ML19207A540
| ML19207A540 | |
| Person / Time | |
|---|---|
| Issue date: | 05/09/1979 |
| From: | Advisory Committee on Reactor Safeguards |
| To: | Advisory Committee on Reactor Safeguards |
| References | |
| ACRS-1628, NUDOCS 7908210024 | |
| Download: ML19207A540 (34) | |
Text
.
.h b y t rq : ' q n "j g
.h
'l j l.}
'l' rf l j.
hl
{j mac. ISSUED: 5/9/79 i
MINUTES OF THE ACRS FUBCOMMI'ITEE ON b
POWER AND ELECTRICAL SYSTEMS PHOENIX, ARIZONA MARCH 30, 1979 77pjj7
/r7f he ACRS Subcommittee on Power and Electrical Systems met with repre-sentatives of the NRC Staff and Westinghouse Electric Corporation in Phoenix, Arizona, on March 30, 1979, to review the potential adverse interactions through the interconnection of protection and safety systems with reactor control systems on the Westinghouse RESAR-414 Integrated Protection System Design (IPS). A notice of the meeting appeared in the Federal Register on March 20,1979 (Attachment A). A copy of the detailed presentation schedule is attached (Attachment B).
A list of attendees at the Subcommittee Meeting is attached (Attachment C).
A list of documents provided to the Subcommittee for this meeting is attached (Attachment D).
Bere were no public statements either written or oral. The entire meeting was open to members of the public.
MEETING WITH NRC STAFF AND WESTINGHOUSE CORPORATION 1.0 Subcommittee Chairman's Opening Remarks Dr. Kerr, Subcommittee Chairman, introduced the members of the Subcommittee and noted that the purpose of the meeting was to further review the inte-grated protection and safety system of the Westinghouse RESAR-414. He pointed out that the meeting was being conducted in accordance with the provisions of the Federal Advisory Committee Act and the Government in the Sunshine Act and that Mr. Gary Quittschreiber was the Designated Federal Employee fci
.le meeting.
He stated that no requests for oral statements nor written statements from members of the public had been received with regard to this meeting.
2.0 Westinghouse Overview of the RESAR-414 Integrated Protection System Mr. Dan Call, Westinghouse Corporation, noted the following emcerning the Defense-In-Depth Guidelines:
1.
Westinghouse concurs with the NRC Staff's assessment that the principle of defense-in-depth is desirable and an
& W=
803082 29082100c2jK
.o
Power and Elec Systems March 30, 1979 important safety feature of nuclear power plant design and operation.
2.
Westinghouse does not consider that the IPS should be especially suspect or deserving of specific rules to assure that defense-in-depth is maintained.
3.
Westinghouse considers the defense-in-depth guidelines extend beyond the issue of systems interconnections and requires diversity in its own right. 'Ihey are concerned that this may be a restatement of the NIVS concern.
4.
He noted that the guidelines are interpretive; therefore, their remarks are conditioned as being limited to their present interpretation.
5.
~
Westinghouse feels that the IPS design can be shown to meet the NUREG-0493 Guidelines.
6.
51estinghouse " finalizing the IPS design in conjunction with the Carrcil County application and that it is important to obtain closure on this issue in the near future.
In resporse to a question from Dr. Kerr concerning Westinghouse guidelines for the IPS, Mr. Gallagher, Westinghouse, indicated that Westinghouse has not aevehped any new guidelines for the IPS but is using the same philosophy used on earlier plants as stated in WCAP-7306, which dates back to 1969.
In response to questioning from the Subcommittee concerning whether Westing-house has performed a detailed fault tree :-91ysis of the IPS which has been documented, Gallagher noted that they have not done an official fault tree study. He said that they have developed a mathemat' cal model of the system architecture. He added that they documented their work to show that they have reliable software. 'Ihey will perform and document a 'ault tree study to show that they comply with the defense-in-depth guidelines.
d37003 n
Power and lec System; March 30, 1979 s
Mr. Gallagher noted that they did an a:cident study as part of RESAR-414 which was based upon the new functions incorporated in de IPS. The
[
architecture in the IFS is based upon me3 ting the sam non-availability criteria as their present system. %e accident analysis showed that they met the same non-availability goals as their present system. He said they do not see a 'need to look at additional aspects sinae their goal was only to make it as safe as their present system.
Dr. Okrent suggested
?
that Westinghouse provide a detailed report which provides an adequate basis for accepting the proposed desion as being sufficiently safe.
Mr. Brian Reid, Westinghouse, discusced the overall ecructure, the important features of the_IPS, and how the architecture relates t5 NUREG-0493 (Attachments 1 through 4). He noted that improvements of the IPS over existing systems included both accuracy a xl performance (due to less susceptibility to noise). Other significant improvements ir.clude:
~
1.
Bypass scheme allows them te; operate the system witheu having to trip a portica of the logic.
2.
We signal selector all%s the plant to be decoupled from failures in the protection system.
In reg,nt,c to questions from the Subcommittee concerning interruption of the data litWs, Reid stated that the abnence of a signal will be inter.'-
preted at the receiving end as a bypass. '1ha :/ out of 4 system will be reconfigured to a 2 out of 3 mode of operation.
A secc vl ir..erruption would result in a 1 out of 2 mode.
Ioss of 3 data links would result in an automatic trip.
Reid noted that in the presently used system with 2 out of 4, if one channel is inter rupted '.h*j go to a partial trip condition with a i out of 3 scram.
3.0 Report by the NRC Staff on Defense-In-Depth Guidelines.
Dr. Hanauer, NRC SMf, noted that the IPS review is a new venture for them to write down the defens'e-in-depth guidelines and the verification and vali-dation requirements. He said that the NRC Staff be.lieves the IPS is by far
$C $84
~
Power and Elec Systems March 30, 1979 and verification and validation requirements. He said that the NRC Staff f
believes the IPS is by far the most interconnected system that they have reviewed and that their concern comes about not because of the new on-line computer technology, but from the degree of integration and interconnection.
- i.
I He indicated that they plan to apply the NUREG-0493 defense-in-depth 2~ -
guidelines to other applications such as the Babcock and Wilcox RPS-II design. They have a technical as istance contract with Oak Ridge National
-c I
Laboratory to help develop criteria and to help with the case work review in a number of areas.
