ML18260A317

From kanterella
Jump to navigation Jump to search
Handouts for August 30, 2018 Public Meeting on Initial Test Program
ML18260A317
Person / Time
Issue date: 09/17/2018
From: Tabatabai-Yazdi O
NRC/NRO/DLSE/LB1
To:
Tabatabai-Yazdi O / 415-6616
References
Download: ML18260A317 (24)


Text

Comparison of ESBWR and NuScale Preoperational Test Abstract Details Summary The test abstracts in the ESBWR Initial Test Program (DCD Chapter 14) typically contain more detail in the prerequisites section than the equivalent NuScale test abstracts. However, the level of detail and information included is inconsistent, often ambiguous, and in many cases meaningless. Detailed exampled are provided below.

In all of the other sections of the test abstracts, which include objectives, test methods, and acceptance criteria, the NuScale test abstracts provide significantly greater detail than the ESBWR counterparts.

Prerequisites Examples The following example is taken directly from the ESBWR Plant Automation System Preoperational Test (ESBWR DCD Chapter 14, Section 14.2.8.1.11), and represents typical ESBWR test abstract prerequisites:

  • The construction tests have been successfully completed and the SCG has reviewed the test procedure and approved the initiation of testing. The PGCS, RC&IS, Turbine Control System, and other required system interfaces shall be available to support the specific system testing. The required input and output devices and various system interfaces shall be connected and available, as needed, for supporting the specified testing configurations.

In this example, the prerequisites identify three systems (PGCS, RC&IS, and Turbine Control System) that are required to support the test. This type of information is not provided in the NuScale test abstracts. RG 1.206 states that test abstracts should (2) specify the prerequisites and major plant operating conditions necessary for each test (such as power level and mode of operation of major control systems). NuScale interpreted the parenthetical statement to be examples of the types of prerequisites and major plant operating conditions expected in a test abstract, which does not include a list of support systems.

Additionally, the ESBWR example includes catch-all caveats such as other required system interfaces, various system interfaces, and as needed. These statements add to the volume of the prerequisite without adding to the quality. When the process of detailed procedure development is undertaken, such statements must be filtered and discarded, a negative attribute of the prerequisite statement. Additional examples of this type of ESBWR prerequisite statements include the following:

  • The required interfacing systems shall be available, as needed, to support the specified testing and the appropriate system configurations.
  • Adequate laboratory facilities and appropriate analytical procedures shall be in place.

1

  • Initial system installation and setup has been accomplished per instructions. (Note: The test abstract from which this statement was taken does not include the instructions for system installation and setup or a description of what they might include.)
  • Construction is completed to the extent necessary to perform this test.

The first statement of the prerequisite regarding construction testing completion and the use of approved procedures is an administrative prerequisite which is repeated in most of the ESBWR test abstracts. These types of requirements will be a programmatic requirement of the NuScale ITP, and therefore are not included in each of the NuScale test abstracts.

Some ESBWR test abstracts contain significant detail regarding plant condition prerequisites for testing. The following example is taken directly from the ESBWR Containment Structural Integrity Test (ESBWR DCD Chapter 14, Section 14.2.8.1.31):

  • The containment construction is complete to the extent necessary to perform this test.

Construction turnover of the system is completed. The SCG has reviewed the test procedures and approved the initiation of testing. Reactor vessel, GDCS Pools, IC/PCCS Pools, reactor cavity, equipment storage pool, spent fuel pool and suppression pool are filled with water to the normal operation level. The instruments and controls within the scope of this test are calibrated. The structural integrity measurement and pressurizing equipment is available for use to support the test. Equipment incapable of withstanding the test pressure are removed from containment or otherwise protected.

Similarly, when specific plant conditions are required for testing, NuScale test abstracts contain detailed prerequisites. The following example is taken directly from the NuScale Primary and Secondary Chemistry Test #79 (Table 14.2-79):

i. The PSS instruments have been calibrated.

ii. The NPM is fully assembled.

iii. The RCS is at hot zero power (RCS at normal operating pressure and RCS temperature at the maximum temperature obtainable when heated only by the MHS).

