ML19350E529
| ML19350E529 | |
| Person / Time | |
|---|---|
| Issue date: | 05/07/1981 |
| From: | Advisory Committee on Reactor Safeguards |
| To: | Advisory Committee on Reactor Safeguards |
| References | |
| ACRS-1841, NUDOCS 8106230233 | |
| Download: ML19350E529 (13) | |
Text
i i
s ffRS: /4W R
d 7J JSSUE rDATE: 5/7/81 f.C:-
/J lE JTES OF THE ACRS SUBCOMMITTEE MEETINC k
5 8.I f,'
'e' y
f Sh/9y[
ON ELECTRICAL SYSTEMS 1 m a St., Nw, wASa1NaTON, oC e' a g
MARCH 25, 1981 1 4 u,,, y,, ~ l._ ; j c,
ccm,;g; pen +;
\\(Q
.D '
Nu -
The ACRS Subcommittee on Electrical Systems held a meeting crQia'rch 25, 1.981 in Room 1046, 1717 H St., NW, Washington, DC.
The purpose of the meeting was to continue the Subcommittee's discussion with the NRC Staff on the safety implications of control systems. The meeting was open to the public.
The 4
{
Designated Federal Employee for this meeting was Dr. Richard Savio. Notice of this meeting appeared in the Federal Register, Volume 46, No. 46, March 10, 1981. A 1ist of attendees is Enclosure 1.
The handouts for the meeting are I
attached to the Office copy of these minutes.
EXECUTIVE SESSICN (OPEN)
Mr. Kerr remarked that the meeting was being held in accordance with the Federal Advisory Coinmittee Act and the Government in the Sunshine Act.
He noted that Mr. Richard Savio is the Designated Federal Employee, and that no written comments or requests for time to make oral statements from members of the public had been received.
He remarked that the agenda was relatively unstructured, but he had submitted a list of questions to the NRC Staff and expected that these would be addressed.
Mr. Kerr asked for comments.
Mr. Ebersole remarked that the review ~should concern itself with the interre-lationship of control systems with safety systems.
The context should be broad in scope and should review the full range of electrical and mechanical control systems. Mr. Ebersole also suggested that control systems should be able to cope with operator errors.
Mr. Epler stated that the scope of H106 23 0Nh
^
ELECTRICAL SYSTEMS 3/25/81 control failures,- which must be dealt with, should be determined in order to decide what amount of effort should be devoted to this task and whether the full range of control failures can be considered.
\\
Mr. Mathis noted that control systems should give the operator the " tools to ido his job", i.e., information should be readily available.
He suggested that the Staff should emphasize prevention rather than mitigation of this problem.
Mr. Ditto agreed that the operator. must have effective means for control and ready access to the control s.
Mr. Rossi stated that plant control systems were designed to operate over parameter ranges associated with normal operation.
Protection systems are designed to insure that safety limits are not exceeded. He noted that there are significant economic incentives to encourage the design of reliable and
,1 ef fective control systems and that this reduced the need for NRC regulation and review of these systems.
In addition, control systems are in constant use (as opposed to protection systems) and often use components similar, if not identical to those used in the protection systems.
Mr. Epler discussed his views on the scope of the problems and the effort that should be devoted to the solution.
e e
i. -.,--_-- -----.
,--r
--..----mer
+-,----n
--w-ew v
=%e--
G
~
i ELECTRICAL SYSTEMS 3/25/81 GENERAL SESSION WITH NRC STAFF Mr. Rossi, NRC, discussed the philosophy of the separation of protection and control systems. This was in response to Item No.1 in Mr. Kerr's request to the NRC Staf f.
He mentioned that the philosophy on the separation of protection systems and control systems was developed in the 1960'.c through consultations between the Regulatory Staff and industry.
The Staff f id not dictate a particular philosophy, but rather explored through the standards committees and early plant licensing reviews, approaches which could be taken toward reactor protection. The NRC Staff supplied a state-ment of their current position which is included as Enclosure 5.
Mr. Rossi noted that control and protective functions have different objectives.
Control functions have been established to allow plant operation within a utility grid which is also supplied by many non-nuclear plants. A second objective is to ensure that even given failures of the operational equipment, safety limits are not exceeded.
