ML20004E509
| ML20004E509 | |
| Person / Time | |
|---|---|
| Site: | Brunswick  |
| Issue date: | 06/09/1981 |
| From: | Utley E CAROLINA POWER & LIGHT CO. |
| To: | Eisenhut D, Eusenhut D Office of Nuclear Reactor Regulation |
| References | |
| RTR-NUREG-0696, RTR-NUREG-696 GL-81-10, NO-81-1000, NUDOCS 8106120276 | |
| Download: ML20004E509 (37) | |
Text
..
- ^
3 d "~3) 7
- py 1h ne: a ; m r s L n: c a n ~
June 9, 1981 File: NC-3514(B) Serial No.: NO-81-1000
<t ' I en Mr. Darrell G. Eisenhut, Director O to Division of Licensing 8 .
United States Nuclear Regulatory Commission g Washington, D. C. 20555 ,
J[J D % g l ($ggh
\
BRUNSWICK STEAM ELECTRIC PLANT UNIT NOS. 1 AND 2 DOCKET NOS. 50-325 AND 50-324
LICENSE NOS. DPR-71 AND DPR-62 9 EMERGENCY RESPONSE FACILITIES AND STAFFING C 6
Dear Mr. Eisenhut:
Summary l
l In your letter of February 18, 1981, you requested that certain design data and schedule commitments be provided to you with regard to Emergency Response Facilities. This letter provides the requested concep-tual design information and information on f.cility staffing. Carolina Power & Light Company (CP&L), however, while intending to proceed with deliberate speed on these projects cannot provide a firm commitment to a I schedule prior to obtaining your acceptance of the attached design. This decision is based on past experience with imilar projects. A detailed discussion follows:
Discussion In your letter of February 18, 1981, " Post-TMI Requirements for the Emergency Operations Facility (Generic Letter 81-10)," you requested certain information be provided by June 1, 1981 pertaining to facility conceptual design descriptions and requested a confirmation that implemen-tation dates contained in Enclosure 1 to your letter would be met. In our letter of April 9,1981, CP&L committed to provide by June 1,1981, both the cenceptual design for emergency response facilities at our Brunswick plant and our schedule and commitment for completion of the facilities following review of criteria for the facilities contained in NUREG-0696,
" Functional Criteria for Emergency Response Facilities, Final Report."
8106320.2N [
g s 9 ,
t
_ _ ._~ -. _. . - _ _ _ _ . . ._. - _
! The requested information on emergency response facilities, with the exception of the facility description for the Technical Support j Center, is contained in the attachment to this letter. Information re- )
garding Technical Support Centers has previously been supplied by letters j of December 31, 1979 and June 18, 1980. The attachment is patterned after NUREG-0696, and the information contained therein can be compared directly to the approaches described in the NUREG document.
- In determining the degree to which commitments could be made for implementation of the facilities and information systems addressed in NUREG-0696, CP&L studied the past history of requirements, recommenda-tions, and criteria that have been provided to the nuclear industry in general, and CP&L in particular, beginning with NUREG-0578. .As a result
! of this study, we feel that agreement with our proposed designs must be i reached before firm schedule conniements are made for these projects.
I The systems proposed are complex and require extended design and instal-lation periods. Changes that may be required in the systems due to changing criteria can have a significant impact on engineering and installation schedules.
Therefore, while we are committed to proceeding in an expedi-I tious manner, CP&L cannot firmly commit to a schedule for implacentation l of the ' facilities until we can be assured that the designs described in
! the attachment to this letter are acceptable. We understand that you will be reviewing this information and providing documentation of the i
acceptability of the facility designs later this year. Once this ,
documentation has been received, CP&L can respond to your request for commitment.
CP&L recognizes the need to responsively and responsibly continue working s achieve implementation of our upgraded emergency response facilities as early as possible. Regarding our Emergency Operations Facility (EOF), CP&L is in the process of defining and final-izing building size and sitt location. The EOF will be located between ten and twenty miles from the plant, and will be a new building. The completion date of this building is not firm, but will most likely fall after October 1, 1982.
l As you-are aware, a Technical Support Center facility was j constructed in 1980; however, NRC criteria contained in NUREG-0696 does not allow for the TSC to be placed at the location that we selected. To date, our attempts to gain NRC acceptance of our location have been unsuccessful, but we have not yet decided to forgo the present location and construct a new facility that meets the more recent criteria. We will inform you of our decision and the conceptual design of our TSC by l September 1, 1981.
It should be' recognized that the present facility is built and can be upgraded based on our understanding of habitability criteria by i October 1, 1982. If a new facility were required to be constructed inside the protected area, a new structure must be built with all the l
l
, , , - - - , ,-,,,_,,---..,,-.,--._-r.,e,n -
.-e .m,e. wcee,- ,-.,y-n-,,.,-w,o.,ww,,.,,,,m,~,-7,7--,- -p , yv--,
considerations of seismic support related to existing plant structures, radiological habitability, and other criteria set forth in NUREG-0696.