Dr. Kerr expressed disappointment that NUREG-0493 has no mention of any effort to develop quantitative criteria.
Dr. Hanauer noted that they have no plans to get more quantitative in this area. He mentioned the problems that they' had with a quantitative analysis of ATWS and suggested that it would be a waste of time to attempt to get quantitative with respect to an IPS analysis. Dr. Kerr indicated that it was not obvious to him that one encounters the same sorts of problems 5t one encountered in NIWS and until he saw some sort of unreliability goal he would not be convinced.
f.
In response to comments from Mr. Epler concerning external phenomena which might affect one system which has the capability to scram or not, isolate feedwater or not, and to initiate auxiliary feedwater or not, Hanauer said
~
th'ey do not feel that the design review offers a way to provide any signi-ficant amount of defense against external influences. He noted that he believes the defense-in-depth evaluation will provide a certain amount of protection against such occurrences not now in the review capability be-cause they are now explicitly considering connon-rode failures of types not previously considered. He said that the technology requires a com-bination of skillful and adequate design, supervision, and operation which are outside the scope of the design review. Hanauer noted that the 60,0 %
Power and Elec Systems March 30, 1979 transients coming from inside the system are covered by defense-in-depth guideline #8. Transients from outside the system are addressed in other parts of the requirements, imperfectly.
Dr. Okrent noted that he expects to see from Westinghouse an evaluation cf why the propased system is adequate with regard to this feedwater event and also, to
?
see an alternative design which would be less susceptible and why such an alternative is not preferable.
Mr. Joe Joyce, NRC Staff, discussed the NUREG-0493 defense-in-depth guidelines and diversity assessment (Attachments 5 through 13). He noted that the " block concept" was used to allow them to asseas the
[1 merits of the system with respect to defense-in-depth without doing a detailed design review.
This concept involved pulling together like components and modules of an instrumentation system into a manageable number of functional units, or blocks, in order to systematize the postu-lation of a common-mode failure and the analysis of the consequences of such a postulated failure.
Mr. Joyce concluded that the Westinghouse design principles and the IPS architecture are consistent with the defense-in-depth guidelines and for the purpose of preliminary design approval (PDA), the NRC Staff finds the design acceptable. He added that the PDA is predicated on Westinghouse performing a detailed analysis of the final design in accordance with the defense-in-depth guidelines to show that it meets the guidelines.
Dr. Lipinski discussed his concern for testing the logic for all common cause scrams on 2 out of 4, or bypass logic on 2 out of 3, or 1 out of 2.
He felt a comprehensive off-1.ine test had to be performed to go through every conceivable logic combination (2 of 4, 2 of 3,1 of 2) with all the different variables to drive the micro-processor to come up with outputs for scram or initiation of engineered safety features.
Mr. Beltracci agreed that NUREG-0493 does not clearly call out specific testing of the bypass function.
d V is.eundt h
kr
~
Power and Elec Systems March 30, 1979 4.0 Report by the NRC Staff on Verification and Validation Program Mr. Leo Beltracci, NRC Staff, discussed the verification and validation program (V&V) noting that it is a proven methodology used by others to develop reliable software (Attachments 14 through 16).
Beltracci noted that the NRC Staff has developed several V&V Guidelines separate from NUREG-0493 to apply to the functional qualification of the IPS hardware and software design (does not include environmental qualifica-tion). W e V&V techniques were developed and used successfully by the Air Force in the Minuteman III and Titan II projects, and by NASA in the Viking projects; some of which, used software probably more complex than the RESAR-414 IPS. We NRC Staff will perform the role of an audit team for the V&V program and Westinghouse will provide an independent group to perform the role of the verification and validation team.
5.0 Westinghouse Response to Defense-In-Depth Guidelines Mr. Gallagher provided an overview of the Westinghouse intarpretation of each of the NUREG-0493 defense-in-depth guidelines and how the IPS meets these guidelines.
He noted that one goal of the IPS is to improve plant availability by reducing the probability of control system failures which result in plant shutdowns and the possible chance of damaging major pieces of equipment. He felt that the use of the signal selector and auto-matic bypass features sculd significantly reduce the number of unnecessary shutdowns due to operator errorc.
6.0 Westinghouse Description of Proposed Program for Analyses and Tests Required by NUREG-0493 Mr. Bruce Cook, Westinghouse, described the framework of their program for the defense-in-depth evaluation of the IPS (Attachment 17) and discussed the Phase I program for their architectural diversity analysis which will use fault tree methodology. % e program will be comprised of three phases:
bOYOb7 m
4 wnyty K'y V
Power and Elec Systems March 30, 1979 I.
Architectural Diversity Analysis II.
Transient Analysis of Anticipated Occurrences III.
System Independence Testing Mr. Larry Campbell, Westinghouse discussed Phase II, transient analysis for anticipated operational occurrences.
He noted that this analysis will be performed to show that alternate trip functions other than the primary trip are available to ensure a cool geometry and no violation of the primary cooling system or containment integrity. Another step is to look at interactions between the lines of defense for situations where a single cow.cn-mode failure could cause a plant transient where the control system is lost and the engineered safety features are impaired. He dis-cussed the methodology using WCAP-7306, with a rod withdrawal accident as an example.
Mr. Bruce Cook discussed Phase III, system independence test piase, to demonstrate that failures postulated in the system do not propagate between modules which were assumed by analysis to be independent. %is testing will be guided by Phase I analysis which will show the need for independence between linked modules.
%e testing will be performed by simulating reasonable faults in the IPS prototype and determining the extent of the resulting malfunctions. Cook described the periodic and on-line testing. He indicated that on-line testing would detect common-mode failures as well as random failures.
He did not try to imply it would catch all common mode failures.
7.0 Westinchouse Response to the Verification and Validation Program Mr. Gallagher provided the Westinghouse response to the proposed NRC Staff's V&V Program. He said that Westiryhouse had a plan for a verification pro-gram, through the use of a prototype in early 1976, before the NRC proposed the program but they did not have a validation program. He noted that the equipnent for the prototype has been built and is being debugged and readied s
for systems testing.