P-this, protective functions have been esta' lished to assure the plant sdfety.
o Once these control functions and protective functions are defined, a decision has to be made as to whether the same system should be used for both, or whether s?parate systems should be used.
Mr. Rossi noted that in the development of the philosophy, it was recognized that some limited ties between protection systems and control systems are appropriate and even unavoidable. He mentioned that systems will always be interrelated to some extent, e.g., through the operator.
ELECTRICAL SYSTEMS 3/25/81 In the conclusion to his remarks, Mr. Rossi remarked that when considering the amount of emphasis that should be placed on the review of the control R' stems 1
in the licensing process, the NRC Staff has made certain assumptions:
1.
The utilities have considerable economic incentive to have highly reliable i
control systems. Control systems failures can result in very expensive
{
downtime.
2.
Control systems are in continuous use and, therefore, their perfomance is constantly being monitored.
3.
Where the control system can exacerbate a transient or accident, the pro-tection system is designed to completely override and inhibit any further possibility of control action.
4.
The equipment used for control systems is in many cases, identical to that used for protection systems. The basic reliability of the indi-vidual modules would be comparable to that of components that are used for protection systems.
Mr. Srinivansan, NRC Staff, commented that the concern about interdependence of control and protection systems is not new. The concern has existed for about two decades. The Staff did not.have any fomal guidelines until the review of the RESAR-414 integrated protection system began about two years ago.
RESAR-414 is an integrated protection system and it was being reviewed for preliminary design approval. Guidelines were written and are documented in NUREG-N 93.
ELECTRICAL SYSTEMS 3/25/81 I
~
Mr. Epler noted that there is minimal separation of operating and protection systems for residual heat removal and that the system functions are closely combined.
~
Mr. Szukiewicz, NRC Staff, discussed the projected schedule for Task A-47,
" Safety ' Implications of Control Systems." He mentioned that the proposed schedule calls for a draft task action plan for Staff approval in about three months.
)
Mr. Basdekas, NRC Staff, remarked that when the Staff assumes that safety systems will mitigate the consequences of control system malfunctions or accident sequences that may be initiated by such failure; they are taking a limited view by assuming that the reactor protection system will trip the reactor before fuel damage has taken place. What happens after the reactor is shut down should also be considered.
1 I
Mr. Rossi, NRC Staff, responding to a written question on anticipated transients, said that Staff philosophy is that protection systems include anything that is used to mitigate the consequences of anticipated transients and that is re-quired to prevent fuel damage because of an ancitipated transient.
I Mr. Basdekas discussed the basis for his recommendation for derating plants pending a resolution of the safety implications of control systems.
He stated that the views he was expressing were his own and not necessarily those of the Staff. He recommended derating to 65 percent power level.
In response to a question, he replied that he had used his engineering' judgment in arriving at the 65 percent recommendation.
ELECTRICAL SYSTEMS 3/25/81 6-
)
1 The meeting was adjourned at 2:55 p.m.
No further meetings were planned at this time.
NOTE:
For additional details, a complete transcript of the meeting is avail-able in the NRC Public Document Room,1717 H St., NW, Washington, DC 20555 or from Alderson Reporters, 300 7th St., SW, Washington, DC, (202)S54-2345).
I o
e
.tn u a a u 04/25 M1/
DATE ADVISORY COMMllTEE ON REACTOR SAFEGUARDS-MEETING
$0Rb f6WAL ~
/
f ATTENDEES PLEASE SIGN BELOW j
J,'Eb**"
, BADGE NO.
AFFILIATION 1
WA"TCE I ' P'* Wt E ' 6 /01 AnL-F.n u r
$sf l 2 [ P_ E,,/w 3 o ' 0 r Y '
- I F :' ".N 5-n/7/
NbE 13n 6CCT!'nE D -
a 46
.hoTTc G~ lb 9 Co a n rx-a -
T"A Lsn.<d E I67 Oske !*aw C..
i 5
%s rmes-sa g
- 5. 7, mvn !4 v S-oiri _\\
Tu h L l
7 bhtch Edwards E - errz.