This will most likely carry implementation of this structure over into early 1983, depending on your concurrence with our design. ,
The Emergency Response Facility Information System, which will provide the data acquisition capability and data base for performing the required functions in the centrol room (SPDS), TSC, and EC7 is likewise dependent on NRC concurrence with our design. The complexity of the system required to implement all of the criteria outlined in NUREG-0696 dictates a top-down, structured approach to system hardware and architec-ture. System design requirements could not be finalized prior to the final issue of NUREG-0696 and assurance that appropriate criteria were employed. The development of bid documents (such as functional require-ments of the system, request for quotation, etc.), review of proposals, and selection of a supplier is an orderly process that requires five to six months if it is done correctly, and follows the finalization of
! criteria. While it is appropriate for CP&L to carry out this process in i parallel with NRC review of our proposed approach, it is not believed appropriate to proceed with awarding the system to a supplier before receiving concurrence with our design from the NRC. Following award,
- the schedule depends on the supplier selected, but implementation of the I
system will take a minimum of one year and could require as much as two years. Additional consideraticas such as the obtaining of data inputs t from plant instrumentation during scheduled major outages and the imple-mentation of the TSC and ELE to house the data system components will most assuredly result in an implementation date for the Emergency Response l Facilities Information System that is beyond the date of October 1, 1982 shown in Enclosure 1 to your letter.
l l CP&L has attempted to be responsive to NRC requirements; l however, we have on several occasions been required to duplicate work l
efforts on projects because of changing NRC requirements. The only way to ensure the most effective use of our resources is to proceed in a deliberate manner, ensuring that both the NRC and CP&L are in accord on what is required to implement projects of this magnitude. I trust that our approach is satisfactory and that the information provided in this submittal will allow you to reach an early concurrence with our plans to implement emergency response facilities at our Brunswick Plant.
If you have any questions on this subject, please contact our staff.
Yours very truly, Yb .'/
. E. Utley ,
Executive Vice President
[
Power Supply and Engineering & Construction l
r JJS/jc (8746)
Attachments cc: Mr. J. P. O'Reilly Mr. J. Van Vliet
- _ - - - _ - - - _ . - . . . . _ . , - . - - _ _ - - - . . - . - . _ . ~ . - . . . . . - - . - - . - . -
- 1. INTRODUCTION 1.0 i-The emergency response facilities and systems described in NUREG-0696,
" Functional Criteria For Emergency Response Facilities," are in the process of
! being implemented by Carolina Power & Light Company. The conceptual design of these facilities and systems are described in the following sections of this material, and correspond to the sections conta*.ned in NUREG-0696. Where
. possible, the NUREG criteria have been addressed so that comparison between the design and the criteria can be readil'y recognized. In many areas, designs-have not progressed to the point where detailed information can be provided.
i In those cases, we have indicated the general approach we intend to employ.
h i
P I
I
_ -. ,. _. . _ - - - ~. . . ~ . - - . _ _ . __ . _ . -
t '
4
- 2. TECHNICAL SUPPORT CENTER 2.1 Function The Technical Support Center (TSC) will be designed to function as described
- in NUREG-0696.
g.
2.2 Location Later - See text of letter.
4
- 2. 3' Staffing and Training
- Upon activation, designe.ted personnel will report directly to the TSC to I achieve full operational status. Because of notification and transient time for some' designated pe.esonnel, it may not be possible to fully activate the TSC in thirty minutes but it will be activated as soon as practical thereafter. In the interim, TSC functions will be performed by TSC personnel who have arrived or by shif t personnel on site. The TSC staff includes
! personnel to coordinate onsite related activities including accident assessment, onsite radiological monitoring, emergency repair, emergency administrative requirements, and communication with the control room and EOF.
The organization of the TSC staff will be contained in the Plant Emergency l Plan. Consultants may also be designated to augment Coepany recources in the TSC. The Plant General Manager or his designated representative will be in charge in the TSC.
The TSC staff will be partially or fully activated at the discretion of the plant management for an Unusual Event or Alert emergency class, but will be fully activated during a Site Emergency or General Emergency. A fully
-activated TSC Staff will be the same for each emergency level. A partially i
J f
h activated TSC will require staffing suitable for the specific emergency situation.
TSC activation drills will be conducted periodically in accordance with the Plant Emergency Plan.
2.4 Size i
Later - See text of letter.
J l
2.5 Structure 4
Later - See text of letter.
2.6 Habitability Later - See text of letter.
l l
i r.-. ,,,n.. -.-. ,,,,-,.,.,--,..-n-n_.,--, -
.,,,nr----,,,,,n,w ,,-em.,--,,.,,--.- , , - , ,. ,,, ,,,,-a.,. , , - , , -,
2.7 Communications The TSC is the primary onsite communication center for the nuclear power plant during an emergency. The TSC communication system meets or exceeds the communication needs listed in NUREG-0696 and is fully described in Section 3.1 of the Plant Emergency Procedures.
2.8 Instrumentation, Data Systems Equipment, and Power Supplies The Emergenc' Response Facilities Information System (ERFlS), described in the Addendum to this section, is designed to scan, convert to engineering units, make reasonability and limit checks, apply required transformations, store for recall and analysis and display in suitable form the reading or transform of any or all connected instruments. The system will scan, at the required frequency, flows, pressures, temperatures, levels, radiation levels and other variables; convert the data to suitable engineering units; check against reasonability and alarm limits and transform data (rates, averages, summations, etc). All data (converted readings) will be stored in secure storage for historical use.
