ML20039G501

From kanterella
Jump to navigation Jump to search
SEP Topic VII-2,ESF Sys Control Logic & Design,Ginna Nuclear Power Plant 1.
ML20039G501
Person / Time
Site: Ginna Constellation icon.png
Issue date: 12/31/1981
From: Morken D
EG&G, INC.
To: School R
Office of Nuclear Reactor Regulation
References
CON-FIN-A-6425-1, TASK-07-02, TASK-7-2, TASK-RR EGG-EA-5683, NUDOCS 8201180330
Download: ML20039G501 (11)
v  d  e


Text

- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

gfd fBSGM0N An H h$ sees } kSS/$faddf

~

EfN(

EGG-EA-5683 DECEMBER 1981 SYSTEMATIC EVALUATION PROGRAM, TOPIC VII-2, ESF SYSTEM CONTROL LOGIC AND DESIGN, GINNA NUCLEAR var AN/d POWER PLANT NO. 1, DOCKET NO. 50-244

  • A IIS RECEIVED D. J. Morken 2 79-g3 JAN 5 1982> -

ara m neuma Kaaa rm u g TLC

' v:>

s U.S. Department of Energy Idaho Operations Office

  • Idaho National Engineering Laboratory xsa ;p mA
.~e r

C . >

I 4

i _

f g , D / _W e i i ,

'W m w4r ware s wass;y,,,, ,,,,

dQh. i 'h q M., O  :** M ***m u m m meme 7[N9',

6 f h ._ -._ r=urupar memrm zusase amor tMNIGN,

[Q.L.%' XWhM%Y-N 3_.x L

dJW l W^ i &RWW?*"~~

., ,_ , j. ~W 44 d Et h **" - - %

a.t y ,

~ ~ , ~g y_.

"""+

4 .s%i_ e-r~-

aus;isr4 :-~ ~~C 7 -

g. .

t

~ '

s _ %c; w ,,u g ~~

g;"

s

, %r18 ' "'

gg

[ ,

.... . n u ~~

This is an informal report intended for use as a preliminary or working document Prepared for the U.S. Nuclear Regulatory Commission Under DOE Contract No. DE-AC07-76ID01570 g FIN No. A6425-1 ESgSgu 8201180330 811231 l PDR RES I 8201180330 PDR

h EGnG ..s.

FORM (Rev.1,EG

?% AG 396 INTERIM REPORT Accession No.

Report No. EGG-EA-5683 Contract Program or Project

Title:

Electrical, Instrumentation, and Control Systems Support for the Systematic

- Evaluation Program (II)

Subject of this Document:

4

. Systematic Evaluation Program, Topic VII-2, ESF System Control Logic and Design, Ginna Nuclear Power Plant No. 1 Type of Document:

Informal Report Author (s):

D. J. Morken Date of Document:

December 1981 Responsible NRC Individual and NRC Office or Divialon:

Ray F. Scholl, Division of Licensing This document was prepared primarily for preliminary orinternat use. it has not received full review and approval. Since there may be substantive changes, this document shoutd not be cons;dered final.

EG&G Idaho. Inc.

Idaho Falls. Idaho 83415 Prepared for the U.S. Nuclear Regulatory Commission Washington, D.C.

Under DOE Contract No. DE AC07-761D01570 NRC FIN No. A6425-1 INTERIM REPORT

0632J

. SYSTEMATIC EVALUATION PROGRAM TOPIC VII-2 ESF SYSTEM CONTROL LOGIC AND DESIGN GINNA NUCLEAR POWER PLANT NO. 1 Docket No. 50-244 December 1981 D. J. Morken EG&G Idaho, Inc.

Y 11/23/81 L_______________________________________________________________

ABSTRACT This SEP tech ical evaluation for the Ginna Nuclear Power Plant No. 1, reviews the type of isolation devices used in the Engineered Safety Features (ESF) systems, the isolation between ESF channels and the

-isolation of ESF systems from control and non-safety systems.

FOREWORD This report is supplied as part of the " Electrical, Instrumentation, and Control Systems Support for the Systematic Evaluation Program (II)"

being conducted for the U.S. Nuclear Regulatory Commission, Office of Nuclear Reactor Regulation, Division of Licensing by EG&G Idaho, Inc.,

Reliability & Statistics Branch.

The U.S. Nuclear Regulatory Commission funded the work under the authorization B&R 20-10-02-05, FIN A6425-1.

