ML18254A249
| ML18254A249 | |
| Person / Time | |
|---|---|
| Site: | Vogtle  |
| Issue date: | 09/11/2018 |
| From: | NRC |
| To: | NRC/NRO/DLSE/LB4 |
| References | |
| Download: ML18254A249 (47) | |
Text
Vogtle PEmails From: Hoellman, Jordan Sent: Tuesday, September 11, 2018 12:09 PM To: Vogtle PEmails
Subject:
Draft LAR-18-023 for September 13, 2018 Pre-Submittal Meeting - PUBLIC VERSION Attachments: ND-18-1085_LAR-18-023_PMS Common Q Watchdog Timers_rD1-PSM_PUBLIC.pdf; ND-18-1085_Encl 5_LAR-18-023_Westinghouse affidavit_PSM.pdf The attached document is provided for NRC Staff review in advance of the September 13 Pre-Submittal Meeting for LAR-18-023, Request for License Amendment: Protection and Safety Monitoring System Watchdog Timer and Common Q Design Description Changes.
This version of the draft LAR does not contain proprietary information and may be released to the Public. The non-Public (i.e., Proprietary) version of this draft LAR will be provided in a separate email. The Westinghouse affidavit supporting this request to withhold proprietary information is attached to both this email as well as the email that will provide the non-Public (Proprietary) version of this draft LAR.
1
Hearing Identifier: Vogtle_COL_Docs_Public Email Number: 363 Mail Envelope Properties (SN6PR0901MB23661F400D9403E5EA006BA2D5040)
Subject:
Draft LAR-18-023 for September 13, 2018 Pre-Submittal Meeting - PUBLIC VERSION Sent Date: 9/11/2018 12:08:39 PM Received Date: 9/11/2018 12:09:00 PM From: Hoellman, Jordan Created By: Jordan.Hoellman2@nrc.gov Recipients:
"Vogtle PEmails" <Vogtle.PEmails@nrc.gov>
Tracking Status: None Post Office: SN6PR0901MB2366.namprd09.prod.outlook.com Files Size Date & Time MESSAGE 697 9/11/2018 12:09:00 PM ND-18-1085_LAR-18-023_PMS Common Q Watchdog Timers_rD1-PSM_PUBLIC.pdf 1160474 ND-18-1085_Encl 5_LAR-18-023_Westinghouse affidavit_PSM.pdf 300166 Options Priority: Standard Return Notification: No Reply Requested: No Sensitivity: Normal Expiration Date:
Recipients Received:
PUBLIC VERSION Southern Nuclear Operating Company ND-18-1085 D
Enclosure 1 R
ng Plant (VEGP)
Vogtle Electric Generating GP) Units 3 and 4 equest for License Amendment:
Request Amendment:
A og Timer and Common PMS Watchdog ommon Q Design Descrip Description Changes (Publicly Available Information)
Info (LAR--18 18--023) 023 (LAR-18-023)
FT (This Enclosure consists of 23 pages, including this cover page)
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023)
Table of Contents
- 1.
SUMMARY
DESCRIPTION
- 2. DETAILED DESCRIPTION and TECHNICAL EVALUATION
- 3. TECHNICAL EVALUATION (Incorporated into Section 2, above)
D
- 4. REGULATORY EVALUATION 4.1. Criteria Applicable Regulatory Requirements/Criteria 4.2. Precedent R
4.3. ration Significant Hazards Consideration 4.4. Conclusions
- 5. DERATIONS RATIONS ENVIRONMENTAL CONSIDERATIONS A
- 6. REFERENCES FT Page 2 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023)
Pursuant to 10 CFR 52.98(c) and in accordance with 10 CFR 50.90, Southern Nuclear ear Operating Company (SNC) hereby requests an amendment to Combined License (COL) Nos. NPF-91 and os. NPF NPF-92 for Vogtle Electric Generating Plant (VEGP) Units 3 and 4, respectively.
ly.
- 1.
SUMMARY
DESCRIPTION The proposed changes would revise the COLs to accurately describe e tthe be he design and use of the central processing unit (CPU) watchdog timers (WDTs) in the microprocessors Processing roprocessors of the Proces Section (PS) and the Communication Section (CS) of the Advant Controller 160 (AC160 (AC160)
D processor module of the Common Qualified (Common Q) platform latform portion of the protection and safety monitoring system (PMS). This LAR also proposes poses several changes to the design description of the Common Q platform, as presented in the Updated Final Safety Analysis Report (UFSAR) and various supporting technical reports that are incorporated by reference into th the UFSAR.
R The requested amendment proposes a change ge to UFSAR R information that involves a departure de from Tier 2* information that is incorporated by reference into the UFSAR.
UFSAR This enclosure enclosur requests approval of the license amendment necessary ecessary to implement this Tier 2* departure depar and the involved Tier 2 UFSAR change.
- 2. DETAILED DESCRIPTION N
A
Background
It was identified that hat the [ ]a,c within the AC160 software is not enabled as described in WCAP-16097-P-A, WCAP Revision 3 (LAR
.1). This condition is identified in Westinghouse Section 2.1.1). Westingho W Nuclear Safety Advisory Letter 7-2, AC160 Processor Module Sta (NSAL)-17-2, Stall Tim Timers Not Activated as Described in FT ing Basis. In addition, the [ ]a,c cycle time Licensing ttim provided in WCAP-16097-P-A does not reflect the as-built as-built uilt system. Therefore, WCAP-16097-P-A W needs to be changed to ccurately ately reflect the [
accurately ]a,c and the [ ]a,c timeout window (LAR Section ction 22.1.2).
.1.2).
As part of an extent of condition c performed perfo on the Common Q platform, it was discovered that several additional dedesign de descriptions within WCAP-16097-P-A also need to be updated. This includes an updated updat description of:
up
- SYSDia test (LAR Section 2.2)
The timing of a SYSD
AC160 sy
- When the th OVERL Terminal is set to TRUE (LAR Section 2.5)
- What the processor module does when a CI communication module fails (LAR Section 2.6)
Se To support sup these changes, several conforming administrative changes are made to the UFSAR, WCAP-16674, and WCAP-16675 (LAR Sections 2.1.3 and 2.7).
Page 3 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023)
The changes to WCAP-16097-P-A are proposed as changes to WCAP-15927-P-A, P -1 Table 3-2, which provides alternatives to the processes and descriptions descript descriptio in WCAP-16097-P-A.
System and Platform Overview Protection and Safety Monitoring System Overview The protection and safety monitoring system (PMS) is the AP1000 plant safety-related safety-related safety-rela instrumentation and controls (I&C) system that provides detection of off-nominal off-nominal minal D
conditions and actuation of appropriate safety-related functions necessary to achieve and maintain the plant in a safe shutdown condition.. The PMS PM consists of four redundant divisions, designated A, B, C, and D.
Common Qualified Platform Overview The PMS is based on the Common Qualified ied (Common Common Q) platform, platform as described in WCAP-16097-P-A, Revision 3. The Common ommon Q platform is designed desig modu with a modular R
ollowing major building structure. It consists, in part, of the following uilding blocks:
blo Advant Cont Controller 160 (AC160) processor module, input nput and output (I/O) modules, a and Advant Fieldbus (AF100 bus) communication.
x Processor Module
[
AFT o
o
]a,c The Pro Processor Module contains three hardware watchdog timers as discussed below.
below x AF100 Communication Interface A
The processor modules within an AC160 controller share data with each other using the global memory resident on the AF100 bus Communication Interface Module (Model CI631). Each processor module sends data to the CI631 communication interface module for use on the AF100 bus.