The system will provide isolation and protection such that no system function will be affected by or affect control room actions, nor will requests or actions at any one system console affect any other console or console display.
The capability or reliability of any safety-related power source will not be degraded or impaired due to the electrical load of the system. The source of e . y r , ,- --
the supply for all electrical loads, the feeder supplying the load and the loads will be designed in a manner that vill not affect any safety function.
No data vital to the TSC will be lost due to circuit transients, powei .atlure or power fluctuations. Bf the use of alternate power sources, system design and redundant data storage, data will be preserved during all power failures.
Alternate backup power sources will be available as required to maintain continuity of the TSC functions and to resume the acquisition, storage and display of TSC data in the event the primary TSC power source is lost.
The use of alternate sources and diversity of power distribution will provide continuity of the TSC functions of data acquistion, storage and display.
The system will meet an unavailability goal of 0.01, for all conditions above cold shutdown.
The ayatem architecture, redundancy of essential subsystems and overall system design will provide the required availability. The system is designed such that no single component or subsystem failure will cause the total loss of essential data or functions. The system design uses multiple inputs through diverse input units, redundant data paths, duplicate nonvolatile storage and diverse, redundant output devices to provide a reliable system. The system will provide for periodic maintenance and testing without loss of function thus assuring a high degree of reliability and availability.
Human-factors engineering will be incorporated into the dati system design to afford ease of operations and maintenance.
l All operator controls, operating and maintenance procedures, data display, data formats and equipaent arrangements will be reviewed aed designed to be in ,
l r
compliance with applicable human-factors guidelines and requirements.
2.9 Technical Data and Data System The system will acquire, process, store and display information obtained from diverse plant inputs as needed to perform TSC functions. Process a
equipment status will be acquired from available instrumentation, processed to convert to appropriate units, processed for reasonability and compared to limits and stored for present or future analysis. All stored data will be available for display in the most appropriate form (s) from current snapshots 1:o historical reviews.
The data displayed or available for display will provide accurate and reliable information sufficient to determine plant steady-state conditions prior to the accident, transient conditions producing the initiating event and plant systems dynamic behavior throughout the course of the accident.
The data base providing information to the TSC will be identical to the data base providing information to be displayed in the control room. The system will be designed to provide access to the data base from either location without interference to or from the control room emergency operations.
Until the requirements of Regulatory Guide 1.97, Revision 2 are implemented, the minimum-data set will consist of already available plant parameters only.
That data which is available but not capable of being accessed directly by the computer-based ERFIS will be displayed in the TSC by either manual entry into the data base or by use of supplemental displays. Upan implementation of R.G. 1.97, Rev. 2, sensor data will be utilized to the maximum extent feasible consistent with the defined parameters determined to comprise the minimum data set, but manual entry or supplemental displiys may still be required for some data.
l i
The system will not degrade the accuracy of any input. The accuracy will j
equal the available accurancy in the control room and equal or exceed the l resolution.
i l
The scan frequency assignments will be sufficient to reproduce trends and rates of any parameter adequate for the analysis of transient conditions.
I i
- - - - - ~ ,- -
All variables can be trended for use in the TSC; the quality of the trend will be consistent with the quality expected from dedicated analog recorders generally used for similar purposes. All parameters may have a calculated rate displayed for use in analyzing or anticipating transient conditions.
Rotating tables of all parameters will be maintained at the scan frequency of the individual point. The tables will provide time tagged data from 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> before any designated event to 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> after the event. All data will be stored on two separate devices to assure security and availability.
The pre-/ post-event table will be compressed and maintained for at least 2 weeks. These records will also be time tagged and stored in duplicate files to assure security and availability.
All levels of data storage, pre-/ post-event, 2-week post-event and archival will be controlled automatically or semiautomatically in a manner that will not interfere with normal TSC functions. All essential data will be maintained on duplicate storage devices using a media and format that will allow data linking or transfer to off-site systems.
Sufficient numbers of display devices (3-5) .;11 be provided with provisions for additional displays if they are required. Each display will provide access to all available data without interference or interaction between display positions. System and channel capacities will provide fast response (1 second average and 3 seconds worse case for all displays).
All display positions will provide current trending of all parameters and a time history of designated parameters for previous 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> at high-time resolution or up to 2 weeks previous at reduced time resolution.
Any display position will be abia to display the information identical to the control room SPDS information. The SPDS display will use a paging technique with a top level or home display automatically displayed to the operator. The opeiator will have the ability, once this display indicates the presence of an abnormality, or paging to sper.ific displays for analysis and cause effect
r-determination. The selected TSC display will automatically track the control room display so that identical displays are presented at all times.
2.10 Records Availability and Management The following up-to-date records, drawings, and procedures will be provided in the Technical Support Center (TSC).
- 1. Plant Technical Specificartons.
- 2. Plant Operating Manual.
- 3. Plant Emergency Response Plan.
- 4. State and Local Emergency Response Plans.
- 5. Plant Emergency Procedure.
- 6. Final Safety Analysis Report.
- 7. State Evacuation Plans,
- 8. Licensee Employee Radiation Exposure History.
- 9. Drawings, Schematics, and Diagrams of the following general categories,
- a. Piping and Instrument Diagrams (P& ids).
