Text

WCAP-18461-NP, Rev. 0, Common Q Platform and Component Interface Module System Elimination of Technical Specification Surveillance Requirements
	ML20020A009
Person / Time
Site:	Vogtle
Issue date:	01/31/2020
From:	Merkiel S; Westinghouse, Westinghouse
To:	; Office of Nuclear Reactor Regulation
Shared Package
ML20020A007	List: ML20020A008; ML20020A009;
References
	LTR-NRC-20-4 WCAP-18461-NP, Rev 0
	Download: ML20020A009 (190)
	v • d • e

Westinghouse Non-Proprietary Class 3 WCAP-18461-NP January 2020 Revision 0 Common Q Platform and Component Interface Module System Elimination of Technical Specification Surveillance Requirements

Westinghouse Non-Proprietary Class 3 WCAP-18461-NP Revision 0 Common Q Platform and Component Interface Module System Elimination of Technical Specification Surveillance Requirements Steven L. Merkiel*, Senior Engineer Functional, Systems & Setpoints Engineering January 2020 Reviewer: Warren R. Odess-Gillett*, Fellow Engineer Licensing Engineering Verifier: James P. Doyle*, Fellow Engineer I&C Product Commercialization Approved: Steven R. Billman*, Manager Functional, Systems & Setpoints Engineering Zachary S. Harper*, Manager Licensing Engineering

Electronically approved records are authenticated in the electronic document management system.

Westinghouse Electric Company LLC 1000 Westinghouse Drive Cranberry Township, PA 16066, USA

Westinghouse Non-Proprietary Class 3 ii TABLE OF CONTENTS LIST OF TABLES ....................................................................................................................................... iv LIST OF FIGURES ...................................................................................................................................... v LIST OF ACRONYMS AND TRADEMARKS .......................................................................................... vi REFERENCES ............................................................................................................................................ ix BIBLIOGRAPHY ....................................................................................................................................... xii 1 INTRODUCTION ........................................................................................................................ 1-1 1.1 PURPOSE ........................................................................................................................ 1-1

1.2 BACKGROUND

............................................................................................................. 1-1 2 SCOPE OF ANALYSIS ................................................................................................................ 2-1 2.1 BASE ARCHITECTURE ................................................................................................ 2-1 2.1.1 Bistable Processing Logic (BPL) .................................................................... 2-2 2.1.2 Nuclear Instrumentation System (NIS) ........................................................... 2-3 2.1.3 Local Coincidence Logic (LCL)...................................................................... 2-3 2.1.4 Integrated Logic Processor (ILP) .................................................................... 2-3 2.1.5 Component Interface Module (CIM) ............................................................... 2-3 2.1.6 Post-Accident Monitoring (PAM) ................................................................... 2-3 2.1.7 Safety Display (SD) ......................................................................................... 2-3 2.1.8 Maintenance and Test Panel (MTP) ................................................................ 2-4 2.1.9 Interface and Test Processor (ITP)................................................................... 2-4 2.1.10 Subrack Components ....................................................................................... 2-4 2.2 SURVEILLIANCE REQUIREMENTS SUBJECT FOR ELIMINATION ..................... 2-4 2.2.1 Westinghouse Standard Technical Specification Surveillance Requirements . 2-4 2.2.2 Combustion Engineering Standard Technical Specification Surveillance Requirements ................................................................................................... 2-6 3 INDUSTRY STANDARDS AND REGULATORY GUIDANCE ................................................ 3-1 3.1 10 CFR 50 ........................................................................................................................ 3-1 3.2 IEEE 603 .......................................................................................................................... 3-2 3.3 IEEE 338 AND REGULATORY GUIDE 1.118 .............................................................. 3-2 3.4 BTP 7-17 .......................................................................................................................... 3-3 3.5 EVALUATION/CONCLUSION ...................................................................................... 3-3 4 INTRODUCTION TO COMMON Q SELF-DIAGNOSTICS ..................................................... 4-1 4.1 OVERVIEW .................................................................................................................... 4-1 4.1.1 AC160 Platform Self-Diagnostics ................................................................... 4-1 4.1.2 Guaranteed Completion of AC160 Self-Diagnostics ....................................... 4-1 4.1.3 CIM and SRNC Self-Diagnostics .................................................................... 4-2 4.1.4 Application Self-Diagnostics ........................................................................... 4-2 4.1.5 Self-Diagnostic Online Testing........................................................................ 4-3 4.2 SINGLE FAILURE CRITERIA ...................................................................................... 4-3 4.3 QUALIFICATION OF AC160 SELF-DIAGNOSTICS .................................................. 4-3 4.3.1 Common Q Topical Report - NRC Safety Evaluation .................................... 4-3 4.3.2 Palo Verde Nuclear Generating Station Core Protection Calculator System... 4-4 WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 iii TABLE OF CONTENTS (cont.)

4.3.3 Platform Differences Since Initial NRC Review and Palo Verde CPCS ......... 4-5 4.3.4 Southern Nuclear Company LAR 19-001 ....................................................... 4-5 4.3.5 Conclusion on Qualification Status of Diagnostics ......................................... 4-6 4.4 DIVISION FAULT ALARM PATH ................................................................................. 4-7 5 SELF-DIAGNOSTIC FUNCTIONS ............................................................................................ 5-1 5.1 AC160 SELF-DIAGNOSTICS ........................................................................................ 5-1 5.2 CIM/SRNC DIAGNOSTICS ......................................................................................... 5-12 5.2.1 SRNC Diagnostics ......................................................................................... 5-12 5.2.2 CIM Diagnostics ............................................................................................ 5-16 5.3 APPLICATION DIAGNOSTICS .................................................................................. 5-24 5.3.1 Application Software Self-Diagnostics ......................................................... 5-24 5.3.2 Other Application Software Functions .......................................................... 5-24 6 FAILURE MODES, EFFECTS, AND DIAGNOSTIC ANALYSES ........................................... 6-1 7 TECHNICAL SPECIFICATION SURVEILLANCE REQUIREMENT MAPPING ................... 7-1 7.1 WESTINGHOUSE STANDARD TECH SPEC SR MAPPING/ANALYSIS ................. 7-1 7.1.1 Channel Check Elimination Analysis .............................................................. 7-1 7.1.2 Channel Operational Test Elimination Analysis .............................................. 7-6 7.1.3 Actuation Logic Test Elimination Analysis ..................................................... 7-9 7.1.4 Actuation Logic Output Test Elimination Analysis ....................................... 7-11 7.2 COMBUSTION ENGINEERING STANDARD TECH SPEC SR MAPPING/ANALYSIS ................................................................................................. 7-15 7.2.1 Channel Check Elimination Analysis ............................................................ 7-15 7.2.2 Channel Functional Test Elimination Analysis.............................................. 7-19 7.3 RESPONSE TIME TESTING ELIMINATION ANALYSIS ........................................ 7-29 7.3.1 Methodology.................................................................................................. 7-29 7.3.2 Response Time Paths ..................................................................................... 7-30 7.3.3 Input Module Analyses .................................................................................. 7-31 7.3.4 Processing/Communication Component Analysis ......................................... 7-34 7.3.5 Output Module Analysis ................................................................................ 7-36 8 CONCLUSIONS .......................................................................................................................... 8-1 8.1 WESTINGHOUSE STANDARD TECH SPEC SR ELIMINATION

SUMMARY

........ 8-1 8.2 COMBUSTION ENGINEERING STANDARD TECH SPEC SR ELIMINATION

SUMMARY

..................................................................................................................... 8-1 APPENDIX A - DETAILED SYSTEM ARCHITECTURES ................................................................ A-1 A.1 DETAILED PPS ARCHITECTURE .............................................................................. A-1 A.2 DETAILED CORE PROTECTION CALCULATOR SYSTEM ARCHITECTURE .. A-10 A.3 DLS AND PAM ARCHITECTURES ........................................................................... A-12 APPENDIX B - APPLICATION REQUIREMENTS AND ASSUMPTIONS ...................................... B-1 B.1 ARCHITECTURE AND APPLICATION SW REQUIREMENTS ............................... B-1 B.2 TECHNICAL SPECIFICATION ASSUMPTIONS ....................................................... B-2 APPENDIX C - LICENSEE REQUIRED ACTIONS ........................................................................... C-1 APPENDIX D - NUREG-1431 MARKUPS .......................................................................................... D-1 WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 iv LIST OF TABLES Table 4.4-1. Annunciation Path FMEDAs ................................................................................................. 4-8 Table 5.1-1. PM646A Processing Section (PS) Diagnostic Table.............................................................. 5-3 Table 5.1-2. PM646A Communication Section (CS) Diagnostic Table ..................................................... 5-6 Table 5.1-3. CI631 Communication Module Diagnostic Table ................................................................. 5-8 Table 5.1-4. Backplane I/O Bus (BIOB) Diagnostic Table ........................................................................ 5-9 Table 5.1-5. Analog Input Module (AI687/AI688) Diagnostic Table ...................................................... 5-10 Table 5.1-6. Digital Pulse Module (DP620) Diagnostic Table................................................................. 5-11 Table 5.2-1. SRNC Diagnostic Table ....................................................................................................... 5-14 Table 5.2-2. CIM Diagnostic Table .......................................................................................................... 5-22 Table 6-1 PM646A Processing Module FMEDA ...................................................................................... 6-3 Table 6-2 BIOB FMEDA ........................................................................................................................... 6-5 Table 6-3 CI631 Communications Module FMEDA ................................................................................. 6-6 Table 6-4. Analog Input Modules (AI687/AI688) FMEDA ...................................................................... 6-7 Table 6-5. Digital Input Module (DI621) FMEDA.................................................................................... 6-9 Table 6-6. Digital Pulse Module (DP620) FMEDA................................................................................. 6-11 Table 6-7. Digital Output Module (DO620) FMEDA ............................................................................. 6-12 Table 6-8. Digital Output Module (DO625) FMEDA ............................................................................. 6-13 Table 6-9. Digital Output Relay Module (DO630) FMEDA ................................................................... 6-14 Table 6-10. SRNC FMEDA ..................................................................................................................... 6-15 Table 6-11. CIM FMEDA ........................................................................................................................ 6-16 Table 7.1-1. NUREG 1431 Channel Check Elimination Analysis............................................................. 7-3 Table 7.1-2. NUREG-1431 COT SRs ........................................................................................................ 7-6 Table 7.1-3. NUREG-1431 ALT SRs ......................................................................................................... 7-9 Table 7.2-1. NUREG-1432 Channel Check Elimination Analysis .......................................................... 7-16 Table 7.2-2. NUREG-1432 Channel Functional Test SRs ....................................................................... 7-20 Table 7.2-3. Channel Functional Test SRs Not Being Eliminated ........................................................... 7-28 Table 7.3-1. PPS Components with Paths of Tech Spec RTT SRs........................................................... 7-30 WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 v LIST OF FIGURES Figure 2.1-1. PPS Architecture (for analysis) ........................................................................................... 2-2 Figure 4.4-1. Division Fault Alarm Path .................................................................................................... 4-8 Figure 4.4-2. CIM Fault to ITP Path ........................................................................................................ 4-10 Figure 5.2-1. CIM Electrical Block Diagram .......................................................................................... 5-17 Figure 5.2-2. [ ]a,c ..................................................................................................... 5-18 Figure 5.2-3. [ ]a,c.................................................................................... 5-20 Figure 7.1-1. Simplified COT [ ]a,c................................................................. 7-7 Figure 7.1-2. Simplified ALT [ ]a,c .............................................................. 7-10 Figure 7.1-3. Scope of Actuation Logic Output Test ............................................................................... 7-11 Figure 7.2-1. Simplified Bistable Test [ ]a,c ......................................................... 7-22 Figure 7.2-2. Simplified Matrix Logic [ ]a,c ................................................ 7-23 Figure 7.2-3. Scope of Trip Logic Test .................................................................................................... 7-25 Figure 7.2-4. Simplified Bistable Test [ ]a,c (CPCS/CEAC) ............................... 7-27 Figure A.1-1. Detailed Architecture of PPS Divisions I/II........................................................................ A-1 Figure A.1-2. Detailed Architecture of PPS Divisions III/IV ................................................................... A-2 Figure A.1-1. LCL Processor Configuration ............................................................................................ A-4 Figure A.1-2. Source Range Channel....................................................................................................... A-6 Figure A.1-3. Intermediate Range Channel ............................................................................................. A-7 Figure A.1-4. Power Range Channel ....................................................................................................... A-8 Figure A.2-1. CPCS Block Diagram ....................................................................................................... A-10 WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 vi LIST OF ACRONYMS AND TRADEMARKS Acronyms used in the document are defined in WNA-PS-00016-GEN, Standard Acronyms and Definitions (Reference 1), or included below to ensure unambiguous understanding of their use within this document.

Acronym Definition ALT Actuation Logic Test ALOT Actuation Logic Output Test ASIC Application-Specific Integrated Circuit BIOB Backplane Input Output Bus BIST Built-In Self-Test BLC Bistable Logic Cabinet BPL Bistable Processing Logic CE Combustion Engineering CEA Control Element Assembly CEAC Control Element Assembly Calculator CIM Component Interface Module COT Channel Operational Test CPC Core Protection Calculator CPCS Core Protection Calculator System CPS Counts per Second CPU Central Processing Unit CRC Cyclic Redundancy Check CS Communication Section DBS Device Base Software DLCE Design and Lifecycle Evaluation DLS Diesel-loading Sequencer DUT Device Under Test DWTP Double Width Transition Panel ESF Engineered Safety Feature ESFAS Engineered Safety Feature Actuation System FET Field-Effect Transistor FMEA Failure Modes and Effects Analysis FMEDA Failure Modes, Effects, and Diagnostics Analysis FPD Flat Panel Display FPGA Field-Programable Gate Array FPROM Flash Programable Read-only Memory HSL High-Speed Link I&C Instrumentation & Control ILP Integrated Logic Processor IR Intermediate Range IRPM Intermediate Range Signal Processing Module ISR Interrupt Service Routine ITAAC Inspections, Tests, Analyses and Acceptance Criteria WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 vii LIST OF ACRONYMS AND TRADEMARKS (cont.)

ITP Interface and Test Processor IV&V Independent Verification and Validation LAR License Amendment Request LCC Local Coincidence Logic Cabinet LCL Local Coincidence Logic LCO Limiting Conditions for Operation LRA Licensee Required Action MCR Main Control Room MSV Mean Square Voltage MTP Maintenance and Test Panel MUX Multiplexer NIS Nuclear Instrumentation System NISPA Nuclear Instrumentation Signal Processing Assembly NRC United States Nuclear Regulatory Commission O1 MOD Oskarshamn 1 RPS Modification Project OTT Overtemperature Delta-T OPT Overpressure Delta-T PAM Post-Accident Monitoring PCB Printed Circuit Board PDS Previously Developed Software PM Processor Module PMS Protection and Safety Monitoring System PPS Plant Protection System PR Power Range PRPM Power Range Signal Processing Module PS Processing Section RAM Random-Access Memory RMS Root Mean Square RPS Reactor Protection System RTCB Reactor Trip Circuit Breakers RT Reactor Trip RTM Reactor Trip Matrix RTS Reactor Trip System RTT Response Time Testing RX Receive SER Safety Evaluation Report SNC Southern Nuclear Company SR Source Range SR Surveillance Requirement SRNC Safety Remote Node Controller SRPM Source Range Signal Processing Module SSPS Solid-State Protection System ST Shunt Trip STA Shunt Trip Attachment WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 viii LIST OF ACRONYMS AND TRADEMARKS (cont.)

SWTP Single Width Transition Panel TADOT Trip Actuation Device Output Test TS Technical Specifications TX Transmit UDL Unidirectional Datalink UV Undervoltage UVTA Undervoltage Trip Attachment WWDT Window Watchdog Timer AP1000 is a trademark or registered trademark of Westinghouse Electric Company LLC, its affiliates and/or its subsidiaries in the United States of America and may be registered in other countries throughout the world. All rights reserved. Unauthorized use is prohibited. Other names may be trademarks of their respective owners.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 ix REFERENCES

1. WNA-PS-00016-GEN, Rev. 8, Standard Acronyms and Definitions. Westinghouse Electric Company LLC.

2. NUREG-1431, Rev. 4.0, Standard Technical Specifications Westinghouse Plants - Volume 1, Specifications, United States Nuclear Regulatory Commission.

3. NUREG-1431, Rev. 4.0, Standard Technical Specifications Westinghouse Plants - Volume 2, Bases, United States Nuclear Regulatory Commission.

4. NUREG-1432, Rev. 4.0, Standard Technical Specifications Combustion Engineering Plants -

Volume 1, Specifications, United States Nuclear Regulatory Commission.

5. NUREG-1432, Rev. 4.0, Standard Technical Specifications Combustion Engineering Plants -

Volume 2, Bases, United States Nuclear Regulatory Commission.

6. 10 CFR Part 50, Domestic Licensing of Production and Utilization Facilities, United States Nuclear Regulatory Commission.

7. WCAP-16097-P-A, Rev. 4, Common Qualified Platform Topical Report, Westinghouse Electric Company LLC.

8. WCAP-17179-P, Rev. 6, AP1000 Component Interface Module Technical Report, Westinghouse Electric Company LLC.

9. IEEE 603-1991, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, Institute of Electrical and Electronics Engineers.

10. IEEE 338-1987, "IEEE Standard Criteria for the Periodic Surveillance Testing of Nuclear Power Generating Station Safety Systems," Institute of Electrical and Electronics Engineers.

11. Regulator Guide 1.118, Rev. 3, Periodic Testing of Electric Power and Protection Systems, United States Nuclear Regulatory Commission.

12. IEEE 338-2012, " IEEE Standard Criteria for the Periodic Surveillance Testing of Nuclear Power Generating Station Safety Systems," Institute of Electrical and Electronics Engineers.

13. NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition, United States Nuclear Regulatory Commission.

14. MOD 97-7771, Rev. 6, Final Quality Assessment and Justification Report, Westinghouse Electric Company LLC.

15. MOD 97-3184, Rev. 3, Qualification of Category A I&C Self supervision and test functions FMEA, Westinghouse Electric Company LLC.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 x REFERENCES (cont.)

16. 6105-00021, Rev. 5, CIM SRNC IV&V Simulation Environment Specification, Westinghouse Electric Company LLC.

17. WNA-TP-04019-GEN, Rev. 2, CIM SRNC Subsystem Test Procedure, Westinghouse Electric Company LLC.

18. WNA-TR-02718-GEN, Rev. 4, CIM SRNC Subsystem Test Report, Westinghouse Electric Company LLC.

19. 6105-60136, Rev. 1, CIM-SRNC ISE Test Task Report, Westinghouse Electric Company LLC.

20. WCAP-16096-P-A, Rev. 5, Software Program Manual for Common Q' Systems, Westinghouse Electric Company LLC.

21. WCAP-16438-P, Rev. 9, FMEA of AP1000 Protection and Safety Monitoring System, Westinghouse Electric Company LLC.

22. 6105-20014, Rev. 5, CIM FPGA Software Design Description, Westinghouse Electric Company LLC.

23. ML19084A309, Vogtle Electric Generation Plant Units 3 and 4 - Request for Licenses Amendment Regarding Protection and Safety Monitoring System Surveillance Requirement Reduction Technical Specification Revision (LAR 19-001), Southern Nuclear Operating Company.

24. GBRA095801, Rev. E, AC160 Product Specification for AP1000 PMS, Westinghouse Electric Germany, GmbH.

25. GIC-SSP-FSD-19-005, Rev. 1, Evidence of Documentation for AC160 Platform Diagnostics, Westinghouse Electric Company LLC.

26. WNA-DS-01272-GEN, Rev. 9, Safety System Remote Node Controller Requirements Specification, Westinghouse Electric Company LLC.

27. WNA-DS-01271-GEN, Rev. 10, Component Interface Module Hardware Requirements Specification, Westinghouse Electric Company LLC.

28. LTR-NIS-19-001, Rev. 0, AP1000 Plant NIS Response Time Evaluation, Westinghouse Electric Company LLC.

29. 3BSC140054D0060, Rev. 0, Description of Function HW - BIM2-2 ASIC, ABB Process Automation Corporation.

30. 10047D99, Rev. 5, Standard Safety NIS Low Noise Intermediate Range Preamplifier Schematic and Assembly, Westinghouse Electric Company LLC.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 xi REFERENCES (cont.)

31. 3D91872, Rev. 11, Standard Safety NIS Intermediate Range Amplifier Signal Processing Board Schematic and Assembly, Westinghouse Electric Company LLC.

32. 3D91874, Rev. 8, Standard Safety NIS Power Range Amplifier Signal Processing Board Schematic and Assembly, Westinghouse Electric Company LLC.

33. 3BSE052209D0002, Rev. C, AI687M Analog Input 16Ch. (Main-board), ABB Process Automation Corporation.

34. 3BSE052212D0002, Rev. D, AI688M Analog Input 16Ch. (Main-board), ABB Process Automation Corporation.

35. Ceramic Capacitor Aging Made Simple, Johanson Dielectrics Inc., 2012

36. WNA-CN-00162-WAPP, Rev, 13, AP1000 Protection and Safety Monitoring System Time Response Calculations, Westinghouse Electric Company.

37. 3BSE009799D0060, Rev. 0, Description of Function HW CI627, ABB Process Automation Corporation.

38. RD10027, Rev. 0, Solid State Protection System Response Time Failure Analysis, Westinghouse Electric Company LLC.

39. WCAP-14036-P-A, Rev. 1, Elimination of Periodic Protection Channel Response Time Tests, Westinghouse Electric Company LLC.

40. WNA-TP-03022-GEN, Rev. 9, DO630 Relay Contact Pick Up and Drop Out Test Procedure, Westinghouse Electric Company LLC.

41. WNA-TR-03135-GEN, Rev. 0, Analysis of DO630 Relay Time Response Testing, Westinghouse Electric Company LLC.

42. 3BDS005740R501, S600 I/O Hardware Advant Controller 160 for Westinghouse Version 1.3 Reference Manual, ABB Process Automation Corporation.

43. 6105-10014, Rev. 5, SRNC FPGA Software Design Description, Westinghouse Electric Company LLC.

44. ML19297D159, Publicly Available - Vogtle Electric Generating Plant Units 3 and 4 Safety Evaluation (LAR 19-001), United States Nuclear Regulatory Commission.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 xii BIBLIOGRAPHY

1. ML003740165, Acceptance for Referencing of Topical Report CENPD-396-P, Rev. 01, Common Qualified Platform and Appendices 1, 2, 3, and 4, Rev. 01 (TAC No. MA1677). United States Nuclear Regulatory Commission.

2. GKWF700777, Rev. 2, Design and Life Cycle Evaluation Report on Previously-Developed Software in ABB AC160, I/O Modules and Tool ABB Utility Automation, GmbH.

3. ML033030363, Palo Verde Nuclear Generation Station, Units 1, 2, and 3 - Issuance of Amendments on the Core Protection Calculator System Upgrade (TAC Nos. MB6726, MB6727, and MB6728),

United States Nuclear Regulatory Commission.

4. WCAP-16097-P-A, Rev. 3, Common Qualified Platform Topical Report, Westinghouse Electric Company LLC.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 1-1 1 INTRODUCTION 1.1 PURPOSE The purpose of this topical report is to eliminate Technical Specification (Tech Specs or TS) surveillance requirements (SRs) related to the Common Q platform. This report will provide both the necessary analysis to justify SR elimination, along with corresponding markups of the Westinghouse Standard Tech Specs (see Appendix D). Based on Nuclear Regulatory Commission (NRC) review, this will potentially culminate with the elimination of the need to perform surveillances on safety-related Instrumentation and Control (I&C) equipment based on the Common Q platform. This will lead to increased duration of plant operations with full I&C safety system redundancy and reduced operational and maintenance costs over the lifecycle of the safety system as well as future safety system replacements based on the Common Q platform.

The scope of this topical report is limited to Tech Spec SRs that would apply to an I&C Safety System utilizing the Common Q platform. SR candidates for elimination are outlined in Section 2 of this report and are defined within NUREG-1431, Standard Technical Specifications Westinghouse Plants - Volume 1, Specifications (Reference 2) (further clarified in NUREG-1431, Standard Technical Specifications Westinghouse Plants - Volume 2, Bases, Reference 3) and NUREG-1432, Standard Technical Specifications Combustion Engineering Plants - Volume 1, Specifications (Reference 4) (further clarified in NUREG-1432, Standard Technical Specifications Combustion Engineering Plants - Volume 2, Bases, Reference 5). These SRs are related to Reactor Trip Systems (RTS) and Engineered Safety Feature Actuations Systems (ESFAS), Post-Accident Monitoring (PAM) Systems, Core Protection Calculator (CPC) Systems (CPCSs), and Diesel-loading Sequencers (DLS).