' '[r 8
Power and Elec Systems March 30, 1979 Gallagher noted that Westinghouse has a joint research and developnent program with the French, through EDF, CEA, and Framatome to develop the methodology for reliable software. Eis program has been underway since July 1977. R ey meet twice a year to share experiences and at the end hope to achieve an agreed upon methodology.
Gallagher discussed the effort being expended by Westinghouse to develop and verify the IPS software. He noted that they have spent about 10 man-years writing the IPS software and about 10 man-years to verify it.
He added that they realized Westinghouse did rot have sufficient expertise to do independent verification of the software so they had their manufacturer set up separate design and verification teams. Westinghouse also organized a software verification team separate from the system design group and under separate management.
8.0 Future Schedule for IPS Design and Review Mr. Bob Croley, Westinghouse, discussed the Westinghouse /NRC Staff schedule for the design verification program (WCAP-9153) and the program to address NUREG-0493 guidelines (Attachment 18). Westinghouse hopes to have NRC approval of the design verification program by the end of 1979 and NRC approval of the Westinghouse program addressing the NUREG-0493 Guidelines by mid-1980. Croley indicated that their final design of the IPS has been completed and is ready for testing. He added that modifications to the present design resulting from the NUREG-0493 review would have to be factored into the design and tested on the prototype but they would not expect to have to repeat the entire program.
In response to a question from Dr. Kerr concerning when the final design details would be provided to the NRC Staff fot-their review, Gallagher said these details are now available.
He felt the areas left open for final approval deal nore with actual application of the system to the plant than sjs8t3UdtCD 807083
Power and Elec Systens March 30, 1979 the IPS. Beltracci added that the hBC Staff intends to conduct the final review basically through audits with heavy emphasis on test re-sults. Beltacci added that the HEC Staff does not intend to perform as detailed a final design review as was performed on the Combustion Engineerirg Core Protection Calculator System (CPCS) but intends to I ~
perform an audit type review similar to other nuclear safety system type reviews.
It was noted that the NRC Staff spent approximately 15%
of the man-years expended by the vendor on the Combustion Engineering CPCS design. We NRC Staff's man-year efforts on the IPS review are expected to be only a fraction of that expended on the CE Systm review.
9.0 Conclusions / Remarks he Subcommittee members expressed concern over the followirg items:
a.
No quantitative criteria for the reliability of the IPS.
b.
No discussion in NURD3-0493 of operator and maintenance interaction.
c.
We NRC Staff should address the possibility of failure of rorral feedwater and auxiliary feedwater, since a corx.on system controls both methods, d.
We NRC Staff should address reliability of the IPS after returning the systems to normal after automatic bypass for on-line tests.
e.
We NRC Staff should address the reliability of the IPS for combinations of trips when one or more channels are inoperable c
for maintenance or test.
%c ACRS consultants were requested to provide written comments on their review of the IPS.
NNN 807030
Power and Elec Systems March 30, 1979 The meeting was adjourned at 4:40 p.m.
NOTE:
For additional details, a complete transcript of the meeting is available in the NRC Public Document Room, 1717 H Street, N.W.,
Washington, D.C. 20555, or from Ace-Federal Reporters, Inc.,
444 North Capital Street, N.W., Washington, D.C.
f e
e me e
b 4
+
NOTICES 16985 chnes that onurred at the Chilhowie insestigation rescaled that the compa-portions of the meeting shen a trun-
- clant'.
ny location is Somer ille. Maswhu. script is being kept, and questjons mar
(%mpany wide sales of children's setts. The insestigation further re-be asked only by members of the Sub-and knitted clothing by Sky.
vealed that the plant primarily pro-committee. Its consultants, and Staff.
International Corporation in.
duces men's raincosta.
Persons desiring to make oral state-c.
.d. In value, in 1977 compared to The Notice of Invesugation was pub-ments should notify the Designated 1976 and in 1978 compared to 1977. lished in the ProtaAr. Rectstra on Jan-Federal Employee as far in ads ance as Sales and production are equivalent at uary 26,1979 (44 FR 5534). No public practicable so that appropriate ar.
Skyland International Corporation.
hearing mas requested and none was rangements can t'e made to allow the With respect to the Manon. Virginia held.
necessary time during the meeting for plant of Skyland Virgirda Corporation.
The determinatJon was based upon such statements.
sithout regard to shether any of the information obtained principally from The agenda for,ubject meeting
. other criteria have been met, the fol-officials of University Clothing Corpo-ahall be as follour losing criterion has not been met:
ration, the U.S. Department of Com-That sales or productJoo. or both, of the merce. the U.S. InternatJonal Trade Wednesder,gg y o.a f.1979. t 00 p nt tutta the Ar
,,,,g, f g,g,,,
fuTn or suMnW(n hate de<reased ab6olute-Comm 10. Industry an&Iysts an.J De-Sales of chudren's clothing increased In order to make an afftrmatire de.
ecutive Session, with any of its consul-in value at SkJiand InteTnational Cor-termination ar.d Issue a certification of tants s ho may be present. to discuss a poration in 1977 compared sith 1976 eligibiljty to apply for adjustment as.
plan of action for arrMng at a recom-and 1978 compared to 1977. Produc-sistance each of the group eligibility mendation to the full Committ(e on tion of children's woven pants. sk.irts requirements of Sedion 222 of the Act the role Class-9 Accidents should have must be met. Without regard to in the ljeensing process.
ane ush denim Jackets increased at whether any of the other criteria have Further information regarding the.
rion. Virginia plant of Skyl...d been met, the follot-Ing criterion has topics to be discussed, shether the Viron.a Corporsuon in 1978 compared not been met-meeting has been cancelled or resched-to 1977. Production at the Marion. Vir-ginia plant increased in each quarter That sales or production, or both, of the uled, the Chairman's ruling on re-of 1978 compared to the correspondmg firTn r subdnwon have decreased absolute-questi for the opportunity to present Quarter of 1977.
II
- oral statements and the time allotted therefor can be obtained by a prepaid Cont 10sto
Salas...d productico at University telephone call to the Designated Ped-Clothing Corporation increased in eral Employee for this inecting. Mr.