Page 4 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023) x I/O Modules The AC160 uses the S600 I/O system. A range of I/O modules is s available, availabl covering analog and digital signals of various types. In addition, n, there are a
modules for temperature measurement and rotational speed d measurement.
measur The process signals are connected to the front of the I/O modules.
dules. [
D
]a,c Common Q Fault Detection The AC160 performs a variety of diagnostic and d supervision functions to continuously monitor the correct operation of the system. Each of the modules has diagnostic functions. The CPU module monitors the system m as a whole by collecting col all the R
diagnostic information and checking the e consistency ncy of the hardware hardw configuration and the application software. The supervisionvision functions are subdivided subdivi into the follo following groups: problem detection, signaling ng the nature of the problem, automatic au rea reaction to problems.
Severe problems (e.g., componentponent ent errors) in the processor module sto stop the processor module. These errors also so switchh an internal watchdog timer relay iin the processor A
module. For Common Q applications, ons, this relay is used to provid provi an alarm, and in provide some applications, conservative failureilure responses of the affected affect division. For example, the watchdog timer er relay for the PMS reactor trip Local CoinCoincidence Logic Subsystem dules (note: this subsystem combin processor modules combines partia partial trip signals and generates a ignal to the reactor trip switchgear and initia trip output signal initiation logic when 2 out of 4 sign when divisions indicate a trip) will generate a trip signal wh the watchdog timer relay is FT open.
ch Each h module is equipped with two light emittin emitting diode indicators, FAULT and RUN.
During normal operation, the green RUN LE LED is lit on all modules. The red FAULT LED lights onlyy if a problem occurs on the mod module. The diagnostic function displays an error code on the front of th the CPU module tto facilitate fault tracing.
x Common Q Watch Watchdog Time Timer Overview
[
]a,c The WDTs check forr interna within the processor modules. If a fault is identified, the internal faults w processor module is placed into a safe state.
cessor mod
[
Page 5 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023)
DR ]a,cc A
x CPU Overload d
[
FT x The AF the cycles database
]a,c Loss of Communicat Communication abase elem programmin ogramm programming appropr appropria Communi ommuni AF100 Communication he data sets it is su cles for the data Interface (CI) module, CI631, monitors the validity of supposed to receive. If no data has been received for four da set or when the communication interface has failed, the element for the data set will be flagged as failed. The control module will constantly monitor the database element flag and perform the appropriate error processing.
The AC160 tha A CI631 module configuration provides on-line surveillance to ensure that it is in operational condition. The CI module contains self-diagnostics and reports any errors to the application in the processor module. This error report can be used for alarm or screen indication to direct technicians to the specific AC160 node that has the CI failure. Normally the failed module will be indicated by a red light on the front panel.
Page 6 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023)
PMS Failure Modes and Effects Analysis Overview The PMS failure modes and effects analysis (FMEA) is documented in WCAP- WCAP WCAP-16438, Revision 3 (as modified by the changes provided in UFSAR Appendix dix 7A.4). The PMSP FMEA examines failures of the major PMS components. For each postulated postulate failure, the PMS FMEA assigns a fault classification. This fault classification cation includes a failure criticality class, a failure detectability class, and a failure lure likelihood clasclass (see WCAP-16438 Table 3-1, Table 3-2, and Table 3-3). The failure ure criticality, detectability, detectability and ectability, and likelihood of ea likelihood classes are used to rank the criticality, detectability, each D
failure. A final safety conclusion is determined based on these classifications. Through the process of examining the relevant failure modes and nd making a final safety determination tions, it is concluded for each failure with the given fault classifications, conclud 1000 that the AP1000 protection system maintains its safety functionsns during single point fail failures.
R Description and Justification of Proposed Changes 2.1 Common Q Watchdog Timer Description escription Update escrip 2.1.1 Revise Description off [ ]a.c Enable As described in NSAL-17-2, SAL-17 17--2, the [ ]a,c within the AC160 C160 is not activated as described in WCAP-16097-P-A.
A Specifically, WCAP-16097 WCAP-16097-P-A 7-P-A Section 5.2.1.2.1 item 6 states [
]a,c FT WCAP-16675 WCAP-16675 WCA 5 Section 2.2.8 describes what happens when a BPL processor stalls The text states [
stalls.
]a,c Brief Description of the Activity The he CPU CP WDWDT is deleted in WCAP-16097-P-A Sections 5.2.1.2.1 and 5.2.1.3, Table able 5-1 5
5-1, and Figure 5-13. This includes deleting a sentence from the descrip descript description of the [ ]a,c in Table 5-1 which states that it performs the same function as the [
perfo ]a,c A statement is added to WCAP-16097-P-A Section 5.2.1.3 to clarify that the
[ ]a,c are the credited watchdog for closing Generic Open Item 7.3 from the Common Q Topical Report.
WCAP-16675 Section 2.2.8 is changed [
]a,c Page 7 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023)
Technical Justification of the Activity There are no PMS requirements that credit the [ ]a,c The AP1000 PMS has other mitigations to protect against st a stalled stalle processor processor.
odule fault, the [
Specifically, upon detection of an internal processor module
]a,c will put the PMS in a safe state. [
]a,c S See WCAP WCAP-16438
-16438 16438 for an D
ouse has qualified the [
evaluation of specific PMS faults. Westinghouse
]a,c for this purpose as discussed in the closure of Common Q Topical Report Generic Open Item 7.3 (see WCAP-16097-P-A, e WCAP-16097-WCAP -P-A, Revision 0 and Revision 3 Generic Open Items [ADAMS AMS Accession No. ML030550776] and the Common Q summary qualification n report).
eport).
If a software anomaly were to occur, the e operator would hear and see an alarm R
of PMS Division Fault via the he Alarm Presentation System and see an indication ntation Sys of a Division Fault on the Safety Display. The red FAULT LED lights on the failed processor module would uld also provide pro n of a fault.
indication fau The indications These would be due to the e other diagnostics that would annunciate as a result of the same software anomaly. aly. The operator would take the n necessary actions to ult via the maintenance procedures in the PMS resolve the fault P technical manual.
A Proposed Licensing Basiss Change Descriptions Text, Table, or Figure Description of the Proposed Change D
Descript FT WCAP WCAP-15927, 7, Section Sec 3.10 Delete Item I 6 from Section 5.2.1.2.1.
(WC (WCAP -16097 097--P-A, (WCAP-16097-P-A, Sectio 5.2.1.2.1, Item 6)
Section WCAP-15927, Section 3.10 WCAP-15927, WCAP- Update to state that the [ ]a,c (WCAP WCAP--16097 160 -P-A, (WCAP-16097-P-A, are the credited watchdog for closing Generic Section tion 5.2.1.3) 5.2.1.3 Open Item 7.3 from the Common Q Topical Report.
WCAP-15927, WCAP-15927, WCA 927, Sec Section 3.10 Delete the [ ]a,c from the table.
(WCA (WCAP -160977-P (WCAP-16097-P-A, Table 5-1) 5-1)
WCAP WCAP-15927, WCAP-15 Section 3.10 Delete the [ ]a,c from the figure.
(WCA (WCAP (WCAP-16097-P-A, Figure 5-13)
Figu UFSAR Appendix 7A.8 U Change to remove discussion of the [
(WCAP-16675 Section 2.2.8)
]a,c Page 8 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023) 2.1.2 Correction of Watchdog Timeout Window As described above, [
D
]a,c Brief Description of the Activity
[
]a,c R
Technical Justification of the e Activity
[
AFT Therefore, erefore, this activity does not adversely processor modules.