1.2 BACKGROUND

Technical Specifications establish requirements a nuclear facility must meet during operations. The basis for these specifications can be traced up to 10 CFR 50, Domestic Licensing of Production and Utilization Facilities (Reference 6), Section 36 Technical Specifications. Specifically relating to the safety system of a nuclear plant is 10 CFR 50.36(c)(ii)(A) which establishes limiting safety system settings for nuclear reactors.

To demonstrate that the safety system is operable, ensuring that limiting conditions of operation (LCOs) are met, the Tech Specs stipulate SRs for various protective functions. These SRs range from tests and calibration, to visual inspection; and are performed on a periodic interval governed by the Tech Specs (e.g., 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> to 24 months). The number of functions contained within Section 3.3 of both NUREG-1431 (Reference 2) and NUREG-1432 (Reference 4), coupled with the SR frequency, results in significant testing that is to be performed over the life of the safety system. This includes extensive testing during refueling outages that operating experience shows can sometimes lead to critical path. The frequencies chosen for the aforementioned SRs was based on analog control systems. Advantages introduced by using a digital I&C safety system, such as the Common Q based safety system, were not accounted for when deciding what SRs and respective frequencies should be included in the Tech Specs.

In an effort to eliminate SRs in order to inherently increase the safety of the plant through reducing the duration of how long I&C Safety Equipment is at less than full redundancy, Westinghouse has produced WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 1-2 this topical report detailing the analyses necessary to eliminate SRs, as well as the corresponding results.

These simplifications take full advantage of the Common Q platform self-diagnostic features, something not accounted for in the Westinghouse and Combustion Engineering Tech Specs. The elimination of SRs will also reduce the burden on operations and maintenance personal, as well as the generation and preservation of procedures related to SR testing.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 2-1 2 SCOPE OF ANALYSIS As stated in the introduction, SRs defined within References 2 and 4 are subject for elimination. To analyze the surveillance requirements, a typical architecture will first be described which includes RTS/RPS, ESFAS, PAM, CPC, and DLS systems implemented with the Common Q platform and the Component Interface Module (CIM) System. The Common Q platform is defined within WCAP-16097-P-A, Common Qualified Platform Topical Report (Reference 7). The Westinghouse designed CIM System, consisting of the CIM and the Safety Remote Node Control (SRNC), used to interface with safety system-controlled actuation devices, is defined in WCAP-17179-P, AP1000 Component Interface Module Technical Report (Reference 8). This Common Q and CIM System based architecture will be used as a basis for the equipment that will be analyzed in the following sections of this topical report and will be referred to generically as the Plant Protection System (PPS) when relating to the architecture.

2.1 BASE ARCHITECTURE To eliminate SRs, the failure modes for the components that are currently tested by the SRs need to be shown to be covered by self-diagnostics. This section will provide a basis for the equipment to be analyzed in subsequent sections of this topical report. The architecture provided below will be discussed only at a high-level to support conclusions drawn within this report. More detailed information can be found in Appendix A.

Figure 2.1-1 provides the overall architecture of the PPS. This architecture contains four divisions of process protection (including nuclear instrumentation, which is integrated) and two trains of Reactor Trip/ESFAS Logic and actuation. This includes Diesel Sequencing functions integrated into the architecture, as well as redundant racks for PAM functions (note that for Common Q implementations of only PAM and DLS systems, the architecture would be similar to the PPS except there would only be a Common Q I/O rack which does the applicable processing and actuates the necessary outputs, along with any additional required Common Q equipment). Note that for Combustion Engineering (CE) plants, the CPCS is not shown but is described in more detail within Appendix A and will be discussed within the analyses where applicable. Subsections that comprise this architecture are described below.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 2-2 Figure 2.1-1. PPS Architecture (for analysis) 2.1.1 Bistable Processing Logic (BPL)

The BPL subsystem in each division acquires data from field sensors and the Nuclear Instrumentation System (NIS) and performs the protective function calculations. The results of the calculations are the input to the signal comparators which compare each value to an allowable set point. The results of these comparisons are provided as outputs to the LCL subsystem which provides Reactor Trip (RT) and Engineered Safety Feature (ESF) coincidence logic.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 2-3 2.1.2 Nuclear Instrumentation System (NIS)

The NIS in each division of the PPS monitors leakage neutron flux from the reactor vessel. The neutron flux values are sent to the BPLs in the respective division and are used to provide nuclear startup and overpower protection. The three ranges of NIS instrumentation provided are source, intermediate and power range.

2.1.3 Local Coincidence Logic (LCL)

The LCL in each division receives the results of limit checks from the BPL subsystem of all divisions.

The LCL performs coincidence logic on each process function, typically 2 out of 3 or 2 out of 4 voting.

The LCL outputs signals for RT initiation and sends ESFAS system level commands to the ILP.

2.1.4 Integrated Logic Processor (ILP)

The ILPs in each train of the PPS receive system-level ESF actuation commands from the LCL. The ILPs translate system commands into component commands, implement component control logic and monitor component feedback signals. The ILP performs Diesel Sequencing logic. The ILP interfaces with the CIM via the SRNC.

2.1.5 Component Interface Module (CIM)

The CIM provides the component control interface for ESF components including prioritization of non-safety and safety demands for a component. The CIM also provides manual controls to actuate devices downstream of the safety system locally. Note that the CIM described in WCAP-17179-P (Reference 8) was specifically designed for the AP1000 plant and therefore, the output solid-state relays are designed to only interface with DC components. In order to interface with AC components, a modified version of the CIM would be used with different solid-state relays capable of handling the AC loads. There would be functionally no difference between these two CIMs. Because of this, the analyses contained within this topical report will not differentiate between the two. See Section 5.2.2 for more details.

2.1.6 Post-Accident Monitoring (PAM)

The PAM rack receives inputs from the Reactor Vessel Level transmitters, Core Exit Thermocouple and other inputs required to perform PAM functions.

2.1.7 Safety Display (SD)

The Safety Display (SD) provides indication of the PPS parameters and actuation status in the Main Control Room (MCR). The SD is used to initiate soft controls of applicable safety components. The SD is also a qualified PAM indicator. The SD in each train can display all parameters that are measured by all four divisions and two trains of equipment (via the inter-channel communication of the ITP).

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 2-4 2.1.8 Maintenance and Test Panel (MTP)

The MTP in each division/train of the PPS provides the human-interface to the PPS and is used for maintenance and test functions. In addition, the MTP provides an isolated interface between the safety data highway in each division/train and the non-safety plant data highway.

2.1.9 Interface and Test Processor (ITP)

The ITP in each division of the PPS provides a means of monitoring the operation of the PPS and verifying that the accuracy of the plant protection system variables and other constants are within the system requirements. The ITP compares redundant readings across divisions/trains for consistency (referred to as an Inter-channel Comparison Check) and monitors system health such as door alarms, power supply status and cabinet temperature. The ITP is also used to support system test features, as well as providing information to the PAM subrack.

2.1.10 Subrack Components Each subsystem (or subrack) must have at least one AC160 PM646A Processor Module (PM) and one AF100 Communications Interface Module (CI631). Additional PMs are added as needed to address subsystem loading and capacity requirements and high-speed link (HSL) communication requirements.

Additionally, the following relevant AC160 input/output devices are included within the subracks of the PPS:

AI687 - RTD and Thermocouple Inputs

AI688 - Voltage and Current Transmitter Inputs (Process Inputs)

DI621 - Contact Inputs

DO620 - Contact Outputs, Solid State Relay (Boron Injection Interface, Alarm Outputs)

Neutron Detector Inputs - Nuclear Instrumentation System Processing Assembly (NISPA) (BF3, Compensated Ion Chamber, Uncompensated Ion Chamber) 2.2 SURVEILLIANCE REQUIREMENTS SUBJECT FOR ELIMINATION 2.2.1 Westinghouse Standard Technical Specification Surveillance Requirements The following Westinghouse Standard Tech Spec SRs (from Reference 2) are analyzed in this report for elimination. Note that it is assumed that a Setpoint Control Program is in place, which means only Tech Spec Section 3.3.#B are considered here.

Channel Checks Per NUREG-1431 (Reference 2) a Channel Check, shall be the qualitative assessment, by observation, of channel behavior during operation. This determination shall include, where possible, comparison of the channel indication and status to other indications or status derived from independent instrument channels measuring the same parameter. These visual comparisons are done by reactor operators in the MCR, verifying that redundant sensors (or calculations) have not grossly failed.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 2-5 Channel Operational Test (COT)

A COT is defined as an, injection of a simulated or actual signal into the channel as close to the sensor as practicable to verify OPERABILITY of all devices in the channel required for channel OPERABILITY.

The COT shall include adjustments, as necessary, of the required alarm, interlock, and trip setpoints required for channel OPERABILITY such that the setpoints are within the necessary range and accuracy.

The COT may be performed by means of any series of sequential, overlapping, or total channel steps. In the PPS architecture, this verifies the bistable logic in the BPL to the input of the LCL. For a stand-alone Common Q application for DLS, the COT verifies the bistable logic within the DLS rack as well.

Actuation Logic Test (ALT)

An ALT is defined as, the application of various simulated or actual input combination in conjunction with each possible interlock logic state required for OPERABILITY of a logic circuit and the verification of the required logic output. The ACTUATION LOGIC TEST, as a minimum, shall include a continuity check of output devices. In the PPS architecture, the ALT verifies different components based on whether the function under test is for RT or ESF:

For RT functions, the ALT verifies the coincident logic voting in the LCL up to the PPS interface with the Reactor Trip Initiation circuit (which interfaces with the Reactor Trip Circuit Breakers, or RTCBs).

For ESF functions, the ALT should verify the coincident logic voting up to the safety system output. However, when implementing the PPS with Common Q, the actuation portion of the logic path would be covered by an Actuation Logic Output Test (see below). Therefore, the ALT for ESF functions verifies the coincident logic voting within the LCL up to the ILP inputs.

Response Time Testing (RTT)

The Tech Specs in NUREG-1431 (Reference 2) contain two response time definitions, one for RTS Response Time and one for ESF Response Time. Both definitions state that the response time shall be defined as the time interval from when a monitored parameter exceeds its trip setpoint at the channel sensor until loss of stationary gripper coil voltage for RTS or until the ESF equipment is capable of performing its safety function (i.e., the valves travel to their required positions, pump discharge pressures reach their required values, etc.) for ESF functions. Put another way, response time testing validates the entire actuation path for RT functions and for ESF functions (for ESF functions, times shall include diesel generator starting and sequence loading delays, where applicable). In addition, it is stated in both definitions that, The response time may be measured by means of any series of sequential, overlapping, or total steps so that the entire response time is measured. In lieu of measurement, response time may be verified for selected components provided that the components and methodology for verification have been previously reviewed and approved by the NRC.

Actuation Logic Output Test (ALOT)

The actuation logic output test (ALOT) is not listed in NUREG-1431 (Reference 2) since these tech specs were based upon analog technology. However, if a safety system were to upgrade to Common Q (as WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 2-6 depicted by the PPS within this topical report), there would need to be a surveillance test to cover the Common Q equipment from the ILP to the CIM outputs.

Remaining surveillances, such as Calibration and Trip Actuating Device Operational Test (TADOT) will remain and, in some cases, are credited for providing overlapping testing coverage within this analysis.

2.2.2 Combustion Engineering Standard Technical Specification Surveillance Requirements The following Combustion Engineering Standard Tech Spec SRs (from Reference 4) are analyzed in this report for elimination. Note that it is assumed that a Setpoint Control Program is in place and the digital instrumentation tech specs are in use, which means only Tech Spec Section 3.3.#B (Digital) are considered here.

Channel Check Per NUREG-1432 (Reference 4) a Channel Check, shall be the qualitative assessment, by observation, of channel behavior during operation. This determination shall include, where possible, comparison of the channel indication and status to other indications or status derived from independent instrument channels measuring the same parameter. These visual comparisons are done by reactor operators in the MCR, verifying that redundant sensors (or calculations) have not grossly failed.

Channel Functional Test Per NUREG-1432 (Reference 4), there are two definitions for Channel Functional Tests. The definition for Digital computer channels states that the Channel Functional Tests shall be, the use of diagnostic programs to test digital computer hardware and the injection of simulated process data into the channel to verify OPERABILITY of all devices in the channel required for channel OPERABILITY. Per the Combustion Engineering Standard Tech Spec Bases (Reference 5), this consists of 3 overlapping tests:

Bistable Tests - Verifies bistable logic

Matrix Logic Tests - Verifies coincidence logic.

Trip Path Tests - Verifies initiation logic actuations.

Response Time Testing (RTT)

The Tech Specs in NUREG-1432 (Reference 4) contain two response time definitions, one for RPS Response Time and one for ESF Response Time. Both definitions state that the response time shall be defined as the time interval from when a monitored parameter exceeds its trip setpoint at the channel sensor until electric power to the CEAs drive mechanism is interrupted or until the ESF equipment is capable of performing its safety function (i.e., the valves travel to their required positions, pump discharge pressures reach their required values, etc.) for ESF functions (for ESF functions, times shall include diesel generator starting and sequence loading delays, where applicable). Put another way, response time testing validates the entire actuation path for RT functions and for ESF functions. In addition, it is stated in both definitions that, The response time may be measured by means of any series of sequential, overlapping, or total steps so that the entire response time is measured. In lieu of WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 2-7 measurement, response time may be verified for selected components provided that the components and methodology for verification have been previously reviewed and approved by the NRC.

Remaining surveillances, such as calibration will remain and, in some cases, are credited for providing overlapping testing coverage within this analysis.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 3-1 3 INDUSTRY STANDARDS AND REGULATORY GUIDANCE The following regulations, industry standards, and regulatory guidance are applicable to periodic testing during normal plant operations and therefore related to this effort:

10 CFR 50 (specifically Section 36, Section 55a, Appendix A, and Appendix B)

IEEE 603-1991

IEEE 338-1987 and Regulatory Guide 1.118, Revision 3

BTP 7-17 These regulations and standards are discussed in the following sections. IEEE 338-2012 is also discussed below, though not endorsed by the NRC.

3.1 10 CFR 50 10 CFR 50 (Reference 6) contains several regulations related to manual surveillance testing requirements.

These are summarized as follows:

1. 10 CFR 50 (Reference 6), Section 36, Technical Specifications - 10 CFR 50.36 establishes the need for Technical Specifications to verify the operability of select systems and components in the plant.

The Technical Specifications are derived from the analyses and evaluations included in the safety analysis report. The Technical Specifications include, in part, limiting conditions for operation and surveillance requirements. When a limiting condition for operation of a nuclear reactor is not met, the licensee is required to shut down the reactor or follow any remedial action permitted by the Technical Specifications until the condition can be met. Surveillance requirements are requirements relating to test, calibration, or inspection to assure that the necessary quality of systems and components is maintained, that facility will be within safety limits, and that the LCOs will be met.

2. 10 CFR 50 (Reference 6), Section 55a, Codes and Standards - Paragraph h of this section establishes the requirement to meet IEEE 603-1991. This is discussed in more detail below in Section 3.2.

3. 10 CFR 50 (Reference 6), Appendix A, General Design Criteria for Nuclear Power Plants - There are two General Design Criteria (GDC) applicable to this effort:

GDC 18, Inspections and Testing of Electric Power Systems, requires (in part) that electric power systems important to safety be designed to permit periodic testing, including periodic testing of the performance of the components of the system and the system as a whole.

GDC 21, Protection System Reliability and Testability, requires (in part) that the protection system be designed to permit its periodic testing during reactor operation, including a capability to test channels independently to determine failures and losses of redundancy that may have occurred.

4. 10 CFR 50 (Reference 6), Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants - Criterion XI, Test Control, requires (in part) that a test program be WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 3-2 established to ensure that all testing, including operational testing required to demonstrate that systems and components will perform satisfactorily in-service, is identified and performed in accordance with written test procedures.

3.2 IEEE 603 IEEE 603-1991, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations (Reference 9) contains sections that require the protection system to have certain capabilities regarding testing. Section 5.7 Capability for Test and Calibration, requires the protection system to have the capability for testing and calibration during power operations while retaining the capability of the safety systems to accomplish their safety functions. Per this section, the protection system design must be capable of providing testing in accordance with IEEE 338-1987. Similarly, Section 6.5 (which relates to the functional and design requirements for the Sense and Command Features of the safety system) requires that a means be provided for checking the operational availability of the protection equipment during plant operations. These sections do not state that the safety system needs to use these features as part of a testing program, but just that they are available.

3.3 IEEE 338 AND REGULATORY GUIDE 1.118 IEEE 338-1987, "IEEE Standard Criteria for the Periodic Surveillance Testing of Nuclear Power Generating Station Safety Systems" (Reference 10) provides design and operational criteria for the performance of periodic testing as part of the surveillance program of nuclear power generating station safety systems. Per Regulatory Guide 1.118, Periodic Testing of Electric Power and Protection Systems (Reference 11) IEEE 338-1987 provides a method acceptable to the NRC staff for satisfying the underlying regulations associated with periodic testing.

The scope of periodic testing is defined within this standard as including functional tests and checks, calibration verification, and time response measurements, as required, to verify the safety system performs to meet its defined safety function. However, what is not defined is how to determine what should be included within the manual surveillance program. Instead, the standard provides guidance for those tests within the surveillance program. This includes the safety system being designed with the capability for periodic surveillance testing. Even though the self-diagnostics are not part of the surveillance program, they do support the basis of the standard (i.e., IEEE 338-1987 (Reference 10)

Section 4) in that they continuously and periodically check the system to verify operability.

IEEE 338-2012, IEEE Standard Criteria for the Periodic Surveillance Testing of Nuclear Power Generating Station Safety Systems, (Reference 12) Section 5.4.3, though not currently endorsed by the NRC, does provide a basis for eliminating periodic surveillance tests as evidenced by the following statement, Digital control/protection systems or equipment that have a mechanism to continuously verify proper digital processing are exempt from periodic testing provided:

a) Input interfaces are tested either automatically or manually.

b) Output interfaces are tested either automatically or manually.

c) Any malfunction that may affect design assumptions is alarmed in the control room.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 3-3 3.4 BTP 7-17 NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition (Reference 13), Branch Technical Position (BTP) 7-17, Guidance on Self-Test and Surveillance Test Provisions, provides NRC review guidance into periodic surveillance testing and self-diagnostic features for a digital system. This BTP acknowledges the use of automatic self-testing as an appropriate method to perform periodic surveillance tests. Additionally, BTP 7-17 states, Self-test functions should be verified during periodic functional tests. This statement will be assessed in relation to this topical report in the evaluation section below.

3.5 EVALUATION/CONCLUSION Although historically industry and regulatory standards have required periodic surveillance testing during normal operations for safety systems, exceptions have been allowed. Specifically:

IEEE 603-1991: Allows an exception to testing (if testing affects safety and/or operability) based on providing justification and acceptable reliability. However, the approach taken in this report is to eliminate manual testing by crediting self-diagnostics. The self-diagnostics being credited within the SR elimination analysis (Section 7 of this topical report) are automatic tests that are performed within the PPS at an interval significantly shorter than the current SR interval. These proposed Tech Spec modifications for elimination of SRs result in improved safety system availability and reduced potential for human error.

IEEE 338-1987: This activity proposes the removal of several Tech Spec surveillances due to self-diagnostic test coverage. These self-diagnostics will not be part of the surveillance program, and therefore, the requirements in IEEE 338-1987 are not directly applicable. Additionally, this standard is written specifically for analog systems, resulting in guidance that does not explicitly address self-diagnostic testing features.

Regarding response time testing, Section 6.3.4, item 3, states that in lieu of response time testing, response time can be verified by other periodic tests (e.g., functional testing and calibration checks). This can be done if it can be shown that changes in response time beyond acceptable limits are accompanied by changes in performance characteristics that would be detected during the aforementioned periodic tests.

IEEE 338-2012: Though not endorsed by the NRC, this standard provides an exception to periodic surveillance tests based on being able to continuously verify proper digital processing.

This shows how the industry has adapted IEEE 338 for digital systems.

BTP 7-17: Acknowledges automatic self-testing as an appropriate substitute to periodic surveillance tests. However, an important caveat is Acceptance Criterion 3 which states that self-test functions should be verified during periodic functional tests. [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 3-4 o [

]a,c For tests that are eliminated, all credible postulated failures are detectable by supervised diagnostics or by diagnostic failures that are based on observing operational behavior (e.g., data link or data transfer failure, memory CRC failure).

In summary, the elimination of SRs by crediting self-diagnostics meets the underlying NRC regulations.

Although some of these standards/guidance documents assume a testing program is in place (which will continue to be the case for some items regardless of the outcome of this report), others allow for exceptions to testing given that designated criteria are met justifying the change. This report will demonstrate that the self-diagnostics being credited in lieu of an SR are adequate which will make some SRs unnecessary. Therefore, the intent of the standards/regulations will be met even when SRs are eliminated.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 4-1 4 INTRODUCTION TO COMMON Q SELF-DIAGNOSTICS 4.1 OVERVIEW There are three types of self-diagnostics which are used to detect faults in the PPS. These are:

AC160 Platform Self-Diagnostics - implemented in hardware and firmware by the equipment manufacturer (ABB).

CIM/SRNC Self-Diagnostics - implement in hardware and firmware, design by Westinghouse.

Application Self-Diagnostics - specific software design by Westinghouse for a specific application.

4.1.1 AC160 Platform Self-Diagnostics The AC160 platform self-diagnostics have been designed, implemented, design tested, configuration controlled and produced under the same processes as the AC160 equipment that implements the PPS safety functions at any plant. Westinghouse has subjected this equipment to equipment qualification testing and uses the same quality processes to commercially dedicate, assemble, and test this equipment as the other PPS safety equipment at a given plant, since most of the platform self-diagnostics are integral to the equipment that performs the safety functions. This equipment qualification was done for the Oskarshamn 1 RPS Modification (O1 MOD) Project, and summarized in MOD 97-7771, Final Quality Assessment and Justification Report (Reference 14). MOD 97-7771 summarizes the methodologies and results of qualification activities for the AC160 for use as a Category A I&C system (synonymous with Class 1E in the U.S.) for the O1 MOD project. The results of MOD 97-7771 were discussed with the NRC staff during the licensing of the Common Q platform.

MOD 97-7771 (Reference 14) references MOD 97-3184, Qualification of Category A I&C Self Supervision and Test Functions FMEA (Reference 15). This report postulates failures of the platform self-supervision and documents their effects. Section 6 of this reference summarizes the results of self-supervision FMEA.

The platform is described in WCAP-16097-P-A (Reference 7). Section 5.4 of WCAP-16097-P-A describes system diagnostics including the passive monitoring that includes the use of self-diagnostics and the ITP and MTP to monitor system operation and provide indication of detected faults. This topical report has been reviewed and approved by the NRC.

4.1.2 Guaranteed Completion of AC160 Self-Diagnostics

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 4-2

[

]a,c 4.1.3 CIM and SRNC Self-Diagnostics The CIM and SRNC requirements (which include those related to self-diagnostics) have been tested and verified by Westinghouse. 6105-00021 (Reference 16), CIM SRNC IV&V Simulation Environment Specification, defines the details of the Independent Verification and Validation (IV&V) Simulation Environment, including test plan, test case specification, and simulation models developed IV&V team for the testing of the CIM and SRNC Field-Programable Gate Arrays (FPGAs). Several of the SRNC and CIM requirements also included system testing as part of their validation. The test procedure used to for the system testing is WNA-TP-04019-GEN, CIM SRNC Subsystem Test Procedure (Reference 17),

with the test results documented in WNA-TR-02718-GEN, CIM SRNC Subsystem Test Report (Reference 18). An IV&V summary of all the test results are provided in 6105-60136, CIM-SRNC ISE Test Task Report (Reference 19), which serves as the configuration-controlled test log and test report for IV&V Simulation Environment testing.

Its worth noting that the CIM went through NRC ITAAC (Inspections, Tests, Analyses, and Acceptance Criteria) inspections for the design and development of the CIM and found it acceptable for the AP1000 Protection and Safety Monitoring System (PMS). The ITAAC inspections included review of the documents listed above in Section 4.1.1.

4.1.4 Application Self-Diagnostics The application self-diagnostics of the PPS will be developed, implemented, and subjected to Independent Verification & Validation (IV&V) under the processes described in WCAP-16096-P-A, Software Program Manual for Common Q Systems, (Reference 20) which has been reviewed and approved by the NRC. Because the application diagnostics are a part of the application software, which cannot randomly fail, it is assumed that the applications self-diagnostics will not fail because of software error.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 4-3 4.1.5 Self-Diagnostic Online Testing Two of the major PM646A Processor Module self-diagnostics provide on-line self-testing. The two diagnostics are the [

]a,c both of which are discussed in the platform topical report (Reference 7). These diagnostics include on-line self-testing to verify that these diagnostics are performing as designed.