NuScale test abstracts also provide detailed prerequisites when conditions specific to the system under test are required prior to conducting the test. The following example is taken directly from the NuScale Highly Reliable DC Power System Test #57 (Table 14.2-57):

i. Verify an instrument calibration has been completed, with approved records and within all calibration due dates, for all instruments required to perform this test.

ii. Verify a valve-regulated lead-acid battery acceptance test has been performed on all EDSS batteries to confirm battery capacity in accordance with IEEE Standard 1188 Sections 6 and 7.

iii. Verify battery charger performance testing has been completed by the manufacturer or a site acceptance test has been completed in accordance with manufacturer instructions.

2

Objectives Examples (Note: ESBWR test abstracts state the objective of the tests under the heading of Purpose.) The following example is taken directly from the ESBWR Safety System Logic and Control Engineered Safety Feature Preoperational Test (ESBWR DCD Chapter 14, Section 14.2.8.1.6):

  • The objective of this test is to verify proper operation of the Safety System Logic and Control Engineered Safety Feature (SSLC/ESF) and the safety-related (Q-DCIS) and nonsafety-related (N-DCIS) plant Distributed Control and Information System (DCIS) indicated in Subsection 14.2.8.1.7. Proper functioning of the DCIS includes those functions utilized for the preoperational testing of the aggregate plant systems.

This represents a typical objective statement in an ESBWR test abstract. The phrase verify proper operation is obvious and lacks any specific detail.

Conversely, each NuScale test abstract provide an objective statement for each component level and system level test included in the test abstract. The test abstract for the NuScale Module Protection System test #63 (Table 14.2-63) includes eleven test objective statements, several of which are multi-part. Examples include:

  • System Level Test #63-1 Test Objective Verify the instrument signals of MPS monitored variables are displayed in the MCR.
  • System Level Test #63-6 Test Objective
i. Verify the MPS can manually actuate ESF equipment from the MCR.

ii. Verify deliberate operator action is required to return the ESF actuated equipment to its non-actuated position.

iii. Verify the MPS can automatically actuate ESF equipment from all ESF actuation signals.

Test Method and Acceptance Criteria Examples The ESBWR test abstracts include a section titled General Test Methods and Acceptance Criteria. A bulleted list is then provided that represents the test methods and acceptance criteria. The following examples are taken directly from the ESBWR Reactor Water Cleanup/Shutdown Cooling System Preoperational Test (ESBWR DCD Chapter 14, Section 14.2.8.1.13):

  • Proper functioning of instrumentation and alarms used to monitor system operation and availability;
  • Proper operation of system valves, including timing, under expected operating conditions;
  • Proper operation of pumps and motors in all design operating modes; 3

Although presented as test methods and acceptance criteria, the bulleted statements do not describe a method for demonstrating the generic acceptance criteria of proper functioning and proper operation.

The NuScale test abstracts list test methods in one column and the acceptance criteria specific to that test method in an adjacent column. The NuScale test abstract for the Spent Fuel Pool Cooling System Test #1 (Table 14.2-1) includes the following test methods and associated acceptance criteria (not a complete list):

Test Objective Test Method Acceptance Criteria Verify each SFPCS air- Place each valve in its non-safe MCR display and local, visual operated valve fails to its position. observation indicate each valve safe position on loss of Isolate electrical power to each fails to its safe position.

electrical power to its air-operated valve.

solenoid.

Verify each SFPCS pump Align the SFPCS to allow for MCR display and local, visual can be started and pump operation. observation indicate each pump stopped remotely. Stop and start each pump from starts and stops.

the MCR.

Verify each SFPCS pump Align the SFPCS to allow for MCR display and local, visual automatically stops to pump operation. Place a pump observation indicate each pump protect the pump. in service. Initiate a simulated stops.

stop signal for the following system conditions.

i. Low pump suction pressure ii. High pump discharge pressure.

In this format, a test method is specified for each test objective, and acceptance criteria are provided to demonstrate the objective is satisfied.

4

Attachment 1 The following is a line-by-line analysis of the ESBWR test abstract for the Nuclear Boiler System and comparison to the NuScale test abstracts containing comparable plant functions.

LEGEND Black text, non-italics: Text copied directly from ESBWR Chapter 14, Initial Test Program, test abstracts Black text, italics: Clarifying notes and comparison summaries Red text, non-italics: Text copied directly from NuScale Chapter 14, Initial Test Program, test abstracts Red text, italics: Supplementary information, comments, and descriptions of deltas.

