384-1981, "Standard Criteria for Independence of Class 1E Equipment and Circuits".
IEEE-420-1982, "Standard for the Design and Qualification of Class lE Control Boards,
- Panels, and Racks Used in Nuclear Power Generating Stations".
Report No. 2985-NCF-01 Rev.
1 Page 8 of 13
Adequate separation and isolation of control and protection functions are achieved by proper replication of the existing functions, observance of existing separation criteria for physical separation of cables and cabinets; cabinet contents, and power dependance with due consideration of EMC issues.
We are maintaining the current level of separation and independence of our plant design as stated in the FSAR (See Question and Answer 40,6 on Reg.
Guide 1.75).
To the degree practical, Foxboro is applying the appropriate separation criteria to the location of components and routing of wires within the racks to maintain separation of 1E and non 1E circuits.
Constraints imposed by the original rack termination requirements limit the degree of conformance possible as noted above.
The design applies qualified 1E isolators in conformance to the standards.
Compliance considerations related to separation from redundant portions of the safety system, the design basis for the safety system, interaction with other systems and the effects of single random failure remain unchanged from the original design and are overall safety system design considerations not impacted by the upgrade.
~
WCAP-7306, Reactor Protection System Diversity in Westinghouse Pressurized Water Reactors.
The WCAP report on system diversity compliance is being addressed as part of the engineering design.
The modular nature of SPEC 200 replacement equipment supports distributing diverse functions to different modules thereby avoiding loss of intended signal diversity through common dependency on a single micro processor module.
~
IEEE-603-1980, Section 5.7, Capability for Test and Calibration
~
IEEE-338-1987, "Standard Criteria for the Periodic Testing of Nuclear Power Generating Station Safety Systems".
~
IEEE-336-1985, "Installation, Testing Requirements for Instrumentation and Control Equipment at Nuclear Facilities".
Capability for Test and Calibration is retained in the SPEC 200 design.
The test panel supplied with the SPEC 200 replacement equipment will provide comparable Capability for Test and Calibration utilizing present manual methods and permanent installed test facilities very similar to what is now in use with the H-Line equipment.
This approach was chosen because of the Report No. 2985-NCF-01 Rev.
1 Page 9 of 13
desire to take advantage of the present training and skills of plant IRC personnel.
IEEE-603-1980, Section 5.8, Information Displays Information display requirements are met at the safety system level in the plant Safety System design.
- Hence, there will be no changes to the existing information displays.
IEEE-603-1980, Section 5.9, Control of Access Administrative control of access for the SPEC 200 replacement equipment is in two areas, the physical access to the installed equipment and access to configuration hardware; software and configuration data.
Protection cabinets are kept locked under administrative control.
Configuration hardware, software and configuration data will be administratively controlled via plant and AEPSC procedures and policy.
~
IEEE-603-1980, Section 5.10, Repair The SPEC 200 replacement equipment is modular in design and facilitates repair by replacement.
Normal repair is accomplished by removing a protection channel from service, accomplishing the repair and returning the channel to operation.
The power supply provided with the SPEC 200 replacement equipment, by
- design, do not require that the channel be placed out of service during repair,
- however, repair in service would be conditioned on personnel safety considerations.
IEEE-603-1980, Section 5.11, Identification The channel identification used with the SPEC 200 replacement equipment is consistent with the channel identification of our original design.
The channel identification is used throughout the protection system and is in agreement with the requirements of the IEEE standards.
Channel cabling is color coded and cabinets are appropriately labeled with the channel identification.
This is not being impacted by the upgrade of the cabinet internals.
~
IEEE-603-1980, Section 5.12, Auxiliary Features Auxiliary supporting features perform functions required for the safety systems to accomplish their safety functions.
The SPEC Report No. 2985-NCF-01 Rev.
1 Page 10 of 13
200 replacement equipment is part of the safety system and not a supporting feature.
The power supply provided with the equipment is an Auxiliary feature and meets the requirements of this section,
~
IEEE-603-1980, Section 6, Sense and Command Functional and Design Requirements Sense and command features are defined at the safety system level and are not being changed.