Based on the analyses summarized in the conclusion section of this report, it is Westinghouses position that additional periodic testing of the other self-diagnostic functions is not necessary to provide assurance that the AP1000 PMS self-diagnostics provide coverage for fault detection. Diagnostic software has been verified and validated and is not subject to random failure.

Since the platform self-diagnostics are embedded in the safety system equipment, it is not feasible to periodically test these functions without significant disassembly of the equipment and the use of specialized test equipment, which would compromise the integrity of the safety system equipment being tested in this manner. The evaluations of the self-diagnostics that are described and evaluated in this report have shown that there are multiple self-diagnostics with a level of diversity for the detection of each postulated fault.

4.2 SINGLE FAILURE CRITERIA In evaluating the single failure criteria, it is necessary to consider single failures together with all other identifiable, but non-detectable failures that may be present in the system. In the current regulatory framework, failures not detected by self-diagnostics are expected to be detected by a surveillance test.

With the methodology for eliminating SRs within this report, the diagnostics must cover these postulated failure modes. This is done by starting with the AP1000 PMS Failure Modes and Effects Analysis (FMEA) (WCAP-16438-P, FMEA of AP1000 Protection and Safety Monitoring System, Reference 21),

which shows that the PMS is single failure tolerant (which is used within this topical report to demonstrate that the generic PPS is single failure tolerant since the two systems contain the same Common Q equipment). The Failure Modes, Effects, and Diagnostics Analyses (FMEDAs) listed in Section 6 are based on the failure modes outlined in Reference 21, and these tables demonstrate diagnostic coverage for the aforementioned failure modes. By doing so, this establishes that the PPS will still be single failure tolerant. Note that the licensee will have to compare the plant-specific application FMEA with the FMEDAs listed in Section 6 to ensure that the failure modes outlined in these tables are bounding.

4.3 QUALIFICATION OF AC160 SELF-DIAGNOSTICS 4.3.1 Common Q Topical Report - NRC Safety Evaluation The Common Q Platform diagnostics were developed under a robust process that was reviewed by the NRC. In 2000, the NRC issued a safety evaluation report (ML003740165, Bibliography 1) on the Common Q Topical Report (CENP-396-P, Rev. 01 which is the predecessor to WCAP-16097-P-A, Reference 7). In that report the NRC acknowledged receipt of Westinghouse document GKWF700777, "Design and Life Cycle Evaluation Report on Previously-Developed Software in ABB AC160, I/O Modules and Tool Software" (Bibliography 2) in support of the commercial dedication of the AC160.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 4-4 The safety evaluation report states that the, AC160 PDS [Previously Developed Software] is composed of the AC160 software, S600 I/O Module(s) software, and ABB Tool software. The evaluation is based on the requirements specified in International Electrotechnical Commission (IEC) standard IEC-60880, "Software for Computers in the Safety Systems of Nuclear Power Stations." IEC 60880 is referenced in IEEE 7-4.3.2-2003, "IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations". IEC 60880 is comparable to IEEE 7-4.3.2-2003, and the staff has found standard IEC 880 to be an acceptable equivalent.

The Design and Lifecycle Evaluation (DLCE) applies to all aspects of the PDS including the system software that executes the nuclear application program and the diagnostics integrated with the system software. In other words, the same software quality approach applied to both aspects of the system software.

4.3.2 Palo Verde Nuclear Generating Station Core Protection Calculator System The NRC staff, in its safety evaluation of the Palo Verde Nuclear Generating Station, Core Protection Calculator System (CPCS), ML033030363 (Bibliography 3), stated:

3.4.4.2.5 CPCS Hardware Availability The SysRS, Section 3.5.3, identified a channel availability goal of 5 x 10-3 failures to generate a trip on demand. The NRC staff discussed with the licensee and Westinghouse the use of this goal, particularly whether it related to software, in a phone conference call on June 5, 2003, and as part of visits to Westinghouse and the licensee. The Westinghouse availability document 00000-ICE-36374 discusses the availability goal as strictly for hardware only and contains no software availability information. The availability value comes specified in NRC-approved CEN 327-A Surveillance Test Interval Extension Topical Report which was used to justify a CPCS channel functional test surveillance interval extension from 31 to 92 days, which was approved by NRC in a November 6, 1989 SER. The availability calculation, therefore, was performed to confirm that the availability value target is met. Part of the calculation relies on the premise that CPCS on-line diagnostics render the channel failure Mean Time to Detect (MTTD) negligible for all failures except for the digital output (DO) module and the IRP. As such, the NRC staff reviewed the on-line diagnostics to be employed on the CPC as presented in the SysRS and compared them to the diagnostics for the legacy system. As a result of the legacy documentation reviewed in the Westinghouse offices, personnel interviews, documentation reviews during the Westinghouse audit, and a review of the CPCS FMEA, the NRC staff found that the diagnostics to be employed on the Common Q system are more extensive and have more coverage than in the legacy system. Therefore, the premise regarding the MTTD for those failures other than the DO and IRP is reasonable. On the basis of its review of the availability analysis document and personnel interviews during the Westinghouse audit at Windsor, CT, the NRC staff also finds that the CPCS availability analysis provides reasonable assurance that the requirements in topical report CEN 327-A have been met and are acceptable.

The conclusion drawn from this evaluation is that the diagnostics were allowed to be credited to continue to justify the continued extended frequency of surveillance testing.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 4-5 4.3.3 Platform Differences Since Initial NRC Review and Palo Verde CPCS The following modules are not used in the Oskarshamn Reactor Protection System (the basis for the original NRC review) or the Palo Verde CPCS, but are used in the PPS configuration within this Topical Report:

AI687

AI688

DI621

DO620 The DI621 module was reviewed by the NRC in 2019 via topical report WCAP-16097-P-A (Reference 7).

The other modules were reviewed in Revision 3 of WCAP-16097-P-A (Bibliography 4).

The PM646A firmware that as analyzed as part of this report is 1.3/11. The PM646A firmware has changed since the original qualification (based on the Oskarshamn Reactor Protection System) and since the Palo Verde CPCS. Both installations used PM646A firmware version 1.3/4. There have been improvements to the diagnostic functions since this version which are taken credit for in this report. [

]a,c This method of verifying setpoints is described in WCAP-16097-P-A (Reference 7) which was reviewed and approved by the NRC staff Its important to note that although WCAP-16097-P-A (Reference 7) lists the PM646A firmware version at 1.3/11, the NRCs SER does not explicitly mention this since it was not part of their review for WCAP-16097-P Rev. 4. Therefore, the last version of the firmware the PM646A firmware the NRC staff reviewed was 1.3/9 (from WCAP-16097-P-A Rev. 3, Bibliography 4). Although the PPS within this topical report assumes version 1.3/11 is in use, the differences between the two revision levels having no impact on this report (except for an improved version of the overload and high-load self-diagnostic functions, see PS-9 and PS-10 in Table 5.1-1).

4.3.4 Southern Nuclear Company LAR 19-001 Southern Nuclear Company (SNC) submitted a Licensing Amendment Request (LAR) (ML19084A309, Vogtle Electric Generation Plant Units 3 and 4 - Request for Licenses Amendment Regarding Protection and Safety Monitoring System Surveillance Requirement Reduction Technical Specification Revision (LAR 19-001), Reference 23) for the Vogtle 3&4 AP1000 Nuclear Power Plants in 2019 which involved crediting the PMS (Safety I&C System based on Common Q) self-diagnostics to eliminate Tech Spec SRs. Many of the diagnostics tables and FMEDAs within this topical report were derived from this effort, which was accepted by the NRC. In their Safety Evaluation Report (ML19297D159, Reference 44), the NRC staff made the following statements regarding crediting PMS (Common Q and CIM self-diagnostics) for eliminating TS SRs.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 4-6

Benefits of Self-diagnostics vs. Manual Testing: The NRC staff agreed with the position that the method of crediting self-diagnostics reduces risks associated with manual testing. Specifically, the staff states in the SER that, The current manual SRs require the PMS division under test to be in bypass mode resulting in less than full redundancy. Whereas, the PMS self-diagnostic functions execute continuously and do not require the PMS channel under test to be bypassed. In addition, automatic self-diagnostic minimizes risks associated with potential human errors in performing manual surveillance tests. Considering these factors, the NRC staff concludes that the removal of manual SRs for the channel check, COT, ALT, and ALOT could potentially reduce the risk associated with the PMS manual surveillance testing.

Qualifications of Self-diagnostics: The NRC staff reviewed various aspects of the self-diagnostics including the qualification and documentation relating to these functions. These qualifications, which are documented within this topical report, were found the self-diagnostics to be acceptable. Within the SER, the NRC staff stated, [t]he staff finds that that Common-Q diagnostic functions credited in the SNC LAR, were developed, tested, qualified, and will be maintained using rigorous processes in accordance with Appendix B requirements, and provide reasonable assurance for the detection of platform-level faults for the Common-Q based PMS.

Note that a similar statement was made for both the CIM and SRNC self-diagnostics.

Adequacy of Self-diagnostics for Detecting Faults: The NRC staff agreed that the Common Q, application, and CIM/SRNC self-diagnostics are an adequate substitute for manual surveillance testing. Specifically stated in the SER, the staff concludes that the self-diagnostic functions are able to detect most PMS hardware faults, and are designed to initiate a division fault alarm to alert the operator to respond as directed by the alarm response procedure. The self-diagnostics continuously assess the health of all digital processor and communication components and are therefore substantially more effective in detecting hardware faults than are the PMS manual surveillances currently specified for detecting hardware faults by exercising each safety logic pathway.

Additional supporting statements from the NRCs SER regarding the Division Fault Alarm and RTT Elimination can be found in Section 4.4 and 7.3 respectively.

4.3.5 Conclusion on Qualification Status of Diagnostics In summary, the AC160 diagnostics were commercially dedicated to the same standards as the rest of the AC160 system software and have been reviewed by the NRC staff in their application to justify eliminating and extending surveillance test frequencies.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 4-7 4.4 DIVISION FAULT ALARM PATH (Note: The following section regarding the annunciation path in the Common Q based PPS makes some assumptions regarding the application SW within the PPS, as well as the overall plant I&C architecture. A licensee with a plant-specific Common Q PPS implementation that is different from what is described in this topical report will have to justify that diagnostic coverage is complete for the difference in the plant-specific implementation.)

Annunciation is necessary to alert operators when a fault is detected by diagnostics within the PPS. There are multiple ways that the operator can be informed of a PPS fault. These are:[

]a,c There are two Safety Displays located in the MCR. [

]a,c These Safety Displays are not normally used by the operator for routine plant operations (except for performing calibrations that must be done via the SDs). A subset of the data presented on the Safety Displays is [

]a,c The primary indication that there is a fault within the PPS is the Division Fault Alarm (one per division). [

]a,c When all alarm conditions are reset, the Division Fault Alarm is cleared.

The non-safety information display path is a monitoring system that involves continuous frequent action.

The information display path consists of multiple data points transmitted and received over the same hardware components on a continuing basis. [

]a,c For example, consider the Division Fault Alarm path from the Safety System divisions ITP (Figure 4.4-1). [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 4-8 a,c Figure 4.4-1. Division Fault Alarm Path

[

]a,c Table 4.4-1. Annunciation Path FMEDAs a,c ITP Diagnostics and Annunciation

[

]a,c MTP Diagnostics and Annunciation

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 4-9

[

]a,c AC160 to Non-Safety Interface and the Non-Safety Network/Workstation

[

]a,c CIM Fault Diagnostic Path

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 4-10 a,c Figure 4.4-2. CIM Fault to ITP Path Summary The annunciation of PPS faults is assured by self-diagnostics for the entire communication path. These diagnostics are sufficient to replace the need to test the annunciation features previously performed during surveillance testing. Its worth noting that this methodology of using the division fault alarm to respond to failures detected by self-diagnostics was considered to be acceptable by the NRC staff in SNC LAR 19-001 (ML19297D159, Reference 44), which states, The staff reviewed draft alarm response procedures during the LAR audit and has determined that there is reasonable assurance the operators will respond appropriately to any alarms through the written procedures and the associated training. Licensees leveraging this WCAP should ensure that the appropriate alarm response procedures are consistent with what is described in this report.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-1 5 SELF-DIAGNOSTIC FUNCTIONS Section 6 of this topical report contains the FMEDA tables which demonstrate that postulated failure modes of the PPS (or standalone CPCS, PAM, and DLS systems) equipment can credit the platform/application self-diagnostics to eliminate Tech Spec surveillance testing. The diagnostics being credited to cover these failure modes are contained within the various tables within this section, and are distinguished by the Common Q equipment (or application software) that the self-diagnostics reside in.

It is important to note that there is more than one self-diagnostic capable of detecting each failure mode within the FMEDA tables within Section 6, due to the sequential processing of digital functions. This characteristic of a digital system provides multiple lines of fault detection for postulated failures. There are levels of diversity between self-diagnostics detecting failures on the equipment in which the platform software is included and the self-diagnostics on equipment that is monitoring the component where the failure is postulated. There is also diversity provided between the self-diagnostics within the platform software, and those which are implemented in the application software.

5.1 AC160 SELF-DIAGNOSTICS The AC160 platform self-diagnostics are implemented in the hardware and firmware of the platform equipment. In the same manner as all the other platform equipment, the self-diagnostic functions have been designed, implemented, tested and configuration controlled by the platform equipment supplier and has been commercially dedicated by Westinghouse consistent with Westinghouses Commercial Grade Dedication process. The platform self-diagnostics have a large installed base in Nuclear Power Plants in the U.S., South Korea, China, and Europe.

[

]a,c The platform self-diagnostics are described in the tables below. To simplify the self-diagnostic evaluation, each type of platform self-diagnostic to be used within this analysis is assigned a designator for the platform equipment where it has a primary self-diagnostic function. The self-diagnostic designators are:

PS-N, where PS refers to the Processing Section of the PM646A processor module and N is the line number for a specific diagnostic (see Table 5.1-1).

CS-N, where CS refers to the Communication Section of the PM646A processor module and N is the line number for a specific diagnostic (see Table 5.1-2).

CI-N, where CI refers to the CI631 communications module and N is the line number for a specific diagnostic (see Table 5.1-3).

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-2

B-N, where B refers to the BIOB and N is the line number for a specific diagnostic (see Table 5.1-4).

AI-N, where AI refers to the AI687/AI688 analog input cards and N is the line number for a specific diagnostic (see Table 5.1-5).

DP-N, where DP refers to the DP620 pulse input cards and N is the line number for a specific diagnostic (see Table 5.1-6).

[

]a,c Additional information on the AC160 platform self-diagnostics is provided in WCAP-16097-P-A (Reference 7) and GBRA095801, AC160 Product Specification for AP1000 PMS, (Reference 24).

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-3 Table 5.1-1. PM646A Processing Section (PS) Diagnostic Table a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-4 Table 5.1-1. PM646A Processing Section (PS) Diagnostic Table (cont.)

a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-5 Table 5.1-1. PM646A Processing Section (PS) Diagnostic Table (cont.)

a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-6 Table 5.1-2. PM646A Communication Section (CS) Diagnostic Table a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-7 Table 5.1-2. PM646A Communication Section (CS) Diagnostic Table (cont.)

a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-8 Table 5.1-3. CI631 Communication Module Diagnostic Table a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-9 Table 5.1-4. Backplane I/O Bus (BIOB) Diagnostic Table a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-10 Table 5.1-5. Analog Input Module (AI687/AI688) Diagnostic Table a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-11 Table 5.1-6. Digital Pulse Module (DP620) Diagnostic Table a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-12 5.2 CIM/SRNC DIAGNOSTICS 5.2.1 SRNC Diagnostics The SRNC is a system component that provides a data link or bridge between the AC160 controller and the CIM. [

]a,c

[

]a,c Table 5.2-1 below provides a list of the SRNC diagnostics that are provided, the fault associated with the diagnostic, the resultant actions and any annunciations. These diagnostics are based on the SRNC requirements defined in Tables 7.1-2 and 7.2-1 in WNA-DS-01272-GEN, Safety System Remote Node Controller Requirements Specification (Reference 26). As with the AC160 platform diagnostics, designators are used within the Table 5.2-1 to make it easier to identify the diagnostics within the SRNC FMEDA table. The self-diagnostic designators are:

H-N, where H refers to the SRNC diagnostics relating to monitoring the HSL connections between the ILP and SRNC, and N is the line number for a specific diagnostic.

X-N, where X refers to the SRNC diagnostics relating to monitoring the X-Bus connections between the SRNC and the CIM, and N is the line number for a specific diagnostic WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-13

M-1, SRNC Module Internal Test Failures

P-1, Power Supply out of Range WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-14 Table 5.2-1. SRNC Diagnostic Table a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-15 Table 5.2-1. SRNC Diagnostic Table (cont.)

a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-16 5.2.2 CIM Diagnostics CIM Description The CIM is an FPGA-based qualified nuclear Class 1E safety grade module. The CIM will provide discrete component output commands for valves, pumps, etc., based upon the command inputs and component status feedbacks. [

]a,c Figure 5.2-1 is a block diagram of the CIM depicting the basic topology of the CIM modules. The functional blocks within this diagram include: power supply, communication, field inputs, K channel outputs, local control switches, and the FPGA. The module sections are divided up between 3 printed circuit boards (PCBs) which are connected together within the CIM module housing.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-17 a,c Figure 5.2-1. CIM Electrical Block Diagram The CIM contains several on-board self-diagnostics features that are integral to the elimination of surveillance testing on the safety system that covers the CIM. These diagnostics (and others) are listed within Table 5.2-2. As with the AC160 platform diagnostics, designators are used within the Table 5.2-2 to make it easier to identify the diagnostics within the CIM FMEDA table. The self-diagnostic designators are:

CIM-N, where CIM refers to the on-board CIM diagnostics, and N is the line number for a specific diagnostic.

X-N, where X refers to the CIM diagnostics relating to monitoring the X-Bus connections between the SRNC and the CIM, and N is the line number for a specific diagnostic.

Y-1, Y-bus (between the CIM and the non-safety system) failure.

P-N, where P refers to the diagnostic relating to the CIM power supply, and N is the line number for a specific diagnostic.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-18 These functions are described within this section at a high-level. Requirements relating to these diagnostics can be found in WNA-DS-01271-GEN, Component Interface Module Hardware Requirements Specification, (Reference 27).

[

]a,c a,c Figure 5.2-2. [ ]a,c

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-19

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-20 a,c Figure 5.2-3. [ ]a,c

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-21

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-22 Table 5.2-2. CIM Diagnostic Table a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-23 Table 5.2-2. CIM Diagnostic Table (cont.)

a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-24 5.3 APPLICATION DIAGNOSTICS 5.3.1 Application Software Self-Diagnostics The application software contains self-diagnostic functions that are carried out within the ITP PMs and the MTP. There are many self-diagnostic functions that monitor the system for errors [

]a,c 5.3.2 Other Application Software Functions This section provides an overview of application software functions that are not credited in providing coverage for any FMEDA failure mode. Even though they are not credited within the analysis, they are discussed here since they provide extra insurance that the PPS and its components are operating properly.

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-25

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 5-26

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-1 6 FAILURE MODES, EFFECTS, AND DIAGNOSTIC ANALYSES The evaluations of the suitability of the self-diagnostics to replace the manual Tech Spec SRs are documented by the FMEDA Tables within this section (one table for each PPS component that is currently covered by manual surveillances). The FMEDAs use the AP1000 PMS FMEA (Reference 21) as the basis. For each fault postulated in Reference 21 relating to the PPS components within the FMEDA tables, the self-diagnostics capable of detecting the type of fault are identified. The following FMEDA tables were developed:

PM646A FMEDA - Table 6-1

BIOB FMEDA- Table 6-2

CI631 FMEDA - Table 6-3

AI687/AI688 FMEDA - Table 6-4

DI621 FMEDA - Table 6-5

DP620 FMEDA - Table 6-6

DO620 FMEDA - Table 6-7 (Note: not included in Reference 21 as an interfacing module within the RT path. Therefore, failure modes were established for this component within this topical report)

DO625 FMEDA - Table 6-8 (Notes: not included in the PPS but could be used in a standalone CPCS which interfaces with interposing relays for bistable inputs to the analog PPS. Therefore, it is not included in Reference 21 and so failure modes were established for this component within this topical report)

DO630 FMEDA - Table 6-9 (Note: not included in the PPS, but could be used if desired for PPS and is part of the generic DLS architecture)

SRNC FMEDA - Table 6-10

CIM FMEDA - Table 6-11 The module FMEDA tables document the evaluation of diagnostic coverage for postulated module faults.

The format of the FMEDA tables is as follows.

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-2

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-3 Table 6-1 PM646A Processing Module FMEDA a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-4 Table 6-1 PM646A Processing Module FMEDA (cont.)

a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-5 Table 6-2 BIOB FMEDA a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-6 Table 6-3 CI631 Communications Module FMEDA a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-7 Table 6-4. Analog Input Modules (AI687/AI688) FMEDA a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-8 Table 6-4. Analog Input Modules (AI687/AI688) FMEDA (cont.)

a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-9 Table 6-5. Digital Input Module (DI621) FMEDA a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-10 Table 6-5. Digital Input Module (DI621) FMEDA (cont.)

a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-11 Table 6-6. Digital Pulse Module (DP620) FMEDA a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-12 Table 6-7. Digital Output Module (DO620) FMEDA a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-13 Table 6-8. Digital Output Module (DO625) FMEDA a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-14 Table 6-9. Digital Output Relay Module (DO630) FMEDA a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-15 Table 6-10. SRNC FMEDA a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-16 Table 6-11. CIM FMEDA a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 6-17 Table 6-11. CIM FMEDA (cont.)

a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-1 7 TECHNICAL SPECIFICATION SURVEILLANCE REQUIREMENT MAPPING The general approach to showing Tech Spec SRs can be eliminated can be summarized as follows:

The Common Q components that are tested by current manual Tech Spec SRs are identified.

The failure modes for these components are identified (see FMEDAs in Section 6).

The platform and application software self-diagnostics are then mapped to the failure modes (see FMEDAs in Section 6)

If all failure modes for all components within the test envelope the current manual Tech Spec SRs are covered by the Common Q self-diagnostics or an existing test, then that surveillance test can be eliminated as a requirement for systems based off of the Common Q platform.

There are some deviations from this general methodology when the analysis involves either channel checks or response time testing SRs. These deviations are described in more detail within the corresponding sub-section within Section 7. Section 7.1 contains the analysis for the Westinghouse Channel Check and Functional Logic Test SRs; and Section 7.2 contains the analysis for the CE Channel Check and Functional Logic SRs. Section 7.3 is an analysis for the elimination of RTT. Since the response time of a system is a measurement from rack input to rack output, and the WEC and CE PPS are identical in terms of equipment, this one section will cover RTT elimination for both the WEC and CE Standard Tech Specs. (Note: Although the CPCS is only found within the CE architecture, the components that make up the CPCS are identical to that of the PPS, and therefore this analysis applies to the CPCS as well).