Proposed Licensing Basis Change Text, Table, or Figure WCAP-15927 Section 3.10 WCAP-15927 WCAP-(WCAP-16097-P-A (WCAP CAP--16097 1609 -P-A Section 5.2.1.2.1)
WCAP-15927 WCAP-15927 WCA 5927 Sectio Sect Section 3.10 (WCAP-16097-P-A (WCA (WCAP -16097 Table 5-1)
WCAP WCAP-15927 WCAP-159 97--P Section 3.10 ad nge Descriptions Des Description of the Proposed Change Change [
Change [
Change [
]a,c
]a,c
]a,c impact the safety function of the (WCAP-16097-P-A (WCA (WCAP ]a,c Figur 5-13)
Figure 2.1.3
.1.3 Removal of Duplicate Information from WCAP-16675 WCAP-16675 contains duplicate information on the watchdog timers from the information included in WCAP-16097-P-A. Specifically, parts of WCAP-16675 Section 2.2.8 and the entirety of Figure 2-4 and Table 2-1 are duplicated in Page 9 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023)
WCAP-16097-P-A Section 5.2.1.3, Table 5-1, and Figure 5-13. Therefore, Ther the information can be removed from WCAP-16675.
Brief Description of the Activity The first paragraph of WCAP-16675 Section 2.2.8 is changed to point to the scription of the Common Q alternatives in WCAP-15927 for a description the processor p
module WDTs. WCAP-16675 Figure 2-4 and Table 2 -1 are deleted.
2-1 Technical Justification of the Activity D
This is an administrative change only to o remove duplicate licensing basis ed from the licensing information. No content is being removed licens basis in formation.
mation.
information.
The information will be maintained in WCAP WCAP--15927, which is a Tier 2* document.
WCAP-15927, e Descriptions Proposed Licensing Basis Change R
Text, Table, or Figure Description cription of the Proposed Chan Change UFSAR Appendix 7A.8 Change the first paragraph paragr of WCA WCAP-16675 (WCAP-16675 Section n 2.2.8) Section 2.2.8 to point to th the Com Common Q WCAP-15927 alternatives in WCAP-WCAP -15927 fofor a description of the processor module WT WTDs.
A UFSAR Appendix endix 7A.8 Delete ete Figure 2 2-4.
2--4.
(WCAP-16675 6675 Figure 2-3) 3)
UFSAR R Append Appendix 7A.8 Delete Table T 2-1.
2-1 (WCAP-16675 Table CAP--16675 Ta CAP Tab le 2-1)
FT 2.2.
2.. SYSDia Test Timer Correction Correc
[
]a,c
[
]a,c Brief De Des Description of the Activity
[
]a,c Technical Justification of the Activity
[
Page 10 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023)
]a,cc Proposed Licensing Basis Change Descriptions Text, Table, or Figure Description of the Proposed C Change WCAP-15927 Section 3.10 Update to state [
(WCAP-16097-P-A Section 5.2.1.2.1)
D
]a,c 2.3. Revise Description of AC160 System Software ftware are Execution Location R
WCAP-16097-P-A Section 5.2.1.1.1 states, [
]a,cc
[
A
]a,c Brief Description on of the Activity A
WCAP-16097-P-A 097--P-A Section 5.2.1.1.1 is updated 097 upda [
]a,c FT Technical hnical Justification of the th Activity The safety function and operability of the processor module is not adversely impacted by this change.
[
]a,c Proposed ed Lice Licensing Licens Basis Change Descriptions Text, Table, Ta or Figure Description of the Proposed Change WCAP-15927 Section 3.10 WCAP Update to state [
(WC (WCAP-16097-P-A Section 5.2.1.1.1) ]a,c Page 11 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023) 2.4 Processor Communication Section Memory Capacity Change WCAP-16097-P-A Section 5.2.1.1.1 states, A second Motorola MC68360 processor for 360 proce proces HSL communications, with an extra 512 Kbytes nonvolatile memoryry (Flash PROM) for the system software and an extra 2 Mbytes SRAM is provided communications.
d for comm communications.
However, the CS of the processor module has 512 Kbyte RAM, M, not 2 Mbytes of RAM.
Brief Description of the Activity The description of the memory capacity of the processor module is changchanged D
from 2 Mbytes of RAM to 512 Kbyte of RAM to match ch the as-built as design.
Technical Justification of the Activity The CS of the processor module has 512 Kbyte of SRAM, which is sufficient memory for the CS software.
If the CS software is larger than the available vailable CS S memory, then the user will not be b able R
to load the software into the processor ssor module. The actual size of the CS sosoftware is less than 512 Kbyte. Therefore, re, the reduced size of the CS memory described d in WCAP-16097-P-A will not impact pact the functionality of the CS software.
softwa The size of the memory does oes not contribute to the safety function or operability op o of the CS of the processor module.
e.
A Proposed Licensing censing Basiss Change Descriptions Text, xt, Table, or Figure Figure Description o of the Proposed Change WCAP-15927 CAP--15927 Sect CAP Section 3.10 Cha Change the description d of the memory (WCAP-16097-P-A (WCAP-(WCAP -16097 16097--P-A Section capacity of the processor module from capa FT 5.2.1.1 5.2.1.1.1) 2 Mbytes Mby Mbyte of RAM to 512 Kbyte of RAM.
2.5 5 Change to Description of when the Overload Ov (OVERL) Terminal is set to TRUE
[
]a,c WCAP-16097-P-A, Section 5.3.1.1 states [
]a,c Page 12 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023)
Brief Description of the Activity WCAP-16097-P-A, Section 5.3.1.1 is updated [
]a,c Technical Justification of the Activity
[
]a,c Therefore, this activity does not impact the ability to detect hi high D
CPU load conditions and, therefore, does not have an adverse impact on the system to perform its safety function.
ns Proposed Licensing Basis Change Descriptions Text, Table, or Figure Description cription ption of the Proposed Change R
WCAP-15927 Section 3.10 Update date to state e[
(WCAP-16097-P-A Section 5.3.1.1) ]a,c A
2.6 Deletion of Description n of the Processor rocessor Module [
]a,c WCAP-16097-P-A P-A Section 5.4.1.4.1 states that the processor proce module will reboot the CI tion module if the CI communicati communication communication modul module has a transient error. However, the processor essor does not reboot rebo the CI communication commu communicatio module. [
]a,c The failed CI communication FT modules dules will be indicated by a red light on the front panel and will not be rebooted.
Brieff Description of the Activity The textt in WCAP-16097-P-A WCAP-16097 WCAP-16 -P P-A A Section Sectio 5.4.1.4.1 that states the PM reboots the CI module is deleted.
communication modu Activity Technical Justification of the Act The e PMS FMEA evaluates [
]a,c This change does notn impact impa these analyses, including the fault classification. The system continuess to fail fa to a safe state. Therefore, the proposed change is consistent with the current PMS FMEA FME and does not adversely impact the PMS safety functions.
F Licensing Basis Change Descriptions Proposed Lic Lice Text, Table, or Figure Tex Description of the Proposed Change WCAP-15927 Section 3.10 WC Delete the text that states [
(WCAP-16097-P-A Section ]a,c the PM reboots the CI 5.4.1.4.1) communication module.
Page 13 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023) 2.7 Conforming Administrative Changes Various conforming changes are necessary to support the changes ges described descr above.
abov This includes:
x Updating the revision number of WCAP-15927 throughout hout the licensing ba basis x Updating the title for WCAP-15927 Section 3.10 and nd Table 3-2 because T ble 3 use it contains cont D
additional exceptions unrelated to design processes esses x Adding a note to Reference 1 of WCAP-16674 6674 (i.e. WCAP-16097-P-A, ev.3) to WCAP-16097-P-A, Rev.3) state, as modified by the Topical Reportt alternatives in WCAP-15927, WCAP -15927, Rev.7 WCA 7 x Adding Reference 15 to WCAP-16674 4 (i.e., WCAP-15927).
74 WCAP WC -15927).
5927).