RS/zsun 6 o / 5'/
/WW g
Czto EA ran
- z. o n,
Si& (. w',w 9
\\ c c lrs M
10 --l C kl es!.htt i x)s-rt>
I I
A n,,9:
~
~
dide.+,
13 1a e orv
~12 N. Hw.'L r ony i rr7 c o 13 W ksA R, CJ:wtNi Act5 14 1 c. M MK (A4RT.-skin Ac l2 5 15
~l~ ~ $4\\/
A(25 1G 17 18 l
l 19 I
20 Enc. o suae,'.
P00R 2 BEL
~
AGENDA FOR ELECTRICAL POWER SYSTEMS SUBCOMMITTEE MARCH 25, 1981
. 8i30-8:45.
EXECUTIVE SESSION
-8:45:- 10:00-PRESENTATIONS BY THE NRC STAFF 10:00 - COB GENERAL DISCUSSION h
/
J 4
Endosu.ce_.J i
e en
---.--.---.r.--
,,-m,y
,--,y.
,...-r,w,w-
.--,,7--%,-y,---m,w,mw-,e,vw<,ep-.w,.c-we,
-e,-reee.
LIST OF HANDOUTS ACRS SUBCOMMITTEE MEETlNG ON ELECTRICAL SYSTEMS MARCH 25,.1981 1.
Tentative Schedule 2.
Memo for W. Kerr from F. Rosa on Licensing Criteria for Control Systems in Foreign Countries, dated March 18, 1981.
3.
Ltr. to E. C. Wenzinger from W. Aleite, FRG, transmitting two German reports, German-KET-Rule 3501 and. paper given by Aleit et the European Nuclear Society Topical Meeting regarding " grey safety-grade equipment."
l!i
&O$dC e
-3/AS/r/
fo r A C M S de eli9
~
on PHILOSOPHY'ON THE SEPARATION OF PROTECTION AND CONTROL l
The philosophy on the separation of protection systems and control systems was developed-in the 1960s and early 1970s through interactions between the regulatory staff and industry. The interactions occurred primarily~through the development of industry standards such as IEEE-279.
The staff.did not dictate a particular philosophy, but rather explored tnrough the standards comittees and early at:F. licensino reviews various approaches which could be taken towards I
reactor protection.
A brief, simplified description of the approach towards protection and control is as -
i s
follows. A nuclear power plant must satisfy utility requirements for the economic production of power. These requirements include plant operation with a limited numbe of operators, high plant availability with few unplanned shutdowns, and the ability to follow the utility grid load demand. The requirements for operation are based largely on matching the capabilities of non-nuclear plants. Plant control systems to accomplish the desired economic operational characteristics are established. The scwing the plant to perform control systems, of course, have to be cape.ble "
normal operations with margin to plant safety limits.
i To assure that safety limits are not exceeded should any system used for normal operation fail, various protective functions such as reactor trip and decay heat removal have been established in the Commission regulations. Systems whose prim-ary purpose is to accomplish the protective functions are provided to fulfill these requirements.
One, thus, has two somewhat differing oofectives. The first is to allow nonnal plant operation within a utility grid which is also supplied by many non-nuclear plants. For this, control functions were established. The second objective is to insure that even with failures of the operational equipment, safety limits are not
Contact:
r-i C.E. Rgsgi X29431 C /ld OS U C, ')
=~-
---e-
-m
.n,
--,_.-----,an---
.~w,
,,_--s n
m.
,v,~-
,r-.-.-r,,.,,w--,
.i'.,
exceeded. For this, protective functions were established to assure plant safety.
Once control functions and protective functions are defined, a decision has.to be made as to whether the same systems should be used for both or whether separate' systems should be used. The philosophy developed through the standards canmittees-was one in which the protection systems were treated separately. This allowed a set o' guidelines to be established with the intent of insuring that protection functions are accomplished with a very high degree of reliability. Having a specific, well defined group of protection systems to accomplish required safety functions allows both industry and the regulatory agency to concentrate their efforts and make effective use of limited resources in accomplishing safety goals.
In development of the philosophy, it was recognized that some limited ties between protection systems and control systems are appropriate and even unavoidable. For example, the systems will always be interrelated through the fluid process systems.
Additional interfaces such as the use of the same sensors for protection and control were considered acceptable providing appropriate rules are followed. General Design Criterion 24 and IEEE-279 permit limited interconnections between protection and control systems and define rules for implementing these interconnections.