ESBWR NuScale 14.2.8.1.1 Nuclear Boiler System Containment System Test #43 Preoperational Test Reactor Coolant System Test #46 Module Protection System Test #63 Safety Display and Indication Test #66 ESBWR Objectives (NuScale comments and comparisons in red text)

The objective of this test is to verify that the valves, actuators, instrumentation, trip logic, alarms, annunciators, and indications associated with the Nuclear Boiler System (NBS) function as specified.

A generic objective statement such as this is made at the beginning of most ESBWR test abstracts.

NuScale Objectives From Test #43:

  • Verify the CNTS safety-related check valves change position under design differential pressure and flow.
  • Verify the leaktightness of the containment system.

From Test #46:

  • Verify the RCS safety-related check valves change position under design differential pressure and flow.
  • Verify each RCS instrument is available on an MCS or PCS display. (Test not required if the instrument calibration verified the MCS or PCS display.)

5

Attachment 1 From Test #63:

  • Verify the instrument signals of MPS monitored variables are displayed in the MCR.
  • Verify the MPS automatically initiates a reactor trip signal.
  • Verify the MPS automatically initiates an ESF actuation signal.
  • Verify the MPS can automatically actuate ESF equipment from all ESF actuation signals.
  • Verify the MPS response times from sensor output through:

o i. reactor trip breaker actuation for the reactor trip function.

o ii. de-energization of the associated solenoid valve for ESF-actuated valves.

o iii. opening of the pressurizer heater supply breaker for the pressurizer heater trip.

From Test #66:

  • Verify the proper valve position indication for each ESF valves that provide input to MPS.
  • Verify PAM Type B and C variables are displayed on the module-specific SDIS displays in the MCR.
  • Verify alarms associated with PAM Type B and C variables are retrieved in the MCR.
  • Verify module-specific PAM Type D variables are displayed on the module-specific SDIS displays in the MCR.

Objective Summary:

The NuScale test abstract contains a significantly more detailed explanation of the test objectives.

ESBWR Prerequisites (NuScale comments and comparisons in red text)

The construction tests have been successfully completed and the SCG has reviewed the test procedure and approved the initiation of testing.

This is a generic statement in each of the ESBWR test abstracts. This is an administrative control detailed in the Startup Administrative Manual, and is unnecessary to state in the test abstracts.

The Depressurization Valve (DPV) engineering development tests have been completed as described in Subsection 5.4.13.3. The DPV factory operability tests, including response tests and flow tests, have been completed. The Reactor Pressure Vessel (RPV) and Main Steamlines (MSL) can accept water during the test.

6

Attachment 1 The NuScale Power Module (NPM) arrives at the site with all piping and valves directly associated with the NPM installed. The EQ testing of the components occurs at the vendor or NPM manufacturer site. Verification that the testing required prior to shipping the NPM to the site has been completed is not necessary as a prerequisite The nitrogen gas and instrument air are available to support operation of Main Steam (MS) valves. Electrical power is available to support MS valves, instrumentation, and system operation.

RG 1.206 states that test abstracts should (2) specify the prerequisites and major plant operating conditions necessary for each test (such as power level and mode of operation of major control systems). ESBWR, in this particular example, has provided specific systems necessary to operate specific components that will be tested. It should be noted that this practice is not consistently applied in their test abstracts. The statement that electrical power is available is generic (no detail) and provides no real usable information for development of the detailed test procedure, which is the purpose of the test abstracts. Frequently To the extent necessary, the interfacing systems are available to support the specific system testing and the appropriate system configurations.

This generic statement is repeated in the prerequisites of most of the ESBWR test abstracts. It contains no detail, and is not included in NuScale test abstracts.

To prevent actuation of single-use squib valves during the logic portion of this testing process, the valve(s) may be isolated electrically to prevent actuation. This process of isolation, verification of the firing signal during the test, and subsequent reconnection must be controlled within the test document.

The NuScale design does not contain an equivalent feature.

NuScale Prerequisites Verify an instrument calibration has been completed, with approved records and within all calibration due dates, for all instruments required to perform this test.

(Note: The following is not listed in the prerequisite section of the test abstract, but rather in the description of the associated system level test.)

Test 63-6 is performed at hot functional testing concurrently with TGS test #33-1 (reference 14.2.12.33) to allow testing of ESF actuations at normal operating pressure and elevated temperatures. Test #33-1 heats the RCS from ambient conditions to the highest temperature achievable by MHS heating. These hot functional testing conditions provide the highest differential pressure and temperature conditions that can be achieved prior to fuel load.