Brief Description of the Activity R
x WCAP-15927 is changed fromom Revision 6 to Revision 7 throughout the licensing basis. The revision number er of WCAP-15927 WCAP-15927 is deleted in UFSAR Appendix Ap 1A.
x WCAP-15927, Section n 3.10 (including the t titles of the section sectio and a Table 3-2) is changed to capture the fact that the alternative approaches to WCAP-16097-P-A now include technical nical material terial unrelated to design processes.
processe A
x A note is added ed to Reference WCAP-16674 nce 1 of WCAP-WCAP WCAP-16097-P-A, Rev. 3)
-16674 (i.e. W to state, as alternatives in WCAP-15927, Rev.7.
ass modified by the Topical Report alternativ x Reference WCAP-15927) ence 15 (i.e., W WCAP -15927) 927) is added WCAP-16674.
add to WC Technical al Justification of the Activity FT This is an administrative change only. See th the other changes for an evaluation of the change hange WCAP-16097-P-A ange to technical content to WCAP WCAP-16097 6097 and WCAP-15927.
It is unnecessary nnecessary to list the revision number num of WCAP-15927 in UFSAR Appendix 1A; the revision ion number listed liste l d in UFSAR FSAR TTable 1.6-1 and Chapter 7 is sufficient.
Basis Change Descriptions Proposed Licensing Ba Text, Table, or Figure Description of the Proposed Change UFSAR AR Table 1.6 1.6-1
-1 x Update WCAP-16096 and WCAP-16097 references from Revision 6 to Revision 7.
x Update WCAP-15927 reference from Revision 6 to Revision 7. Update document number to refer to both P (proprietary) and NP (non-proprietary) versions.
UFSAR Appendix 1A UFS Delete the revision number of WCAP-15927.
UFSAR Section 7.1.7 x Update WCAP-16096 and WCAP-16097 references from Revision 6 to Revision 7.
Page 14 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023) x Update WCAP-15927 reference from Revision 6 to Revision 7. Update document number to refer to bothhP (proprietary) and NP (non-proprietary) oprietary) versions.
UFSAR Appendix 7A.7 A note is added to Referencece 1 of (WCAP-16674 References WCAP-16674 (i.e. WCAP-16097-P-A, AP-16097 AP 16097-P-A, Rev.3)
Section) to state, as modified by the Topical Report D
alternatives in WCAP-15927, AP--15927 AP 15927, Rev.7.
WCAP-15927 is added as a Reference 15.
WCAP-15927 Section 3.10 WCAP-15927, 27, Section 3.10 and Table Ta 3-2 3-2 is changed to o capture the fact that the th alternative ative approaches pproaches to WCAP-16097-P-A WCAP R
now include technical hnical material materia unrelated to esign descriptions.
design s Common Evaluation of Changes The proposed changes do not affect ect the he radiological source terms (i.e., am amounts amo and types of ease rates and release durations) used in the accident radioactive materials released, their release A
analyses. The PMS Common m equipment involved in these proposed changes does n Q platform not affect a fission productt barrier. No system stem or design function or equipment qualification is adversely affected by the e proposed changes. The changes do not result in a new failure mode, malfunction or sequence nce of events that could adversely adverse affect a radioactive material barrier or pment. The proposed safety-related equipment. propo ges do not allow for a new fission product release changes path, result in a new fission product barrier failure mode, mode or create a new sequence of events that FT would result inn significant fuel claddin cladding failures.
The SSCs affected ffected by this license amendment reque request are not used to contain, control, channel, monitor,, process ss or release radioactive and non-radioactive non non--r materials. The types and quantities of expected pected effluents ents are not changed, and no eeffluent release path is adversely affected by the proposed oposed changes.
chan Therefore, Therefore radioactive or o non-radioactive material effluents are not affected by the proposed changes.
Plant radiation zones (as described in UFSAR Section 12.3), controls under 10 CFR 20, and radioactive materials are not affected by the proposed changes.
expected amounts and types of radi cumulative radiation exposures do not change.
Therefore, individual and cumulat Summ Summary The proposed changes revise re the COLs to accurately describe the design and use of the CPU WDTs in the microprocessors microproc microproce of the PS and CS of the AC160 processor module of the Common Q form portion of the platform th PMS. This LAR also proposes several changes to the design description of the Common Q platform, as presented in the UFSAR and various supporting technical reports ncorp that are incorporated by reference into the UFSAR. The above proposed changes would not f
adversely affect any safety-related equipment or function, design function, radioactive material barrier or safety analysis.
Page 15 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023)
- 3. TECHNICAL EVALUATION (Incorporated into Section 2, above)
- 4. REGULATORY EVALUATION 4.1 Applicable Regulatory Requirements/Criteria x 10 CFR Part 52, Appendix D, VIII.B.6 requires prior NRC approval for departure departu D
from Tier 2* information. The proposed activityy makes changes to WCAP-WCAP-15927, WCAP -15927, which is referenced in UFSAR as a Tierr 2* document. Therefore, a license amendment request (LAR) (as supplied herein) is required.
x 10 CFR 52, Appendix D, Section VIII.B.5.a.B.5.a allows an applic applicant or licensee who w
references this appendix to depart art fromm Tier 2 information, informati without prior NRC R
approval, unless the proposed departure involves nvolves a change cha to or depart departure from Tier 1 information, Tier 2* information, formation, or the Technical Specifications, S or requires a license amendment under nder paragraphs B.5.b or B.5.c of the ssection. The requested amendment p proposes roposes changes to Tier 2 information that tha involve Tier 2*
changes and, thus, requires uires prior NRC approval.
approv A
5a(a)(1), Quality System Important to Safety, Quality Standards for Systems requires that Structures, systems, ystems, and components mu must be designed, fabricated, erected, constructed, quality standards commensurate onstructed, tested, and inspected to qual with thee importance of the safety function funct to be performed. The Common Q Topical cal Report was determined to be an acceptable acce approach to satisfying the gulatory requirements regulatory requiremen in 10 CFR 50.55a(a)(1) 50.55a 50 applicable to the Common Q FT portion of the protection and safety monitoring monit mon system. The Common Q Topical Report is modified by the Topical Repo Report alternatives proposed and evaluated in this License Amendment Request. Th Therefore, it is concluded that the requirements off 10 CFR 50.55a(a)(1) are met.
x 10 CFR 50.55a(h 50.55a(h), Protectio Protection and safety systems, approves the 1991 version of 603 IEEE Standard Criteria for Safety Systems for Nuclear Power IEEE Standard 603, Generating Stations, including in the correction sheet dated January 30, 1995 for incorporation by reference.
refer The Common Q portion of the protection and safety monitoring system described in WCAP-16096 (Revision 4), as modified by the Topical pical Report R alternatives in WCAP-15927 (Revision 7) and the proposed nges to changes t these th alternatives in Enclosure 2, continues to meet the requirements Standard 603-1991 and, therefore, satisfies 10 CFR 50.55a(h).
in IEEE Sta S
x CFR Part 50, Appendix A, General Design Criteria for Nuclear Power Plants 10 CF The design de of the Common Q-based safety systems continues to meet the relevant requirements qu of GDC 1, 2, 4, 13, and 19 through 25.
Page 16 of 23
PUBLIC VERSION ND-18-1085 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023)
General Design Criteria:
x GDC 1, Quality Standards and Records, states that structures, res, syste systems, and components important to safety shall be designed, fabricated, d, erected, erected and tested test to quality standards commensurate with the importance off the safety functions to be performed.
The Common Q Topical Report adequately identifies ifies the regulatory guides and industry codes applicable to the Common Q. The he Common Q Topical Report wa was determined to be an acceptable approach to satisfyingatisfying the regulatory requirements in GDC 1. The changes proposed by this activity do not change the PMS compliance with the regulatory guides or industry standards applicable to the equirements of GDC 1 are Common Q platform. Therefore, the requirements a met.
x GDC 2, Design Basis for Protection ection Against gainst Natural Phenomena, P
Phenomena, state states that structures, systems, and componentsmponents important ortant to safety sa shall be des designed to withstand the effects of naturaltural phenomena without loss of capability to perform their safety functions.