After careful review. I determine 1978 compared mith 1977.
Ortry Quittschreiber, tielephone 202-that all workers at the Chilhowie. Vir-634-3267) between 8:15 a.m. and 5:04 ginia plant and 7.1 the Marion. Virginia Conctustove p.m.. EST.
plant of Skylan;l Virginia Corporation.
After careful review. I detennine Dated March 14.1979.
a dividon of Skyland Internationa] that all sorkers of University Cloth-Corporation. Chattanooga, Tennessee ing Corporation. Sornervtile, Massa.
Jome C. HmrtA are denied eligibility to apply for ad.
chusetts are denied eligibility to apply Adt tsory Committee je nt assistance under TttJe II.
for adjustment assistance under Title Management Offtcer.
C 2 of the Trade Act of 1974.
II Chapter 2 of the Trade Act of 1974.
(PR Doc 79-2174 Fbd 3-19-79. 8.45 mm1
....cd at Washington. D.C.
this Sfgned at Washington. D.C. this 13th day of March 1979.
15th day of March 1979.
[7590-01-M]
C. MtenArt Ano.
HAaaT J. GIWAN.
Director,0ffice of Supervisory Interr.afional ADVl$ORY COMTTEI ON ti. ACTOS SAFE.
ForeWn Economte Rese.trch.
Economist. Office of Foreign OVARDs, SUSCOMWrfit CN POWik AND tm Doc. 79 m3 9 Fued 3-19-79. F.45 a.m.)
Economte RescorcA.
Elf Cit >CA1 systems p,.-
tm Doc 79-8349 Fued 3-19-79; 8 45 arn)
%*g
[4510 23_g}
The ACRS Subcommittee on Powee
[7390-CI-M]
and Electrical Systerns will hold a TTA M-47111 meeting on March 30, 1979 at the NUCLEAR REGtfLATORY Aloha Inn. 3901 E. Van Burec St..
UNIVitsiTY CLOTWHO COtr.,50MitVittE.
COMMISSION Phoenix. AZ 85008 to review the po-MAIL Negein Dem, eHen Regarding fligtbluty ADVISOtf COMMITTEI ON EfACTOR 5Ayt.
tential adverse interactions through Te Appfy for Wernet Adpstment Assistence GUARD $. $U8COMTTE'I CN CONstDttA. the intercx>nnection of protection and TION OF CLA$$-9 ACC1 DENTS safety systems with reactor control In accordance 31'.h Section 223 of systems on the Westinghouse RESAR-the Trade Act of 1974 the Department 414 design. Notice of this meeting was published on February 28.1979 (44 FR of I. abor herein presents the results of The ACRS Subcommittee on Consid-11279).
TA-W-411t Investigatjon regarding eration of CIMs-9 Accidents will hold In accordance with the procedures certification of eligibility to apply for an open meeting on April 4.1979 in outlined in the FLDEsAL RectsrEn on sorker adjustment assistance as pre-Room 1046.1717 H 8t., N.W, Wash-Octcber 4.1978 (43 FP. 45926) oral or scribed in Section 222 of the Act.
Ington, DC 20555. Notjce of this meet-written staternents may be presented The investigation was initiated on Ing was published on February 28 by members of the public. remrding January 16 1979 in respose to a 1979 (44 FR 11279).
Cll be permitted only durin; those sorker petition received on January In accor 'ance with the procedur.-J portions of the meeting when a tran-15.1979 shich was filed ori behalf of outlined in the Fur 3tAL RacisTom on script is being kept, and questbns may morkers and former sorkers producing October 4.1978 (43 FR 45926), oral or be asked only by members of the Sub-men and women's raincoats (mostly written statements may be presented committee. Its consultants, ant' Staff.
men's) at University Clothing Corpo-by members of the public. recordings Persons desiring to rnake oral state-ration. Somerville. Maspchusetts. The will be premitted only during those ments should notify the Designate 1 g
FEDER AL REGisfER. VOL. 44 HO. 55-TUESDAY, h.A 20, 1979
\\
P00RORGNM
(~\\
s=2
10986,,
NOTICES Federal Employee as far in advance as 4.1979 in Room 1010. 1717 H St.,
practicable so that appropriate ar-practicable so that appropriate ar-N.W., Washington, DC 20555.
rangements can be made to allow the rigements can be made to allow the In accordance sith the procedures necessary time during the meeting for essary time during the meeting for outlined in the FLDERAL Rtcism on such statements, October 4,1918 #43 FR 45926), oral or The agenda for subject meetmg The agenda for subject meeting writter. statements may be presented shall be as follows: Wednesday. Aprti J a statements.
by members of the public. Persons de.
1979, fAe meeting scill cortamence at shall be as follows:
siring to make oral statements should #:45 a.m.
Edgy h
'j d " '"' ""# O' notify the Designated Federal Em' The Subcommittee will hear presen.
ployee as far in adsance as practicable tations from the NRC Staff and will The Subcommittee may meet in Ex-so that appropriate arrangements can hold discussions with this group perti-ecutive Session, with any of its consul-be made to a110w the necessary time nent to the following-tants sho may be present, to explore during the meeting for such state' (1) Proposed Regulatory Guide.
and exchange their preliminary opin-ments.
" Cable Penetration Fire Stop Quahfr.
lons regarding matters shleh should The agenda for subject meeting cat'on Test for Nuclear Power Plants" be considered daring the meeting.
shall be as follows:
(Pre Comment)
At the conclusion of the Executive Wednesday. Apti J. J ers, 5:J0 p ut. matti the (2) Proposed Regulatory Guide 1.58.
Session, the Subcommittee will hear concia, ion c/ t*8in'88.
Revision 1. " Qualification of Nucicar Power Plant Inspection, Examination.
prescntations by and hold discussions The Subcommittee will meet in Ex.
with representatives of the NRC Staff ecutive Session to discuss the role and and Testing Personnel *, (Pre Com.
Westinghouse, and their consultants. responsibility of the ACRS in the reg.
ment) pertinent to this reslew. The Subcom, ulatory proc <ss. The proposal that the (3) Proposed Regulatory Guide mittee may then caucus to determine ACRS discamlinue the practice of re.