- b. Control Wiring Diagrams (CWDs).
- c. Piping Plans for systems which could carry radioactive fluids outside containment.
- d. Heating, Ventilation, and Air Conditioning Flow and Control Diagrams.
- e. General Arrangement Drawings.
- f. Safeguards System Drawings.
- g. Reactor Protection System Drawings.
- h. Logic Diagram.
- 10. Technical Manuals for the major equipment such as:
- a. Reactor Vessel and Head.
- b. Reactor Coolant Pumps.
- c. Pressurizer.
- d. Steam Generators.
Plant operating records and , Plant Nuclear Safety Committee racords and reports as identified in ANSI-N45.2.9-1974 will be maintained in the plant vault. The records contained within the vault will be transferred to the TSC when they are required by the TSC staff.
ADDENDUM EMERCENCY RESPONSE FACILITY INFORMATION SYSTEM GENERAL The s; stem will be composed of a distributed Process I/O system which will include or be capable of remote multiplexing, redundant data and controlled access, redundant computers and memories, redundant auxiliary memories, multiple display devices, business peripherals (card reader, mag tape storage and high speed line printer), necessary power supplies, cabinets, consoles and other support equipment to house and maintain the system. Using input signal diversity, redundant inputs, dual computers, multiple display devices, power supply failover, system design and system architecture the system will be designed such that no single failure will cause loss of any essential function, data, access to data or the ability to scan and display any essential process variable.
The system will be designed to provide input isolation and system isolation such that no shared safety signals will be degraded by the system nor will any nonsafety system external to the system degrade the system by its failure or misoperation.
All power supplies, data, paths, control paths, and device switches will be designed such that a failed device will not degrade the operation of redundant or backup device.
The system will be modular in hardware design and software design to provide for future modifications or additions. Wherever feasible, standard interfaces l
and available second sourcing of components will be specified and used to assure the future availability of reliable spares.
The system will be designed to be upgraded to an integrated system which would supply process computer functions and future disturbance analysis as well as the SPDS, TSC, EOF and NDL functions. The integrated system will include hardware capacity and software design such that no function would degrade the performance, integrity or_ reliability of any other function. Any required i
- . . .-- . - . - -- - -, . ~ , . . . -- -
degradation for maintenance or testing would not cause degradation of essential functions or loss of essential data.
- COMPUTER SYSTEM The computer system will include as a minimum two redundant computers with dedicated working memories, primary bulk memories, power supplies, data and control channels; switched auxiliary bulk memories; device controllers and devices. The power supplies, switches and other shared equipment will be designed :o prevent a failed component from affecting the availability of .
redundant or backup components.
The computers will be chosen for suitability; reliability, proven design and with mature proven system software and sofv'are utilities.
PROCESS I/O SUBSYSTEM The process I/O subsystem consists of input termination, required isolation, multiplexers (switches), amplifiers, A/D converters, data and control buffers, subsystem control, power supplies and cabinets. The I/O subsystem may be local to the computer, distributed or remote units as required for best signal availability, plant space utili;:ation and overall system performance.
The remote units may be either ittelligent or semi-intelligent depending on l the system architecture and overall design.
l OPERATOR / ENGINEER INTEEFACE CRT displays, printers and controls will be provided for system control and information display necessary for use by plant operations.
l l The CRT consoles will provide the primary interface for system control as well i as for the display of alphanumeric graphic information. Output only displays
suitable for boar. mounting or to be free standing will be provided for SPDS and other display as required.
Hard copy devices such as printer, printers / plotters and video copiers will/can be provided to produce the necessary "hard" records at each location (control room, TSC, and EOF).
Necessary duplication of all output devices both on line and spare will be provided to assure the required reliability is met and to assure adequate accessability to system data simultaneously by several parties (up to 3).
Adequate installed spare and unimplemented spare capacity will be pcovided or included in system design to increase the number of display devices.
SYSTEM FUNCTIONS The system will scan and process all connected inputs, perform selected validity checks, check for alarm conditions, alarm if necessary, store data and provide for the display of information.
Proven tested operator demands will be provided to print / display single points, groups of points, prirt/ display reviews, provide graphic displays, trends and special reports. Under special administrative procedures and controls (keylocks or passwords) provide for change of alarm limits, calculation constants, add / delete points to scan or limit check and make prescribed data base changes. All changes to the system data base will be accompanied by c hard record of the change describing the change, the value or condition befor and after the change, what was changed, the time the change was made and who or what position the change was made by or from. No permanent program logic or program constants will be allowed to be changed from an operator's/ engineer's console. Progrataer access will not be available in the control room, TSC or EOF.
The system functions will be initiated using controls (keyboards and displays) that conform to human-factors guidelines and will be either single key,
fill-in-the-blank, selfprompting or a combination depending on the complexity of the function and frequency of use. All functions will indicate the action to be initiated and the response completed which will allow the operator to correct or abort an action prior to any system action and to verify actions that do not result in direct data display. Error checking, error recovery and error messages will detect accidental or incorrectly entered request and provide for easy efficient recovery. All requests will respond with an i
action, either error message or requested response.
SYSTEM SOFTWARE The computer system will be provided with an operating system, executive, utilities, math subroutines and process data acquisition programs suitable for a real time environment.