When considering the amount of emphasis that should be placed on the review of con-trol systems in the licensing process, several facts should be noted:
- 1) There is considerable economic incentive for utilities to have highly reliable control systems since a failure in these l
systems can result in the financial penalties associated with a forced plant shutdown.
- 2) Control systems are, in many cases, continuously in use and, thus, can be viewed as being continuously under test. Operators are very familiar with the expected performance of control systemi as a re-sult of their constant reliance on them during normal plant opera-
---c
-,,-_-.,,,,,,,-n-,,
,,,..,, ~,,,., - -,, - - - -, < - ~,, -
tions. Protection systems, in contrast, are used only infrequently and, in general, are on-off systems. Degradation in performance of the protection systems can only be detected during periodic tests.
- 3) Where a control system is known to exacerbate a transient or accident.
the protection system is designed to completely override and inhibit any further possibility of control action. For example, a reactor trip totally inhibits all further reactivity control actions. Sim-ilarly, protection system actions are taken to totally isolate main-feedwater from the steam generators and inhibit all further level control action for transients made more severe by continued feed-we:er flow.
- 4) The equipment modules used for control systems are, in many cases, identical to those used for protection systems. The control systems may differ from the protection systems in that they are not redundant, are not located in seismically qualified cabinets, and would not have complete quality assurance documentation covering their manufacture.
However, the basic reliability of the individual modules would be comparable to components used for protection systems.
The philosophy on the degree to which protection and control should be separated has most recently been reviewed with respect to the RESAR 414 control and protection system. The conclusions were that the overall philoscphy is sound and that there are situations where limited interties between protection and control are per-missible and even desirable. The staff does not consider additional reviews of the basic philosophy to be fruitful. Clearly, however, the approach to review of control systems is evolutionary and changes based on experience can be expected.
Specific problems found during reviews or plant operation will be corrected.
l e
y
).
Federal Register / V21. 46. No. 46 / Tuesday, March 10 test / Notices 18009 3*
e&,
~
=
- M121): November 7. 2000 (45 m 74121);
applications for financial sostatsace
%e entire meeting will be open to November 28.1980 (45 FR 7ates):
innder the National Foundation on the public attendance except for those I
pnember 7.18e0(45 FR 74120):
Arts and Humanities Act of tea 5. as sessions which will be closed to protect; L
'. November 7,1980 (45 FR 7s273);
amended, including discussion of proprietary information (Sunshine Act November 7.1000 (45 m 74120).
Information given in confidence to the Eaemption 4).One or more closed November 7,19eo (45 FR 74121);
agency by grant applicanta. Because the sessions may be necessary to discuss Ncvember 7,1980 (45 71t 141201 proposed meeting wi!! consider such information.To the extent
}
November 18.19e0 (45 FR 76273); and information that la likely to disclose:(1) eracticable. these closed sessions wi!!
November 7,1960 (45 FR 74120). The trede secreta and commercial or he held so as to miniman inconvenience determination on Mack Pattern Works, financialinfor: nation obtained from a to members of the public in attendance.
inc. (TA.W-ele 6) will be pubbshea person and privileged or corJidential: (2) ne agenda for subject meeting shall information of a personal nature the be as follows: Wednesday Aforch 21 s shortly, ne petitioner maintains that a proper disclosure of which was!d constitute a m, e30 m unhe condush of y[)' review of the actual facts would show clectly unwarranted invasion of business.
that the work of automotive pattern persens! privacy: and (3) Information During the ta!na! person of the ontms.
s:akers is being done outside of the the disclosure of which would H
United S;stes. resulting in layoffs for significantly frustrate implementation of Ibe Submaunittee, along with any ofits sensultants who may be pmeent. assy persons represented by the Pattern proposed agency action: pursuant to mhange pm!Imanary views rosarens Makers Association of Detroit.
authority granted me by the Chairman's saattare to be considend durtag the balance Petitioner cites, for exarople, that a Delegation of Authodty to Close l
pattern makirig job on which local Advisory Committee Meetings. dated si th* 8*1in8-The Subcommittee wG1 then hear s
companies bid was awarded to FLAT January 15.1978. ! beve determined that pawntauona by and hold discuselons with and that the work was to be performed this meeting will be closed to the public
'opresentatives of the NRC Staff, members of l ' in laaly.
pursuant to subsections fej(4) (6) and nadustry. seir comeultants. and o&er (9)(B) of section 552b of Title 5 United Intemted persons regarding thee eve 6ew.