Westinghouse has identifiedntified those systems and compone components for the safety systems designed d to survive vive the effects of earthquakes, abnormal ab environments and missiles, and other natural phenomena. These ssy systems and components continue to be consistent with ith their design bases. Therefore, The the requirements of GDC 2 are e met.
met.
x GDC C 4, Environmental and Dynamic E Effects DDesign Basis, states that structures, ystems, and components important to safe systems, safety shall be designed to accommodate the effects of, and to be compatible with, tthe environmental conditions associated with no normal operation, maintenance, te testing, and postulated accidents, including loss-loss -of of-f-coolant accidents.
loss-of-coolant Equipment ipment in the Common Q Q-based portion of the PMS is qualified for a mild environment per the AP1000 Equipment Qualification Program. The proposed change does not affect af the Electromagnetic Interference (EMI)/ Radio Frequency Interference (RFI) te test testing, environmental testing, or seismic testing that is performed to demonstrate demons that the equipment in the Common Q portion of the PMS will function unde under prescribed mild environment conditions. Therefore, the requirements uireme of GDC 4 are met.
x GDCDC 1313, Instrumentation and Control, states that instrumentation shall be provided to monitor and control variables and systems over their anticipated range ranges for normal operation, for anticipated operational occurrences, and for acc accident conditions The Common Q portion of the protection and safety monitoring system appropriately supports actions to monitor and operate the nuclear power unit in a safe and reliable manner during normal operation, anticipated operational occurrences, and accident conditions. The proposed changes do not adversely Page 17 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023) impact the PMS ability to monitor and operate the AP1000 nuclearr power po units.
Therefore, the requirements of GDC 13 are met.
x GDC 19, Control Room, states that a control room shall be provided from which whi actions can be taken to operate the nuclear power unit nit safely under un normal conditions and to maintain it in a safe condition under accident ccident conditions.
condition The proposed change does not adversely affect the ability of the Common Commo Q portion of the PMS to appropriately support actions ctions to monitor and operate theth D
nuclear power unit from a control room in a safe fe and reliable manner during normal operation, anticipated operational occurrences, urrences, and accident acciden t conditions.
ditions.
Therefore, the requirements of GDC 13 are met.
x GDC 20, Protection System Functions, ions,
, states that the protection prote system shall sha be designed to initiate automaticallyy the operation ration of appropriate approp systems to assure R
that specified acceptable fuel el design limitss are not exceeded as a result of anticipated operational occurrences currences and to sense accident acc conditions conditi and to initiate the operation of systems and components important to safety.
safet The proposed change ge does oes not affect conformance to IEEE StdS 603-1991 by the Common Q portion e PMS, nor does it affect the ability of the PMS to detect on of the A
accident conditions itions and anticipated nticipated operational occurrences occurre in order to initiate reactor shutdown tdown consistent nt with the accident anal analysis presented in UFSAR Chapter 15.
- 5. Therefore, the requirements of o GDC 20 are met.
x GDCC 21, Protection Testability, states that the protection Protection System Reliability and Te system ystem shall be designed for high functional function reliability and in-service testability fun FT commensurate with the safety functions functions to be performed.
The Common Q portion of the PM PMS facilitates conformity to the guidelines of Regulatory Guide 1.22 and Reg Regulatory Guide 1.118 for periodic testing, the guidelines delines of Regulatory Guide 1.47 for bypassed and inoperable status indication, and a d IEEE an EEE Std 3 379-2000, 379 -2000, as supplemented by Regulatory Guide 1.53, for the application of the single ssingle-failure
-fa criterion, and satisfies the requirements of IEEE Std 603 603-1991 60 91 with regard
-1991 rega to system reliability and testability. The proposed re change does not affect affe aspects of the Common Q portion of the PMS that would have ave an adverse e effect on system reliability and testability, as demonstrated by continued ntinued conformance confo to these Regulatory Guides and industry guidance.
Therefore, erefore the th requirements of GDC 21 are met.
x GDC 22 22, Protective System Independence, states that the protection system shall be designed to assure that the effects of natural phenomena, and of normal operating, ope maintenance, testing, and postulated accident conditions on redundant channels do not result in loss of the protection function or shall be demonstrated to be acceptable on some other defined basis.
The proposed change does not adversely affect the plants existing compliance with Regulatory Guide 1.75 for protection system independence, nor does it Page 18 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023) adversely affect the ability of the Common Q portion of the PMS to ssatisfy the requirement of IEEE Std 603-1991 with regard to system indepen independence.
indepe Therefore, the requirements of GDC 22 are met.
x GDC 23, Protective System Failure Modes, states thatt the protection protect system shall be designed to fail into a safe state or into a state demonstrated demonstra to be acceptable on some other defined basis if conditions such as disconnection of the system, loss of energy, or postulated adverse environments ironments are experienced.
D The AP1000 failure modes and effects analysis sis adequately demonstrates how the protection and safety monitoring system will ill operate with a single failure under all postulated operating conditions. The proposed roposed activity does not adversely affect ffect this analysis and the PMS continues s to fail to a safe state.
es stat . Therefore, the state th requirements of GDC 23 are met.
R x GDC 24, Separation of Protection ction and Control, trol, states that the protection protectio system shall be separated from control ontrol systems to the extent thatth failure of any single control system componentent or channel, or failure or removal remova from service of any single protection system m component or channel which is common em comm com to the control and protection systems, reliability, redundancy, ems, leaves intact a system satisfying all rel and independence ce requirements ements of the protection system.
A Regulatory Guide 1.153 endorses 603-1991 dorses IEEE Std 603 -1991 as an acceptable method 603-for satisfying ying the requirements of GDC 24.
24 The Common Co Q portion of the PMS and thee plant operating control systems continue continu to satisfy the requirements of IEEEE Std 603-603 -1991 with regard to p 603-1991 protection and control system interactions.
Therefore, herefore, the requirements of GDC 24 are met.
FT x GDC 25, Protection System Requirem Requirements for Reactivity Control Malfunctions, states that the protection system shall be designed to assure that specified acceptable cceptable fuel design limits are not exceeded for any single malfunction of the reactivity tivity control contro systems.
The Common Q p portion of the PMS continues to satisfy protection system requirements for malfunctions malfun malf of the reactivity control system such as accidental withdrawal of control rods. Therefore, the requirements of GDC 25 are met.
4.2 Precedent eceden No precedent is ide identified.
4.3 Signific Significant Hazards Consideration prop The proposed changes would revise the Combined Licenses (COLs) to accurately escrib the design and use of the central processing unit (CPU) watchdog timers (WDTs) describe in the microprocessors of the Processing Section (PS) and the Communication Section (CS) of the Advant Controller 160 (AC160) processor module of the Common Q platform portion of the protection and safety monitoring system (PMS). This LAR also proposes several changes to the design description of the Common Qualified (Common Q) platform, Page 19 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023) as presented in the Updated Final Safety Analysis Report (UFSAR) an and various supporting technical reports that are incorporated by reference into the UFSAR.
FSAR.
The requested amendment proposes a change to UFSAR information tion that involves involve a departure from Tier 2* information that is incorporated by reference e into the U UFSAR. This enclosure requests approval of the license amendment necessary essary to implement imple this Tier 2* departure and the involved Tier 2 UFSAR change.
An evaluation to determine whether or not a significant hazards azards consideration is invol involved D
with the proposed amendment was completed by focusing ng on the three standards set forth fort in 10 CFR 50.92, Issuance of amendment, as discussed ussed below:
bel 4.3.1 Does the proposed amendment involve nvolve a significant signif icant increase in the probability or consequences of an accident previously evaluated?
Response: No.