1.131. Resision 1.
Qualification Tests whether the matters identified in the ferencing unresobed ACRS generic of Electric Cables, and Field Sprices.
itenas in its project reports will also be for Light Water Cooled Nuclear Power ed dw ther the proje t is discussed.
Plants (Pre Comment) ready for review by the full Commit-Furt her information regarding (4) Regulatory Guide 1.140 Revision tee.
toples to be discussed, whether the 1, " Design Testing, and Maintenance in addison. it may be necessary for meeting has been cancelled or resched-Criteria for Normal Ventilation Ex.
the Subcomnuttee to hold one or more u!ed, the Chairman's ruling on re-haust System Air Filtration and Ad-closed sessions for the purpose of ex-quests for the opportunity to present. porption Units of I.Jght. Water Cooled ploring matters involvmg proprietary orst statements and the time allotted Nuclear Power Planta" (Post Com-information. I have deternuned, in ac~
therefor can be obtained by a prepaid ment) cordance with Subsection loto) of telephone call to tha Designated Fed-Other matters which may be of a Public I aw 92-463, that, should such eral Employee for this meeting. Mr.
predecisional nature relevant to reac-sessions be required. It is necessary to Raymond P. Fraley (telephone 202/ tor operation or licensing activities close these sessions to protect propri* 634-3265) betmeen 8:15 a.m. and 5 00 may be discussed following this ses-
" ary information (5
U.S.C.
p.m., EST.
sion' sons wishing to submit uritten Per Dated: March 14,1979.
r e information regarding s a ements regarding RegWaton opics to be discussed, whether the JOHN C. Hovtz.
&1 0, RWon 1, may do so b rueeting has been cancelled or resched-A cf tisory Committer providing a readily reproducible cop) uled, the Chairman's ruling on re-Xancpemenf O//icer.
quests for the opportunity to present (FTt Doc. 4m3 nled 3,19-79; 6 45 ami of the m et osever i
e oral statements and the time allotted that adequate time is available for full therefor can be obtained by a prepaid
- " d * #"" " '
telephone call to the Designated Fed-
[7590-01-M }
the snecting, it is dairable to send a eral Employee for this meeting, Mr.
readily reproducible copy of the com-Gary Quittschreiber. (telephone 202-ADViscaY COomit ON ttACTOR SMg.
ments as far in advance of the meeting 634-3267) betaeen 8:15 a.m. and 5:00 guano $. st:scean-u OH etoutATOey as practicable to Mr.
Gary R ACTivm!S p.m., EST.
Quittschreiber ( ACRS), the Designat-Background informat:on concerning ahe+ias ed Federal Employee for the meeting items to be considered at this meeting In care of ACRS, Nuclear Regulaton can be found m documents on file and The ACHS Subcommittee on Regu. Commission, Washmgton, D.C.
0555 available for pubhc inspection at the latory Actmtus w111 hold an open or telecopy them to the Designated NRC Pubhc Document Room.1717 H meeting, en Aril 4,1979. In Room Federal Employee (202-634-33191 as Street, N.W., Washington, DC 20555.
1046, 1717 H St., N.W., Washington. far in advance of the meeting as prac DC 20555. Notice of this meeting was ticable. Such comments shall be based Dated: Mareh 14.1979.
published in the P!stJtAL RtctsTra on upon documents on file and stallab Joan C. Hoyta.
February 28,1979 (44 FR 11280).
for pub!!c inspection at the NRC Adrisory Committee In accordance with the procedures Public Cocument Room,1717 H St Afanagement Officer.
outlined in the FmnAt. RectsTra on (Fit Doc.194173 Died 3-19-7W; 8 45 aml October 4,1978 (43 FR 45926) oral or NW-, Washington, DC 20555.
Further information regardins written statements may be presented topics to be discussed, whether the by members of the public, recordings meeting has been cancelled or resched <
will be permitted only during those re
[7590-01 M]
portions of the m(eting then a tran-quests for the opportunity to preW uled, the Chairman's ruling on ADVT 10aY COAuAsTitt ON ttACTOR script is being kept, and questions may SMEGU Atos, reoClounts susCOMMITitt be asked only by members of the Sub. oral statements and the time allotted committee, its consultants, and Staff. therefor can be obtained by a prepas
- 8 Persons desiring to make oral state, telephone call to the Designated Ed The ACRS Procedures Subcommit-ments should notify the Designated eral Employee for this meeting. Mr tee sill hold an open meeting on April Federal Employee as far in advance as Gary R. Quittschreiber, (telepho'*
FEDitAL REGisitt VOt. 44, NO. SS-TUESDAY, MARCH 20, 1979 P00R ORGML Gs
PRESENTATION SCHEDULE POWER AND ELECTRICAL SYSTEMS SUBCOMMITTEE MECTIfG ON RESAR-414 iMTEX3 RATED PR0rrECTION SYSTEM MARCH 30, 1979 PHOENIX, ARIZONA Presentation Approximate Time Time 1.0 EXECITTIVE SESSION (OPEN SESSION) 8:30 a.m.
2.0 MEETING WITH THE NRC STAFF AND WESTINGHOUSE (OPEN SESSION) 2.1 Subcommittee Chairmans Opening 8:45 a.m.
Remarks 2.2 Westinghouse Ovenriew of the RESAR-414 15 min.
8:50 a.m.
Integrated Protection System (IPS) 2.3 Report by the NRC Staff on Defense in 60 min.
9:20 a.m.
Depth Guidelines
Background
0 Extended Review U Block Concept / Guidelines Application of Guidelines Ebture Application 2.4 Report by the NRC Staff on Verification 20 min.
11:20 a.m.
and Validation Program Concept Approach Benefits Safety Review of RESAR-414 IPS BREAK FOR LUNCH 12:00 noon to 1:00 p.m.
2.5 Westinghouse Response to Defense 30 min.
1:00 p.m.
In-Depth Guidelines 2.6 Westinghouse Description of Proposed 45 min.
2:00 p.m.
Program for Analyses and Tests Re-quired by NUREG-0493 2.7 Westinghouse Response to Verification 30 min.