The system programs will allocate computer resource, control time and event dependent functions, provide or supplement protection features, provide or supplement system security, provide control of data flow and data base access and provide control of all peripheral devices.
l
- Compilers, assemblers, data base generators and other utilities necessary for orderly modifications and additions will be provided by the system supplier.
I APPLICATION SOFTWARE
( The system will include necessary application programs to process input data, perform calculations, provide special information display, construct and maintain historical files. All application program tasks will run in real time under the control of the OS executive. Tasks may be permanently core l
resident, bulk memory resident or a combination depending on the requirements j of the program. The system data common and global common will provide a data interface between all system and application programs.
l All program logic, either system or application, will be protected from inadvertent or accidental change. A secure copy of the latest revision of all l
l l
l l
l
programs will be available at all times to restore each computer following system maintenance.
e l
l l
l
,- - - , ~ , . - . . , - . - ,.~,-,n.- . ..w--. ,,- -,,., - , , - .,
I
- 3. OPERATION SUPPORT CENTER 3.0 The Operation Support Center (OSC) is located in the plant Service Building.
The functions of the OSC is to minimize congestion in the control rool during emergencies by providing a location, separate from the control room, where plant maintenance, operations, radiological control, and other plant emergency support personnel will assemble and standby to assist as needed. Supervision of the OSC has been established in the Brunswick Plant Emergency Response Plan-and the Plant Emergency Procedures.
The Plant Emergency Procedures also provide for evacuation of the OSC personnel in the event of a large radioact've release that would hinder the continued habitability of the OSC. Provf'lons for performance of OSC functions from other onsite locations in the event of evacuation of the 0*C have been made in procedures.
The communications system for the OSC consists of the plant public address system and the normal plant PBX telephone system. The PBX system is capable of reaching onsite and offsite locationa. Dedicated telephone extensions to the control room and the Technical Support Center are not presently provided.
Carolina Power & Light Company will install a system for dedicated communications to the control room and the TSC to meet the requirements of NUREG-0696.
4
- 4. EMERGENCY OPERATIONS FACILITY 4.1 Functions The Emergency Operations Facility (EOF) will be designed to function as described in NUREG-0696. This facility will serve as the location for overall management emergency response and the coordination point for all offsite related activities.
4.2 Location, Structure & Habitability The location of the EOF will be between ten and twenty miles from the plant.
Site selection for the EOF is presently in progress. As defined by NURFG-0696, the EOF will be "well engineered for the design life of the $.1 ant" and will bs designed and constructed in accordance with the Uniform Building Code. The EOF structure will be able to withstand adverse conditions of high wind and floods. As a result of the EOF being greater than ten miles from the plant, no special protection factor or ventilation requirements are necessary.
4.3 Staffing and Training Personnel in the TSC will perform the functions of the EOF until the EOF is operational. Upon EOF activation, designated personnel shall report directly to the EOF to achieve full operational status. The EOF staff includes personnel to coordinate offsite related activities including radiological monitoring, dose assessment, and communication with offsite officials. The organization of the EOF staff will be contained in the plant and/or corporate portion of the, Company's emergency response plan.
The portion of the EOF staff.that is drawn from the normal plant staff (radiological monitoring and dose assessment personnel) will be in place and operating shortly after EOF activation. The remaining EOF personnel, who are located in the vicinity of the corporate offices or other company nuclear facilities, require transit time and often notification will typically
_ _ . . . _ ~ _ _ . . _ _ . , _ _ _ - - _ . _ _ , , . _ _ - - - _ - . . - - . , , _
require three to four hours to arrive at the EOF. Upon arrival trom the corporate offices the Vice President Nuclear Operations or his alternates (contained in the Company Emergency Response Plan) will be in charge of all Company activities in the EOF.
The EOF staff will be partially or fully activated at the discretion of corporate management for an Unusual Event or Alert emergency class, but will be fully activated during : Site Emergency or General Emergency. A fully activated EOF staff will be the same for each emergency level. A partially
-activated EOF will require staffing suitable for the specific emergency situation.
EOF activation drills will be conducted periodically in accordance with the Company emergency plans.
4.4 Size The EOF will be designed to accomodate the staffing level contained in the Corporate Emergency Plan. Space requirements provided will meet or exceed those presented in NUREG-0696.
4.5 Radiological Monitoring Radiation monitoring systems will be provided in the EOF. These systems will
'have the capability to indicate radiation dose rates and airborne radioactivity concentrations inside the EOF while it is in use in an emergency. Detection of radioiodines at concentrations as low as 10-7 microcuries/cc may not be possible without performing laboratory analysis.
4.6 Cofmunications
.The EOF is a communication center linking the plant with all outside organizations. As such, the EOF communication system meets or exceeds the l
l l
communication needs listed in NUREG-0696 and is fully described in Section 3.1 of the Plant Emergency Procedures.
4.7 Instrumentation, Data System Equipment, and Power Supplies The system will atther, process, store, and display data needed in the EOF to analyze and exchange information. The system will access through a common data base all needed data and display any selected portion of the data in the EOF.
The control and display of data on EOF consoles will be independent of control room actions and will not interfere with the quality or time response of control room data display. By careful design of systen architecture, adequate sizing of computing resources, adequate bandpass on data channels, and the use of redundant devices, any one console position will not interfere with or degrade any o*her console position.
