ML18142A306
ML18142A306 | |
Person / Time | |
---|---|
Site: | 05200046 |
Issue date: | 05/17/2018 |
From: | Korea Hydro & Nuclear Power Co, Ltd |
To: | Office of New Reactors |
Shared Package | |
ML18142A303 | List: |
References | |
MKD/NW-18-0071L | |
Download: ML18142A306 (5) | |
Text
07.02-18_Rev.1 - 1 / 2 KEPCO/KHNP REVISED RESPONSE TO REQUEST FOR ADDITIONAL INFORMATION APR1400 Design Certification Korea Electric Power Corporation / Korea Hydro & Nuclear Power %Q.6&
Docket No.52-046 RAI No.: 554-9146 SRP Section: 7.2 - Reactor Trip System Application Section: 7.2 Date of RAI Issue: 09/18/2017 Question No. 07.02-18 Title 10, Part 50, Section 55a(h)(3), of the Code of Federal Regulations (10 CFR 50.55a(h)(3)) requires compliance with the Institute of Electrical and Electronics Engineers (IEEE) Standard (Std.) 603-1991, "IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations," and the correction sheet dated January 30, 1995. Clause 5.5, System Integrity, of IEEE Std. 603-1991, requires that the safety systems shall be designed to accomplish their safety functions under the full range of applicable conditions enumerated in the design basis. NUREG-0800, Standard Review Plan (SRP) Section 14.3.5, Instrumentation and Controls - Inspections, Tests, Analyses, And Acceptance Criteria, SubSection II, Acceptance Criteria, Item 2 states that:
Tier 1 Design Descriptions ... and ITAAC Design Descriptions ... should describe the top-level I&C design features and performance characteristics that are significant to safety.
For safety systems, this should include a description of system purpose, safety functions, equipment quality equipment qualification and design features ... provided to achieve high functional reliability.
The APR1400 design certification application states in APR1400-Z-J-NR-14001, Safety I&C System technical report, Revision 1 (Safety I&C-TeR), Section 8, Safety I&C System Platform, that the safety-related Core Protection Calculator System (CPCS) is implemented on the U.S. Nuclear Regulatory Commission (NRC) approved Common Qualified Platform Topical Report, WCAP-16097-P-A, Revision 3 (Common Q-TeR), dated February 2013 (ADAMS Accession No. ML13112A108). The Common Q-TeR specifies a maximum central processing unit (CPU) loading limit of 70 percent (%) in order to assure deterministic operations (i.e., ensure all safety function tasks are performed within the required response time) as required by IEEE Std. 603-1991, Clause 5.5. However, the applicant is taking a deviation from the Common Q-TeR for the CPCS CPUs by increasing the load limit to 75%.
In order ensure deterministic operations of the CPCS with this increased CPU load limit, the applicant has required that the CPCS be designed and developed with additional
07.02-18_Rev.1 - 2 / 2 KEPCO/KHNP programming configuration restrictions and tests to assure that the CPCS can still achieve deterministic operations. Specifically, the applicant provided sixteen configuration constrictions in the proprietary technical report APR1400-A-J-NR-14004, Common Q Platform Supplemental Information in Support of the APR1400 Design Certification, Revision 0, Section 2 that must be implemented in the CPCS design.
The staff finds that the additional sixteen configuration restrictions are safety significant in order to assure deterministic operations of the CPCS with the increased maximum load limit; therefore, the staff request the applicant to either:
Include the sixteen configuration restrictions in Section 2.5.1, Reactor Trip System and Engineered Safety Features Initiation, Tier 1, of the APR1400 DCD, or, Incorporate by reference, the proprietary technical report APR1400-A-J-NR-14004, and identify it as a Tier 1 document.
Response - (Rev.1)
According to WCAP-17922 Revision 2, the sixteen configuration restrictions for increased maximum CPU load will be all satisfied in APR1400 CPCS. These restrictions are provided in the APR1400-A-J-NR-14004 and are added into the item 28 in section 2.5.1.1 of Tier 1.
In addition, Tier 1 Table 2.5.1-5 is modified as indicated in the attachment, so that additional fifteen restrictions are provided clearly.
Impact on DCD DCD Tier 1 Section 2.5.1.1 and Table 2.5.1-5 will be revised, as indicated in the attachment associated with this response.
Impact on PRA There is no impact on the PRA.
Impact on Technical Specifications There is no impact on the Technical Specifications.
Impact on Technical/Topical/Environmental Reports There is no impact on any Technical, Topical, or Environmental Report.
5$,4XHVWLRQ00B5HY$WWDFKPHQW
APR1400 DCD TIER 1 RAI 554-9146, 07.02-18
- 21. A single channel of RTS and ESF system is bypassed to allow testing, maintenance or repair and this capability does not prevent the RTS and ESF system from performing its safety function.