3:30 p.m.
and Validation Program Erg ueF A s -
A%L=8 8c70n4
FiS RESAR-414 March 30, 1979 Presentation Approximate Time Time 3.0 CAUCUS (OPEN SESSION) 4:30 p.m.
4.0 MEETING WITH THE NRC STAFF AND WESTIbCHOUSE 4:35 p.m.
(OPEN SESSION)
Conclusion / Remark; Discuss future meetings and agenda (if any) 5.0 AIUOURINEvr 4:45 p.m.
NOTES:
(1) A maximum of 30 minutes will be allowed for receiving oral statements from members of the public, if requested.
(2) The speakers should limit their prepared presentations to the time allowed. An allowance, amounting to approximately 100%
of the presentation time, has been made for questioning by the Subcommittee.
go70ns
\\~.
MINUTES OF THE ACRS SUBCCMMITTEE CN POWER AND ELECTRICAL SYSTEMS PHOENIX, ARIZONA MARCH 30, 1979 ATTENDEES LIST ACRS NRC W. Kerr, Chairman L. Beltracci D. Okrent, Member J. Joyce J. Mark, Member S. H. Hanauer W. Mathis,, Member J. Ray, Member WESTINGHOUSE W. Lipinski, Consultant E. Epler, Consultant B. M. Cook S. Ditto, Consultant L. Cr.npbell G. Quittschreiber, Staff
- R. W. Steitler B. Reid
- Designated Federal Employee B. G. Croley J. M. Gallagher ACRS Fellow PUBLIC J. H. Bickel J. Kay K. Bagwell M. Lecomte
,4TTACHMENT C 60"?OT'3
-Hat!S90
DOCUMENTS PROVIDED TO THE SUBCOMMITTEE FOR THIS MEETING 1.
NUREG-0493, A Defense-In-Depth and Diversity Assessment of the RESAR-414 Integrated Protection Systeu, dated March 1979.
2.
Viewgraphs shcwn at the meeting are provided as Attachment 1-18.
A complete set of all handouts are provided in the meeting transcript ard in the ACRS Office file for this meeting.
ATTACHMENT D 80'70T/
12467 98 e
e INTEGRATED PROTECTION AND CONTROL SYSTEM BASIC ARCHITECTURE Field Field Sensors' i
1 r 1 r Integrated integrated Control Protection Cabinets Cabinets Plant Computer t
System J
6 1 r P
Desplays
'"c'EaY
'"'";f"'
t l'9' Control Switches neu Cabinets J
L a
i
' f Main Control Board I
I Actuated Actusted Devices Devices t
Safety Non-Safety Reistad Related
- Some sensor signais shared between control and protection
+
8070D8 s
n
>_n,2 a' u U s2 0,c.
i-oI
10,388-2 i
CMANNEL Sti ID l
CNAMutL 5tf H g
CNAett Sti !
CMANNEL SET [1
^
CNANNEL I CMANNEL U CMANNEL M CNAMEL M
?
e F itLD CMANNEL 1 FIELD CMAN#EL U FifLD CHANNEL U FitLD CMANNEL U g
SEN50R5 DETECTOR $
SEM50R5 DETECTOR $
5tM50R$
DETECTOR $
SENSORS DETECTOR 5 l
i i
m I
m RPt RPt RPg RPI CA81 NET CA8tNET CAslMET CA8INET E
H g
I H
l I
INSI0t I 151DE CONT AIMNT
.ONTale(MT C.-_.
I
_ _m_.
l OUT5f0C CN. U CONT Allet KT p ggtp CM. I I
C0stTalHNT I
l gggg FitLD yigtp SEN50R$
l SENSORS SEN50R$
1 i
SENSORS u
FitLD l
FifLD FIELD 8
Fatto TillMINAfiON TERMINAT ION TERMINAll0M ltRMINAfton CA81ME T.I CAllsiET-Il CA8 BNll.ID CAllh(T.3 I
I ir
,r ir l
,r l
INTEGRATto tW EGRATED INTEsaATED INTEGRATED I
PROTECTION PROTECTION PROTICTICM PROTECTION CA81 ku TO I C ABI NET TD CA8l NET TO y,,
FROM CAllNU TO yyy II l'C ;
p,y I
iPC:
II "C
m IPC:
IPC I-IPC.
-e I gpg.
I PC
- I -*
i +1 I-+
i
-o 1
- II I II-+
i
-. H
-+ m E -*
i -e-M l II e
-. II H-.
DI-.
e
, -.- a m-7
-. m a-g rf i -a n-.
T i
i -a a-.
8
%ILj.-1I-yct.t_-l l L~
Lir-i-
hl
'I b
/ 't
,,o
,o
,4, g,'ATto 70 REACTOR TRIP TO REACTOR TRIP 5
TO REACTOP TO REACTOR INTEG A E3 TRIP ACWAfl0N LOGIC ACTUATION TeAin ITT actuation TRAIN 17 i,
TRIP ACTUATION LOGIC TRAIN H CA8INET II (SEE F LJRE 1.1-16)
(stt FIGURE 7.1 16)
TRAIN I CA81 NET I I
e i
I
__1__
__L_-
g PovER PONER INTERFACE INTERFACE NOTES:
1 (a) DATA LINES TO AREAS OUTSIDE TME l.P.S. ARE NOT SM0kN. FOR TMCSE 3,
I Lists. REFER TO FIGURE 7.l-10.
FIELD FitLD (til NO DISTINCTION 15 M10E ON TMf 5 iERMINATION TERMiNAT10sl 0l AGRAM BEThttN MARD.a,1 RED A80 CA8INET.A CA B I NET-8 10LTIPttIED DATA LIMrs. REFER TO FIGURE 7.4-10.
[
(c) h ISOLATION DEVICE I
I
',,r
<, i,,,i,,,<,,,
<, ir <, i,i,
<,<r r<
J J
L k
TO 15F C @PQMENTS TO (SF C@PONENTS IN SAFEGUAR05 IN SAFEGUARDS l
l ACTUATION TRAIN 8 I
ACTUAfl0N TRAIN A 8070SS Figure 7.1-2.
Basic Elements of the Westinghouse Integrated Protection System A m !L ') C'9 e un.