Prerequisite Summary:

7

Attachment 1

  • The ESBWR test abstract prerequisites contains details not necessary for NuScale test abstracts due to the NPM valves and piping being connected and tested at the manufacturer site.
  • The ESBWR test abstract contains details about systems required to support testing, but of limited scope and inconsistent application.
  • The NuScale test abstracts that test similar functions only include a prerequisite for instrumentation calibration. However, where specific plant conditions are required for a system level test, those conditions are explicitly stated.

ESBWR General Test Methods and Acceptance Criteria (The ESBWR test method and acceptance criteria for this test abstract are bulleted in the following pages. The test method and acceptance criteria for the equivalent NuScale functions tests are provided in red text after each ESBWR example. Comments about differences are provided in italics.)

Performance shall be observed and recorded during a series of individual component and integrated system tests to demonstrate the following:

NuScale test abstracts are divided into component level and system level tests.

  • Verification that the sensing devices respond to actual process variables and provide alarms and trips at specified values;
  • Proper operation of the Feedwater (FW) isolation valves and FW check valves, including verification of closure times in isolation mode and testability features, if present;
  • Proper operation of DPV and SRV including verification of position indication; and
  • Acceptability of instrument channel response times, as measured from each applicable process variable input signal to the applicable process actuator confirmation signal.

(Note: The NuScale test abstracts separate the test method and acceptance criteria. The following table lists the test method and associated acceptance criteria for each of the elements described the ESBWR General Test Method and Acceptance Criteria above.)

Test Method Acceptance Criteria Initiate a single real or simulated instrument The instrument signal is displayed on an MCS signal from each RCS transmitter. or PCS display, or is recorded by the applicable control system historian.

Table 7.1-2 lists all of sensors which input to Each MPS monitored signal is displayed on an MPS. MCR workstation and the module specific safety display instrument panel (if designed for This test may be performed concurrently with safety display instrument display).

safety display and indication system (SDIS) test #66-2 for PAM Type B and Type C testing described in Section 14.2.12.

8

Attachment 1 Inject a single signal as close as practical for each sensor listed in Table 7.1-2 and monitor its response on an MCR workstation and the module-specific safety display instrument panel (if designed for safety display instrument display).

If the sensor signal is designed to be disconnected when the NPM is moved then it will be necessary to test the signal from the sensor to the disconnect and then from the disconnect to the MCR display.

This test verifies initiation of reactor trip signals i. A reactor trip signal is displayed in the MCR and ESF actuation signals only. Component for all 2 out of 4 logic combinations of each actuation is not required or verified. reactor trip function.

[ITAAC 02.05.08]

Test #63-1 is completed in order to use the associated test signals. ii. An ESF actuation signal is displayed in the MCR for all 2 out of 4 logic combinations each Real or simulated CNTS level, reactor trip reactor ESF actuation function.

breaker position, RCS temperature and NMS [ITAAC 02.05.09]

signals may be required to provide the necessary bypass interlock status for either the reactor trip or ESF actuation to be available.

i. Initiate an automatic reactor trip signal by simulating a reactor trip function for each function listed in Table 7.1-3. All combinations of the 2 out of 4 logic are tested for each reactor trip function.

ii. Initiate an automatic ESF actuation signal by simulating an ESF actuation function for each function listed in Table 7.1-4. All combinations of the 2 out of 4 logic must be actuated for each ESF function.

Figure 7.1-1 identifies all ESF actuation i. The MPS actuates the ESF equipment to signals such as CVCS isolation and CNTS perform its safety-related function as isolation. described in Table 7.1-4.

Each ECCS valve opens after receipt of an Table 7.1-4 lists all of the ESF functions. ESF signal and after RCS pressure is decreased to the threshold pressure for This test will verify the design response of ESF operation of the inadvertent actuation block actuation signals using both a single manual described in Section 6.3.2.2.