Signals shared with safety system parameters will have suitable isolation, separation and redundancy such that the unit compliance with GDC 22, 23 and 24 l
will be equivalent to the compliance prior to the cddition of the ERFIS.
i By using qualified isolators, housed in qualified cabinets and by using j separation and redundancy, the data system will not degrade the units l compliance with GDC 22, 23, and 24 I
f ' Electrical loads for the ERFIS that are supplied from plant Class IE sources will not degrade these sources or the safety-relsted loads connected to them.
The design of loads, sizing of feeders and circuit breakers, circuit breaker / fuse coordination and diversity of sources will be such that no ERF data system load will degrade the capability or reliability of a l safety-related power source.
The data vital to EOF operations will not be lost as the result of power transients or loss of power. The system will be designed with
duplicate storage units, dual power feeds and necessary failure detection capabilities to assure the availability and continuity of data upon the interruption or loss of any single source.
The EOF data and data display devices shall exhibit an overall availability of
.99 under all plant conditions above cold shutdown. The system will be designed using highly reliable and proven equipment and components. Adequate redundancy will be used to provide the required availability where the mean time to' failure or mean time to rapair of a single device cannot yield the required availability. Cases of single failures, accompanied by the ability to display or access data on alternate or device (s) or the soility to display parameters derived from identically redundant instruments shall be considered available.
The design, operations and maintenance of the system will be reviewed for human-factors considerations. The system architecture, hardware design, software design, console design, console controls and data displays will all be reviewed and designed to meet human-factors guidelines. Both operations and maintenance requirements will be considered in all human-factors review.
4.8 Technical Data and Data Systems The system will acquire, process, store and display the data sufficient to assess both actual and potential onsite and offsite environmental consequences; in addition, data indicating plant conditions will be available for display in the EOF. By maincaining a central data base stored on duplicate devices all needed plant parameters and environmental data, both current and historical, will be available. The system data base will include all plant parameters, effluent releases and meteorological data reeded to assess conditions, coordinate monitoring activities and reccamend offsite i emergency plans. !
)
)
1 l
1
~ ,. . . - - . - - - - -
The data base will include the sensor data described in Reg. Guide 1.97, Rev. 2 available from existing or planned additional instruments, and meteorological variables specified in Reg. Guide 1.23 and NUREG-0654 The data available in the EOF will be identical to like data available in the
! TSC.
Until the requirements of Regulatory Guide 1.97, Revision 2 are implemented, the minimum data set will consist of already available plant parameters only.
That data shich is available but not capable of being accessed directly by the computer-based ERFIS will be displayed in the TSC by either manual entry into the data base or by use of supplemental displays. Upon implementation of R.G. 1.97, Rev. 2, sensor data will be utlized to the maximum extent feasible consistent with the defined parameters determined to comprise the minimum data set, but manual entry or supplemental display may still be required for some data.
The system will not degrade the accuracy or resolution of any data beyond the accuracy and resolution available at the signal terminals. The accuracy and resolution will equal the accuracy of identical data supplied in the control room. Data available at the EOF will have accuracy identical to data displayed at all other locations.
Scan frequencies and data processing rates will be chosen to reproduce data 4 trends with a quality equivalent to conventional recorders. Data trends and calculated rates will be produced from data with a time resolution sufficient to analyze the dynamic behavior as indicated by the displayed parameter.
Criteria considered in assigning scan frequency will be the variable time constant, the time response of the measuring element, transducer and signal characteristics as well as response of accepted alternates.
The system will store data from 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> before an event until 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> af ter event at the time resolution tLst it is scanned. Data will be stored for 2 weeks with appropriata time compressions. Both operations will be
controlled automatically by the system and will store the data on two duplicate devices for security and availability.
Archival data will be saved automatically /on demand and will not interfere with or degrade EOF functions. The use of proven routines and administrative procedures will assure tht all needed archival data is saved and stored on a secure media such as mag tape or disc pack. The system will use a store and forward technique where data is spooled periodically from high speed, high resolution store to lower speed, lower resolution store and finally to archival store. Each level will have some reserve to assure that data will not be overridden and lost should the spooling operation be momentarily delayed or the archival store be unavailable for short periods of time. The 2-hour, 12-hour and 2-week data will always be stored on redundant devices (nondegraded mode).
There will be a sufficient number of display consoles (3-5) to allow several parties to review data in real time without interference or conflict between display consoles. The consoles will resopnd within 1 second average and 3 seconds worse case.
Any variable may be trended with a time resolution equal to its assigned frequency. The trend display may have several options but all trends will be available on color graphic CRT's. A time history of any variable in the l 2-hour, 12-hour (post-event) or 22 seek table may be trended on line and without special operator actions other than to demand the trend. Archival trends may require tapes or disc packs to be mounted or other special actions and therefore not continuously available.
l Displays may be partitioned to separate menus from dynamic data of display data, in different formats neither of which require full screen. It is not intended that a single Fcreen will normally serve the needs of two different groi.ps although no intentional design will prohibit this display mode.
Sufficient display consoles will be provided to supply the needs of a minimum of three groups (3-5 consoles) without the need for sharing displays.
All displays and display consoles will be designed to meet human-factors guidelines.