The SPEC 200 replacement equipment function is limited to providing trip signals for automatic control.
The SPEC 200 replacement equipment provide the trip signals in essentially the same manner as the equipment being replaced.
The Solid State Protection System (SSPS) which initiates reactor trip and engineered safeguards actuation is not part of the replacement project.
IEEE-603-1980, Section 7, Execute Features Functional and Design Requirements Execute features belong to the Solid State Protection System (SSPS) equipment and are not part of the replacement project.
~
IEEE-603-1980, Section 8, Power Source Requirements The power sources for the Reactor Protection System are not being changed, as a result of the SPEC 200 replacement equipment.
Power to the Reactor Protection System is provided from 1E inverters powered from a 1E power system in conformance to the requirements of the standard.
Conclusion Cook Nuclear Plant's existing Reactor Protection System (RPS) was designed to IEEE-279-1971.
Since that time, numerous standards and guidance documents have been written to address the technological developments that have taken place.
Our construction permit pre-dates the issuance of most of today's standards and regulatory guides.
Some of these standards, especially IEEE-603-1980 are applicable to the proposed Cook Nuclear Plant Reactor Protection System Upgrade.
IEEE-603-1980 is broader in scope than 279 and contains additional information that is useful in establishing where the upgrade is occurring in the plant safety system.
Consequently, the criteria outlined in IEEE-603-1980 has been utilized to help ensure that the proposed Reactor Protection System Instrumentation Upgrade will not in any way degrade the overall margin of safety of the Reactor Protection System or the Cook Nuclear Plant Safety System.
The Reactor Protection System Report No. 2985-NCF-01 Rev.
1 Page ll of 13
Upgrade project as planned, will provide upgraded instrumentation for the signal processing portions of the Reactor Protection System that is, subject to the limitations discussed earlier, in compliance with the standard requirements as they apply to our plants safety systems.
References IEEE 603-1980, "Standard Criteria for Safety Systems for Nuclear Power Generating Stations.
IEEE 279-1971, "Criteria for Protection Systems for Nuclear Power Generating Stations".
Reg.
Guide 1.153, "Criteria for Power, Instrumentation, and Control Portions of Safety Systems".
IEEE 379-1988, "Standard for the Application of Single Failure criterion to Class 1E Systems".
IEEE 384-1981, "Standard Criteria for Independence of Class 1E Equipment and Circuits".
WCAP-7306, "Reactor Protection System Diversity in Westinghouse Pressurized Water Reactors".
IEEE 323-1974, "General Guide for Qualifying Class 1E Electrical Equipment for Nuclear Power Generating Stations".
UNSRC Reg.
Guide 1.100, "Seismic Qualification of Electrical Equipment for Nuclear Power Plant".
IEEE 420-1982, "Standard for the Design and Qualification of Class 1E Control Boards,
- Panels, and Racks used in Nuclear Power Generating Stations".
IEEE 344-1975, "Recommended Practices for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations".
IEEE 381-1977, "Standard Criteria for Type Tests of Class 1E Modules used in Nuclear Power Generating Stations".
ANSI/IEEE ANS-7-4.3.2-1982, "Application Criteria for Programmable Digital Computer Systems in Safety Systems of Nuclear Power Generating Stations".
MIL-STD-461C August 1986, "Electromagnetic Emission and Susceptibility Requirements for Control of Electromagnetic Interference",
Report No. 2985-NCF-01 Rev.
1 Page 12 of 13
References
- continued IEEE 472-1974, "Guide for Surge Withstand Capability (SWC) Tests".
IEEE 336-1985, "Installation, Testing Requirements for Instrumentation and Control Equipment at Nuclear Facilities".
IEEE 338-1987, "Standard Criteria for the Periodic Testing of Nuclear Power Generating Station Safety Systems".
IEEE 383-1974, "Standard for Type Test of Class 1E Electric Cables, Field
- Splices, and Connections for Nuclear Power Generating Stations".
Prepared By Concurred By n
Date:,,
Date:
/ >/C > A~
Approved By Date:
/L S
3cldiPRO JECTS i2985NCF
. 01 Report No. 2985-NCF-01 Rev.
1 Page 13 of 13