R The proposed change would revise the he COLs in regard to the th design description of the watchdog chdog timers of the Common Q p portion of tthe protection and safety monitoring ng system (PMS) and other design descrip description de aspects of the Common Q platform. watchdo ttimers tform. The watchdog imers are compcomponents within the com processor modules hat check for internal faults within the processor modules dules that A
he processor and place the or module into a safe state if an ininternal fault is detected.
posed change revises the description of th The proposed the design and use of the ostic tic functions of the watchdog timers and the diagnostic t Common Q platform and doess not alter any safety-related safety-related functions safety- fu o the PMS or any supported of ystems. The change does not affect the systems. th operation of any systems or equipment that initiate an analyzed analyzed accident accid or alter any structures, systems, FT and components (SSC) accident initiinitiato initiator or initiating sequence of events.
The change does not impact the ssupport, design, or operation of mechanical and fluid systems. There is no change to plant systems or the response of systems to postulated accident acciden conditions. There is no change to the predicted radioactive adioactive releases due to normal operation or postulated accident conditions.
Consequently, nsequently the plant rresponse to previously evaluated accidents or external events is not adversely ad adverse affected, nor does the proposed change create any new accident prec precu precursors.
Therefore, the pproposed amendment does not involve a significant increase in the pr probabilit probability or consequences of an accident previously evaluated.
Page 20 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023) 4.3.2 Does the proposed amendment create the possibility of a new w or different kind of accident from any accident previously evaluated?
Response: No.
The proposed change would revise the COLs in regard to the th design description of the watchdog timers of the Common n Q portion of the protection pro and safety monitoring system (PMS) and otherr design description aspec aspects of the Common Q platform. The proposed change ange does not affect the operatio operation D
ate a new or different kind of accident of any systems or equipment that may initiate acciden t cident initiator or initiating sequence of or alter any SSC such that a new accident events is created.
Therefore, the proposed amendment ment ent does not create the possibility of a ne new om any accident previously or different kind of accident from previousl evaluated.
R 4.3.3 mendment involve Does the proposed amendment volve a significant sig reduct reduction in a margin of safety?
Response: No.
The proposed d change ge would revise the COLs in re regard to the design A
hdog timers of the Common Q portion of the PMS and description of the watchdog esign description other design n aspects of the Common Commo Q platform. The PMS ues to meet the requirements of the applicable continues a 10 CFR Part 50, pendix A, General Design Criteria for the design of safety-related reactor Appendix protection systems, engineered safety s fe features systems, and other plant systems, and the supporting indu industry standards for the design of digital FT syste systems.
No safety analysis is adversely adverse affected by the proposed changes.
Furthermore, no system function, functio design function, or equipment qualification will be adversely adver ffected by the change. Consequently, no safety analysis or affected design esign basi basis acceptance limit/criterion is challenged or exceeded by the proposed posed change, chan thus the margin of safety is not reduced.
Therefore, the proposed propo pro amendment does not involve a significant reduction in a margin of safety.
saf Based on the above, ab it is concluded that the proposed amendment does not involve a significant hazards hazard consideration co under the standards set forth in 10 CFR 50.92(c), and, finding of no significant hazards consideration is justified.
accordingly, a fin findin 4.4 Conclusions Conclu conclusion, based on the considerations discussed above, (1) there is reasonable In conclus assurance suran that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commissions regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. Pursuant to Page 21 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023) 10 CFR 50.92, the requested change does not involve a Significant ant Hazards Consideration.
- 5. ENVIRONMENTAL CONSIDERATIONS The details of the proposed changes are provided in Section 2 of this license s licens icensee amendment ndment request.
req D
The proposed changes would revise the Combined Licenses (COLs) to accurately describe escribe the design and use of the central processing unit (CPU)) watchdog timers (WDTs) in the microprocessors of the Processing Section (PS) and the he Communication Section (CS) of the Advant Controller 160 (AC160) processor module off the CommonCom Q platform portion of the protection and safety monitoring system (PMS). Thisiss LAR also proposes sev t several changes to the design description of the Common Q platform, as presented ented in the Updated Final Safety Ana Analysis R
ical reports that are incorporated Report (UFSAR) and various supporting technical incorp by referen reference into the UFSAR.
The requested amendment proposes a change to UFSAR information that tha involves involve a departure from Tier 2* information that is incorporated ated by reference into the UFSAR. This enclosure orated en requests approval of the license amendment ent necessary to implement this Tier 2* departure and the involved Tier 2 UFSAR change.
A amendm This review has determined the proposed change requires an amendment to the COL. However, a review of the anticipatedd construction onstruction and operational effects of the requested amendment has sted determined the requested ted amendment meets the eligibility eligib criter for categorical exclusion set criteria 2(c)(9), in that:
forth in 10 CFR 51.22(c)(9),
(i) There is no significant hazards consideration.
FT ocumented in Section As documented Section 4.3, Significant Haza Hazards Consideration Determination, of this ense se amendment request, an evaluation w license was completed to determine whether or not a ant hazards consideration is involved significant involve by focusing on the three standards set forth in 10 CFR R 50.92, 50.92, Issuance of amendment.
amend The Significant Hazards Consideration determined that (1) the requested am amendment does not involve a significant increase in consequ the probability or consequences o an accident previously evaluated; (2) the requested of amendment d does not create the possibility of a new or different kind of accident from any ent previously evaluated; accident evaluate and (3) the requested amendment does not involve a nt reduction in a margin significant m of safety. Therefore, it is concluded that the requested amendment nt does not involve inv a significant hazards consideration under the standards set forth in 10 0 CFR 50.92(c),
- 50. and accordingly, a finding of no significant hazards ju consideration is justified.
(ii)) sign sig There is no significant change in the types or significant increase in the amounts of any tha may be released offsite.
effluents that prop The proposed changes in the requested amendment revise the COLs in regard to various pec of equipment in the protection and safety monitoring system (PMS). The PMS is aspects the AP1000 plant safety-related instrumentation and controls (I&C) system that provides detection of off-nominal conditions and actuation of appropriate safety-related functions necessary to achieve and maintain the plant in a safe shutdown condition. The proposed changes are unrelated to any aspect of plant construction or operation that would Page 22 of 23
PUBLIC VERSION ND-18-1085 Enclosure 1 Request for License Amendment: PMS Watchdog Timer and Common Q Design Description Changes (Publicly Available Information) (LAR-18-023) introduce any change to effluent types (e.g., effluents containing chemicalss or biocides, sanitary system effluents, and other effluents), or affect any plant radiological or non-ological o radiological effluent release quantities. Furthermore, the proposed changes anges do not affect a
any effluent release path or diminish the functionality of any design orr operational operatio features feature that are credited with controlling the release of effluents during plant n t operation. Therefore, it is concluded that the requested amendment does not involve a significant changechan in the types or a significant increase in the amounts of any effluentss that may be released o offsite.
(iii) There is no significant increase in individual or cumulative ve occupational radiation D
exposure.
The proposed changes in the requested amendment ent revise the COLs in regard to various aspects of equipment in the PMS. Plant radiation zones (addressed in UFSAR Section 12.3) are not affected, and controls established under 10 CFR CF 20 to preclude a significant increase in occupational radiation tion exposure xposure are not affe affected. Therefore, Therefore the R
requested amendment does not involve e a significant ant increase in individual or cumulative cum occupational radiation exposure.
Based on the above review of the requested sted amendment, it has been deter that anticipated determined th construction and operational effects off the requested amendment do not involve inv (i) a significant hazards consideration, (ii) a significantcant change in the types or significant ant increase incre in the amounts of any effluents that may be released leased offsite, or (iii) a significant increase increas in the individual or A
cumulative occupational radiation ure. Accordingly, the requested ation exposure. requeste amendment meets the eligibility criteria for categorical rical exclusion set forth in 10 CFR 51.22(c)(9).
51.22(c) Therefore, pursuant to 10 CFR 51.22(b), an environmental vironmental impact statement or environmental nvironmental enviro assessment of the proposed exemption iss not required.
required FT
- 6. REFERENCES CES None.