7.1 WESTINGHOUSE STANDARD TECH SPEC SR MAPPING/ANALYSIS 7.1.1 Channel Check Elimination Analysis To eliminate manual Channel Check SRs in NUREG-1431 (Reference 2), [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-2 Table 7.1-1 lists out the Channel Check SRs and applicable functions within Section 3.3 of NUREG-1431 (Reference 2). [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-3 Table 7.1-1. NUREG 1431 Channel Check Elimination Analysis a,c Row SR Number Table/Function Description 1 SR 3.3.1.1 3.3.1-1, Function 2a Power Range Neutron Flux - High 2 SR 3.3.1.1 3.3.1-1, Function 2b Power Range Neutron Flux - Low 3 SR 3.3.1.1 3.3.1-1, Function 4 Intermediate Range Neutron Flux 4 SR 3.3.1.1 3.3.1-1, Function 5 Source Range Neutron Flux 5 SR 3.3.1.1 3.3.1-1, Function 6 Overtemperature T 6 SR 3.3.1.1 3.3.1-1, Function 7 Overpressure T 7 SR 3.3.1.1 3.3.1-1, Function 8a Pressurizer Pressure - Low 8 SR 3.3.1.1 3.3.1-1, Function 8b Pressurizer Pressure - High 9 SR 3.3.1.1 3.3.1-1, Function 9 Pressurizer Water Level - High 10 SR 3.3.1.1 3.3.1-1, Function 10 Reactor Coolant Flow - Low 11 SR 3.3.1.1 3.3.1-1, Function 14 Steam Generator (SG) Water level - Low Low 12 SR 3.3.1.1 3.3.1-1, Function 15 SG Water Level - Low Coincident with Steam Flow/Feedwater Flow Mismatch 13 SR 3.3.1.1 3.3.1-1, Function 18f Reactor Trip System Interlocks - Turbine Impulse Pressure, P-13 14 SR 3.3.2.1 3.3.2-1, Function 1c Safety Injection - Containment Pressure High-1 15 SR 3.3.2.1 3.3.2-1, Function 1d Safety Injection - Pressurizer Pressure Low 16 SR 3.3.2.1 3.3.2-1, Function 1e(1) Safety Injection - Steam Line Pressure Low 17 SR 3.3.2.1 3.3.2-1, Function 1e(2) Safety Injection - Steam Line Pressure - High Differential Pressure Between Steam Lines 18 SR 3.3.2.1 3.3.2-1, Function 1f Safety Injection - High Steam Flow in Two Steam Lines Coincident with TAVG - Low Low 19 SR 3.3.2.1 3.3.2-1, Function 1g Safety Injection - High Steam Flow in Two Steam Lines Coincident with Steam Line Pressure - Low 20 SR 3.3.2.1 3.3.2-1, Function 2c, 2d Containment Spray - Containment Pressure High-3 21 SR 3.3.2.1 3.3.2-1, Function 3b(3) Containment Isolation - Phase B Isolation - Containment Pressure High-3 22 SR 3.3.2.1 3.3.2-1, Function 4c Steam Line Isolation - Containment Pressure High-2 23 SR 3.3.2.1 3.3.2-1, Function 4d(1) Steam Line Isolation - Steam Line Pressure Low 24 SR 3.3.2.1 3.3.2-1, Function 4d(1) Steam Line Isolation - Steam Line Pressure Negative Rate High 25 SR 3.3.2.1 3.3.2-1, Function 4e Steam Line Isolation - High Steam Flow in Two Steam Lines Coincident with TAVG - Low Low 26 SR 3.3.2.1 3.3.2-1, Function 4f Steam Line Isolation - High Steam Flow in Two Steam Lines Coincident with Steam Line Pressure - Low 27 SR 3.3.2.1 3.3.2-1, Function 4g Steam Line Isolation - High Steam Flow Coincident with Safety Injection and TAVG - Low Low 28 SR 3.3.2.1 3.3.2-1, Function 4h Steam Line Isolation - High High Steam Flow Coincident with Safety Injection WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-4 Table 7.1-1. Channel Check Elimination Analysis (cont.)

a,c Row SR Number Table/Function Description 29 SR 3.3.2.1 3.3.2-1, Function 5b Turbine Trip and Feedwater Isolation - SG Water Level - High High (P-14) 30 SR 3.3.2.1 3.3.2-1, Function 6c Auxiliary Feedwater - SG Water Level - Low Low 31 SR 3.3.2.1 3.3.2-1, Function 6h Auxiliary Feedwater - Auxiliary Feedwater Pump Suction Transfer on Suction Pressure - Low 32 SR 3.3.2.1 3.3.2-1, Function 7b Automatic Switchover to Containment Sump - Refueling Water Storage Tank (RWST) Level - Low Low 33 SR 3.3.2.1 3.3.2-1, Function 7c Automatic Switchover to Containment Sump - RWST Level - Low Low Coincident with Safety Injection and Containment Sump Level - High 34 SR 3.3.2.1 3.3.2-1, Function 8b ESFAS Interlocks - Pressurizer Pressure, P-11 35 SR 3.3.2.1 3.3.2-1, Function 8c ESFAS Interlocks - TAVG - Low Low, P-12 36 SR 3.3.3.1 3.3.3-1, Function 1 Power Range Neutron Flux 37 SR 3.3.3.1 3.3.3-1, Function 2 Source Range Neutron Flux 38 SR 3.3.3.1 3.3.3-1, Function 3 Reactor Coolant System (RCS) Hot Leg Temperature 39 SR 3.3.3.1 3.3.3-1, Function 4 RCS Cold Leg Temperature 40 SR 3.3.3.1 3.3.3-1, Function 5 RCS Pressure (Wide Range) 41 SR 3.3.3.1 3.3.3-1, Function 6 Reactor Vessel Water Level 42 SR 3.3.3.1 3.3.3-1, Function 7 Containment Sump Water Level (Wide Range) 43 SR 3.3.3.1 3.3.3-1, Function 8 Containment Pressure (Wide Range) 44 SR 3.3.3.1 3.3.3-1, Function 9 Penetration Flow Path Containment Isolation Valve Position 45 SR 3.3.3.1 3.3.3-1, Function 10 Containment Area Radiation (High Range) 46 SR 3.3.3.1 3.3.3-1, Function 11 Pressurizer Level 47 SR 3.3.3.1 3.3.3-1, Function 12 Steam Generator Water Level (Wide Range) 48 SR 3.3.3.1 3.3.3-1, Function 13 Condensate Storage Tank Level 49 SR 3.3.3.1 3.3.3-1, Function 14 Core Exit Temperature - Quadrant [1]

50 SR 3.3.3.1 3.3.3-1, Function 15 Core Exit Temperature - Quadrant [2]

51 SR 3.3.3.1 3.3.3-1, Function 16 Core Exit Temperature - Quadrant [3]

52 SR 3.3.3.1 3.3.3-1, Function 17 Core Exit Temperature - Quadrant [4]

53 SR 3.3.3.1 3.3.3-1, Function 18 Auxiliary Feedwater Flow 54 SR 3.3.5.1 N/A Loss of Power Diesel Generator Start Instrumentation - Loss of Voltage and Degraded Voltage Functions 55 SR 3.3.6.1 3.3.6-1, Function 3a Containment Radiation - Gaseous WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-5 Table 7.1-1. Channel Check Elimination Analysis (cont.) a,c Row SR Number Table/Function Description 56 SR 3.3.6.1 3.3.6-1, Function 3b Containment Radiation - Particulate 57 SR 3.3.6.1 3.3.6-1, Function 3c Containment Radiation - Iodine 58 SR 3.3.6.1 3.3.6-1, Function 3d Containment Radiation - Gaseous 59 SR 3.3.7.1 3.3.7-1, Function 3a Control Room Radiation - Control Room Atmosphere 60 SR 3.3.7.1 3.3.7-1, Function 3b Control Room Radiation - Control Room Air Intakes 61 SR 3.3.8.1 3.3.8-1, Function 3a Fuel Building Radiation - Gaseous 62 SR 3.3.8.1 3.3.8-1, Function 3b Fuel Building Radiation - Particulate 63 SR 3.3.9.1 N/A Boron Dilution Protection System (BDPS) - Source Range Neutron Flux 64 SR 3.4.15.1 N/A Containment Radiation - Gaseous or Particulate 65 SR 3.9.3.1 N/A Source Range Neutron Flux and Source Range Audible Count Rate Circuit Notes: a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-6 Channel Check Summary As shown in Table 7.1-1, all channel check SRs can be eliminated except for SR 3.3.3.1 for Table 3.3.3-1, Function 9 Penetration Flow Path Containment Isolation Valve Position. [

]a,c Additionally, for plants that assume a boron dilution event that is mitigated by operator response to audible indication, SR 3.9.3.1 cannot be eliminated.

7.1.2 Channel Operational Test Elimination Analysis As stated in Section 2, a COT is a test of the bistable logic within the safety I&C system (for both the PPS and a standalone DLS system). NUREG-1431 (Reference 2) identifies the following COT SRs:

Table 7.1-2. NUREG-1431 COT SRs TS SR Section 3.1.8.1 Physics Tests Exceptions - MODE 2 3.3.1.7 RTS Instrumentation 3.3.1.8 (1) RTS Instrumentation 3.3.1.13 RTS Instrumentation 3.3.2.5 ESFAS Instrumentation 3.3.5.1 (2) Loss of Power (LOP) Diesel Generator (DG) Start Instrumentation 3.3.6.6 Containment Purge and Exhaust Isolation Instrumentation 3.3.7.2 Control Room Emergency Filtration System (CREFS) Actuation Instrumentation 3.3.8.2 Fuel Building Air Cleanup System (FBACS) Actuation Instrumentation 3.3.9.2 Boron Dilution Protection System (BDPS) 3.4.15.2 RCS Leakage Detection Instrumentation 3.4.19.2 RCS Loops - Test Exceptions Notes:

1. This Surveillance shall include verification that interlocks P-6 and P-10 are in their required state for existing unit conditions. This is irrelevant to this analysis since the mode of operation has nothing to do with the ability for the Common Q/Application SW diagnostics to work.

2. NUREG-1431 SR 3.3.5.1 is a Channel Check of the DLS system. However, when implementing a digital I&C safety system, this is assumed to become a COT SR (since this type of test is more appropriate for undervoltage signals).

Although there may be different ways to perform such a test [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-7

[

]a,c a,c Figure 7.1-1. Simplified COT [ ]a,c

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-8

[ ]a,c Therefore, the COT SRs are no longer required.

There are two additional items worth discussion. [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-9 7.1.3 Actuation Logic Test Elimination Analysis As stated in Section 2, an ALT is a test of the coincidence voting logic within the safety I&C system.

NUREG-1431 (Reference 2) identifies the following ALT SRs:

Table 7.1-3. NUREG-1431 ALT SRs TS SR Section 3.3.1.5 RTS Instrumentation 3.3.2.2 (1) ESFAS Instrumentation 3.3.2.3 (2) ESFAS Instrumentation 3.3.6.2 Containment Purge and Exhaust Isolation Instrumentation 3.3.6.4 (3) Containment Purge and Exhaust Isolation Instrumentation 3.3.7.3 Control Room Emergency Filtration System (CREFS) Actuation Instrumentation 3.3.7.5 (3) Control Room Emergency Filtration System (CREFS) Actuation Instrumentation 3.3.8.3 Fuel Building Air Cleanup System (FBACS) Actuation Instrumentation 3.3.9.4 (4) Boron Dilution Protection System (BDPS) 3.4.19.3 RCS Loops - Test Exceptions Notes:

1. This Surveillance applies to the Automatic Actuation Logic and Actuation Relays functions within Table 3.3.2-2, which would not exist in a Common Q based PPS (since these legacy system functions are integrated into the PPS).

2. This Surveillance has a note that the continuity check may be excluded for the corresponding tests.

3. This Surveillance has a note stating that the ALT only applies to the actuation logic of the ESFAS Instrumentation. Therefore, this SR does not apply to the evaluation for eliminating ALT since it is covered by the evaluation for eliminating ALOT in Section 7.1.4.

4. NUREG-1431 SR 3.3.9.4 does not exist. However, when implementing a digital I&C safety system, this is assumed to become a required surveillance, since the voting logic for this function would need to be verified.

Although there may be different ways to perform such a test [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-10 a,c Figure 7.1-2. Simplified ALT [ ]a,c

[

]a,c Therefore, the ALT SRs are no longer required.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-11 7.1.4 Actuation Logic Output Test Elimination Analysis This section will utilize the same methodology as for COT/ALT elimination to show why the ALOT SR would be unnecessary when upgrading a plants I&C Safety System to Common Q. The scope of the ALOT is shown in Figure 7.1-3 (items in blue are either part of the ALOT scope or discussed in this section as to why they fall outside of the ALOT scope).

a,c Figure 7.1-3. Scope of Actuation Logic Output Test WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-12

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-13 CIM Analysis The CIM provides the interface between the safety system and the actuating devices. The main functions of the CIM are to provide control, arbitrate component command priorities between the safety and non-safety systems, integrate component command signals from different platforms, provide local component control, and provide a power interface from the safety system to the actuating device. [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-14

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-15 7.2 COMBUSTION ENGINEERING STANDARD TECH SPEC SR MAPPING/ANALYSIS 7.2.1 Channel Check Elimination Analysis To eliminate manual Channel Check SRs in NUREG-1432 (Reference 4), [

]a,c Table 7.2-1 lists out the Channel Check SRs and applicable functions within Section 3.3 of NUREG-1432 (Reference 4). [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-16 Table 7.2-1. NUREG-1432 Channel Check Elimination Analysis a,c Row SR Number Table/Function Description 1 SR 3.3.1.1 3.3.1-1, Function 1 Linear Power Level - High 2 SR 3.3.1.1 3.3.1-1, Function 2 Logarithmic Power level - High 3 SR 3.3.1.1 3.3.1-1, Function 3 Pressurizer Pressure - High 4 SR 3.3.1.1 3.3.1-1, Function 4 Pressurizer Pressure - Low 5 SR 3.3.1.1 3.3.1-1, Function 5 Containment Pressure - High 6 SR 3.3.1.1 3.3.1-1, Function 6 Steam Generator #1 Pressure - Low 7 SR 3.3.1.1 3.3.1-1, Function 7 Steam Generator #2 Pressure - Low 8 SR 3.3.1.1 3.3.1-1, Function 8 Steam Generator #1 Level - Low 9 SR 3.3.1.1 3.3.1-1, Function 9 Steam Generator #2 Level - Low 10 SR 3.3.1.1 3.3.1-1, Function 10 Reactor Coolant Flow, Steam Generator #1 - Low 11 SR 3.3.1.1 3.3.1-1, Function 11 Reactor Coolant Flow, Steam Generator #2 - Low 12 SR 3.3.1.1 3.3.1-1, Function 13 Local Power Density - High 13 SR 3.3.1.1 3.3.1-1, Function 14 Departure from Nuclear Boiling Ration (DNBR) - Low 14 SR 3.3.2.1 N/A Logarithmic Power level - High (Modes 3,4,5) 15 SR 3.3.3.1 N/A Two Control Element Assembly Calculators (CEACs) Operable 16 SR 3.3.5.1 3.3.5-1, Function 1a Safety Injection Actuation Signal - Containment Pressure-High 17 SR 3.3.5.1 3.3.5-1, Function 1b Safety Injection Actuation Signal - Pressurizer Pressure-Low 18 SR 3.3.5.1 3.3.5-1, Function 2a Containment Spray Actuation Signal - Containment Pressure-High High coincident with Automatic SIAS 19 SR 3.3.5.1 3.3.5-1, Function 3a Containment Isolation Actuation Signal - Containment Pressure-High 20 SR 3.3.5.1 3.3.5-1, Function 3b Containment Isolation Actuation Signal - Pressurizer Pressure-Low 21 SR 3.3.5.1 3.3.5-1, Function 4a Main Steam Isolation Signal - Steam Generator Pressure-Low 22 SR 3.3.5.1 3.3.5-1, Function 4b Main Steam Isolation Signal - Containment Pressure-High 23 SR 3.3.5.1 3.3.5-1, Function 5a Recirculation Actuation Signal - Refueling Water Storage Tank Level-Low 24 SR 3.3.5.1 3.3.5-1, Function 6a Emergency Feedwater Actuation Signal SG #1 (EFAS-1) - Steam Generator Level-Low 25 SR 3.3.5.1 3.3.5-1, Function 6b Emergency Feedwater Actuation Signal SG #1 (EFAS-1) - SG Pressure Difference-High 26 SR 3.3.5.1 3.3.5-1, Function 6c Emergency Feedwater Actuation Signal SG #1 (EFAS-1) - Steam Generator Pressure-Low 27 SR 3.3.5.1 3.3.5-1, Function 7a Emergency Feedwater Actuation Signal SG #2 (EFAS-2) - Steam Generator Level-Low 28 SR 3.3.5.1 3.3.5-1, Function 7b Emergency Feedwater Actuation Signal SG #2 (EFAS-2) - SG Pressure Difference-High WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-17 Table 7.2-1. NUREG-1432 Channel Check Elimination Analysis (cont.) a,c Row SR Number Table/Function Description 29 SR 3.3.5.1 3.3.5-1, Function 7c Emergency Feedwater Actuation Signal SG #2 (EFAS-2) - Steam Generator Pressure-Low 30 SR 3.3.7.1 N/A Diesel Generator (DG) - Loss of Voltage Start (LOVS) 31 SR 3.3.8.1 N/A Containment Purge Isolation Signal (CPIS) - Containment Area and Gaseous Radiation Monitors 32 SR 3.3.8.2 N/A Containment Purge Isolation Signal (CPIS) - Containment Particulate and Iodine Radiation Monitors 33 SR 3.3.9.1 N/A Control Room Isolation Signal (CRIS) - Particulate, Iodine, and Gaseous Radiation Monitors 34 SR 3.3.10.1 N/A Fuel Handling Isolation Signal (FHIS) - Particulate, Iodine, and Gaseous Radiation Monitors 35 SR 3.3.11.1 3.3.11-1, Function 1 Wide Range Neutron Flux 36 SR 3.3.11.1 3.3.11-1, Function 2 Reactor Coolant System Hot Leg Temperature 37 SR 3.3.11.1 3.3.11-1, Function 3 Reactor Coolant System Cold Leg Temperature 38 SR 3.3.11.1 3.3.11-1, Function 4 Reactor Coolant System Pressure (wide range) 39 SR 3.3.11.1 3.3.11-1, Function 5 Reactor Vessel Water Level 40 SR 3.3.11.1 3.3.11-1, Function 6 Containment Sump Water Level (wide range) 41 SR 3.3.11.1 3.3.11-1, Function 7 Containment Pressure (wide range) 42 SR 3.3.11.1 3.3.11-1, Function 8 Penetration Flow Path Containment Isolation Valve Position 43 SR 3.3.11.1 3.3.11-1, Function 9 Containment Area Radiation (high range) 44 SR 3.3.11.1 3.3.11-1, Function 10 Pressurizer Level 45 SR 3.3.11.1 3.3.11-1, Function 11 Steam Generator Water Level (wide range) 46 SR 3.3.11.1 3.3.11-1, Function 12 Condensate Storage Tank Level 47 SR 3.3.11.1 3.3.11-1, Function 13 Core Exit Temperature - Quadrant [1]

48 SR 3.3.11.1 3.3.11-1, Function 14 Core Exit Temperature - Quadrant [2]

49 SR 3.3.11.1 3.3.11-1, Function 15 Core Exit Temperature - Quadrant [3]

50 SR 3.3.11.1 3.3.11-1, Function 16 Core Exit Temperature - Quadrant [4]

51 SR 3.3.11.1 3.3.11-1, Function 17 Emergency Feedwater Flow 52 SR 3.3.13.1 N/A [Logarithmic] Power Monitoring 53 SR 3.4.15.1 N/A Containment Radiation - Gaseous or Particulate 54 SR 3.9.2.1 N/A Source Range Monitors WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-18 Notes: a,c Channel Check Summary As shown in Table 7.2-1, all channel check SRs can be eliminated except for the following:

SR 3.3.3.1 - [

]a,c

SR 3.3.11.1 for Table 3.3.11-1, Function 8 Penetration Flow Path Containment Isolation Valve Position. [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-19 7.2.2 Channel Functional Test Elimination Analysis As stated in Section 2, Channel Functional Tests consists of Bistable Tests, Matrix Logic Tests, and Trip Path Tests. These respectively test the bistable logic, coincidence logic, and initiation logic within the safety I&C system (for the PPS as well as standalone CPCS and DLS systems where applicable). Table 7.2-2 identifies the NUREG-1432 (Reference 4) Channel Functional Test SRs related to the safety I&C system. This table also distinguishes which part of the channel is being tested by the respective SR (bistable logic, matrix logic, and trip path) as well as if the SR is not applicable to this analysis.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-20 Table 7.2-2. NUREG-1432 Channel Functional Test SRs TS SR Section SR Applicability Notes 3.3.1.7 RPS Instrumentation - Operating All channels except Loss of Load and power range Per the NUREG-1432 Bases (Reference 5), only the Bistable Test portion of the Channel Functional Test is neutron flux covered by this SR for RPS Instrumentation. The Matrix Logic Test and Trip Path Test Portions are addressed by SR 3.3.4.2.

This SR contains a note that states, The CPC CHANNEL FUNCTIONAL TEST shall include verification that the correct values of addressable constants are installed in each OPERABLE CPC.

3.3.1.9 RPS Instrumentation - Operating Loss of Load Function only None 3.3.1.11 RPS Instrumentation - Operating Each CPC channel None 3.3.1.13 RPS Instrumentation - Operating Each automatic bypass removal function None 3.3.2.2 RPS Instrumentation - Shutdown Each logarithmic power channel None 3.3.2.3 RPS Instrumentation - Shutdown Each automatic bypass removal function None 3.3.3.3 Control Element Assembly Calculators (CEACs) Each CEAC channel NUREG-1432 (Reference 4), LCO 3.3.3B has two Channel Functional Test SRs associated with it, 3.3.3.3 and 3.3.3.5 (the former is performed quarterly, and the latter is performed every refueling outage). The quarterly test is executed via test software and does not actuate every relay contact. The outage test however does test the entire protection paths by utilizing an I/O simulator.

3.3.3.5 Control Element Assembly Calculators (CEACs) Each CEAC channel NUREG-1432 (Reference 4), LCO 3.3.3B has two Channel Functional Test SRs associated with it, 3.3.3.3 and 3.3.3.5 (the former is performed quarterly, and the latter is performed every refueling outage). The quarterly test is executed via test software and does not actuate every relay contact. The outage test however does test the entire protection paths by utilizing an I/O simulator.

3.3.4.1 RPS Logic and Trip Initiation Each RTCB channel Actuation of the RTCBs are outside of the PPS rack and thus beyond the scope of this topical report.

3.3.4.2 RPS Logic and Trip Initiation Each RPS Logic channel Per the NUREG-1432 Bases (Reference 5), only the Matrix Logic Test and Trip Path Test Portions of the Channel Functional Test are covered by this SR for RPS Instrumentation. The Bistable Test portion is addressed by SR 3.3.1.7.

3.3.4.3 RPS Logic and Trip Initiation Each RTCB, including separate verification of the None undervoltage and shunt trips 3.3.4.4 RPS Logic and Trip Initiation Each RPS Manual Trip channel Manual switch actuation from the MCR are outside of the PPS rack and thus beyond the scope of this topical report.

3.3.5.2 ESFAS Instrumentation Each ESFAS channel Per the NUREG-1432 Bases (Reference 5), only the Bistable Test portion of the Channel Functional Test is covered by this SR for ESFAS Instrumentation. The Matrix Logic Test and Trip Path Test Portions are addressed by SR 3.3.6.1 and 3.3.6.2 respectively.

3.3.5.5 ESFAS Instrumentation Each automatic bypass removal function None 3.3.6.1 ESFAS Logic and Manual Trip Each ESFAS logic channel Per the NUREG-1432 Bases (Reference 5), only the Matrix Logic Test portion of the Channel Functional Test is covered by this SR for ESFAS Instrumentation. The Bistable Test and Trip Path Test Portions are addressed by SR 3.3.5.2 and 3.3.6.2 respectively.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-21 Table 7.2-2. NUREG-1432 Channel Functional Test SRs (cont.)

TS SR Section SR Applicability Notes 3.3.6.2 ESFAS Logic and Manual Trip Each ESFAS logic channel Per the NUREG-1432 Bases (Reference 5), only the Trip Path Test portion of the Channel Functional Test is covered by this SR for ESFAS Instrumentation. The Bistable Test and Matrix Logic Test portions are addressed by SR 3.3.4.2 and 3.3.6.1 respectively.

Additionally, per NUREG-1432 (Reference 4) this SR is a relay test on the PPS actuation logic channels.

However, when implementing a digital I&C system based on Common Q, the CIM would be used in lieu of subgroup relays. Therefore, it is assumed that this SR would become a test of the functional logic from the ILP to CIM.

3.3.6.3 ESFAS Logic and Manual Trip Each ESFAS Manual Trip channel Manual switch actuation from the MCR are outside of the PPS rack and thus beyond the scope of this report.

3.3.7.2 Diesel Generator (DG) - Loss of Voltage Start (LOVS) Each Loss of Voltage and Degraded Voltage Function None 3.3.8.3 Containment Purge Isolation Signal (CPIS) Each required containment radiation monitor channel SR 3.3.8.3 and 3.3.8.4 are identical besides the applicable mode the surveillances should be performed in.

Per the NUREG-1432 Bases (Reference 5) this SR is assumed to be the Bistable Test and Matrix Logic Test portions of the Channel Functional Test. The Trip Logic Test is assumed to be covered under SR 3.3.8.5.

3.3.8.4 Containment Purge Isolation Signal (CPIS) Each required containment radiation monitor channel SR 3.3.8.3 and 3.3.8.4 are identical besides the applicable mode the surveillances should be performed in.

Per the NUREG-1432 Bases (Reference 5) this SR is assumed to be the Bistable Test and Matrix Logic Test portions of the Channel Functional Test. The Trip Logic Test is assumed to be covered under SR 3.3.8.5.