P00R ORGM X
BASIC SYSTEM ORGANIZATION f
tj
.i.
~
..I S
I REACTOR G
TRIP N
SUBSYSTEM A
L ENGINEERED P
SAFETY
^,
R FEATURES O
SUBSYSTEM C
E S
COMMUNICATIONS S
(CONTROL)
I SUBSYSTEM NON-N IPC IPC
,_G INPUTS INPUTS D
ILC E
~
_ Vary v v v v INTEGRATED INTEGRATED LOGIC CABINET CONTROL SYSTEM (ILC) A 9
Y 807100 e
se
- 3 L
4
=
ETM UE C T S
E
- O a.'i o g< E se X YS
)
1 2
f M,
eR ET P
m
,S I
M o
Y M
R S
M L
T E fr E
E O
T^
T RS d
D T
R S
~
e N
g OY T Y c
A Y
NS TS u
CB d
M S
B OB AU o
M U
CU E S r
S R
p O
S e
C r
(
o me ts y
7 A>h S
W,I I
l d
lo r
tn o
C
- I na n
9 1t a
t
\\
n f
m
/
e u
r R
ts E
a M
N l
E O 3 e
T c
C I
O s
S v
v T T u
Y D
O IDA o
L h
S N U E
O C n
S t
p A -
CL it N
EA es E
LC W
S B
E AL I
R B 4
A A VRI eru D A i
E V F
E M D c
c c
c v
v v
v M
M M
M cC vV M D.
=
I
~
I l
MEASURED MEASdR5D MEASURED MEASURED VARIABLE VARIABLE VARIABLE VARIABLE
, BLOCK _
BLOCK
- BLOCK, BLOCK I
DERIVED
~
DERIVED I
VARIABLE VARIABLE BLOCK BLOCK V
_ -- - /
ENGINEERED SAFETY SCRAM CONTROL FEATURES
__q p____q p--
v v
I COM51AND '-l
,l
,l' COMMAND COMMAND BLOCK I
l BLOCK BLOCK l
I l
i, l
CONTROL ENGIN5ERED l
SCRAM AND SAFETY MONITORING FEATURES I
I I
L _ _-
L.-- --
J t-J i
h 10TERd6ENEdTIOES TO'UTEEit COANNELS Figure 2. Basic System Architecture for Evaluation of Defense-in-Depth Principle.,
d
.A.
- ~I..h 2-13 S07102
3.2.1 Measured Variable Block (HVB)
INPUTS:
One or more sensors (S); manual (H); calibration and testing (C); each sensor in one block only.
~,
OUTPUTS: To one or more derived variable block (s) and/or command block (s).
MVB output signals may not be used as input signals for other MVBs.
MISSION:
Receive and process sensor, calibration and manual signals, and initiate control, scram, and/or ESF command blocks. May also provide input signals to DVBs.
SIGNALS TO S
i COMMAN D BLOCKS SIGN AL PROCESSING
^
i SIGNALS TO DERIVED
] VARI ABLE BLOCKS 807103
'M 3-2 E
Q
.- A
.C*
3.2.2 Derived Variable Blocks (DVB)
INPUTS:
One or more MVBs and/or DVBs; manual (M); calibration and testing (C).
OUTPUTS: One or more command blocks.
MISSION:
Receive MVB signals and provide signals to one or more command blocks.
INPUT SIGN ALS FROM MVBs i
m
( SIGNALS TO i
COMMAND BLOCKS SIGN AL.
J PROCESSING O
807.iO4 3-3 l
~
3.2.3 Command Block (CB)
INPUTS:
Signals from one or more MVB(s) and/or DV8(s); manual (M);
calibration and test (C); and from its counterparts in redundant channels.
OUTPUTS: Signals to actuate block; and to its counterparts in redundant channels.
MISSION: Receive and process signals and provide command signals to its actuation block and to its counterpart (s) in recundant channels.
FROM REDUNDANT CHANNELS INITI ATION SIGNALS F OM WBs AND DVBs COMMAND SIGN ALS TO ACTUATION i
BLOCK (S)
P
- SIGNAL PROCESSING F
TO REDUNDANT CHANNELS 8G7.l.05 s
3-4 e
O L
o GUIDELINES TO ASSESS DEFENSE IN DEPTH AND DIVERSITY 1.
GENERAL REQUIREMENTS INSTRUMENTATION SYSTEM SHOULD PROVIDE THREE ECHELONS OF DID o
o GUIDELINES DEFINING METHODOLOGY 2.
METHOD OF EVALUATION - SUBDIVIDE SYSTEM INTO BLOCKS 3.
POSTULATED CMF OF BLOCKS - REDUNDANT CHANNELS 4.
USE OF IDENTICAL HARDWARE & SOFTWARE 5.
EFFECTS OF OTHER BLOCKS - PROPAGATION OF CMF 6.
OUTPUT SIGNALS - NUMBER & ISOLATION 00 CD C
,_ J o c:
GUIDELINES DESCRIBING ANALYSIS REQUIRED 7.
POSTULATE VARIOUS CMF'S - ASSUME SIMULTANEOUS WITH ANTICIPATED OPERATIONAL OCCURRENCE ANALYSIS MUST DEMONSTRATE THAT SUFFICIENT DIVERSITY EXIST IN THE DESIGN o
THE PLANT RESPONSE CALCULATED USING CONSERVATIVE ANALYSIS SHOULD NOT RESULT o
IN A 1.
NON-C00LABLE GEOMETRY OF THE CORE 2.
VIOLATION OF THE INTEGRITY OF THE PRIMARY COOLANT PRESSURE BOUNDARY 3.
VIOLATION OF THE INTEGRITY OF THE CONTAINMENT C
cc e
O c,J
-c'
-a ca 9-q
8.
DIVERSITY AMONG ECHELONS OF DEFENSE 8.1 CONTROL / SCRAM
- POSTULATE VARIOUS CMF'S - RESULT IN PLANT RESPONSE THAT REQUIRES SCRAM
& IMPAIR THE SCRAM FUNCTION
- DIVERSE MEANS SHOULD BE PROVIDED TO EFFECT THE SCRAM FUNCTION TO ENSURE THAT THE PLANT RESPONSE CALCULATED USING CONSERVATIVE ANALYSIS SHOULD NOT RESULT IN A 1.