Page 23 of 23
PUBLIC VERSION Southern Nuclear Operating Company D
ND-18-1085 Enclosure 3 RA erating Plant (VEGP) Units 3 and Vogtle Electric Generating posed Changes to Licensing Basis Docu Proposed (LAR-18 Inf 18--023 023)
Documents (Publicly Available Information Information) an 4 FT Insertions Denoted by Blue Underline and Deletions by Red Strikethrough Omitted text is identified by three asterisks ( * * * )
(This Enclosure consists of 12 pages, including this cover page)
PUBLIC VERSION ND-18-1085 Enclosure 3 Proposed Changes to Licensing Basis Documents (Publicly Available Information)
- 1. UFSAR Section 1.6, Table 1.6-1, Material Referenced:
Revise Tier 2* text applicable to DCD Section 7.1 in UFSAR Table 1.6-1 to refle reflect changes to referenced WCAPs.
DCD Section Westinghouse Number Topical Report Number Title D
7.1 * * *
[WCAP-16096-P-A Software Program Manual nual for Common Q' Systems, Revision 4, WCAP-16096-NP-A February 2013 (1) (ass modified by the SPM alternatives in WCAP-15927, Revision vision 67)]*
67)]*
[WCAP-16097-P-A Common Qualified alified Platform Topical Report, Repo Report, Revision 3, Feb February R
WCAP-16097-NP-A 2013 (as modified by thehe Topical Report Repo alternatives in WCAP-W 15927, Revision 67)]*
67) 7 ]*
[WCAP-15927-P Design esign Process for AP1000 Common Q Safety Safe Systems, WCAP-15927-NP Revision vision 7 76, 6, February 2017]*
2017 7]*
A WCAP-15927 (NP)
- 2. UFSAR Appendix dix 1A, Conformance with Regulatory Reg Guides:
G x Revise Tier 2 Regulatory Guide conformance p position and summary description FT for Regulatory 1.152,, as follows:
egulatory Guide (RG) 1.15 1.152 llows:
AP1000/
Criteria Referenced Reference FSAR Clarification/Summary Description of Section Criteria Position Pos Exceptions Reg. Guide 1.152, 2, Rev. 1, 1/96 - Criteria Crite rite for Digital Computers in Safety Systems of Nuclear Power Plants Regulatory Guide 1.152, R Rev. 2, 1/
1/06 - Criteria for Use of Computers in Safety Systems of Nuclear Power Plan Plants Conformance of the design as aspects with Revision 1 of the Regulatory Guide is as stated below in the DCD.
General ANSI/ Exception The Common Q portion of the protection and safety IEEE-ANS-7-4.3.2 IEE monitoring system is developed using the Common Q
-1993 Software Program Manual (SPM) (as modified by the SPM alternatives in WCAP-15927, Revision 4) and Common Q Topical Report (as modified by the Topical Report alternatives in WCAP-15927, Revision 6). The Common Q SPM and Topical Report were reviewed and approved by the NRC. The Common Q SPM and Topical Report meet IEEE Std. 7-4.3.2-2003, as endorsed by Regulatory Guide 1.152, Revision 3.
Page 2 of 12
PUBLIC VERSION ND-18-1085 Enclosure 3 Proposed Changes to Licensing Basis Documents (Publicly Available Information)
(LAR-18-023) x Revise Tier 2 Regulatory Guide conformance position and summary description ry descri descripti for Regulatory Guide (RG) RG 1.168, as follows:
AP1000/
Criteria Referenced FSAR Clarification/Summary ummary Description Descriptio of Section Criteria Position Exceptio Exceptions D
Reg. Guide 1.168, Rev. 0, 9/97 and Rev. 1, 2/04 - Verification, Validation, dation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants Conformance of the design aspects with Revision 0 of the Regulatory latory Guid Guide is as stated ated belo below in the DCD.
General Exception See Chapter 7 for a discussion of the instrumentation instrumentatio and control software program related rela to Common QuaQualified R
Platform (Common Common Q).
The Common Q portion of the protection an and safety monitoring system em is develope developed develop d using the Common Q SPM (as modified by the SPM alternat SP alternatives in WCAP-15927, Revision WCAP on 6).
6). The Common Com C Q SPM was reviewed and approved by the NRNRC using the criteria of 1012-1998 IEEE Std. 1012-1012 -1998 199 and IEEE Std. 1028-1997 as A
endorsed orsed by Regulatory Guide G
Gu 1.168, Revision 1.
x Revise Tier 2 Regulatory Guide conformanc conformance positio position and summary description for Regulatory atory Guide (RG) R RG 1.169, as follows:
foll FT AP1000/
Criteria Referenced ced FSAR Clarification/Summary Description of Section on Criteria Position Exceptions Reg. Guide 1.169, Rev. 0, 9/97 - Configuration Con Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plan Plants Ge General Exception Westinghouse uses the Common Q SPM (as modified by the SPM alternatives in WCAP-15927, Revision 6) to develop and maintain the Common Q portion of the protection and safety monitoring system. The Common Q SPM was reviewed and approved by the NRC using the criteria of Regulatory Guide 1.169, Revision 0 and IEEE 828-2005.
The CIM subsystem complies with Regulatory Guide 1.169, Revision 0 with the exception(s) identified below:
Page 3 of 12
PUBLIC VERSION ND-18-1085 Enclosure 3 Proposed Changes to Licensing Basis Documents (Publicly Available Information)
(LAR-18-023) x Revise Tier 2 Regulatory Guide conformance position and summary descri description for Regulatory Guide (RG) RG 1.170, as follows:
AP1000/
Criteria Referenced FSAR Clarification/Summary mary Description Descrip of Section Criteria Position Exceptions xceptions D
Reg. Guide 1.170, Rev. 0, 9/97 - Software Test Documentation for Digital gital Computer Software Used in Safety Systems of Nuclear Power Plants General Exception The Common ommon Q portion of the protection and safety itoring system is developed using monitoring u the Common Q SPM PM M (as modified modifi by the SPM alternatives al in WCAP-15927, WCAP P-15927 15927,, Revision 6).
6). The Th Common Q SPM was w R
reviewed d and approved by the t NRC using the cr criteria of Regulatory Guide 1.170, Revision 0 and IEEE 829-1998.
The CIM subsystem ystem complies compl with Regula Regulatory Guide 1.170, Revision 0 with the exception(s) exc identified below:
A x Revise Tier 2 Regulatory latory Guide conformance position and summary description for Regulatory Guide uide (RG)
(R RG 1.172, 72, as follows:
follows AP1000/0/
Criteria Referenced FSAR Clarification/Summary Description of Clarif Section Cr Criteria Position Exceptions FT Reg. Guide uide 1.172, 2, Rev. 0, 9/97 - Software Requirements Specifications for Digital Computer Software Used afety Systems of Nuclear Power in Safety Pow Plants General Exception Excepti The Common Q portion of the protection and safety monitoring system is developed using the Common Q SPM (as modified by the SPM alternatives in WCAP-15927, Revision 6). The Common Q SPM was reviewed and approved by the NRC using the criteria of Regulatory Guide 1.172, Revision 0 and IEEE 830-1998.
See Chapter 7 for a discussion of the instrumentation and control software program.
Page 4 of 12
PUBLIC VERSION ND-18-1085 Enclosure 3 Proposed Changes to Licensing Basis Documents (Publicly Available Information)
(LAR-18-023) x Revise Tier 2 Regulatory Guide conformance position and summary descri description for Regulatory Guide (RG) RG 1.173, as follows:
AP1000/
Criteria Referenced FSAR Clarification/Summary mary Description Descrip of Section Criteria Position Exceptions xceptions D
Reg. Guide 1.173, Rev. 0, 9/97 - Developing Software Life Cycle Processes cesses for Digital Computer Software Used in Safety Systems of Nuclear Power Plants General Exception Westinghouse ghouse uses the Commo Common Q SPM (as modified ied by the SPM alternatives in WCAP-WCAP -15927 15 WCAP-15927, , Revision 6) to develop evelop elop and maintain the Comm Common Q portion of the protection tion and safety monitoring monitori system. The Com Common Q R
SPM wass reviewed and approved app by the NRC us using the criteria of IEEE EEE 1074-1074 -199 1995 as endorsed by Regulatory 1074-1995 Re Guide 1.173, Revision 0.