3.3.8.5 Containment Purge Isolation Signal (CPIS) Each CPIS Actuation Logic channel Per the NUREG-1432 Bases (Reference 5) this SR is assumed to be the Trip Logic Test portions of the Channel Functional Test. The Bistable Test and Matrix Logic Test portions is assumed to be covered under SR 3.3.8.3 and 3.3.8.4.

3.3.8.8 Containment Purge Isolation Signal (CPIS) Each CPIS Manual Trip channel Manual switch actuation from the MCR are outside of the PPS rack and thus beyond the scope of this report.

3.3.9.2 Control Room Isolation Signal (CRIS) Each required CRIS radiation monitor channel Per the NUREG-1432 Bases (Reference 5) this SR is assumed to be the Bistable Test and Matrix Logic Test portions of the Channel Functional Test. The Trip Logic Test is assumed to be covered under SR 3.3.9.3.

3.3.9.3 Control Room Isolation Signal (CRIS) Each required CRIS Actuation Logic channel Per the NUREG-1432 Bases (Reference 5) this SR is assumed to be the Trip Logic Test portions of the Channel Functional Test. The Bistable Test and Matrix Logic Test portions is assumed to be covered under SR 3.3.9.2.

3.3.9.5 Control Room Isolation Signal (CRIS) Each CRIS Manual Trip channel Manual switch actuation from the MCR are outside of the PPS rack and thus beyond the scope of this report.

3.3.10.2 Fuel Handling Isolation Signal (FHIS) Each required FHIS radiation monitor channel Per the NUREG-1432 Bases (Reference 5) this SR is assumed to be the Bistable Test and Matrix Logic Test portions of the Channel Functional Test. The Trip Logic Test is assumed to be covered under SR 3.3.10.3.

3.3.10.3 Fuel Handling Isolation Signal (FHIS) Each required FHIS Actuation Logic channel Per the NUREG-1432 Bases (Reference 5) this SR is assumed to be the Trip Logic Test portions of the Channel Functional Test. The Bistable Test and Matrix Logic Test portions is assumed to be covered under SR 3.3.10.2.

3.3.10.4 Fuel Handling Isolation Signal (FHIS) Each FHIS Manual trip channel Manual switch actuation from the MCR are outside of the PPS rack and thus beyond the scope of this report.

3.3.13.2 [Logarithmic] Power Monitoring Channels Each [Logarithmic] Power Monitoring Channel None 3.4.15.2 RCS Leakage Detection Instrumentation Each required containment atmospheric radiation monitor None 3.4.17.2 Special Test Exception (STE)-RCS Loops Each logarithmic/linear power monitoring channel None WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-22

[

]a,c a,c Figure 7.2-1. Simplified Bistable Test [ ]a,c

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-23

[

]a,c Therefore, the Bistable Test SRs relating to the BPL or a standalone DLS are no longer required.

Additional Considerations There are two additional items worth discussing. [

]a,c Matrix Logic Test Analysis

[

]a,c a,c Figure 7.2-2. Simplified Matrix Logic [ ]a,c For RT functions, the matrix logic simulated signal is received by one of the LCL PMs and sent to the [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-24

[

]a,c Therefore, the Matrix Logic Test SRs are no longer required.

Trip Logic Test Analysis Since the trip logic test for RT functions is required to test the DO620 for failure modes that cannot be detected by diagnostics, only ESF-related trip logic tests will be analyzed here. Note that this test is similar to the Westinghouse ALOT SR, and thus additional details will be provided in Section 7.1.4. The scope of the trip logic test is shown in Figure 7.2-3 (items in blue are either part of the trip logic test scope or discussed in this section (or Section 7.1.4) as to why they fall outside of the trip logic test scope).

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-25 a,c Figure 7.2-3. Scope of Trip Logic Test

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-26

[

]a,c CPCS/CEAC Testing Analogous to the BPL, the CPC and CEAC subracks are required to be tested from the subrack input to output. Since these racks provide input into the BPL, they are only subjected to the bistable testing (i.e.,

no coincident voting or actuation testing is necessary). The CPC and CEAC channels are tested separately. Figure 7.2-4 below provides a simplified diagram of the testing done on these racks [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-27 a,c Figure 7.2-4. Simplified Bistable Test [ ]a,c (CPCS/CEAC)

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-28

[

]a,c Channel Functional Test Elimination Conclusion All the Channel Functional Test SRs can be eliminated based on self-diagnostics, except for the ones that could not be eliminated because they are either outside the scope of this analysis or are needed for portions of the protection path that cannot credit diagnostics. The SRs that will remain are identified in Table 7.2-3.

Table 7.2-3. Channel Functional Test SRs Not Being Eliminated Channel Functional Reason Test SR Remaining 3.3.4.1 Actuation of the RTCBs are outside the scope of this topical report.

3.3.4.2 The Trip Path Test portion of the Channel Functional Test for RPS Instrumentation is covered by this SR which is still required.

3.3.4.4 Manual actuations from the MCR are outside the scope of this topical report.

3.3.6.3 Manual actuations from the MCR are outside the scope of this topical report.

3.3.8.8 Manual actuations from the MCR are outside the scope of this topical report.

3.3.9.5 Manual actuations from the MCR are outside the scope of this topical report.

3.3.10.4 Manual actuations from the MCR are outside the scope of this topical report.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-29 7.3 RESPONSE TIME TESTING ELIMINATION ANALYSIS The foundation for the RTT SR elimination analysis consists of the following two axioms:

The system and application diagnostics that are being credited in this report to eliminate other SRs in this topical report, although only designed to test the operability of the system, would still capture failures of the PPS that would result in slower response times.

Portions of the PPS actuation paths are tested under other SRs not eliminated within this topical report.

Based on these, only failures that cause a response time delay, but have no functional effect on the component, will be considered. These failures are those that will either effect the CONTRM (i.e., the control module structure PC element used for execution control of modules within a PC program) cycles in the PMs or hardware failures that result in response time delays. Therefore, to eliminate RTT SRs, it must be demonstrated that both the CONTRM cycle time and hardware are covered by diagnostics (SW is not included since it can only fail due to a hardware failure).

7.3.1 Methodology The methodology to be used to eliminate RTT is as follows:

1. Determine all common RT and ESFAS paths tested under the following SRs:

a. NUREG-1431 SR 3.3.1.16 (RTS Instrumentation)

b. NUREG-1431 SR 3.3.2.10 (ESFAS Instrumentation)

c. NUREG-1432 SR 3.3.1.14 (RPS Instrumentation)

d. NUREG-1432 SR 3.3.2.5 (RPS Instrumentation - Shutdown)

e. NUREG-1432 SR 3.3.5.4 (ESFAS Instrumentation)

f. NUREG-1432 SR 3.3.8.7 (CPIS Instrumentation)

g. NUREG-1432 SR 3.3.9.6 (CRIS Instrumentation)

h. NUREG-1432 SR 3.3.10.6 (FHIS Instrumentation)

Once all paths are determined, the scope of the components that make up the functional paths for response time testing can be determined.

2. Analyze the components identified in Step 1 for potential failures that could generate delays in response time. For identified failures, diagnostics will be discussed which will be credited to ensure the response time will not continue to degrade to a point that would be qualitatively worse than the current frequency of checking the response time of the system (any given division is only response time tested every 4th refueling outage). This will be done by analyzing the components in three groups:

a. Input Modules

b. Processing and Communication Components

c. Output Modules This captures the subrack portion of the actuation paths which constitutes the scope of this SR elimination task. This methodology and most of the analysis that follows is derived from the RTT elimination portion WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-30 of SNC LAR 19-001. The NRC staff reviewed that analysis for the Vogtle 3&4 PMS and provided the following conclusion in their SER (ML19297D159, Reference 44), the NRC staff finds the methodology presented in the LAR for use of PMS racks allocated times acceptable because it satisfies the applicable requirements of 10 CFR 50.55a(h).

7.3.2 Response Time Paths Step 1 of the aforementioned methodology lists the applicable RTT SRs that are to be analyzed. These SRs comprise of RT and ESF actuation paths, all of which are automatic (Note: CPIS, CRIS, and FHIS functions would be integrated into the PPS if a plant upgraded the RTS/ESFAS system to Common Q, and therefore will not be considered any further in this section). Because of this, certain items can be excluded, such as outputs to non-safety systems or devices (since there are no response time requirements for non-safety equipment within the Tech Specs).

Table 7.3-1 provides the list of components that needs to be analyzed per the identified paths and using Figure 2.1-1 and the detailed architecture described in Appendix A.1.

Table 7.3-1. PPS Components with Paths of Tech Spec RTT SRs Type of Component PPS Rack Components within SR Path Input Modules - AI687

- AI688

- DI621

- DP620

- Source Range (SR) and Intermediate Range (IR)

Preamplifiers

- Nuclear Instrumentation Signal Processing Assembly (NISPA)

Processing/Communication -PM646

- BIOB

- CI631

- HSL Output Modules - DO620

- DO625 (1)

- DO630 (2)

- Safety Remote Node Controller (SRNC)

- Component Interface Module (CIM)

Notes:

1. This module is not used in the PPS architecture but may be used in standalone CPCS implementations.

In the CPCS implementation, it is assumed there would be the need of a higher output rating of the DO625 to interface with the existing analog PPS. If the PPS is based on the Common Q platform, then the DO625 is still expected to be used to interface with the interposing relays between the CPCS contact outputs and the PPS.

2. This module is not used in the PPS architecture but may be used in standalone DLS implementations. In this implementation, it is assumed there would be a SR verify ESF Response Time for a loss of voltage and degraded voltage on the 4.16 kV ESF buses are within limits.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-31 7.3.3 Input Module Analyses Input Module Scope The input modules utilized within the RT and ESF actuation paths are listed below, along with a synopsis as to whether they should be included in the RTT elimination analysis.

1. AI687/AI688 Input Modules - The AI687 is a low-level analog input module used in the PPS for thermocouple and RTD inputs. The AI688 is a high-level analog input module used in the PPS to process 4-20 mA, 0-10 VDC and 0-1 VDC inputs. [

]a,c

2. DI621 Input Module - Per GBRA095801 (Reference 24), [

]a,c

3. DP620 Input Module - The PPS uses the frequency measurement mode for some NIS Inputs. [

]a,c (Note on NIS Components: The following sets of equipment (NIS preamplifiers and signal processing modules) are based on the corresponding equipment used in the Westinghouse designed AP1000 plant. Although this topical report generically applies to various Common Q applications, it is assumed that the NIS equipment interfacing with the Common Q based safety system is similar to that used within the AP1000 plant.)

4. Source Range (SR) and Intermediate Range (IR) Preamplifiers - The NIS SR signal and IR signal (in pulse counting mode) [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-32

[

]a,c

5. NISPA - The NISPA houses the analog circuitry necessary to convert SR, IR, and PR detector and detector preamplifier output signals to a form suitable for further (digital) processing in the NIS processor. [

]a,c AI687/AI688 Analysis Due to the similar design of both the AI687 and the AI688, the analysis for these two modules for any potential effect on response time is the same. [

]a,c DP620 Analysis The FMEDA for this type of input device is defined in Table 6-6 Digital Pulse Module (DP620)

FMEDA. [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-33

[

]a,c IR Preamplifier - RMS Chip Analysis Per LTR-NIS-19-001 (Reference 28), [

]a,c IRPM Analysis In a similar manner [

]a,c PRPM Analysis The schematic diagram for the PRPM circuitry is depicted on 3D91874, Standard Safety NIS Power Range Amplifier Signal Processing Board Schematic and Assembly (Reference 32). [

]a,c Input Filter Analysis An important discussion revolves around the fact that the aforementioned input cards contain [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-34

[

]a,c 7.3.4 Processing/Communication Component Analysis Processing/Communication Component Scope Processing within the automatic RT and ESF actuations paths are performed within the PM646A modules located in the PPS BPL, LCL, and ILP; as well as the CPCS and CEAC racks. These modules communicate with each other via the BIOB and the CI631 (which contains the Global Memory for the subrack). Communication from subrack to subrack is done via HSLs. These components that comprise the Processing/Communication portions of the RTT SR paths are summarized below along with a synopsis as to whether they should be included in the RTT elimination analysis.

1. PM646A Processing Module - Component failures that do not result in a functional failure captured by diagnostics used to eliminate other SRs [

]a,c

2. CI631 Communication Module - The Global Memory stored on the CI631 is used to share information among PMs. This is only relevant to the protection path in the following instances [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-35

[

]a,c

3. Backplane I/O Bus (BIOB) - The backplane connects the PMs with the CI631 and I/O modules.

[

]a,c

4. High-Speed Link (HSL) - [

]a,c PM646A Analysis The FMEDA for this device is defined in Table 6-1 PM646A Processing Module FMEDA. [

]a,c CI631 Analysis The FMEDA for this device is defined in Table 6-3 CI631 Communications Module FMEDA. [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-36

[

]a,c 7.3.5 Output Module Analysis Output Module Scope The output modules utilized within the RT and ESF actuation paths are listed below, along with a synopsis as to whether they should be included in the RTT elimination analysis.

1. DO620 Output Module - This module has 32 solid-state output channels. [

]a,c

2. DO625 Output Module - This module has 16 solid-state output channels. [

]a,c

3. DO630 Output Module - This digital output module has 16 output channels that are individually isolated and contains no software. The outputs use electromechanical relays to interface with field contacts. These electromechanical relays could in theory have a degraded failure when required to open, which would lead to a delayed response time. Because of this, the DO630 will be evaluated separately for its impact on RTT.

4. Safety Remote Node Controller (SRNC) - [

]a,c

5. Component Interface Module (CIM) - The CIM is an FPGA based module that provides [

]a,c component status feedbacks are dry contacts or switches from the component. Delays introduced by this module due to slowing down of the internal clock on the CIM need to be analyzed for the resultant impact on RTT.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-37 DO630 Analysis To eliminate RTT as a SR (for DLS sub-systems implemented with Common Q that have high-current loads that require each output channel to be isolated), the DO630 needs to be addressed since it contains the only electromechanical equipment within the PPS RT and ESF actuation paths. Because of this, the diagnostics and functional testing SRs cannot be credited for the DO630 RTT elimination. This is because the relays used within the DO630 module could, in theory, have a degraded failure resulting in a delayed response time for the output signal.

The approach to eliminate the DO630 from response time diagnostic consideration is based upon the previously used (and NRC approved) approach developed for the Westinghouse Solid-State Protection System (SSPS) and outlined within RD10027 Solid State Protection System Response Time Failure Analysis (Reference 38) which was used as part of the Westinghouse Owners Group RTT elimination effort and cited within WCAP-14036-P-A Elimination of periodic Protection Channel Response Time Tests (Reference 39). [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 7-38

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 8-1 8 CONCLUSIONS 8.1 WESTINGHOUSE STANDARD TECH SPEC SR ELIMINATION

SUMMARY

The evaluations within Section 7.1 (and 7.3 for RTT elimination) show that most of the surveillances analyzed can be eliminated based on the Common Q self-diagnostics (along with required application software self-diagnostics). This is summarized, along with the limitations of the analysis, as follows:

1. Channel Checks - All Channel Check SRs within NUREG-1431 (Reference 2) can be removed except for SR 3.3.3.1 for Table 3.3.3-1, Function 9 Penetration Flow Path Containment Isolation Valve Position. Additionally, for plants that assume a boron dilution event that is mitigated by operator response to audible indication, SR 3.9.3.1 cannot be eliminated.

2. Channel Operational Tests - All COT SRs within NUREG-1431 (Reference 2) can be removed based on full self-diagnostic coverage of the Common Q components within the scope of this surveillance test. This is predicated on the fact that the failure modes for the DO620/DO630 (implemented in standalone DLS) that do not have full diagnostic coverage would be detected by manual surveillance testing on the downstream actuated component.

3. Actuation Logic Tests - All ALT SRs within NUREG-1431 (Reference 2) can be removed based on full self-diagnostic coverage of the Common Q components within the scope of this surveillance test. This is predicated on the fact that the failure modes for the DO620 that do not have full diagnostic coverage would be detected by manual surveillance testing (TADOTs in all cases, SRs 3.3.1.4, 3.3.1.9, 3.3.1.14, and 3.3.1.15).

4. Actuation Logic Output Tests - When implementing a PPS with the Common Q platform, there is no need to add an ALOT to the Tech Specs. This is based on full self-diagnostic coverage of the Common Q components within the scope of this surveillance test along with credit given to downstream component testing as shown in Section 7.1.4 of this topical report. Licensees using this WCAP will need to confirm this is the case in their plants Tech Specs.

5. Response Time Testing - Response time testing of the PPS rack equipment, per the RTT SRs within NUREG-1431 (Reference 2), can be eliminated. In lieu of performing response time tests on this equipment, a value will need to be assigned to the PPS racks for each RT/ESF function that currently have RTT SRs. [

]a,c In addition to the SRs eliminated via the analyses within this topical report, the Common Q based PPS would also no longer require the Master Relay and Slave Relay SRs.

Markups of the Westinghouse Standard Tech Specs (NUREG-1431, Reference 2) can be found in Appendix D.

8.2 COMBUSTION ENGINEERING STANDARD TECH SPEC SR ELIMINATION

SUMMARY

The evaluations within Section 7.2 show that most of the surveillances analyzed can be eliminated based on the Common Q self-diagnostics (along with required application software self-diagnostics). This is summarized, along with the limitations of the analysis, as follows WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 8-2

1. Channel Checks - All Channel Check SRs within NUREG-1432 (Reference 4) can be removed except for SR 3.3.3.1 and SR 3.3.11.1 for Table 3.3.11-1, Function 8 Penetration Flow Path Containment Isolation Valve Position.

2. Channel Functional Tests -Channel Functional Testing SRs within NUREG-1432 (Reference 4) are composed of three overlapping logic tests that were individually analyzed and summarized here:

a. Bistable Logic Tests - SRs requiring Bistable Logic Testing can all be can be removed based on full self-diagnostic coverage of the Common Q components within the scope of this surveillance test. This is predicated on the fact that the failure modes for the DO620/DO630 (implemented in standalone DLS) that do not have full diagnostic coverage would be detected by manual surveillance testing on the downstream actuated component. Additionally, the failure modes for the DO625 (implemented in standalone CPCSs) that do not have full diagnostic coverage would be detected by manual surveillance testing (RPS Trip Path Testing which is part of SRs 3.3.4.1).

b. Matrix Logic Tests - SRs requiring Matrix Logic Testing can be removed based on full self-diagnostic coverage of the Common Q components within the scope of this surveillance test. This is predicated on the fact that the failure modes for the DO620 that do not have full diagnostic coverage would be detected by manual surveillance testing (RPS Trip Path Testing which is part of SRs 3.3.4.1).

c. Trip Path Tests - Not all SRs requiring Trip Path Testing can be removed based on self-diagnostics alone. Table 7.2-3 provides the specific SRs that are not being eliminated by this analysis.

3. Response Time Testing - Response time testing of the PPS rack equipment, per the RTT SRs within NUREG-1432 (Reference 4), can be eliminated. In lieu of performing response time tests on this equipment, a value will need to be assigned to the PPS racks for each RT/ESF function that currently have RTT SRs. [

]a,c In addition to the SRs eliminated via the analyses within this topical report, the Common Q based PPS would also no longer require the Master Relay and Slave Relay SRs.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 A-1 APPENDIX A - DETAILED SYSTEM ARCHITECTURES A.1 DETAILED PPS ARCHITECTURE The PPS architecture is show in in Figures C.1-1 and C.1-2. Figure C.1-1 is representative of Divisions I and II while Figure C.1-2 is representative of Divisions III and IV. Each Division contains a BPL, MTP, ITP, a NIS subrack, along with the corresponding communication links between subracks. [

]a,c a,c Figure A.1-1. Detailed Architecture of PPS Divisions I/II WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 A-2 a,c Figure A.1-2. Detailed Architecture of PPS Divisions III/IV A.1.1 Bistable Logic Cabinet (BLC) Configuration The BLC contains the BPL subsystem. There is one BLC cabinet per division. [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 A-3 BPL Subrack Configuration The BLC subrack configurations are based on input data provided by plant processing inputs. [

]a,c The following is the module count for the BLC: [

]a,c Bistable Processor Module Configuration The BPL subsystem [

]a,c A.1.2 Local Coincidence Logic Cabinet (LCC) Configuration The LCC contains the LCL subsystem. [ ]a,c Trip status indication is provided by the Safety Displays.

LCL Subrack Configuration The LCL subrack configuration is based on input data provided by plant processing inputs. [

]a,c The following is the module count for the LCC: [

]a,c LCL Processor Module Configuration

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 A-4

[

]a,c a,c Figure A.1-1. LCL Processor Configuration A.1.3 Nuclear Instrumentation Cabinet (NIC) Configuration Nuclear Instrumentation Channels are provided for Source, Intermediate and Power Range. Nuclear Instrumentation channels are provided as part of a Nuclear Instrumentation Signal Processing Assembly (NISPA). [

]a,c NIC Module Configuration

[ ]a,c The following is the module count for the NIC: [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 A-5

[

]a,c Refer to Figure A.1-2 for an illustration of the Source Range Channel. [

]a,c The SR channel consists of a Source Range High Voltage (SRHV) power supply and a Source Range Processing Module (SRPM).

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 A-6 a,c Figure A.1-2. Source Range Channel Intermediate Range Channel Refer to Figure A.1-3 for an illustration of the Intermediate Range Channel. [

]a,c The IR channel consists of an Intermediate Range High Voltage (IRHV) power supply and an Intermediate Range Processing Module (IRPM).

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 A-7 a,c Figure A.1-3. Intermediate Range Channel Power Range Channel Refer to Figure A.1-4 for an illustration of a Power Range Channel. [

]a,c The PR channel consists of a Power Range High Voltage (PRHV) power supply and a Power Range Processing Module (PRPM).

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 A-8 a,c Figure A.1-4. Power Range Channel A.1.4 Maintenance and Test Cabinet Configuration (MTC)

The MTC consists of an MTP and an ITP chassis. The MTP is a maintenance and test panel which consists of a Common Q Flat Panel Display System. [

]a,c A.1.5 Integrated Logic Cabinet Configuration (ILC)

The ILC consists of the ILP subsystem and CIM modules to interface with ESFAS components. [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 A-9 The following is the module count for the ILC: [

]a,c A.1.6 Safety Display (SD) Configuration The SD consists of a Common Q Flat Panel Display System. [

]a,c A.1.7 Post-Accident Monitoring Cabinet Configuration The Post-Accident Monitoring Cabinet (PAC) contains the PAM AC160 subrack which provides termination for inputs for post-accident monitoring variables. The following is the module count for the PAC (all I/O wired to the PAM cabinet): [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 A-10 A.2 DETAILED CORE PROTECTION CALCULATOR SYSTEM ARCHITECTURE The CPC/CEAC system will be comprised of four redundant channels (A, B, C, and D as depicted on Figure A.2-1 CPCS Block Diagram) that perform the necessary calculation, bistable, and maintenance/test functions.

a,c Figure A.2-1. CPCS Block Diagram WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 A-11 A.2.1 Core Protection Calculator Rack There is one CPC subrack per division. [

]a,c CPC Subrack Configuration There is one CPC per Division - four total. The following is the module count for the CPC: [

]a,c CPC Processor Module Configuration

[

]a,c A.2.2 Control Element Assembly Calculator Assembly There are two CEAC subracks in each division. The following is the module count for each CEAC subrack in Divisions A/D: [

]a,c The following is the module count for each CEAC subrack in Divisions B/C: [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 A-12 A.3 DLS AND PAM ARCHITECTURES Within a standalone DLS subsystem or a standalone PAM subsystem, it is assumed that each division required to receive the corresponding input signals from field sensors will have at least one DLS or PAM subrack, along with a corresponding MTP. The DLS and PAM subrack configurations are based on input data provided by plant processing inputs and can include any number of input modules (or output modules) described in this report. However, the typical configurations assumed below.

Typical DLS Subrack Configuration A typical DLS system interfaces with interposing relays that provide actuation signals to the applicable plant equipment powered from the Diesel Generators. [

]a,c The following module count is typical for a Common Q based DLS subrack: [

]a,c Typical PAM Subrack Configuration A PAM system doesnt have any outputs since the sole function is to provide operators with post-accident indication. However, inputs can vary from plant to plant. The following module count is typical however for a Common Q based PAM subrack (same as the PAM subrack in the PPS within Section A.1): [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 B-1 APPENDIX B - APPLICATION REQUIREMENTS AND ASSUMPTIONS This Appendix details the minimum application requirements the PPS must meet for many of the assumptions made throughout this topical report to be valid. In addition, assumptions regarding the target plant Tech Specs are documented within this appendix. Any deviation from these requirements/assumptions will need to be analyzed on a case by case basis by the licensee leveraging this topical report to eliminate I&C Tech Spec SRs.