- 22. Input sensors from each channel of the RTS and ESF system as identified in Tables 2.5.1-2 and 2.5.1-3 are compared continuously in the information processing system (IPS) to allow detection of out-of-tolerance sensors.
- 23. Two sets of RTSS which consists of four RTSGs are diverse each other.
- 24. The PPS and CPCS are installed in accordance with the dedicated process of commercial grade hardware and software.
- 25. The RTS is provided with the minimum number and locations of sensors for the variables that have a spatial dependence as identified and noted in Table 2.5.1-2.
- 26. Hardwired disconnections exist between the PPS, CPCS cabinets, and the portable workstation used to download the PPS, CPCS software. The hardwired disconnections protect the PPS, CPCS software from unintended modifications.
- 27. The CPCS configuration restrictions and tests for the CPU load have been implemented. The paragraph was added by previous response and reflected in DCD Rev.2
- 28. In order for the APR1400 Core Protection Calculator System application to run greater than 70% processor load but less than 75% processor load, the following configuration restrictions are applied:
- 1) No sequence of events modules or calculated events shall be used.
- 2) No CPU redundancy shall be used.
- 3) Only one CI631 module in slot 2 shall be used.
- 4) No more than four PM646A modules shall be used in an AC160 station.
- 5) No basic objects shall be used.
- 6) No serial protocols directly from the PM646A shall be used.
- 7) The CI532 and SC610 modules shall not be used.
2.5-5 5HY
5$,4XHVWLRQ00B5HY$WWDFKPHQW
APR1400 DCD TIER 1 RAI 554-9146, 07.02-18
- 8) The SEQ/STEP functions shall not be used.
- 9) No usage of scheduling strategy 252 or 255 shall be used for the PCPGM and CONTRM function blocks.
- 10) Boolean MDAT database elements shall not be used.
- 11) The CI631 shall not be configured as time synchronization master.
- 12) The online function of the Function Chart Builder shall not be used while the Core Protection Calculator System Channel is in service.
- 13) No CONTRM or PCPGM cycle times shall be less than 10 milliseconds.
- 14) The I/O port on the PM646A shall not be used.
- 15) Remote login to the PM646A using the AF100 shall not be used.
2.5.1.2 Inspections, Tests, Analyses, and Acceptance Criteria Table 2.5.1-5 specifies the inspections, tests, analyses, and associated acceptance criteria for the RTS and ESF system.
The paragraph was added by previous response and reflected in DCD Rev.2 2.5-6 5HY
5$,4XHVWLRQB5HY$WWDFKPHQW
APR1400 DCD TIER 1 RAI 554-9146 07.02-18 RAI 554-9146 07.02-18_Rev.1 Table 2.5.1-5 (12 of 12)
Design Commitment Inspections, Tests, Analyses Acceptance Criteria
- 25. The RTS is provided with 25. An inspection will be 25. The as-built equipment for the minimum number and performed on the as-built the variables that have a locations of sensors for the equipment for the variables spatial dependence as variables that have a spatial that have a spatial identified and noted in Table dependence as identified and dependence as identified and 2.5.1-2 is installed in noted in Table 2.5.1-2. noted in Table 2.5.1-2. accordance with the minimum number and locations of sensors.
- 26. Hardwired disconnections 26.a An inspection of the as-built 26.a Hardwired disconnections exist between the PPS, hardwired disconnections exist between the PPS, CPCS cabinets, and the between the PPS, CPCS CPCS cabinets, and the portable workstation used to cabinets, and the portable portable workstation used to download the PPS, CPCS workstation used to download the PPS, CPCS software. The hardwired download the PPS, CPCS software.
disconnections protect the software will be performed.
system software from 26.b Tests will be performed to 26.b The hardwired unintended modifications.
verify that the PPS, CPCS disconnections protect the software can only be PPS, CPCS software from modified via hardware unintended modifications.
connections and by no other means.
- 27. The CPCS configuration 27.a Inspection and analysis will 27.a A report exists and restrictions and tests for the be performed of the as-built concludes that the CPCS CPU load have been CPCS equipment to verify configuration restrictions for implemented. that the CPCS configuration the CPU load are designed restrictions for the CPU load into the final CPCS design.
are designed into the final CPCS design.
27.b CPU load test of the as-built 27.b The as-built CPCS CPCS will be performed. equipment meets the restricted CPU load limit test as-built acceptance criteria.
- 28. The CPCS application 28. Inspection of the CPCS 28. A report exists and complies with the application will be concludes that the CPCS configuration restrictions performed to verify that it application complies with listed in Item 27 in Section complies with the the configuration restrictions 2.5.1.1. configuration restrictions in listed in Section 2.5.1.1, Section 2.5.1.1, Item 27. Item 27.
28 The ITTAC item was added by previous response and reflected in DCD Rev.2 2.5-22 5HY