Any display (s) on the control room SPDS display will be continuously available in the EOF. Any paging operation initiated by the operator in the control room will automatically be carried out on the selected EOF display such that the data displayed in each location will be identical.
4.9 Records Availability and Management
. Die following up-to-date records will be provided in the Emergency Operations Facility:
- a. Plant Technical Specifications,
- b. Plant Operating Kanual.
- c. Plant Emergency Response Plan.
- d. State and Local Emergency Response Plans.
- e. Plant Emergency Procedure.
- f. Final Safety Analysis Report.
1 g. Off-site Population Distribution Data.
- h. Evacuation Plans.
- 1. Environs Radiological Monitoring Records.
J. Licensee Employee Radiation Exposure Histories.
S. Drawings, schematics, and diagrams of the following general categories:
- a. Piping and Instrument Diagrams (P& ids),
- b. Control Wiring Diagrams (CWDs).
- c. Piping plans for systems which could carry radioactive fluids outside containment.
- d. Heating, ventilation, and air conditioning flow and control diagrams.
- e. General arrangement drawings.
- f. Safeguards system drawings.
- g. Reactor Protection system drawings.
- h. Logic diagram.
1 i
l O
l l
I l
S. SAFETY PARAMETER DISPLAY SYSTEM 5.1 Function A top level-display derived from plant parameters and indicative of the plant safety status will be displayed.
The displae and data format (presentation) will be in conformance with human-factors criteria.
By using redundant instrument comparisons, checks for reasonability limits and normal operational limits, inferential checks to compare with other variables that are functionally related and by checking for detectable signal failures, all scanned variables will be quality tagged to indicate out-of-scan, open, out-of-sensor range, questionable status or substitute (entered) value.
By using reliable components, system design and redundant direct instrument channels on the main control board, essential indications will be available during normal and abnormal plant operating conditions.
Instrument channels, scan rates, processing methods and data displays will be chosen or designed to display pertinent information during both steady state and transient plant operation.
Signal processing (transforms), will be available along with sufficient display processing to allow all information to be displayed in the most suitable form. Instantaneous values, averages, summations, rates, and trends of any parameter or group of parameters may be chosen and displayed. Also, alarms and automatic display can be initiate
- based on instantaneous values or rates crossing setpoints or limits.
All interfaces between the SPDS system and safety systems will have isolation that meets all the required category IE requirements. The isolation will ensure the integrity of the safety systems. Further, where the SPDS
1 1
interfaces with non-safety systems, the isolation and the SPDS design will be such that the SPDS is not degraded beyond the loss of signals from the failed non-safety system, i.e., the degradation will be limited to loss of information from the failed non-safety system.
Qualification programs will be included in the specification, design, implementation, test, installation and operation to demonstrate the SPDS's conformance to the design criteria.
5.2 Location The location of the SPDS in the control room will be selected such that it is readily accessible and visible to those individuals who need to employ it during normal and off normal situations. Those instruments on the control board for SPDS paramsters which will provide a oackup to'the CRT display will be highlighted such that they will be easily recognizable. Displays of SPDS parameters will be available in the TSC and EOF, as described in Sections 2.9 and 4.8.
i 5.3 Size The size of the CPDS displays will be compatible with the control room space.
CRT display size will be selected and the displays will be located to provide for ready access of the displayed information.
The CRT's will be located and the format will be selected for readability from emergency operation stations.
The CRT displays will be located (positioned) such that they will neither interfere with operator movement nor limit the full visual access to other control board instruments or controls.
5.4 Staffing No one other than the normal control room operating staff will be required for f
operations of the SPDS.
f l
l I
4 5.5 Display Consideration Instrument channels, scan rates, procession rates and display devices will be chosen to give information response equivalent to conventional dedicated control room instruments. The system will respond to transient and accident sequences.
Both the top level display and the supplemental displays will be designed to independently or jointly display the status of the plant. The displays will at all times be sufficient to display plant status to the control room staff.
Information will be displayed on a single primary display in a form that meets human-factors guidelines. The format (s) will be suitable for all plant operating modes.
All process signals available to the system (SPDS, TSC or EOF) will be available for display on secondary display (s) in a number of designated
. formats. The secondary information will be readily available to the RO, SR0s or STA to aid in the analysis of any event, to assist in terminating a possible event or to assist in mitigating the consequences of an actual event.
The basis for selecting the minimum data set for the primary display will be documented in the final system design.
-The SPDS will access all available signals and will display information related to:
Reactivity control Reactor core cooling and heat removal from primary steam Reactor coolant system integrity Radioactivity control
Containment integrity Secondary displays will be available and system design will provide for automatic (event initiated) or manual (demand) control of the initiation or format of displays.
~
The system shall be designed to be modular in both hardware end software to allow for future modifications or additions. The system will be designed to be field expandable and testable to minimize any impact on system operation or integrity resulting from required modification or additions.
l
[ 5.6 Design Criteria Sensors, signal conditioners, and isolation devices shall be chosen from or designed to meet Class 1E requirements for all signals shared with or used by safety systems. The quality of all added devices (isolation, etc.) will be such that the quality of the signals to the SPDS will not be degraded.