B.1 ARCHITECTURE AND APPLICATION SW REQUIREMENTS

[

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 B-2 o [

]a,c B.2 TECHNICAL SPECIFICATION ASSUMPTIONS B.2.1 Westinghouse Standard Tech Spec Assumptions Channel Operational Test WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 B-3

NUREG-1431 SR 3.3.5.1 is a Channel Check of the DLS system. However, when implementing a digital I&C safety system, this is assumed to become a COT SR (since this type of test is more appropriate for undervoltage signals).

It is assumed that in a standalone DLS system implemented with Common Q, all outputs are energize to actuate.

Actuation Logic Test The following surveillances are modified (or added) in Section 7.1.3:

SR 3.3.6.4/3.3.7.5 - These surveillances have a note stating that the ALT for these functions only applies to the actuation logic of the ESFAS instrumentation. Therefore, this SR does not apply to this evaluation for eliminating ALT. Instead, these surveillances fall under the ALOT elimination analysis (Section 7.1.4) which demonstrates that ALOTs are no longer required.

The boron dilution system does not have an ALT. However, it would if a digital system was used, and therefore SR 3.3.9.4 was added to the analysis. This was done for accounting of the existing NUREG-1431 LCOs only since this functionality would be integrated into the RTS/ESFAS architecture of a Common Q based PPS, and thus this subsystem would not exist.

Actuation Logic Output Test

There is no ALOT in the current (analog based) standard Tech Specs. Therefore, it is assumed that an ALOT will be used when a plant upgrades to digital, and therefore this analysis would apply.

B.2.2 Combustion Engineering Standard Tech Spec Assumptions Channel Functional Test

NUREG-1432 SR 3.3.7.1 is a Channel Check of the DLS system. However, when implementing a digital I&C safety system, this is assumed to become a Bistable Logic Test (since this type of test is more appropriate for undervoltage signals).

It is assumed that in a standalone DLS system implemented with Common Q, all outputs are energize to actuate.

B.2.3 Response Time Testing Assumptions The following RTT assumptions, much like the elimination analysis documented in Section 7.3, applies to both the Westinghouse and the CE Tech Specs.

A standalone DLS system would have an RTT SR for Auxiliary Feedwater/Emergency Feedwater (not present in either NUREG-1431 or NUREG-1432).

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 B-4

NIS components from the excore neutron flux detectors to the input of the PPS BPL are assumed to be comparable to those implemented in the AP1000 plant.

B.2.4 Other Considerations The following surveillances are not included as candidates for the elimination analysis in this topical report (this includes the NUREG-1432 Channel Functional Test (Trip Logic Test portions) that are listed in Table 7.2-3). However, these surveillances are necessary to provide coverage for portions of the safety system that are not covered by diagnostics. Therefore, the assumed scope of these surveillances is listed below to avoid any ambiguity in what is covered by remaining SRs once credit is taken for the Common Q Self Diagnostics.

Channel Calibration Channel Calibrations shall be performed on the sensors which interface with the Common Q Safety System to ensure operability of the sensor. [

]a,c Note that Channel Calibration does not need to include any verification of addressable constants per the discussion outlined in Section 5.3.2.

NUREG-1431 TADOT / NUREG-1432 Channel Functional Test (Trip Logic Tests)

Safety-related digital inputs shall be cycled to ensure operability. This includes digital inputs from the field (e.g., undervoltage relays, switch contacts etc.) as well as digital inputs that come from the MCR.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 C-1 APPENDIX C- LICENSEE REQUIRED ACTIONS This Appendix contains the licensee required actions (LRAs) that must be performed by the licensee prior to utilizing this topical report to eliminate plant technical specification SRs.

LRA_1 - Identification of where the licensees plant-specific architecture deviates from the architecture described within Appendix A of this topical report, along with an analysis of the contrast between the two.

LRA_2 - The licensee will have to compare the plant-specific application FMEA with the failure modes identified in the FMEDA tables within this analysis. This should be done to conclude that the FMEA herein is bounded by the plant-specific application FMEA.

LRA_3 - Identification of licensees plant-specific functions that deviate from those within the applicable standard technical specifications (NUREG-1431/NUREG-1432) will need to be analyzed to remove the applicable SRs. The analysis/methodology in this topical report provides a framework for this task.

LRA_4 - For SRs involving the CIM (i.e., ALOT and Trip Logic Tests), where the CIM output continuity test is disabled or suppressed, the licensee needs to ensure the downstream actuation device is periodically exercised by the CIM (e.g., valve stroke SR initiated with the CIM). Additional assurance for the remaining SRs involving the CIM is provided by ensuring all remaining downstream devices are periodically exercised by the CIM.

LRA_5 - The licensee will have to ensure that, if using a DO630, that doubling the response time of the DO630 does not violate any safety analysis response time limits. This will allow for the eliminate of response time testing on the rack utilizing the DO630 module.

LRA_6 - The licensee will have to ensure that alarm response procedures for the safety system are adequate for plant operators to respond to a failure identified by the safety system self-diagnostics.

LRA_7 - When applying this WCAP, the licensee needs to document that any existing interdependencies between surveillance requirements that may be impacted by the elimination of an SR is addressed in the technical specification bases.

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-1 APPENDIX D - NUREG-1431 MARKUPS This appendix provides markups to the Westinghouse Standard TS (NUREG-1431, Reference 2) based on this WCAP. These markups are provided as a framework for how to markup tech specs based on the analyses provided within this topical report. This framework can be applied to any set of TS (standard or plant specific) by following the generic methodology provided herein. Therefore, any set of TS can be changed (with prior NRC approval) as long as the following approach is used: [

]a,c WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-2

'HILQLWLRQV

86($1'$33/,&$7,21

'HILQLWLRQV

127(

7KHGHILQHGWHUPVRIWKLVVHFWLRQDSSHDULQFDSLWDOL]HGW\SHDQGDUHDSSOLFDEOHWKURXJKRXWWKHVH

7HFKQLFDO6SHFLILFDWLRQVDQG%DVHV

7HUP 'HILQLWLRQ

$&7,216 $&7,216VKDOOEHWKDWSDUWRID6SHFLILFDWLRQWKDWSUHVFULEHV

5HTXLUHG$FWLRQVWREHWDNHQXQGHUGHVLJQDWHG&RQGLWLRQV

ZLWKLQVSHFLILHG&RPSOHWLRQ7LPHV

$&78$7,21/2*,&7(67 $Q$&78$7,21/2*,&7(67VKDOOEHWKHDSSOLFDWLRQRI

YDULRXVVLPXODWHGRUDFWXDOLQSXWFRPELQDWLRQVLQFRQMXQFWLRQ

ZLWKHDFKSRVVLEOHLQWHUORFNORJLFVWDWHUHTXLUHGIRU

23(5$%,/,7<RIDORJLFFLUFXLWDQGWKHYHULILFDWLRQRIWKH

UHTXLUHGORJLFRXWSXW7KH$&78$7,21/2*,&7(67DVDin the instrument PLQLPXPVKDOOLQFOXGHDFRQWLQXLW\FKHFNRIRXWSXWGHYLFHV

channel from the sensor to the analog-to-

$;,$/)/8;',))(5(1&( $)'VKDOOEHWKHGLIIHUHQFHLQQRUPDOL]HGIOX[VLJQDOV

digital converter

$)' EHWZHHQWKH>WRSDQGERWWRPKDOYHVRIDWZRVHFWLRQH[FRUH

QHXWURQGHWHFWRU@

&+$11(/&$/,%5$7,21 $&+$11(/&$/,%5$7,21VKDOOEHWKHDGMXVWPHQWDV

QHFHVVDU\RIWKHFKDQQHORXWSXWVXFKWKDWLWUHVSRQGVZLWKLQ

WKHQHFHVVDU\UDQJHDQGDFFXUDF\WRNQRZQYDOXHVRIWKH

SDUDPHWHUWKDWWKHFKDQQHOPRQLWRUV7KH&+$11(/

&$/,%5$7,21VKDOOHQFRPSDVVDOOGHYLFHVLQWKHFKDQQHO

UHTXLUHGIRUFKDQQHO23(5$%,/,7<&DOLEUDWLRQRI

LQVWUXPHQWFKDQQHOVZLWKUHVLVWDQFHWHPSHUDWXUHGHWHFWRU

57' RUWKHUPRFRXSOHVHQVRUVPD\FRQVLVWRIDQLQSODFH

TXDOLWDWLYHDVVHVVPHQWRIVHQVRUEHKDYLRUDQGQRUPDO

FDOLEUDWLRQRIWKHUHPDLQLQJDGMXVWDEOHGHYLFHVLQWKH

FKDQQHO7KH&+$11(/&$/,%5$7,21PD\EHSHUIRUPHG

E\PHDQVRIDQ\VHULHVRIVHTXHQWLDORYHUODSSLQJRUWRWDO

FKDQQHOVWHSV

&+$11(/&+(&. $&+$11(/&+(&.VKDOOEHWKHTXDOLWDWLYHDVVHVVPHQWE\

REVHUYDWLRQRIFKDQQHOEHKDYLRUGXULQJRSHUDWLRQ7KLV

GHWHUPLQDWLRQVKDOOLQFOXGHZKHUHSRVVLEOHFRPSDULVRQRI

WKHFKDQQHOLQGLFDWLRQDQGVWDWXVWRRWKHULQGLFDWLRQVRU

VWDWXVGHULYHGIURPLQGHSHQGHQWLQVWUXPHQWFKDQQHOV

PHDVXULQJWKHVDPHSDUDPHWHU

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-3

'HILQLWLRQV

0$67(55(/$<7(67 $0$67(55(/$<7(67VKDOOFRQVLVWRIHQHUJL]LQJDOO

PDVWHUUHOD\VLQWKHFKDQQHOUHTXLUHGIRUFKDQQHO

23(5$%,/,7<DQGYHULI\LQJWKH23(5$%,/,7<RIHDFK

UHTXLUHGPDVWHUUHOD\7KH0$67(55(/$<7(67VKDOO

LQFOXGHDFRQWLQXLW\FKHFNRIHDFKDVVRFLDWHGUHTXLUHGVODYH

UHOD\7KH0$67(55(/$<7(67PD\EHSHUIRUPHGE\

PHDQVRIDQ\VHULHVRIVHTXHQWLDORYHUODSSLQJRUWRWDOVWHSV

02'( $02'(VKDOOFRUUHVSRQGWRDQ\RQHLQFOXVLYHFRPELQDWLRQ

RIFRUHUHDFWLYLW\FRQGLWLRQSRZHUOHYHODYHUDJHUHDFWRU

FRRODQWWHPSHUDWXUHDQGUHDFWRUYHVVHOKHDGFORVXUHEROW

WHQVLRQLQJVSHFLILHGLQ7DEOHZLWKIXHOLQWKHUHDFWRU

YHVVHO

23(5$%/(+/-23(5$%,/,7< $V\VWHPVXEV\VWHPWUDLQFRPSRQHQWRUGHYLFHVKDOOEH

23(5$%/(RUKDYH23(5$%,/,7<ZKHQLWLVFDSDEOHRI

SHUIRUPLQJLWVVSHFLILHGVDIHW\IXQFWLRQ V DQGZKHQDOO

QHFHVVDU\DWWHQGDQWLQVWUXPHQWDWLRQFRQWUROVQRUPDORU

HPHUJHQF\HOHFWULFDOSRZHUFRROLQJDQGVHDOZDWHU

OXEULFDWLRQDQGRWKHUDX[LOLDU\HTXLSPHQWWKDWDUHUHTXLUHG

IRUWKHV\VWHPVXEV\VWHPWUDLQFRPSRQHQWRUGHYLFHWR

SHUIRUPLWVVSHFLILHGVDIHW\IXQFWLRQ V DUHDOVRFDSDEOHRI

SHUIRUPLQJWKHLUUHODWHGVXSSRUWIXQFWLRQ V

3+<6,&67(676 3+<6,&67(676VKDOOEHWKRVHWHVWVSHUIRUPHGWRPHDVXUH

WKHIXQGDPHQWDOQXFOHDUFKDUDFWHULVWLFVRIWKHUHDFWRUFRUH

DQGUHODWHGLQVWUXPHQWDWLRQ7KHVHWHVWVDUH

D 'HVFULEHGLQ&KDSWHU>,QLWLDO7HVW3URJUDP@RIWKH

)6$5

E $XWKRUL]HGXQGHUWKHSURYLVLRQVRI&)5RU

F 2WKHUZLVHDSSURYHGE\WKH1XFOHDU5HJXODWRU\

&RPPLVVLRQ

35(6685($1' 7KH37/5LVWKHXQLWVSHFLILFGRFXPHQWWKDWSURYLGHVWKH

7(03(5$785(/,0,76 UHDFWRUYHVVHOSUHVVXUHDQGWHPSHUDWXUHOLPLWVLQFOXGLQJ

5(3257 37/5 KHDWXSDQGFRROGRZQUDWHVDQGWKHORZWHPSHUDWXUH

RYHUSUHVVXUHSURWHFWLRQDUPLQJWHPSHUDWXUHIRUWKHFXUUHQW

UHDFWRUYHVVHOIOXHQFHSHULRG7KHVHSUHVVXUHDQG

WHPSHUDWXUHOLPLWVVKDOOEHGHWHUPLQHGIRUHDFKIOXHQFH

SHULRGLQDFFRUGDQFHZLWK6SHFLILFDWLRQ

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-4

'HILQLWLRQV

48$'5$1732:(57,/7 4375VKDOOEHWKHUDWLRRIWKHPD[LPXPXSSHUH[FRUH

5$7,2 4375 GHWHFWRUFDOLEUDWHGRXWSXWWRWKHDYHUDJHRIWKHXSSHUH[FRUH

GHWHFWRUFDOLEUDWHGRXWSXWVRUWKHUDWLRRIWKHPD[LPXPORZHU

H[FRUHGHWHFWRUFDOLEUDWHGRXWSXWWRWKHDYHUDJHRIWKHORZHU

H[FRUHGHWHFWRUFDOLEUDWHGRXWSXWVZKLFKHYHULVJUHDWHU

5$7('7+(50$/32:(5 573VKDOOEHDWRWDOUHDFWRUFRUHKHDWWUDQVIHUUDWHWRWKH

573 UHDFWRUFRRODQWRI>@0:W

5($&72575,36<67(0 7KH5765(63216(7,0(VKDOOEHWKDWWLPHLQWHUYDOIURP

576 5(63216(7,0( ZKHQWKHPRQLWRUHGSDUDPHWHUH[FHHGVLWV576WULSVHWSRLQW

DWWKHFKDQQHOVHQVRUXQWLOORVVRIVWDWLRQDU\JULSSHUFRLO

YROWDJH7KHUHVSRQVHWLPHPD\EHPHDVXUHGE\PHDQVRI

DQ\VHULHVRIVHTXHQWLDORYHUODSSLQJRUWRWDOVWHSVVRWKDW

WKHHQWLUHUHVSRQVHWLPHLVPHDVXUHG,QOLHXRI

PHDVXUHPHQWUHVSRQVHWLPHPD\EHYHULILHGIRUVHOHFWHG

FRPSRQHQWVSURYLGHGWKDWWKHFRPSRQHQWVDQGPHWKRGRORJ\

IRUYHULILFDWLRQKDYHEHHQSUHYLRXVO\UHYLHZHGDQGDSSURYHG

E\WKH15&

6+87'2:10$5*,1 6'0 6'0VKDOOEHWKHLQVWDQWDQHRXVDPRXQWRIUHDFWLYLW\E\

ZKLFKWKHUHDFWRULVVXEFULWLFDORUZRXOGEHVXEFULWLFDOIURPLWV

SUHVHQWFRQGLWLRQDVVXPLQJ

D $OOURGFOXVWHUFRQWURODVVHPEOLHV 5&&$V DUHIXOO\

LQVHUWHGH[FHSWIRUWKHVLQJOH5&&$RIKLJKHVWUHDFWLYLW\

ZRUWKZKLFKLVDVVXPHGWREHIXOO\ZLWKGUDZQ

+RZHYHUZLWKDOO5&&$VYHULILHGIXOO\LQVHUWHGE\WZR

LQGHSHQGHQWPHDQVLWLVQRWQHFHVVDU\WRDFFRXQWIRUD

VWXFN5&&$LQWKH6'0FDOFXODWLRQ:LWKDQ\5&&$

QRWFDSDEOHRIEHLQJIXOO\LQVHUWHGWKHUHDFWLYLW\ZRUWK

RIWKH5&&$PXVWEHDFFRXQWHGIRULQWKH

GHWHUPLQDWLRQRI6'0DQG

E ,Q02'(6DQGWKHIXHODQGPRGHUDWRU

WHPSHUDWXUHVDUHFKDQJHGWRWKH>QRPLQDO]HURSRZHU

GHVLJQOHYHO@

6/$9(5(/$<7(67 $6/$9(5(/$<7(67VKDOOFRQVLVWRIHQHUJL]LQJDOOVODYH

UHOD\VLQWKHFKDQQHOUHTXLUHGIRUFKDQQHO23(5$%,/,7<DQG

YHULI\LQJWKH23(5$%,/,7<RIHDFKUHTXLUHGVODYHUHOD\

7KH6/$9(5(/$<7(67VKDOOLQFOXGHDFRQWLQXLW\FKHFNRI

DVVRFLDWHGUHTXLUHGWHVWDEOHDFWXDWLRQGHYLFHV7KH6/$9(

5(/$<7(67PD\EHSHUIRUPHGE\PHDQVRIDQ\VHULHVRI

VHTXHQWLDORYHUODSSLQJRUWRWDOVWHSV

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-5 3+<6,&67(676([FHSWLRQV+/-02'(

$&7,216 FRQWLQXHG

&21',7,21 5(48,5('$&7,21 &203/(7,217,0(

' 5HTXLUHG$FWLRQDQG ' %HLQ02'( PLQXWHV

DVVRFLDWHG&RPSOHWLRQ

7LPHRI&RQGLWLRQ&QRW

PHW

6859(,//$1&(5(48,5(0(176

6859(,//$1&( )5(48(1&<

65 3HUIRUPD&+$11(/23(5$7,21$/7(67RQ 3ULRUWRLQLWLDWLRQ

SRZHUUDQJHDQGLQWHUPHGLDWHUDQJHFKDQQHOVSHU RI3+<6,&6

>6565DQG7DEOH@ 7(676

65 9HULI\WKH5&6ORZHVWORRSDYHUDJHWHPSHUDWXUHLV >PLQXWHV

>@)

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 9HULI\7+(50$/32:(5LV573 >PLQXWHV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-6 576,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176

127(

5HIHUWR7DEOHWRGHWHUPLQHZKLFK65VDSSO\IRUHDFK576)XQFWLRQ

6859(,//$1&( )5(48(1&<

65 3HUIRUP&+$11(/&+(&. >KRXUV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 127(

1RWUHTXLUHGWREHSHUIRUPHGXQWLO>@KRXUV

DIWHU7+(50$/32:(5LVt573

&RPSDUHUHVXOWVRIFDORULPHWULFKHDWEDODQFH >KRXUV

FDOFXODWLRQWRSRZHUUDQJHFKDQQHORXWSXW$GMXVW

SRZHUUDQJHFKDQQHORXWSXWLIFDORULPHWULFKHDW 25

EDODQFHFDOFXODWLRQVUHVXOWVH[FHHGSRZHUUDQJH

FKDQQHORXWSXWE\PRUHWKDQ573 ,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-7 576,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 127(

1RWUHTXLUHGWREHSHUIRUPHGXQWLO>@KRXUV

DIWHU7+(50$/32:(5LVt>@573

&RPSDUHUHVXOWVRIWKHLQFRUHGHWHFWRU >HIIHFWLYHIXOO

PHDVXUHPHQWVWR1XFOHDU,QVWUXPHQWDWLRQ6\VWHP SRZHUGD\V

1,6 $)'$GMXVW1,6FKDQQHOLIDEVROXWH ()3'

GLIIHUHQFHLVt

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 127(

7KLV6XUYHLOODQFHPXVWEHSHUIRUPHGRQWKHUHDFWRU

WULSE\SDVVEUHDNHUSULRUWRSODFLQJWKHE\SDVV

EUHDNHULQVHUYLFH

3HUIRUP7$'27 >GD\VRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

Note: This page is shown for context only. There are no markups on this page.

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-8 576,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 3HUIRUP$&78$7,21/2*,&7(67 >GD\VRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 127(

1RWUHTXLUHGWREHSHUIRUPHGXQWLO>@KRXUVDIWHU

7+(50$/32:(5LV573

&DOLEUDWHH[FRUHFKDQQHOVWRDJUHHZLWKLQFRUH >>@()3'

GHWHFWRUPHDVXUHPHQWV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 127(

1RWUHTXLUHGWREHSHUIRUPHGIRUVRXUFHUDQJH

LQVWUXPHQWDWLRQSULRUWRHQWHULQJ02'(IURP

02'(XQWLOKRXUVDIWHUHQWU\LQWR02'(

3HUIRUP&27LQDFFRUGDQFHZLWKWKH6HWSRLQW >GD\V

&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-9 576,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 127(

7KLV6XUYHLOODQFHVKDOOLQFOXGHYHULILFDWLRQWKDW

LQWHUORFNV3DQG3DUHLQWKHLUUHTXLUHGVWDWHIRU

H[LVWLQJXQLWFRQGLWLRQV

3HUIRUP&27LQDFFRUGDQFHZLWKWKH6HWSRLQW 127(

&RQWURO3URJUDP 2QO\UHTXLUHG

ZKHQQRW

SHUIRUPHGZLWKLQ

>WKH)UHTXHQF\

VSHFLILHGLQWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP

RUSUHYLRXV

GD\V@

3ULRUWRUHDFWRU

VWDUWXS

$1'

)RXUKRXUVDIWHU

UHGXFLQJSRZHU

EHORZ3IRU

VRXUFHUDQJH

LQVWUXPHQWDWLRQ

$1'

>7ZHOYH@KRXUV

DIWHUUHGXFLQJ

SRZHUEHORZ

3IRUSRZHU

DQGLQWHUPHGLDWH

UDQJH

LQVWUXPHQWDWLRQ

$1'

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-10 576,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

>(YHU\GD\V

WKHUHDIWHU

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 127(

9HULILFDWLRQRIVHWSRLQWLVQRWUHTXLUHG

3HUIRUP7$'27 >>@GD\V

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 127(

7KLV6XUYHLOODQFHVKDOOLQFOXGHYHULILFDWLRQWKDWWKH

WLPHFRQVWDQWVDUHDGMXVWHGWRWKHSUHVFULEHG

YDOXHV

3HUIRUP&+$11(/&$/,%5$7,21LQDFFRUGDQFH >>@PRQWKV

ZLWKWKH6HWSRLQW&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-11 576,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 127(

1HXWURQGHWHFWRUVDUHH[FOXGHGIURP&+$11(/

&$/,%5$7,21

3HUIRUP&+$11(/&$/,%5$7,21LQDFFRUGDQFH >>@PRQWKV

ZLWKWKH6HWSRLQW&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 127(

7KLV6XUYHLOODQFHVKDOOLQFOXGHYHULILFDWLRQRI

5HDFWRU&RRODQW6\VWHPUHVLVWDQFHWHPSHUDWXUH

GHWHFWRUE\SDVVORRSIORZUDWH

3HUIRUP&+$11(/&$/,%5$7,21LQDFFRUGDQFH >>@PRQWKV

ZLWKWKH6HWSRLQW&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP&27 >PRQWKV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-12 576,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 127(

9HULILFDWLRQRIVHWSRLQWLVQRWUHTXLUHG

3HUIRUP7$'27 >>@PRQWKV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 127(

9HULILFDWLRQRIVHWSRLQWLVQRWUHTXLUHG

3HUIRUP7$'27 3ULRUWRH[FHHGLQJ

WKH>3@LQWHUORFN

ZKHQHYHUWKHXQLW

KDVEHHQLQ

02'(LIQRW

SHUIRUPHGZLWKLQ

WKHSUHYLRXV

GD\V

Note: This page is shown for context only. There are no markups on this page.

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-13 576,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 127(

1HXWURQGHWHFWRUVDUHH[FOXGHGIURPUHVSRQVHWLPH

WHVWLQJ

9HULI\5765(63216(7,0(LVZLWKLQOLPLWV >>@PRQWKVRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

Note: This page is shown for context only. There are no markups on this page.