ESF signal and a single ESF function to [ITAAC 02.01.13]

provide an automatic ESF actuation signal. All [ITAAC 02.01.14]

manual and automatic ESF actuation signals [ITAAC 02.01.15]

9

Attachment 1 are tested. [ITAAC 02.01.18]

[ITAAC 02.01.19]

The RCS is at normal operating pressure [ITAAC 02.01.20]

supplying bypass steam to the condenser. [ITAAC 02.05.13]

[ITAAC 02.05.16]

i. Initiate a manual ESF actuation signal from the MCR. ii. a. The actuated equipment cannot be operated from the MCR.

ii. a. Attempt to operate the actuated ESF b. The actuated equipment cannot be equipment from the MCR. operated from the MCR.

b. Remove the manual ESF actuation signal c. The ESF equipment can be operated from and attempt to operate the actuated ESF the MCR.

equipment from the MCR. [ITAAC 02.01.13]

c. Use the MCR enable nonsafety control [ITAAC 02.01.14]

switch to allow operation of the ESF actuated [ITAAC 02.01.15]

equipment from the MCR. [ITAAC 02.05.16]

Repeat for all MCR manual ESF actuations. iii. The MPS automatically actuates the ESF equipment to perform its safety-related iii. Initiate an automatic ESF actuation signal. function as described in Table 7.1-4.

The test may be performed with the RCS at [ITAAC 02.01.13]

ambient conditions. [ITAAC 02.01.14]

[ITAAC 02.01.15]

Repeat for all ESF actuation signals. [ITAAC 02.01.18]

[ITAAC 02.01.20]

[ITAAC 02.05.11]

[ITAAC 02.05.16]

Table 6.2-5 contains the design closure time Each containment isolation valve travels from for containment isolation valves. fully open to fully closed in less than or equal to the time listed in Section 6.2.4.3 after Time the operation of all CIVs as they actuate receipt of a containment isolation signal.

to their ESF position during the manual ESF [ITAAC 02.01.08]

actuation testing in Test #63-6. [ITAAC 02.05.17]

Section 7.1.4 contains a description of design The MPS reactor trip functions listed in Table basis event actuation delays assumed in the 7.1-3 and ESF functions listed in Table 7.1-4 plant safety analysis and listed in Table 7.1-6. have response times that are less than or The actuation delays do not include ESF equal to the design basis safety analysis actuated component delays for actuated response time assumptions in Table 7.1-6.

valves. [ITAAC 02.05.17]

Perform a time response test for the actuation signals listed in Table 7.1-6.

Response time testing for ESF actuated CNTS, DHRS, ECCS and DWS valves are found in Test #63-7.

i. With the NPM assembled, open and close i. The valves open and close as indicated by a the valves listed in Table 7.1-2. module-specific SDIS display and an MCR workstation display.

10

Attachment 1 ii. Provide a real or simulated signal for each reactor safety valve position (Table 7.1-2). ii. The valve opens and closes as indicated by a module-specific SDIS display and an MCR workstation display.

i. Simulate an injection signal for the PAM i. The PAM Type B and C variables listed in Type B and C variables listed in Table 7.1-7. Table 7.1-7 are retrieved and displayed on the SDI displays in the MCR.

ii. Increase or decrease a simulated injection [ITAAC 02.05.25]

signal for the PAM Type B and C variables listed in Table 7.1-7 to obtain its associated ii. The alarms associated with the PAM Type B alarm. and C variables listed in Table 7.1-7.are retrieved and displayed on the SDI displays in iii. Simulate an injection signal for the PAM the MCR.

Type D variables listed in Table 7.1-7 iii. The PAM Type D variables listed in Table 7.1-7 are retrieved and displayed on the SDIS displays in the MCR.

The check valves are tested in accordance Each RCS safety-related check valve strokes with the requirements of ASME OM Code, fully open and closed under forward and ISTC-5220, Check Valves. reverse flow conditions, respectively.

[ITAAC 02.01.16]

The check valves are tested in accordance Each RCS safety-related excess flow check with the requirements of ASME OM Code, valve strokes fully closed under excess flow ISTC-5220, Check Valves. conditions.

The NuScale test abstract provides detailed descriptions of the test method to be employed for each of the functions tested, as well as acceptance criteria specific to the test method.

Additionally, locations of the associated information are provided in both the test methods and acceptance criteria to remove any ambiguity as to what it be tested and to what acceptance criteria.

  • Verification of the acceptable leaktightness and overall integrity of the reactor coolant pressure boundary via the leakage rate and hydrostatic testing as described in Section 5.2 Test Method Acceptance Criteria Perform 10 CFR Part 50, Appendix J local leak Local leak rate tests are completed on rate tests (Type B and Type C tests) of the containment penetrations listed in Table 6.2-9 CNTS in accordance with the guidance which require Appendix J, Type B or C testing.

provided in ANSI/ANS 56.8,RG 1.163, and [ITAAC 02.01.07]

NEI 94-01.