All sensors, signal conditioning, signal isolation and terminating devices for those parameters identical to the parameters in Regulatory Guide 1.97 will be qualified to existing plant criteria as a minimum. Any upgrading of equipment will be performed on a schedule commensurate with Regulatory Guide 1.97
! implementaion requirements.
l All processing equipment, displays and related equipment will be high quality j
industrial grade equipment suitable for the application and the environment in which it will operate.
I All contrnis, displays and related procedures will be designed to meet i
- human-factors guidelines.
i j The system will be designed to function during and following an earthquake and still supply the essential data to the SPDS.
i
The function of the SPDS does not warrant seismic qualification because of the low probability of a seismic event concurrent with the need for the SPDS function, given the availability of seismically qualified displays for key safety parameters in the control room. Further, a separate additional concentrated display is not required as a backup for a nonseismic SPDS and is conceptually contrary to good human engineering practices.
Qualified indicators are available and with proper training of the operators, they are adequate for controlling the plant'under all conditions. Future control room reviews will identify human factors deficiencies in the control room and improvements will be made as required. The requirement to install separate additional seismic displays compounds the human factors problem and is also in conflict with sound operating practice which encourages that the operator use normal operating displays during accidents. This use of existing displays is most desirable since the operator will always get information to perform critical and normal operating functions from the same location. The SPDS, by definition is intended to concentrate a minimum set of plant parameters to aid the operator in the rapid detection of abnormal operating events. However, it is reasonable to use the normal qualified displays as a backup for this purpose.
This philosophy, in concurrence with appropriate human factors improvements, will form the basis of the CP&L approach to implementation of the SPDS.
Should implementation of Regulatory Guide 1.97, Revision 2, result in cajor revisions to instrument locations in the control room, the advantages and disadvantages of concentrating the seismically-qualified display into one segment of the control board will be evaluated and appropriate action will be taken.
The data system along with the direct indication will meet the unavailability requirements during all operating modes (0.01 above cold shutdown and 0.2 during cold shutdown and refueling). The system will be designed to allow periodic preventive maintenance without loss of function,
- 6. NUCLEAR DATA LINK
- 6.0 The Nuclear Data Link (NDL), as described in NUREG-0696, is too general to specify acceptability or non-acceptability as it relates to data acquisition systems that will be installed at the Brunswick Plant. Carolina Power & Light Company, in its design of facilities and equipment for emergency response activities, will try not to preclude installation of a NDL, should the Commission decide in the future that such a system is feasible and appropriate.
1
.~, - . , - .. .. -- -, , - . ---.--,4 m.-.m, . _-. ..-., . , - . . . - . - - - . . - . - - -. .
4
- 7. ACQUISITION AND CONTROL OF TECHNICAL DATA 7.1 Sources of Technical Data The parameters to be supplied to the ERFIS are described in Sections 2.9 and 4.8.
All signals shared with safety systems will have isolation and will meet the intent of GDC 24 and IEEE 279-1971, Section 4.7. The data system will not damage, degrade or interfere with the function or performance of any safety system.
Software programmed equipment will not condition or provide direct or indirect control over any signal conditioning device used in the signal path to the ERFIS.
7.2 Acquisition of Data All signals shared (interfacing) with safety systems will be suitably isolated.
7.3 DAS Functional Limitations The Emergency Response Facilities Information System will be designed and tested to function and previde needed response during all plant operating modes. No system demand will degrade the respocne below an acceptable level and no functions will be imposed on the system for which it has not been designed and tested to perform.
Using administrative controls, designed-in console security and positive control of programmer and maintenance access the system will be protected from inadvertent or uncontrolled operation.
,__a y " *
- m - mm ga e r- r- -
+M -
ee>e 9g<r-
By using a common data base, data verification and by sharing signals driving control room indication the system will display identical information at all locations and will be consistent with control room indications. ;
The system will be tested using selfconsistent data and static tests as well as dynamic data to validate all data processing programs. All results will be verified to be consistent with known input values. The test and validation procedures will be available for initial test and for future test following additions, maintenance or modirications.
7.4 DAS Design, Verification and Configuration Control All modifications / additions will be checked using test procedures.
All tests will be performed under static conditions and under dynamic l conditions (live inputs).
l l
i
. - . - . _ ,, ,m, _ _ . . _ . - _ _ - - - . , , , , . - . _ , _. . , , . _ . . . _ . _ . _, , _._ _,
4 4
- 8. EMERGENCY RESPONSE FACILITY INTEGRATION 8.0 Carolina Power & Light Company has designed the emergency response facilities, the Emergency Response Facility Information System, and other systems to function as an integrated system. The interim facilities are incorporated into the plant emergency plans and procedures have been implemented to ensure that they function as required. Information on the specific facilities and the data acquisition system that comprises the ERFIS has been , resented in earlier sections of this attachment.
?
I l
I i
l I
l l
- 9. VERIFICATION AND VALIDATION CRITERIA 9.0 Carolina Power & Light Company will employ good engineering judgement and
- design and control methods in the review and approval of systems and facilities. This review and approval process will incorporate independent verification and validation.
i
+
4 4
, .-... _ . - - . __ -..- . - - . , - - . . _ - ~ , , , . _ _ _ . - _ , . - . - - . . . . . . . . - _ . . . . . . . _ . - . , _ _ . . . _