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-14 576,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

7DEOH SDJHRI

5HDFWRU7ULS6\VWHP,QVWUXPHQWDWLRQ

$33/,&$%/(02'(625

27+(563(&,),(' 5(48,5(' 6859(,//$1&(

)81&7,21 &21',7,216 &+$11(/6 &21',7,216 5(48,5(0(176

0DQXDO5HDFWRU7ULS % 65

D D D & 65

3RZHU5DQJH1HXWURQ)OX[

D +LJK ' 65

65

E /RZ E ( 65

65

3RZHU5DQJH1HXWURQ)OX[5DWH

D +LJK3RVLWLYH5DWH ( 65

65

E +LJK1HJDWLYH5DWH ( 65

65

,QWHUPHGLDWH5DQJH1HXWURQ)OX[ E F )* 65

65

6RXUFH5DQJH1HXWURQ)OX[ G +, 65

65

D D D ,- 65

65

2YHUWHPSHUDWXUH¨7 >@ ( 65

65

D :LWK5RG&RQWURO6\VWHPFDSDEOHRIURGZLWKGUDZDORURQHRUPRUHURGVQRWIXOO\LQVHUW

E %HORZWKH3 3RZHU5DQJH1HXWURQ)OX[ LQWHUORFNV

F $ERYHWKH3 ,QWHUPHGLDWH5DQJH1HXWURQ)OX[ LQWHUORFNV

G %HORZWKH3 ,QWHUPHGLDWH5DQJH1HXWURQ)OX[ LQWHUORFNV

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-15 576,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

7DEOH SDJHRI

5HDFWRU7ULS6\VWHP,QVWUXPHQWDWLRQ

$33/,&$%/(02'(625

27+(563(&,),(' 5(48,5(' 6859(,//$1&(

)81&7,21 &21',7,216 &+$11(/6 &21',7,216 5(48,5(0(176

2YHUSRZHU¨7 >@ ( 65

65

3UHVVXUL]HU3UHVVXUH

I

D /RZ >@ . 65

65

E +LJK >@ ( 65

65

H

3UHVVXUL]HU:DWHU/HYHO+LJK . 65

65

H

5HDFWRU&RRODQW)ORZ/RZ SHUORRS . 65

65

5HDFWRU&RRODQW3XPS 5&3 %UHDNHU

3RVLWLRQ

I

D 6LQJOH/RRS SHU5&3 / 65

J

E 7ZR/RRSV SHU5&3 0 65

H

8QGHUYROWDJH5&3V >@SHUEXV . 65

65

H

8QGHUIUHTXHQF\5&3V >@SHUEXV . 65

65

6WHDP*HQHUDWRU 6* :DWHU/HYHO >SHU6*@ ( 65

/RZ/RZ 65

65

H $ERYHWKH3 /RZ3RZHU5HDFWRU7ULSV%ORFN LQWHUORFN

I $ERYHWKH3 3RZHU5DQJH1HXWURQ)OX[ LQWHUORFN

J $ERYHWKH3 /RZ3RZHU5HDFWRU7ULSV%ORFN LQWHUORFNDQGEHORZWKH3 3RZHU5DQJH1HXWURQ)OX[ ,QWHUORFN

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-16 576,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

7DEOH SDJHRI

5HDFWRU7ULS6\VWHP,QVWUXPHQWDWLRQ

$33/,&$%/(02'(625

27+(563(&,),(' 5(48,5(' 6859(,//$1&(

)81&7,21 &21',7,216 &+$11(/6 &21',7,216 5(48,5(0(176

6*:DWHU/HYHO/RZ SHU6* ( 65

65

&RLQFLGHQWZLWK6WHDP SHU6* ( 65

)ORZ)HHGZDWHU)ORZ0LVPDWFK 65

65

7XUELQH7ULS

K

D /RZ)OXLG2LO3UHVVXUH 1 65

65

K

E 7XUELQH6WRS9DOYH&ORVXUH 1 65

65

6DIHW\,QMHFWLRQ 6, ,QSXWIURP WUDLQV 2 65

(QJLQHHUHG6DIHW\)HDWXUH$FWXDWLRQ

6\VWHP (6)$6

5HDFWRU7ULS6\VWHP ,QWHUORFNV

G

D ,QWHUPHGLDWH5DQJH1HXWURQ)OX[ 4 65

3 65

E /RZ3RZHU5HDFWRU7ULSV%ORFN SHUWUDLQ 5 65

3

F 3RZHU5DQJH1HXWURQ)OX[3 5 65

65

G 3RZHU5DQJH1HXWURQ)OX[3 5 65

65

H 3RZHU5DQJH1HXWURQ)OX[3 4 65

65

I 7XUELQH,PSXOVH3UHVVXUH3 5 >65@

65

G %HORZWKH3 ,QWHUPHGLDWH5DQJH1HXWURQ)OX[ LQWHUORFNV

K $ERYHWKH3 3RZHU5DQJH1HXWURQ)OX[ LQWHUORFN

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-17 576,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

7DEOH SDJHRI

5HDFWRU7ULS6\VWHP,QVWUXPHQWDWLRQ

$33/,&$%/(02'(625

27+(563(&,),(' 5(48,5(' 6859(,//$1&(

)81&7,21 &21',7,216 &+$11(/6 &21',7,216 5(48,5(0(176

L

5HDFWRU7ULS%UHDNHUV 57%V WUDLQV 3 65

D

D D

WUDLQV & 65

5HDFWRU7ULS%UHDNHU8QGHUYROWDJH HDFKSHU57% 6 65

DQG6KXQW7ULS0HFKDQLVPV D

D

HDFKSHU57% & 65

None.

$XWRPDWLF7ULS/RJLF WUDLQV 2 65

D

D D

WUDLQV & 65

D :LWK5RG&RQWURO6\VWHPFDSDEOHRIURGZLWKGUDZDORURQHRUPRUHURGVQRWIXOO\LQVHUWHG

L ,QFOXGLQJDQ\UHDFWRUWULSE\SDVVEUHDNHUVWKDWDUHUDFNHGLQDQGFORVHGIRUE\SDVVLQJDQ57%

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-18 (6)$6,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176

127(

5HIHUWR7DEOHWRGHWHUPLQHZKLFK65VDSSO\IRUHDFK(6)$6)XQFWLRQ

6859(,//$1&( )5(48(1&<

65 3HUIRUP&+$11(/&+(&. >KRXUV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP$&78$7,21/2*,&7(67 >GD\VRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 127(

7KHFRQWLQXLW\FKHFNPD\EHH[FOXGHG

3HUIRUP$&78$7,21/2*,&7(67 >GD\VRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-19 (6)$6,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

5(9,(:(5¶6127(

7KH)UHTXHQF\UHPDLQVDWGD\VRQD67$**(5('7(67%$6,6IRU

SODQWVZLWKD5HOD\3URWHFWLRQ6\VWHP

65 3HUIRUP0$67(55(/$<7(67 >GD\VRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP&27LQDFFRUGDQFHZLWKWKH6HWSRLQW >GD\V

&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP6/$9(5(/$<7(67 >>@GD\V

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-20 (6)$6,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 127(

9HULILFDWLRQRIUHOD\VHWSRLQWVQRWUHTXLUHG

3HUIRUP7$'27 >>@GD\V

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 127(

9HULILFDWLRQRIVHWSRLQWQRWUHTXLUHGIRUPDQXDO

LQLWLDWLRQIXQFWLRQV

3HUIRUP7$'27LQDFFRUGDQFHZLWKWKH6HWSRLQW >>@PRQWKV

&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

Note: This page is shown for context only. There are no markups on this page.

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-21 (6)$6,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 127(

7KLV6XUYHLOODQFHVKDOOLQFOXGHYHULILFDWLRQWKDWWKH

WLPHFRQVWDQWVDUHDGMXVWHGWRWKHSUHVFULEHG

YDOXHV

3HUIRUP&+$11(/&$/,%5$7,21LQDFFRUGDQFH >>@PRQWKV

ZLWKWKH6HWSRLQW&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 127(

1RWUHTXLUHGWREHSHUIRUPHGIRUWKHWXUELQHGULYHQ

$):SXPSXQWLO>@KRXUVDIWHU6*SUHVVXUHLV

>@SVLJ

9HULI\(6)$65(63216(7,0(6DUHZLWKLQOLPLW >>@PRQWKVRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 127(

9HULILFDWLRQRIVHWSRLQWQRWUHTXLUHG

3HUIRUP7$'27 2QFHSHUUHDFWRU

WULSEUHDNHUF\FOH

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-22 (6)$6,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

7DEOH SDJHRI

(QJLQHHUHG6DIHW\)HDWXUH$FWXDWLRQ6\VWHP,QVWUXPHQWDWLRQ

$33/,&$%/(02'(625

27+(563(&,),(' 5(48,5(' 6859(,//$1&(

)81&7,21 &21',7,216 &+$11(/6 &21',7,216 5(48,5(0(176

6DIHW\,QMHFWLRQ

None.

D 0DQXDO,QLWLDWLRQ % 65

E $XWRPDWLF$FWXDWLRQ/RJLFDQG WUDLQV & 65

$FWXDWLRQ5HOD\V 65

65

F &RQWDLQPHQW3UHVVXUH+LJK ' 65

65

G 3UHVVXUL]HU3UHVVXUH/RZ D >@ ' 65

65

H 6WHDP/LQH3UHVVXUH

/RZ >D@ SHUVWHDPOLQH ' 65

65

+LJK'LIIHUHQWLDO3UHVVXUH SHUVWHDPOLQH ' >65@

%HWZHHQ6WHDP/LQHV 65

65

E SHUVWHDPOLQH ' 65

I +LJK6WHDP)ORZLQ7ZR6WHDP

/LQHV 65

65

E

&RLQFLGHQWZLWK7DYJ/RZ/RZ SHUORRS ' 65

65

E

J +LJK6WHDP)ORZLQ7ZR6WHDP SHUVWHDPOLQH ' 65

/LQHV 65

65

E

&RLQFLGHQWZLWK6WHDP/LQH SHUVWHDPOLQH ' 65

3UHVVXUH/RZ 65

65

D $ERYHWKH3 3UHVVXUL]HU3UHVVXUH LQWHUORFN

E $ERYHWKH3 7DYJ/RZ/RZ LQWHUORFN

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-23 (6)$6,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

7DEOH SDJHRI

(QJLQHHUHG6DIHW\)HDWXUH$FWXDWLRQ6\VWHP,QVWUXPHQWDWLRQ

$33/,&$%/(02'(625

27+(563(&,),(' 5(48,5(' 6859(,//$1&(

)81&7,21 &21',7,216 &+$11(/6 &21',7,216 5(48,5(0(176

&RQWDLQPHQW6SUD\ None.

D 0DQXDO,QLWLDWLRQ SHUWUDLQ % 65

WUDLQV

E $XWRPDWLF$FWXDWLRQ/RJLFDQG WUDLQV & 65

$FWXDWLRQ5HOD\V 65

65

F &RQWDLQPHQW3UHVVXUH+LJK ( 65

+LJK+LJK 65

65

G &RQWDLQPHQW3UHVVXUH+LJK >@VHWVRI>@ ( 65

7ZR/RRS3ODQWV 65

65

&RQWDLQPHQW,VRODWLRQ

D 3KDVH$,VRODWLRQ

None.

0DQXDO,QLWLDWLRQ % 65

$XWRPDWLF$FWXDWLRQ/RJLF WUDLQV & 65

DQG$FWXDWLRQ5HOD\V 65

65

6DIHW\,QMHFWLRQ 5HIHUWR)XQFWLRQ 6DIHW\,QMHFWLRQ IRUDOOLQLWLDWLRQIXQFWLRQVDQGUHTXLUHPHQWV

E 3KDVH%,VRODWLRQ None.

0DQXDO,QLWLDWLRQ SHUWUDLQ % 65

WUDLQV

$XWRPDWLF$FWXDWLRQ/RJLF WUDLQV & 65

DQG$FWXDWLRQ5HOD\V 65

65

&RQWDLQPHQW3UHVVXUH+LJK >@ ( 65

+LJK+LJK 65

65

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-24 (6)$6,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

7DEOH SDJHRI

(QJLQHHUHG6DIHW\)HDWXUH$FWXDWLRQ6\VWHP,QVWUXPHQWDWLRQ

$33/,&$%/(02'(625

27+(563(&,),(' 5(48,5(' 6859(,//$1&(

)81&7,21 &21',7,216 &+$11(/6 &21',7,216 5(48,5(0(176

None.

6WHDP/LQH,VRODWLRQ

F

D 0DQXDO,QLWLDWLRQ ) 65

F

E $XWRPDWLF$FWXDWLRQ/RJLFDQG WUDLQV * 65

$FWXDWLRQ5HOD\V 65

65

F

F &RQWDLQPHQW3UHVVXUH+LJK >@ ' 65

65

G 6WHDP/LQH3UHVVXUH

F

DF

/RZ SHUVWHDPOLQH ' 65

65

GF

1HJDWLYH5DWH+LJK SHUVWHDPOLQH ' 65

65

F

H +LJK6WHDP)ORZLQ7ZR6WHDP SHUVWHDPOLQH ' 65

/LQHV 65

65

F

EF

&RLQFLGHQWZLWK7DYJ/RZ/RZ SHUORRS ' 65

65

F

I +LJK6WHDP)ORZLQ7ZR6WHDP SHUVWHDPOLQH ' 65

/LQHV 65

65

F

&RLQFLGHQWZLWK6WHDP/LQH SHUVWHDPOLQH ' 65

3UHVVXUH/RZ 65

65

D $ERYHWKH3 3UHVVXUL]HU3UHVVXUH LQWHUORFN

E $ERYHWKH3 7DYJ/RZ/RZ LQWHUORFN

F ([FHSWZKHQDOO06,9VDUHFORVHGDQG>GHDFWLYDWHG@

G %HORZWKH3 3UHVVXUL]HU3UHVVXUH LQWHUORFN

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-25 (6)$6,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

7DEOH SDJHRI

(QJLQHHUHG6DIHW\)HDWXUH$FWXDWLRQ6\VWHP,QVWUXPHQWDWLRQ

$33/,&$%/(02'(625

27+(563(&,),(' 5(48,5(' 6859(,//$1&(

)81&7,21 &21',7,216 &+$11(/6 &21',7,216 5(48,5(0(176

6WHDP/LQH,VRODWLRQ

F

J +LJK6WHDP)ORZ SHUVWHDPOLQH ' 65

65

&RLQFLGHQWZLWK6DIHW\,QMHFWLRQ 5HIHUWR)XQFWLRQ 6DIHW\,QMHFWLRQ IRUDOOLQLWLDWLRQIXQFWLRQVDQGUHTXLUHPHQWV

DQG

F

EF

&RLQFLGHQWZLWK7DYJ/RZ/RZ >@SHUORRS ' 65

65

F

K +LJK+LJK6WHDP)ORZ SHUVWHDPOLQH ' 65

65

&RLQFLGHQWZLWK6DIHW\,QMHFWLRQ 5HIHUWR)XQFWLRQ 6DIHW\,QMHFWLRQ IRUDOOLQLWLDWLRQIXQFWLRQVDQGUHTXLUHPHQWV

None.

7XUELQH7ULSDQG)HHGZDWHU

,VRODWLRQ

H

D $XWRPDWLF$FWXDWLRQ/RJLFDQG >@ WUDLQV +>*@ 65

$FWXDWLRQ5HOD\V 65

65

H

E 6*:DWHU/HYHO+LJK+LJK >@ >@SHU6* ,>'@ 65

3 65

65

F 6DIHW\,QMHFWLRQ 5HIHUWR)XQFWLRQ 6DIHW\,QMHFWLRQ IRUDOOLQLWLDWLRQIXQFWLRQVDQGUHTXLUHPHQWV

E $ERYHWKH3 7DYJ/RZ/RZ LQWHUORFN

F ([FHSWZKHQDOO06,9VDUHFORVHGDQG>GHDFWLYDWHG@

H ([FHSWZKHQDOO0),9V0)59V>DQGDVVRFLDWHGE\SDVVYDOYHV@DUHFORVHGDQG>GHDFWLYDWHG@>RULVRODWHGE\D

FORVHGPDQXDOYDOYH@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-26 (6)$6,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

7DEOH SDJHRI

(QJLQHHUHG6DIHW\)HDWXUH$FWXDWLRQ6\VWHP,QVWUXPHQWDWLRQ

$33/,&$%/(02'(625

27+(563(&,),(' 5(48,5(' 6859(,//$1&(

)81&7,21 &21',7,216 &+$11(/6 &21',7,216 5(48,5(0(176 None.

$X[LOLDU\)HHGZDWHU

D $XWRPDWLF$FWXDWLRQ/RJLFDQG WUDLQV * 65

$FWXDWLRQ5HOD\V 6ROLG6WDWH 65

3URWHFWLRQ6\VWHP 65

E $XWRPDWLF$FWXDWLRQ/RJLFDQG WUDLQV * 65

$FWXDWLRQ5HOD\V %DODQFHRI

3ODQW(6)$6

F 6*:DWHU/HYHO/RZ/RZ >@SHU6* ' 65

65

G 6DIHW\,QMHFWLRQ 5HIHUWR)XQFWLRQ 6DIHW\,QMHFWLRQ IRUDOOLQLWLDWLRQIXQFWLRQVDQGUHTXLUHPHQWV

H /RVVRI2IIVLWH3RZHU >@SHUEXV ) 65

65

I 8QGHUYROWDJH5HDFWRU&RRODQW >@SHUEXV , 65

3XPS 65

65

J 7ULSRIDOO0DLQ)HHGZDWHU3XPSV >@SHUSXPS - 65

65

K $X[LOLDU\)HHGZDWHU3XPS >@ ) 65

6XFWLRQ7UDQVIHURQ6XFWLRQ 65

3UHVVXUH/RZ 65

None.

$XWRPDWLF6ZLWFKRYHUWR&RQWDLQPHQW

6XPS

D $XWRPDWLF$FWXDWLRQ/RJLFDQG WUDLQV & 65

$FWXDWLRQ5HOD\V 65

65

E 5HIXHOLQJ:DWHU6WRUDJH7DQN . 65

5:67 /HYHO/RZ/RZ 65

65

&RLQFLGHQWZLWK6DIHW\,QMHFWLRQ 5HIHUWR)XQFWLRQ 6DIHW\,QMHFWLRQ IRUDOOLQLWLDWLRQIXQFWLRQVDQGUHTXLUHPHQWV

Note: Function 6b is deleted. In a Common Q-based system, there is no distinction between "Automatic Actuation Logic" for the solid state protection system and the balance of plant ESFAS.

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-27 (6)$6,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

7DEOH SDJHRI

(QJLQHHUHG6DIHW\)HDWXUH$FWXDWLRQ6\VWHP,QVWUXPHQWDWLRQ

$33/,&$%/(02'(625

27+(563(&,),('

&21',7,216 5(48,5(' 6859(,//$1&(

)81&7,21 &+$11(/6 &21',7,21 5(48,5(0(176

6

$XWRPDWLF6ZLWFKRYHUWR

&RQWDLQPHQW6XPS

F 5:67/HYHO/RZ/RZ . 65

65

&RLQFLGHQWZLWK6DIHW\,QMHFWLRQ 5HIHUWR)XQFWLRQ 6DIHW\,QMHFWLRQ IRUDOOLQLWLDWLRQIXQFWLRQVDQGUHTXLUHPHQWV

DQG

&RLQFLGHQWZLWK&RQWDLQPHQW . 65

6XPS/HYHO+LJK 65

65

(6)$6,QWHUORFNV

D 5HDFWRU7ULS3 SHUWUDLQ ) 65

WUDLQV

E 3UHVVXUL]HU3UHVVXUH3 / 65

65

F 7DYJ/RZ/RZ3 >@SHUORRS / 65

65

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-28 3$0,QVWUXPHQWDWLRQ

$&7,216 FRQWLQXHG

&21',7,21 5(48,5('$&7,21 &203/(7,217,0(

( $VUHTXLUHGE\5HTXLUHG ( %HLQ02'( KRXUV

$FWLRQ'DQG

UHIHUHQFHGLQ $1'

7DEOH

( %HLQ02'( KRXUV

) $VUHTXLUHGE\5HTXLUHG ) ,QLWLDWHDFWLRQLQDFFRUGDQFH ,PPHGLDWHO\

$FWLRQ'DQG ZLWK6SHFLILFDWLRQ

UHIHUHQFHGLQ

7DEOH , except as indicated in the Note on SR 3.3.3.1

6859(,//$1&(5(48,5(0(176

127(

65DQG65DSSO\WRHDFK3$0LQVWUXPHQWDWLRQ)XQFWLRQLQ7DEOH

6859(,//$1&( )5(48(1&<

65 3HUIRUP&+$11(/&+(&.IRUHDFKUHTXLUHG >GD\V

LQVWUXPHQWDWLRQFKDQQHOWKDWLVQRUPDOO\HQHUJL]HG

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

- NOTE -

Only required to be met for Penetration Flow Path Containment Isolation Valve Position.

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-29 3$0,QVWUXPHQWDWLRQ

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 127(

1HXWURQGHWHFWRUVDUHH[FOXGHGIURP&+$11(/

&$/,%5$7,21

3HUIRUP&+$11(/&$/,%5$7,21 >>@PRQWKV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

Note: This page is shown for context only. There are no markups on this page.

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-30 3$0,QVWUXPHQWDWLRQ

7DEOH SDJHRI

3RVW$FFLGHQW0RQLWRULQJ,QVWUXPHQWDWLRQ

&21',7,21

5()(5(1&('

)5205(48,5('

)81&7,21 5(48,5('&+$11(/6 $&7,21'

3RZHU5DQJH1HXWURQ)OX[ (

6RXUFH5DQJH1HXWURQ)OX[ (

5HDFWRU&RRODQW6\VWHP 5&6 +RW/HJ SHUORRS (

7HPSHUDWXUH

5&6&ROG/HJ7HPSHUDWXUH SHUORRS (

5&63UHVVXUH :LGH5DQJH (

5HDFWRU9HVVHO:DWHU/HYHO )

&RQWDLQPHQW6XPS:DWHU/HYHO :LGH5DQJH (

&RQWDLQPHQW3UHVVXUH :LGH5DQJH (

3HQHWUDWLRQ)ORZ3DWK&RQWDLQPHQW,VRODWLRQ9DOYH SHUSHQHWUDWLRQ

D E IORZ (

3RVLWLRQ SDWK

&RQWDLQPHQW$UHD5DGLDWLRQ +LJK5DQJH )

3UHVVXUL]HU/HYHO (

6WHDP*HQHUDWRU:DWHU/HYHO :LGH5DQJH SHUVWHDPJHQHUDWRU (

&RQGHQVDWH6WRUDJH7DQN/HYHO (

F

&RUH([LW7HPSHUDWXUH4XDGUDQW>@ (

F

&RUH([LW7HPSHUDWXUH4XDGUDQW>@ (

F

&RUH([LW7HPSHUDWXUH4XDGUDQW>@ (

F

&RUH([LW7HPSHUDWXUH4XDGUDQW>@ (

$X[LOLDU\)HHGZDWHU)ORZ (

D 1RWUHTXLUHGIRULVRODWLRQYDOYHVZKRVHDVVRFLDWHGSHQHWUDWLRQLVLVRODWHGE\DWOHDVWRQHFORVHGDQGGHDFWLYDWHG

DXWRPDWLFYDOYHFORVHGPDQXDOYDOYHEOLQGIODQJHRUFKHFNYDOYHZLWKIORZWKURXJKWKHYDOYHVHFXUHG

E 2QO\RQHSRVLWLRQLQGLFDWLRQFKDQQHOLVUHTXLUHGIRUSHQHWUDWLRQIORZSDWKVZLWKRQO\RQHLQVWDOOHGFRQWUROURRP

LQGLFDWLRQFKDQQHO

F $FKDQQHOFRQVLVWVRIWZRFRUHH[LWWKHUPRFRXSOHV &(7V

5(9,(:(5 6127(

7DEOHVKDOOEHDPHQGHGIRUHDFKXQLWDVQHFHVVDU\WROLVW

$OO5HJXODWRU\*XLGH7\SH$LQVWUXPHQWVDQG

$OO5HJXODWRU\*XLGH&DWHJRU\,QRQ7\SH$LQVWUXPHQWVLQDFFRUGDQFHZLWKWKHXQLW V5HJXODWRU\

XLGH6DIHW\(YDOXDWLRQ5HSRUW

Note: This page is shown for context only. There are no markups on this page.