  • Proper operation of SRV air piston actuators and discharge line vacuum breakers; 11

Attachment 1 The NuScale design does not include components with similar functionality. However, it should be noted that the only acceptance criteria provided are appropriate accumulator capacity and proper operation of actuators and vacuum breakers.

12

Attachment 2 The following is a line-by-line analysis of the ESBWR test abstract for the Process Radiation Monitoring System and comparison to the NuScale test abstracts containing comparable plant functions.

LEGEND Black text, non-italics: Text copied directly from ESBWR Chapter 14, Initial Test Program, test abstracts Black text, italics: Clarifying notes and comparison summaries Red text, non-italics: Text copied directly from NuScale Chapter 14, Initial Test Program, test abstracts Red text, italics: Supplementary information, comments, and descriptions of deltas.

(Note: The ESBWR test abstract does not inventory the specific process radiation monitors. The NuScale test abstracts inventory and test the process radiation monitors in the system to which the radiation monitor belongs.)

ESBWR NuScale 14.2.8.1.16 Process Radiation Monitoring Pool Surge Control System Test #4 System Preoperational Test Auxiliary Boiler System Test #9 Control Room Habitability System Test # 18 Normal Control Room HVAC System Test #19 Reactor Building HVAC System Test #20 Balance-of-Plant Drains Test #24 Liquid Radioactive Waste System Test #35 Gaseous Radioactive Waste System Test #36 Chemical and Volume Control System Test

  1. 38 Containment Evacuation System Test #41 Containment Flooding and Drain System Test
  1. 42 Safety Display and Indication Test #66 14.2.8.1.16 Process Radiation Monitoring System Preoperational Test Purpose The objective of this test is to verify the ability of the Process Radiation Monitoring System (PRMS) to indicate and alarm normal and abnormal radiation levels, and to initiate, if appropriate, isolation functions upon detection of high radiation levels in any of the process streams that are monitored.

From DCA Section 14.2.3.2:

13

Attachment 2 Credit is taken for the logic testing performed for the nonsafety-related module control system (MCS) described in Section 7.0.4.5, and the nonsafety-related plant control system (PCS) described in Section 7.0.4.6. Therefore, if the component is controlled by MCS or PCS, the component-level logic testing in the preoperational test is limited to the testing of component-level design features described below (if the design feature is applicable to the system) unless the preoperational test verifies an ITAAC. The component tests are standardized to provide the same level of test detail across all systems. This graded approach does not affect system-level tests which require integrated system operation. The standardized component tests are:

  • Remote operation of equipment.
  • Manual control of variable-speed pump or fan.
  • Automatic start of standby pump or fan.
  • Automatic operation of pump recirculation valve.
  • Remote operation of valve or damper.
  • Valve or damper fails to its safe position on loss of air.
  • Valve or damper fails to its safe position on loss of electrical power to its solenoid.
  • Damper or fan responds to fire or smoke alarm.
  • Equipment response to automatic signals to protect plant equipment.
  • Automatic operation of tank or basin level control valve.
  • Automatic bus transfer via bus tie breaker.
  • System instrument calibration.
  • Each instrument is monitored in the MCR and the remote shutdown station (RSS), if the signal is designed to be displayed in the RSS. (Test not required if the instrument calibration verified the MCR and RSS display.)
  • Equipment protection logic From PSCS Test #4, Component Level Test 4-v Test Objective:
  • Verify the PSCS automatically responds to mitigate a release of radioactivity.

From ABS Test #9, Component Level Test 9-vi and 9-vii Test Objective:

  • Verify the ABS automatically responds to mitigate a release of radioactivity.

From CRHS Test #18, System Level Test 18-1 Test Objective:

  • Verify the CRHS and the CRVS automatically respond to provide breathable air to the CRE under accident conditions.

From CRVS Test #19, System Level Test 19-4 Test Objective:

  • Verify the CRVS automatically responds to mitigate the consequences of high radiation in the outside air.

14

Attachment 2 From RBVS Test #20, System Level Test 20-3 Test Objective:

i. Verify RBVS automatic alignment on a simulated spent fuel pool hi-hi radiation level.

ii. Verify the RBVS maintains a negative pressure in the RXB relative to the outside environment while the RBVS is operating in accident alignment.

iii. Verify the RWBVS maintains a negative pressure in the RWB relative to the outside environment while the RBVS is operating in accident alignment.