States Code.
Further information reserding topka so be After review of the application.1 conc' ide that the peutioner's claim fa of
(
- [$
- g 88 diac ned whether the mutics has tan 8
sufficient wei ht to justfy Admor) Cornmittee Management Of5cer.'
ruling on requests for the opportunity to 3
recensideration of the Department of National Endowment for the Humarunes.
pmunt wel statemme and Be Mme allotted Wes.S nston, D.C acsos, or call (:c:) rae.
therefore can be obtained try a propsid Labor's prior decision.The appbcation u
[
is, therefore, granted.
oser.
f,*j"Emp
[
Signed et Wuhmston. D.C th.s 2nd day of supben I. McGeary, p March tasi.
Advisory Coaurunee Mangement Ogmer.
(telephone :Ic:/s34-326rl between G:15 a.m lameo T. Taylor, gra om. surin re.d So-a. me el end 120 p.ta EST.
Direercr. C" ice of Manetemt m mo coat ro m s I have deiernuned. in accordance with subeection totdi of the Federal Adnaary
, Acminisection andMonru.a8 Committee Act, that it may be necessary to in Da
- d"* Nd 5 ** ** **l clow portions of this meeting to pubbe sumoecce* *
' NUC'_ EAR REGULATORY attendance to protect peopnetary CdMPTSION information. The authonry for such closure la
.v NATION AL FOUNDATICN ON THE y Advisory Committee on Reactor Esemption(41to the hh-Act.5 U.1C ARTS AND THE ttUMANITIES Fafeguarda, Sut committee on
&&cbicll:1 Dectrical Power Syatams; neeet>9 Deted March 4.3ast.
- HumaniMen Panet; Meeting De ACRS Subcorunittee on Electrical lehm C Hmle, a.
March 1. test.
d, 5 ActNCT. National Endowment for the Power Systema w(!! hold a me.-ting at Advisory Caauninee Managemeer 05mr.
4 a.20 a.m. on March 25.1ast in Room ya o m.r m pu.ds-s e ass -
Humanities.
m6.1717 H Stmt.RW.Wahon, ones m>ews
> { actiom Notice of Meeting.
DC to discuss matters relating to the j suuuamr. Pursuant to the provision of safety iciplications of reactor control if the Federal Advisory Coremittee Act systems.
r Advisory Committee on Reactor (Public Law 92-563, as amended). notice in accordance with the procedurea Safeguards, Subcc nmittee on MRC i
e ek ge4 is hereby given that the following outlined in the Federal Register on Safety Research Program,
- j meeting of the Humanities Panelwill be October 7.1980. (45 FR 86535), oral or Postponement c
i( held at 80615th Street.N.W.
written statements may be presented by
't'1 Washington. D C. 2050e:
members of the public, recordings wel ne ACRS Subcomm!!!ee meeting on
]
r Date: March 24.1981.
be permitted enfy during those portions the NRC Safety Research Program has of the meeting when a transcript is being been pcstponed to April 3.1981
.f Time:4 p.rn. to 6 p.m.
24cm:011.
kept, and questions may be asked by (Ten'atively). Notice of this meeting was 8
Program:nis meeting will review merobers of the Subecmmicte. !ta published February 23.1981.
r ;-
a plications submitted for the Media consultants, and Staff. Persons desiring Deted. March 4 test.
1 y
{
umanities Projects Program. Division to make oral statements should notify WC HoA
{
of Public Programs, for projects the Designated Federal Employee as far beginning after May 15,1981.
In advance as practicable so that Adviswy ComaAree Manegement Oficer, g.i The proposed meeting is for the app opriate arrangements can be made Fu o=. u-me r~.d 544 an s to allow the necessary time during the aumo ccos rs.e-ews
[. ' Pepose of Panel review.discu sion, meeting for such statements.
tialuation ar.d recommendatica of T.
l Enc.losarz.R 4:
I 1
_ 1
-. _ - - -,