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-31

/23'*6WDUW,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176

6859(,//$1&( )5(48(1&<

65 >3HUIRUP&+$11(/&+(&. >KRXUV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO

3URJUDP@@

65 3HUIRUP7$'27LQDFFRUGDQFHZLWKWKH6HWSRLQW >>@GD\V

&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP&+$11(/&$/,%5$7,21LQDFFRUGDQFH >>@PRQWKV

ZLWKWKH6HWSRLQW&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-32

&RQWDLQPHQW3XUJHDQG([KDXVW,VRODWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176

127(

5HIHUWR7DEOHWRGHWHUPLQHZKLFK65VDSSO\IRUHDFK&RQWDLQPHQW3XUJHDQG([KDXVW

,VRODWLRQ)XQFWLRQ

6859(,//$1&( )5(48(1&<

65 3HUIRUP&+$11(/&+(&. >KRXUV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP$&78$7,21/2*,&7(67 >GD\VRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP0$67(55(/$<7(67 >GD\VRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-33

&RQWDLQPHQW3XUJHDQG([KDXVW,VRODWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

5(9,(:(5¶6127(

7KH)UHTXHQF\RIGD\VRQD67$**(5('7(67%$6,6LV

DSSOLFDEOHWRWKHDFWXDWLRQORJLFSURFHVVHGWKURXJKWKH5HOD\RU6ROLG

6WDWH3URWHFWLRQ6\VWHP

>65 127(

7KLV6XUYHLOODQFHLVRQO\DSSOLFDEOHWRWKHDFWXDWLRQ

ORJLFRIWKH(6)$6,QVWUXPHQWDWLRQ

3HUIRUP$&78$7,21/2*,&7(67 >GD\VRQD

67$**(5('

7(67%$6,6@

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-34

&RQWDLQPHQW3XUJHDQG([KDXVW,VRODWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

5(9,(:(5¶6127(

7KH)UHTXHQF\RIGD\VRQD67$**(5('7(67%$6,6LV

DSSOLFDEOHWRWKHPDVWHUUHOD\VSURFHVVHGWKURXJKWKH6ROLG6WDWH

3URWHFWLRQ6\VWHP

>65 127(

7KLV6XUYHLOODQFHLVRQO\DSSOLFDEOHWRWKHPDVWHU

UHOD\VRIWKH(6)$6,QVWUXPHQWDWLRQ

3HUIRUP0$67(55(/$<7(67 >GD\VRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO

3URJUDP@@

65 3HUIRUP&27LQDFFRUGDQFHZLWKWKH6HWSRLQW >GD\V

&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-35

&RQWDLQPHQW3XUJHDQG([KDXVW,VRODWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 3HUIRUP6/$9(5(/$<7(67 >>@GD\V

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 127(

9HULILFDWLRQRIVHWSRLQWLVQRWUHTXLUHG

3HUIRUP7$'27 >>@PRQWKV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP&+$11(/&$/,%5$7,21LQDFFRUGDQFH >>@PRQWKV

ZLWKWKH6HWSRLQW&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-36

&RQWDLQPHQW3XUJHDQG([KDXVW,VRODWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

7DEOH SDJHRI

&RQWDLQPHQW3XUJHDQG([KDXVW,VRODWLRQ,QVWUXPHQWDWLRQ

$33/,&$%/(02'(625

27+(563(&,),(' 5(48,5(' 6859(,//$1&(

)81&7,21 &21',7,216 &+$11(/6 5(48,5(0(176

None.

0DQXDO,QLWLDWLRQ D 65

$XWRPDWLF$FWXDWLRQ/RJLFDQG D WUDLQV 65

$FWXDWLRQ5HOD\V 65

>65@

65

>&RQWDLQPHQW5DGLDWLRQ

D*DVHRXV D >@ 65

65

E3DUWLFXODWH D >@ 65

65

F,RGLQH D >@ 65

65

G$UHD5DGLDWLRQ D >@ 65

65

65@

&RQWDLQPHQW,VRODWLRQ3KDVH$ 5HIHUWR/&2(6)$6,QVWUXPHQWDWLRQ)XQFWLRQDIRUDOO

LQLWLDWLRQIXQFWLRQVDQGUHTXLUHPHQWV

D 'XULQJPRYHPHQWRI>UHFHQWO\@LUUDGLDWHGIXHODVVHPEOLHVZLWKLQFRQWDLQPHQW

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-37

&5()6$FWXDWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176

127(

5HIHUWR7DEOHWRGHWHUPLQHZKLFK65VDSSO\IRUHDFK&5()6$FWXDWLRQ)XQFWLRQ

6859(,//$1&( )5(48(1&<

65 3HUIRUP&+$11(/&+(&. >KRXUV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP&27LQDFFRUGDQFHZLWKWKH6HWSRLQW >GD\V

&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP$&78$7,21/2*,&7(67 >GD\VRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-38

&5()6$FWXDWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 3HUIRUP0$67(55(/$<7(67 >GD\VRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

5(9,(:(5¶6127(

7KH)UHTXHQF\RIGD\VRQD67$**(5('7(67%$6,6LV

DSSOLFDEOHWRWKHDFWXDWLRQORJLFSURFHVVHGWKURXJKWKH5HOD\RU6ROLG

6WDWH3URWHFWLRQ6\VWHP

65 127(

7KLV6XUYHLOODQFHLVRQO\DSSOLFDEOHWRWKHDFWXDWLRQ

ORJLFRIWKH(6)$6,QVWUXPHQWDWLRQ

3HUIRUP$&78$7,21/2*,&7(67 >GD\VRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-39

&5()6$FWXDWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

5(9,(:(5¶6127(

7KH)UHTXHQF\RIGD\VRQD67$**(5('7(67%$6,6LV

DSSOLFDEOHWRWKHPDVWHUUHOD\VSURFHVVHGWKURXJKWKH6ROLG6WDWH

3URWHFWLRQ6\VWHP

65 127(

7KLV6XUYHLOODQFHLVRQO\DSSOLFDEOHWRWKHPDVWHU

UHOD\VRIWKH(6)$6,QVWUXPHQWDWLRQ

3HUIRUP0$67(55(/$<7(67 >GD\VRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP6/$9(5(/$<7(67 >>@GD\V

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-40

&5()6$FWXDWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 127(

9HULILFDWLRQRIVHWSRLQWLVQRWUHTXLUHG

3HUIRUP7$'27 >>@PRQWKV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP&+$11(/&$/,%5$7,21LQDFFRUGDQFH >>@PRQWKV

ZLWKWKH6HWSRLQW&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

Note: This page is shown for context only. There are no markups on this page.

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-41

&5()6$FWXDWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

7DEOH SDJHRI

&5()6$FWXDWLRQ,QVWUXPHQWDWLRQ

$33/,&$%/(

02'(62527+(5 5(48,5(' 6859(,//$1&(

)81&7,21 63(&,),('&21',7,216 &+$11(/6 5(48,5(0(176

0DQXDO,QLWLDWLRQ >@ D WUDLQV 65

None.

$XWRPDWLF$FWXDWLRQ/RJLFDQG >@ D WUDLQV 65

$FWXDWLRQ5HOD\V 65

65

&RQWURO5RRP5DGLDWLRQ

D&RQWURO5RRP$WPRVSKHUH >@ D >@ 65

65

E&RQWURO5RRP$LU,QWDNHV >@ D >@ 65

65

6DIHW\,QMHFWLRQ 5HIHUWR/&2(6)$6,QVWUXPHQWDWLRQ)XQFWLRQIRUDOO

LQLWLDWLRQIXQFWLRQVDQGUHTXLUHPHQWV

D 'XULQJPRYHPHQWRI>UHFHQWO\@LUUDGLDWHGIXHODVVHPEOLHV

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-42

)%$&6$FWXDWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

$&7,216 FRQWLQXHG

&21',7,21 5(48,5('$&7,21 &203/(7,217,0(

& 5HTXLUHG$FWLRQDQG & 6XVSHQGPRYHPHQWRI ,PPHGLDWHO\

DVVRFLDWHG&RPSOHWLRQ >UHFHQWO\@LUUDGLDWHGIXHO

7LPHIRU&RQGLWLRQ$ DVVHPEOLHVLQWKHIXHO

RU%QRWPHWGXULQJ EXLOGLQJ

PRYHPHQWRI>UHFHQWO\@

LUUDGLDWHGIXHO

DVVHPEOLHVLQWKHIXHO

EXLOGLQJ

' >5HTXLUHG$FWLRQDQG ' %HLQ02'( KRXUV

DVVRFLDWHG&RPSOHWLRQ

7LPHIRU&RQGLWLRQ$ $1'

RU%QRWPHWLQ02'(

RU ' %HLQ02'( KRXUV@

6859(,//$1&(5(48,5(0(176

127(

5HIHUWR7DEOHWRGHWHUPLQHZKLFK65VDSSO\IRUHDFK)%$&6$FWXDWLRQ)XQFWLRQ

6859(,//$1&( )5(48(1&<

65 3HUIRUP&+$11(/&+(&. >KRXUV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-43

)%$&6$FWXDWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 3HUIRUP&27LQDFFRUGDQFHZLWKWKH6HWSRLQW >GD\V

&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 >3HUIRUP$&78$7,21/2*,&7(67 >GD\VRQD

67$**(5('

7(67%$6,6

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO

3URJUDP@@

65 127(

9HULILFDWLRQRIVHWSRLQWLVQRWUHTXLUHG

3HUIRUP7$'27 >>@PRQWKV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-44

)%$&6$FWXDWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 3HUIRUP&+$11(/&$/,%5$7,21LQDFFRUGDQFH >>@PRQWKV

ZLWKWKH6HWSRLQW&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

Note: This page is shown for context only. There are no markups on this page.

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-45

)%$&6$FWXDWLRQ,QVWUXPHQWDWLRQ :LWK6HWSRLQW&RQWURO3URJUDP

%

7DEOH SDJHRI

)%$&6$FWXDWLRQ,QVWUXPHQWDWLRQ

$33/,&$%/(02'(625 5(48,5(' 6859(,//$1&(

)81&7,21 63(&,),('&21',7,216 &+$11(/6 5(48,5(0(176

0DQXDO,QLWLDWLRQ >@ D 65 None.

>$XWRPDWLF$FWXDWLRQ/RJLFDQG D WUDLQV 65@

$FWXDWLRQ5HOD\V

)XHO%XLOGLQJ5DGLDWLRQ

D*DVHRXV >@ D >@ 65

65

E3DUWLFXODWH >@ D >@ 65

65

D 'XULQJPRYHPHQWRI>UHFHQWO\@LUUDGLDWHGIXHODVVHPEOLHVLQWKHIXHOEXLOGLQJ

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-46

%'36 :LWK6HWSRLQW&RQWURO3URJUDP

%

$&7,216 FRQWLQXHG

&21',7,21 5(48,5('$&7,21 &203/(7,217,0(

% &ORVHXQERUDWHGZDWHU KRXU

VRXUFHLVRODWLRQYDOYHV

$1'

% 3HUIRUP65 KRXU

$1'

2QFHSHUKRXUV

WKHUHDIWHU

6859(,//$1&(5(48,5(0(176

6859(,//$1&( )5(48(1&<

65 3HUIRUP&+$11(/&+(&. >KRXUV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP&27LQDFFRUGDQFHZLWKWKH6HWSRLQW >>@GD\V

&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-47

%'36 :LWK6HWSRLQW&RQWURO3URJUDP

%

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 127(

1HXWURQGHWHFWRUVDUHH[FOXGHGIURP&+$11(/

&$/,%5$7,21

3HUIRUP&+$11(/&$/,%5$7,21LQDFFRUGDQFH >>@PRQWKV

ZLWKWKH6HWSRLQW&RQWURO3URJUDP

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

Note: This page is shown for context only. There are no markups on this page.

HVWLQJKRXVH676 % 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-48 5&6/HDNDJH'HWHFWLRQ,QVWUXPHQWDWLRQ

6859(,//$1&(5(48,5(0(176

None. 6859(,//$1&( )5(48(1&<

65 3HUIRUP&+$11(/&+(&.RIWKHUHTXLUHG >KRXUV

FRQWDLQPHQWDWPRVSKHUHUDGLRDFWLYLW\PRQLWRU

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUP&27RIWKHUHTXLUHGFRQWDLQPHQW >GD\V

DWPRVSKHUHUDGLRDFWLYLW\PRQLWRU

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-49 5&6/HDNDJH'HWHFWLRQ,QVWUXPHQWDWLRQ

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 3HUIRUP&+$11(/&$/,%5$7,21RIWKHUHTXLUHG >>@PRQWKV

FRQWDLQPHQWVXPSPRQLWRU

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 >3HUIRUP&+$11(/&$/,%5$7,21RIWKHUHTXLUHG >>@PRQWKV

FRQWDLQPHQWDWPRVSKHUHUDGLRDFWLYLW\PRQLWRU

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO

3URJUDP@@

65 >3HUIRUP&+$11(/&$/,%5$7,21RIWKHUHTXLUHG >>@PRQWKV

FRQWDLQPHQWDLUFRROHUFRQGHQVDWHIORZUDWHPRQLWRU

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO

3URJUDP@@

Note: This page is shown for context only. There are no markups on this page.

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-50 5&6/RRSV7HVW([FHSWLRQV

5($&725&22/$176<67(0 5&6

5&6/RRSV7HVW([FHSWLRQV

/&2 7KHUHTXLUHPHQWVRI/&25&6/RRSV02'(6DQGPD\EH

VXVSHQGHGZLWK7+(50$/32:(53

$33/,&$%,/,7< 02'(6DQGGXULQJVWDUWXSDQG3+<6,&67(676

$&7,216

&21',7,21 5(48,5('$&7,21 &203/(7,217,0(

$ 7+(50$/32:(5 $ 2SHQUHDFWRUWULSEUHDNHUV ,PPHGLDWHO\

3

6859(,//$1&(5(48,5(0(176

6859(,//$1&( )5(48(1&<

65 9HULI\7+(50$/32:(5LV3 >KRXU

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

65 3HUIRUPD&27IRUHDFKSRZHUUDQJHQHXWURQIOX[ 3ULRUWRLQLWLDWLRQ

ORZFKDQQHOLQWHUPHGLDWHUDQJHQHXWURQIOX[ RIVWDUWXSDQG

FKDQQHO3DQG3 3+<6,&67(676

65 3HUIRUPDQ$&78$7,21/2*,&7(67RQ3 3ULRUWRLQLWLDWLRQ

RIVWDUWXSDQG

3+<6,&67(676

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-51 1XFOHDU,QVWUXPHQWDWLRQ

$&7,216 FRQWLQXHG

&21',7,21 5(48,5('$&7,21 &203/(7,217,0(

5(9,(:(5 6127( & ,QLWLDWHDFWLRQWRLVRODWH ,PPHGLDWHO\@

&RQGLWLRQ&LVLQFOXGHGRQO\ XQERUDWHGZDWHUVRXUFHV

IRUSODQWVWKDWDVVXPHD

ERURQGLOXWLRQHYHQWLV

PLWLJDWHGE\RSHUDWRU

UHVSRQVHWRDQDXGLEOH

VRXUFHUDQJHLQGLFDWLRQ

& >5HTXLUHGVRXUFHUDQJH

DXGLEOH>DODUP@>FRXQW

UDWH@FLUFXLWLQRSHUDEOH

6859(,//$1&(5(48,5(0(176

6859(,//$1&( )5(48(1&<

65 3HUIRUP&+$11(/&+(&. >KRXUV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-52 1XFOHDU,QVWUXPHQWDWLRQ

6859(,//$1&(5(48,5(0(176 FRQWLQXHG

6859(,//$1&( )5(48(1&<

65 127(

1HXWURQGHWHFWRUVDUHH[FOXGHGIURP&+$11(/

&$/,%5$7,21

3HUIRUP&+$11(/&$/,%5$7,21 >>@PRQWKV

25

,QDFFRUGDQFH

ZLWKWKH

6XUYHLOODQFH

)UHTXHQF\

&RQWURO3URJUDP@

Note: This page is shown for context only. There are no markups on this page.

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-53 3URJUDPVDQG0DQXDOV

3URJUDPVDQG0DQXDOV

6HWSRLQW&RQWURO3URJUDP FRQWLQXHG

G 5(9,(:(5¶6127(

$OLFHQVHDPHQGPHQWUHTXHVWWRLPSOHPHQWD6HWSRLQW&RQWURO3URJUDP

PXVWOLVWWKHLQVWUXPHQWIXQFWLRQVWRZKLFKWKHSURJUDPUHTXLUHPHQWVRI

SDUDJUDSKGZLOOEHDSSOLHG3DUDJUDSKGVKDOODSSO\WRDOO)XQFWLRQVLQWKH

5HDFWRU7ULS6\VWHPDQG(QJLQHHUHG6DIHW\)HDWXUH$FWXDWLRQ6\VWHP

VSHFLILFDWLRQVXQOHVVRQHRUPRUHRIWKHIROORZLQJH[FOXVLRQVDSSO\

0DQXDODFWXDWLRQFLUFXLWVDXWRPDWLFDFWXDWLRQORJLFFLUFXLWVRUWR

LQVWUXPHQWIXQFWLRQVWKDWGHULYHLQSXWIURPFRQWDFWVZKLFKKDYHQR

DVVRFLDWHGVHQVRURUDGMXVWDEOHGHYLFHHJOLPLWVZLWFKHVEUHDNHU

SRVLWLRQVZLWFKHVPDQXDODFWXDWLRQVZLWFKHVIORDWVZLWFKHVSUR[LPLW\

GHWHFWRUVHWFDUHH[FOXGHG,QDGGLWLRQWKRVHSHUPLVVLYHVDQG

LQWHUORFNVWKDWGHULYHLQSXWIURPDVHQVRURUDGMXVWDEOHGHYLFHWKDWLV

WHVWHGDVSDUWRIDQRWKHU76IXQFWLRQDUHH[FOXGHG

6HWWLQJVDVVRFLDWHGZLWKVDIHW\UHOLHIYDOYHVDUHH[FOXGHG7KH

SHUIRUPDQFHRIWKHVHFRPSRQHQWVLVDOUHDG\FRQWUROOHG LHWUHQGHG

ZLWKDVOHIWDQGDVIRXQGOLPLWV XQGHUWKH$60(&RGHIRU2SHUDWLRQ

DQG0DLQWHQDQFHRI1XFOHDU3RZHU3ODQWVWHVWLQJSURJUDP

)XQFWLRQVDQG6XUYHLOODQFH5HTXLUHPHQWVZKLFKWHVWRQO\GLJLWDO

FRPSRQHQWVDUHQRUPDOO\H[FOXGHG7KHUHLVQRH[SHFWHGFKDQJHLQ

UHVXOWEHWZHHQ65SHUIRUPDQFHVIRUWKHVHFRPSRQHQWV:KHUH , which are VHSDUDWHDVOHIWDQGDVIRXQGWROHUDQFHLVHVWDEOLVKHGIRUGLJLWDO

verified by self-FRPSRQHQW65VWKHUHTXLUHPHQWVZRXOGDSSO\ diagnostic tests.

performing 7KHSURJUDPVKDOOLGHQWLI\WKH)XQFWLRQVGHVFULEHGLQSDUDJUDSKDWKDWDUH

DXWRPDWLFSURWHFWLYHGHYLFHVUHODWHGWRYDULDEOHVKDYLQJVLJQLILFDQWVDIHW\

IXQFWLRQVDVGHOLQHDWHGE\&)5 F LL $ 7KH1763RIWKHVH

)XQFWLRQVDUH/LPLWLQJ6DIHW\6\VWHP6HWWLQJV7KHVH)XQFWLRQVVKDOOEH

GHPRQVWUDWHGWREHIXQFWLRQLQJDVUHTXLUHGE\DSSO\LQJWKHIROORZLQJ

UHTXLUHPHQWVGXULQJ&+$11(/&$/,%5$7,216&+$11(/23(5$7,21$/

7(676DQG75,3$&78$7,1*'(9,&(23(5$7,21$/7(676WKDWYHULI\

WKH1763

7KHDVIRXQGYDOXHRIWKHLQVWUXPHQWFKDQQHOWULSVHWWLQJVKDOOEH

FRPSDUHGZLWKWKHSUHYLRXVDVOHIWYDOXHRUWKHVSHFLILHG1763

,IWKHDVIRXQGYDOXHRIWKHLQVWUXPHQWFKDQQHOWULSVHWWLQJGLIIHUVIURP

WKHSUHYLRXVDVOHIWYDOXHRUWKHVSHFLILHG1763E\PRUHWKDQWKHSUH

GHILQHGWHVWDFFHSWDQFHFULWHULDEDQG LHWKHVSHFLILHG$)7 WKHQWKH

LQVWUXPHQWFKDQQHOVKDOOEHHYDOXDWHGEHIRUHGHFODULQJWKH65PHWDQG

UHWXUQLQJWKHLQVWUXPHQWFKDQQHOWRVHUYLFH7KLVFRQGLWLRQVKDOOEH

HQWHUHGLQWKHSODQWFRUUHFWLYHDFWLRQSURJUDP

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

Westinghouse Non-Proprietary Class 3 D-54 3URJUDPVDQG0DQXDOV

3URJUDPVDQG0DQXDOV

6HWSRLQW&RQWURO3URJUDP FRQWLQXHG

,IWKHDVIRXQGYDOXHRIWKHLQVWUXPHQWFKDQQHOWULSVHWWLQJLVOHVV

FRQVHUYDWLYHWKDQWKHVSHFLILHG$9WKHQWKH65LVQRWPHWDQGWKH

LQVWUXPHQWFKDQQHOVKDOOEHLPPHGLDWHO\GHFODUHGLQRSHUDEOH

7KHLQVWUXPHQWFKDQQHOVHWSRLQWVKDOOEHUHVHWWRDYDOXHWKDWLVZLWKLQ

WKHDVOHIWWROHUDQFHDURXQGWKH1763DWWKHFRPSOHWLRQRIWKH

VXUYHLOODQFHWHVWRWKHUZLVHWKHFKDQQHOLVLQRSHUDEOH VHWSRLQWVPD\

EHPRUHFRQVHUYDWLYHWKDQWKH1763SURYLGHGWKDWWKHDVIRXQGDQG

DVOHIWWROHUDQFHVDSSO\WRWKHDFWXDOVHWSRLQWXVHGWRFRQILUPFKDQQHO

SHUIRUPDQFH

H 7KHSURJUDPVKDOOEHVSHFLILHGLQ>LQVHUWWKHIDFLOLW\)6$5UHIHUHQFHRUWKH

QDPHRIDQ\GRFXPHQWLQFRUSRUDWHGLQWRWKHIDFLOLW\)6$5E\UHIHUHQFH@@

>6XUYHLOODQFH)UHTXHQF\&RQWURO3URJUDP

7KLVSURJUDPSURYLGHVFRQWUROVIRU6XUYHLOODQFH)UHTXHQFLHV7KHSURJUDPVKDOO

HQVXUHWKDW6XUYHLOODQFH5HTXLUHPHQWVVSHFLILHGLQWKH7HFKQLFDO6SHFLILFDWLRQV

DUHSHUIRUPHGDWLQWHUYDOVVXIILFLHQWWRDVVXUHWKHDVVRFLDWHG/LPLWLQJ&RQGLWLRQV

IRU2SHUDWLRQDUHPHW

D 7KH6XUYHLOODQFH)UHTXHQF\&RQWURO3URJUDPVKDOOFRQWDLQDOLVWRI

)UHTXHQFLHVRIWKRVH6XUYHLOODQFH5HTXLUHPHQWVIRUZKLFKWKH)UHTXHQF\LV

FRQWUROOHGE\WKHSURJUDP

E &KDQJHVWRWKH)UHTXHQFLHVOLVWHGLQWKH6XUYHLOODQFH)UHTXHQF\&RQWURO

3URJUDPVKDOOEHPDGHLQDFFRUGDQFHZLWK1(,5LVN,QIRUPHG

0HWKRGIRU&RQWURORI6XUYHLOODQFH)UHTXHQFLHV5HYLVLRQ

F 7KHSURYLVLRQVRI6XUYHLOODQFH5HTXLUHPHQWVDQGDUHDSSOLFDEOH

WRWKH)UHTXHQFLHVHVWDEOLVKHGLQWKH6XUYHLOODQFH)UHTXHQF\&RQWURO

3URJUDP@

HVWLQJKRXVH676 5HY

WCAP-18461-NP January 2020 Revision 0

v t e Letter Sequence Request
EPID:L-2019-LLA-0194, COL Docs - Vogtle Units 3 and 4, SNC Presentation for 9/10 Public Meeting 52.103(g) Process (Approved, Closed)
Initiation Request, Request, Request Acceptance... Administration Questions Answers Results Approval, Approval, Approval Other: ML19346F122
MONTHYEAR2020-01-31 [Table View]

ML20020A009

Text

1.2 BACKGROUND

SUMMARY

SUMMARY

1.2 BACKGROUND

SUMMARY

SUMMARY

Navigation menu

Search