The CIM subsystem em complies with Regu Regulatory Guide 1.173, Revision 0 with 1.173 ith the exception(s) exception(
excep identified below.
A
- 3. UFSAR Subsection 7.1.7, References Revise Tier 2* information FT Common ommon
[WCAP-16096 References
References:
- (Proprietary) 16097-P-A 096--P-A (Proprietary)
- 20. [WCAP-15927-P
[WCAP-15927 (Pr Software Program Manual Man P
5927--P (Proprietary)
WCAP-15927, WCAP-15927 927, (Proprie 7, Revision R
Revisio mation for references, as show
- 8. [WCAP-16097-P-A P-16097 shown in the e and WCAP-16096-NP-A for Comm W
excerpts below:
oprietary) and WCAP-16097-NP-A WCAP-160 (Non-Proprietary), Revision 3, mmon Qualified Platform Topical Report, February 2013. (Note: as modified by the Topicall Report alternative in WCAP
- 9. [WCAP-16096-P-A WCAP- -15927, Revision 67).]*
WCAP-15927, (Non-Proprietary), Revision 4, Common Q' Systems, February 2013. (Note: as modified by the Software Program Manual alternatives in WCAP-15927, Revision 67)]*
and WCAP-15927-NP (Non-Proprietary), Revision 7, 6 (Non-proprietary), Design Process for AP1000 Common Q Safety Systems.
Systems.]*
stems.]*
Page 5 of 12
PUBLIC VERSION ND-18-1085 Proposed Changes to Licensing Basis Documents (Publicly Available Information) (LAR-18-023)
- 4. UFSAR Appendix 7A, Instrumentation and Controls Licensing Basis Document Changes, Subsection 7A.7, WCAP-16674-P and WCAP-16674-NP, AP1000 I&C Data Communication and Manual Control of Safety Systems and Components:
Revise Tier 2 information in Subsection 7A.7 regarding the References in WCAP-16674-P WCAP--1667 WCAP 1 and WCAP-16674-NP, as follows:
x Revise the Reference section, as follows:
- 1. WCAP-16097-P-A, Rev. 0 3 (proprietary), Common Qualified alified Platform Topical Report, Report D
Westinghouse Electric Company LLC (as modified by y the Topical Report alternatives in WCAP-15927, Rev. 7)
- 15. WCAP-15927, Rev. 7, Design Process for or AP1000 000 Common Q Safety Sa Systems, R
Westinghouse Electric Company LLC AFT Page 6 of 12
PUBLIC VERSION ND-18-1085 Proposed Changes to Licensing Basis Documents (Publicly Available Information) (LAR-18-023)
- 5. UFSAR Appendix 7A, Instrumentation and Controls Licensing Basis Document Changes, Subsection 7A.8, WCAP-16675-P and WCAP-16675-NP, AP1000 Protection and Safety Monitoring System Architecture Technical Report:
Revise Tier 2 information in Subsection 7A.8, following the current directions ons to revis revise rev Section 1.3, as follows:
x Revise Section 2.2.8, Watchdog Timer Implementation, as follows:
[
]a,c Refer to the Processor Module Watchdog o the Common Q Topical Report alt atchdog When a stall WDT activation og Timers.
vation occurs curs in a BPL terminates, it resets the BPL processor terminated. The LCL activates, then PL processor, alternative alternatives in WCAP-15927, Design Process for AP1000 Common Q Safety Systems, (Reference (Referenc 40) processor, it rese cessor stalls, the HSL commu n the BPL will mark all HSL data as CLs go to a 1oo3 for Reactor Trip and than the LCLs 4 for a description of resets the CPU which will communication to the LCLs is CL then marks the BPL data with bad qu quality. If only the window WDT a bad quality.
qua In either case, if both BPLs fail a 2oo3 for ESFAS coincidence logic for the F
affected parameter.
parameter x Delete Figure igure 2-2 2-4,
-4, Watchdog Timer Con Configuration.
x Delete Tabl 2-1, Table 2 Processo Module
-1,, Processor Mo WDT Arrangement Watchdog Timer Summary.
D 6.. WCAP-15927-P 6 WCAP Systems::
Systems Systems Revise vise Tier 2*
and WCAP-15927-NP, Design Process for AP1000 Common Q Safety d WC WCAP 2 informa Note thatt WCAP inform information in UFSAR Chapter 7 reference document, WCAP-15927-P and WCAP-7-NP, Design Process for AP1000 Common Q Safety Systems, as follows:
15927-NP, WCAP-15927 is incorporated by reference as a Tier 2* document, however, the text in this document en is not depicted using italics and brackets as is typical of Tier 2* material in the UFSAR (plant-specific DCD).
Page 7 of 12
PUBLIC VERSION ND-18-1085 Enclosure 3 Proposed Changes to Licensing Basis Documents (Publicly Available Information) (LAR-18-023) x Revise Section 3.10, Alternative to Processes Defined in WCAP-16097-P-A, with corresponding change to the Table of Contents, as follows:
3.10 ALTERNATIVES METHODS TO PROCESSES DEFINED AND DESCRIPTIONS ESCR IN WCAP-16097-P-A Table 3-2 identifies alternatives to the processes defined and design gn descriptions descrip in WCAP-16097-P-A, Common Qualified Platform Topical Report (Reference 4.2.2).
x criptions to the Common Q T Revise Table 3-2, Alternative Methods and Design Descriptions Topical D
Report, as follows:
Table 3-2 Alternative Methods and Design Descriptions riptions to the Common Q Topical Report WCAP-16097-P-A Section WCAP-16097-P-A Text xt Alternative R
References 27. WCAP-17266, Rev. 0, Common Q Alternative Platform Generic Changee Pro Process, 27.. WCAP-WCAP-17266, WCAP -17 17266, Com Common Q Platform Westinghouse Electric Company LLC.
L eric Change Process, Generic Proce Westinghouse LLC.
Electric Company LL a,c AFT Page 8 of 12
PUBLIC VERSION ND-18-1085 Enclosure 3 Proposed Changes to Licensing Basis Documents (Publicly Available Information) (LAR-18-023)
Table 3-2 Alternative Methods and Design Descriptions to the Common Q Topical Report WCAP-16097-P-A Section WCAP-16097-P-A Text Alternative rnative a,c DR AFT Page 9 of 12
PUBLIC VERSION ND-18-1085 Proposed Changes to Licensing Basis Documents (Publicly Available Information) (LAR-18-023) x Revise Section 5.2.1.3, Watchdog Timer, as shown in the Updated Section 5.2.1.3 Watchdog Timer Text, provided below:
a,c DRAFT Page 10 of 12
PUBLIC VERSION ND-18-1085 Proposed Changes to Licensing Basis Documents (Publicly Available Information) (LAR-18-023) x Replace Figure 5-13, Watchdog Timer Configuration, with the Updated Figure 5-13 Watchdog Timer Configuration, provided below:
a,c DRAFT Page 11 of 12
PUBLIC VERSION ND-18-1085 Proposed Changes to Licensing Basis Documents (Publicly Available Information) (LAR-18-023) x Revise Table 5-1, Processor Module WDT Arrangement Watchdog Timer Summary, as shown in the Updated Table 5-1 Processor Module WDT Arrangement Watchdog Timer Summary, provided below:
DRAFT Page 12 of 12