From BPDS Test #24, System Level Test 24-2, 24-3, 24-4, 24-5, and 24-6 Test Objective:

  • Verify the BPDS automatically responds to mitigate a release of radioactivity.

From LRWS Test #35, Component Level Test 35-vi Test Objective:

  • Verify radiation isolation on discharge to the utility water discharge basin high radiation, low dilution flow or underground pipe break.

From GRWS Test #36, Component Level Test 36-vii Test Objective:

  • Verify radiation isolation of GRWS charcoal decay beds upon detection of decay bed discharge flow high radiation level.

From GRWS Test #36, Component Level Test 36-viii Test Objective:

  • Verify radiation isolation of GRWS discharge to the RWBVS exhaust upon detection of a high radiation level.

From CVCS Test #38, Component Level Tests 38-xiii, 38-xiv, and 38-v Test Objective:

  • Verify the CVCS automatically responds to mitigate a release of radioactivity.

From CES Test #41, System Level Test 41-2 Test Objective:

  • Verify radiation isolation and flow diversion on high radiation level in the CES.

From CFDS Test #42, System Level Test 42-4 Test Objective:

  • Verify the 6A CFDS automatically responds to mitigate a release of radioactivity.

From CFDS Test #42, System Level Test 42-5 Test Objective:

  • Verify the 6B CFDS automatically responds to mitigate a release of radioactivity.

From SDIS Test #66, Common SDIS Component Level Test 66-ii Test Objective:

  • Verify radiation monitor indication is obtained in the MCR for each radiation monitor that provides input to the PPS.

From SDIS Test #66, Module Specific Component Level Test 66-ii Test Objective:

15

Attachment 2

  • Verify radiation monitor indication is obtained in the MCR for each radiation monitor that provides input to the MPS.

Prerequisites The construction tests have been successfully completed and the SCG has reviewed the test procedure and approved the initiation of testing.

No value added with prerequisite.

The various process radiation monitoring subsystems, including the sensors, the digital radiation monitors and associated sampling racks have been calibrated according to instructions.

All NuScale DCA test abstracts with process radiation monitors include the following prerequisite:

  • Verify an instrument calibration has been completed, with approved records and within all calibration due dates, for all instruments required to perform this test.

The required interfacing systems shall be available, as needed, to support the specified testing.

This prerequisite is not included in any DCA Chapter 14.2 Test abstract.

General Test Methods and Acceptance Criteria The PRMS consists of a number of subsystems that monitor various liquid and gaseous process streams, building and area ventilation exhausts, and plant and process effluents. The offgas system and the main steamlines are also monitored.

The NuScale test abstracts specifically define the systems that contain process radiation monitoring.

Performance shall be observed and recorded during a series of individual component and integrated subsystem tests to demonstrate the following:

  • Proper calibration of detector assemblies and associated equipment using a standard radiation source or portable calibration unit; This is already verified in the prerequisites. This is a redundant task and is not redundant in the NuScale test abstracts.
  • Proper functioning of radiation monitors and alarms; 16

Attachment 2 From PSCS Test #4, Component Level Test 4-vii:

The prerequisite: Verify an instrument calibration has been completed, with approved records and within all calibration due dates, for all instruments required to perform this test, will verify proper operation of the radiation detector. The component level test verifies the instrument signal is being received by the control system.

From DCA section 7.2.1.2.8 Software Integration and Testing: (Bolded for emphasis)

For SIL 3 and 4 software or Complex Logic Device logic, a test engineer from an independent V&V team:

  • Develops the test documentation listed above
  • Conducts software integration testing to verify that software requirements have been adequately implemented for this phase of the software life cycle
  • Compares integration test results to the requirements in the Digital I&C Software Requirements Specification and Interface Requirements Specification to ensure satisfaction of requirements.
  • Identifies and resolves discrepancies between actual and expected results in integration testing.
  • Ensures that the integrated software or Complex Logic Device logic modules have successfully passed integration testing and that the software system is integrated with applicable hardware systems.
  • Conducts system testing on a complete, integrated system to evaluate system performance based on the I&C system requirements from the System Requirements Specification and system design documentation.
  • Ensures the detection of any inconsistencies between the software or Complex Logic Device logic and the hardware.