NON-C00LABLE GEOMETRY OF THE CORE 2.
VIOLATION OF Tile INTEGRITY OF THE PRIMARY COOLANT PRESSURE BOUNDARY 3.
VIOLATION OF THE INTEGRITY OF THE CONTAINMENT w
~
00
-: [
ca O
8.2 CONTROL /ESF oPOSTULATE VARIOUS CMF'S - RESULT IN PLANT RESPONSE THAT REQUIRES ESF &
IMPAIR THE ESF FUNCTION a DIVERSE MEANS SHOULD BE PROVIDED TO EFFECT THE ESF FUNCTION TO ENSURE THAT THE PLANT RESPONSE CALCULATED USING CONSERVATIVE ANALYSIS SHOULD NOT RESULT IN A 1.
NON-C00LABLE GEOMETRY OF THE CORE 2.
VIOLATION OF THE INTEGRITY OF THE PRIMARY COOLANT PRESSURE BOUNDARY 3.
VIOLATION OF THE INTEGRITY OF THE CONTAINMENT 8.3 SCRAM /ESF a ANTICIPATED TRANSIENTS WITHOUT SCRAM (NUREG 0460) aSTAFF RECOMMENDED RULEMAKING ON THIS ISSUE aGUIDANCE WILL BE DEVELOPED AS A RESULT OF RULEMAKING cf s
b*()
J fD
9.,
PLANT MONITORING SIGNAL TRANSMISSION FROM IPS TO CONTROL SYSTEM FOR MONITORING IS PERMITTED o
PROVIDED ALL GUIDELINES ARE MET AND THE CONNECTIONS AND SOFTWARE DO NOT o
1.
SIGNIFICANTLY REDUCE THE RELIABILITY 2.
ADD SIGNIFICANTLY TO THE COMPLEXITY OF THE IPS 3.
AND FAILURE OF PLANT MONITORING SYSTEM - DOES NOT INFLUENCE THE FUNCTIONING OF THE IPS cc MO 9
N i
h-i
-O
NRC V8V GUIDELINES 1.
V8V PROGRAM PLA' REQUIRED 2.
PLAN DEFINES VERIFICATION ACTIVITIES TOOLS DOCUMENTATION OF DISCREPANCIES 9
3.
PLAN DEFINES VALIDATION ACTIVITIES TOOLS DOCUMENTATION OF DISCREPANCIES 4,
INDEPENDENT V&V ORGANIZATION MANAGEMENT PERSONNEL CC QUALIFICATION O
O
~1
[
5.
PLAN DEFINES V8V SCHEDULE
_t_
L--
pa
l m
AUDITS
~
~
1.
SYSTEM DESIGN SPECIFICATIONS PRELIMINARY SOFTWARE SPECIFICATIONS EQUIPMENT PERFORMANCE SPECIFICATIONS 2.
SOFTWARE TEST PROCEDURES (COMPONENT)
HARDWARE TEST PROCEDURES (COMPONENT) 3.
FINAL SOFTWARE PERFORMANCE SPECIFICATIONS EQUIPMENT PERFORMANCE SPECIFICATIONS TEST RESULTS (COMPGNENTS) 4.
SYSTEM TEST PLAM' 5.
S'/CTEM TEST AND TEST RESULTU x
/
O sj p;
to
RESULTS TO DATE ONE AUDIT COMPLETED
.~
FOUR MORE AUDITS PLANNED RESULTS OF AUDIT WCAP 9153 UNDERSTATED VERIFICATION ACTIVITIES INDEPENDENT VERIFICATION OF SPECIFICATION WAS CONDUCTED INFORMAL PROCEDURES FOR IDENTIFICATION OF DISCREPANCIES
?
EXISTED, REQUIRED IMPROVEMENT QUALIFIED V8V PERSONNEL EXISTED SUCCESSFULLY TRACED PRESSURE SIGNAL THRU SYSTEM DEM0t'STRATED DISCREPANCY IDENTIFICATION CD O
$d C
U
~
Pao.a.n Pm3e NUREG 0493 GuiosuNes I
E E
I. hENERAL kEQUIREMEWT X
- 2. VETHOD OF b
VALU ATioN
- 3. 00STucATED CW or 3toens x
- 4. Use og __~oenricAt Mooutes x
- 5. EFFECTS of Orsen 3tocx3 x
x
- 6. Ou rgur Siouns x
7.
)lVERslTY FOR Aur,C, FATE D X
X OCCURRENCES
- 8..):vERSITY AMoNG CHELONS X
X OF DEFENSE
- 9. Ptaur Y owironine x
x 807.1.i.4
i (aal., c,, l,.i p
we 411rttTt J, 5, q 4, s,J lJ, A,5 l 0, a,C J,F,5 l A 8,J lJ, A,6 lC,I,8 1
--.--.l
- 1. testen torificatten Progres (WCAP 9153) - $detttad I/U i
i a
8 g
ig1 js
,y
. i g.
. s
.w
.. Tesit.g l1 4
I@f tysten b.
IRC And1ts ef III y
Procedures
,k
- 1) Procedures:
4 u
[3/Whv System
- 2) Yest Results:
., assults s
hrteclyles'b9153
- c. IRf Approval s P stb on of MAP.9153
\\
s d.
Westinghouse $dmit WCAP t N/W.
5y6 tam en fest Results O S/W Su>planeet s
s M/W e Systes Supplement e.
ERC Approval 5/W Supplement l
II. Program ta Address NURIG-0493 i i i
8 iY gi gia giil4 l
g i i e
A ' *k d
.. Witi.e.us. Sue.it n..
wiin. A
,ACR$
g
\\
attC @ra) b.
IRC Aaaroval of Pfler ta Plaa heeded By s itstIng I
- c. Fault free Analysts Analyses e
d.
Transtant Analysts 3
- e. Confirustten Testing After DVP) f.
Wstleghouse Sutalt WCAP sasalts g.
IstC Approval needed b
1 I18 1
P00RORIE.NAl.
so,.om f