17

Attachment 2

  • Documents system test results and analyzes test results to verify that digital I&C system requirements from the have been satisfied.
  • Demonstrates that hazards identified in the Software Safety Analysis Report have been eliminated or controlled to an acceptable level of risk and ensures that additional hazardous states identified during testing undergo analysis prior to software delivery or use.
  • Evaluates and ensures the correction of test discrepancies identified and makes provisions available for appropriate regression testing following changes made to resolve discrepancies.
  • Provides the completed system test results in the System Test Report to the engineering team as an input to the ongoing digital I&C system safety analysis activity of the NuScale Digital I&C Software Safety Plan.

From DCA Section 7.2.1.2.2:

A Digital I&C System Requirements Specification is developed describing the identification, development, documentation, review, approval, and maintenance of I&C system requirements.

The system requirements documentation together with the system design documentation developed during the I&C basic design process (see Section 7.2.1.1.1) may be used as a System Requirements Specification. The Digital I&C System Requirements Specification includes the following:

  • the need for system and software safety analyses throughout the life cycle
  • functions and capabilities of the I&C system during operations
  • system boundaries
  • safety classification
  • safety functional properties and additional features not performing a safety function
  • licensee requested features
  • safety, security, and human machine interfaces
  • operations and maintenance measures, including intended fault identification, test, calibration and repair
  • design constraints
  • qualification requirements
  • results from hazard analyses
  • restrictions and constraints placed on the system to ensure compatibility with other plant systems From DCA Section 7.2.14.4:

The MCS and PCS human-system interface is developed with integration of the HFE functional allocation, task analysis and alarm philosophy. The HFE functional allocation, task analysis, and 18

Attachment 2 alarm philosophy specify the level of automation and indication required for each process and electrical system.

The MCS and PCS provide a high level of automation with minimal local operation to reduce operator burden and optimize staffing levels while ensuring personnel safety, equipment protection, and system availability.

Coordination with HFE analysis determines the level of automation for the various plant systems and components. This process determines the need for human interfaces to be manual control, shared control, or automatic control. Alarms are developed in accordance with the HFE alarm philosophy and are described in the Human-System Interface Design Results Summary Report (Reference 18.7-2).

The MCS and PCS human-system interface is a collection of both hardware, in the form of physical screens and input devices, and software, in the context of the displays designed to represent real-time plant operations and enable the user to monitor and manage the process.

From DCA Section 14.2.1.1:

The testing and installation of digital I&C systems includes factory acceptance testing and site acceptance testing which is completed as part of construction and installation tests performed prior to preoperational tests. Factory acceptance tests are performed during the digital I&C system testing phase described in FSAR Section 7.2.1.1.3.1. Site installation and checkout activities are performed as part of the integrated site acceptance testing during the system installation phase as described in FSAR Section 7.2.1.1.3.2. Software integration and testing is governed by the NuScale Digital I&C Software Master Test Plan described in FSAR Section 7.2.1.2.8.

==

Conclusion:==

From the above statements from Chapter 7, alarms, indications, and controls are determined using that described in the design documents and from task analysis and alarm philosophy from the HFE program. These alarms, indication, and controls will then be part of the System Requirement Specifications, which will then be tested according to the NuScale Digital I&C Software Master Test Plan. This testing will occur prior to preoperational testing during the system installation phase or earlier. It can therefore be concluded that all alarms and logic testing will be completed prior to the preoperational test phase. All instrumentation is also functionally checked either through the calibration described in the prerequisites or using the Component Level Test shown above, which is common to all systems that include any instrumentation.

  • Proper system trips in response to high radiation and downscale/inoperative conditions; 19

Attachment 2 From PSCS Test #4:

From ABS Test #9:

From CRHS Test #18-1:

From CRVS Test #19:

20

Attachment 2 From RBVS Test #20:

21

Attachment 2 From BPDS Test #24:

22

Attachment 2 From LRWS Test #35:

From GRWS Test #36 From CES Test #41:

23

Attachment 2 From CFDS Test #42:

From SDIS Test #66:

Conclusion:

The NuScale DCA describes which specific systems need to be tested, and which specific actions need to occur in the acceptance criteria. The ESBWR statement is very generic and does not specify the systems or the actions that are being tested. The downscale inoperable instrument portion is part of the control system logic, which is described in the previous explanation.

  • Proper operation of the isolation functions; and See previous explanation.
  • Proper operation of the sampling functions.

This would be part of the instrumentation test since there are no specified sampling functions of process radiation monitors in the NuScale design.

24