O ii

CONTENTS 1.0 I N TR O D UC T I O N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I I

2.0 CRITERIA ........................................................

3.0 D I SC U S S I O N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 3.1 General ................................................... 2 3.2 Safety Injection System ................................... 2

- 3.2.1 Low Pressurizer Pressure .......................... 2 3.2.2 Low Steam Line Pressure ........................... 3 3.2.3 High Containment Pressure ......................... 4 3.2.4 Evaluation ........................................ b 3.3 Steam Line Isolation System ............................... 5 3.3.1 High Steam Line Flow and SIS ...................... 5 3.3.2 High Containment Pressure ......................... 6 3.3.3 Evaluation ........................................ 6 3.4 Containment Spray System .................................. 7 3.4.1 Hi-Hi Containment Pressure ........................ 7 4

3.4.2 Evaluation ........................................ 7 3.5 Containment Isolation System .............................. 8 3.5.1 Containment Isolation ............................. 8 3.5.2 Containment Ventilation Isolation ................. 8 3.5.3 Evaluation ........................................ 9 3.6 Feedwater Isolation ....................................... 9 3.6.1 Evaluation ........................................ 9 4.0 SUKMARY ......................................................... 9

5.0 REFERENCES

...................................................... 9 APPENDIX'A--NRC SAFETY TOPICS RELATED TO THIS REPORT ................. 11 iii

SYSTEMATIC EVALUATION PROGRAM TOPIC VII-2 ESF SYSTEM CONTROL LOGIC AND DESIGN GINNA NUCLEAR POWER PLANT NO. 1

1.0 INTRODUCTION

The objective of this review is to determine if non-safety systems which are electrically connected to the Engineered Safety Features (ESF)

. are properly isolated from the ESF and if the isolation devices or tech-niques used meet current licensing criteria. The qualification of safety-related equipment is not within the scope of this review.

Non-safety systems generally receive control signals from ESF sensor current loops. The non-safety circuits are reauired to have isolation devices to ensure electrical independence of the ESF channels. Operating experience has shown that some of the earlier isolation devices or arrange-ments at operating plants may not meet current licensing criteria.

2.0 CRITERIA General Design Criterion 22 (GDC 22), entitled, " Protective System Independence," requires that:

The protection system shall be designed to assure that the effects of natural phenomena and of normal operating, maintenance, testing, and postulated accident conditions on redundant channels do not result in loss of the protection function, or that they shall be demonstrated to be acceptable on some other defined bases. Design techniques, such as functional diversity or diversity in component design and principles ofoperation,shallbeujedtotheextentpracticaltopreventlossof the protection function General Design Criterion 24 (GDC 24), entitled, " Separation of Protection and Control Systems," requires that:

The protection system shall be separated from control systems to the

- extent that failure of any single control system component or channel, or failure or removal from service of any single protection system

, component or channel which is common to the control and protection

~

system, leaves intact a system that satisfies all reliability, redun-dancy, and independence requirements of the protection system. Inter-connection of the protection and control systems shall be limited so as to assure that safety is not significantly impaired.2 IEEE Standard 279-1971, entitled, " Criteria for Protection Systems for Nuclear Power Generating Stations," Section 4.7.2, states:

The transmission of signals from protection system equipment for con-trol system use shall be through isolation devices which shall be 1

classified as part of the protection system and shall meet all the requirements of this document. No credible failure at the output of  ;

an isolation device shall prevent the associated protection system channel from meeting the minimum performance requirements specified in the design bases.

Examples of crediole f ailures include short circuits, open circuits, grounds, and the application of the maximum credible AC and DC poten-tial. A failure in an isolation device is evaluated in the same man-ner as a failure of other equipment in the protection system.a .

3.0 DISCUSSION AND EVALUATION 3.1 General. The Engineered Safety Features (ESF) as defined by the Standard Review Plan Section 7.1-III are those systems which are required to mitigate the consequences of a postulated accident. The ESF systems for the Robert Emmett Gigna Nuclear Station-Unit No.1, as identified in Tech-nical Specifications are as follows:

Safety Injection System Steam Line Isolation System Containment Spray System Containment Isolation System Feedwater Isolation System 3.2 Safety Injection System. The Safety Injection System (SIS) delivers borated water to the reactor core following a loss of coolant accident. The principle components of the SIS are two passive accumula-tors (one for each loop), three safety injection pumps, two residual heat i removal (RHR) pumps and the essential piping and valves. The accumulators, being passive devices, discharge into the cold leg of each loop and do not require automatic initiation.

The safety injection system may be actuated by two-out-of-three (2/3) low pressurizer pressure signals, 2/3 low steam line pressure signals, 2/3 nigh containment pressure signals or it can be actuated manually. Any of the SIS signals will open the SIS isolation valves, start the high head SI pumps and the low head RHR pumps.

3.2.1 Low Pressurizer Pressure. Low pressurizer pressure is monitored by three pressure transmitters, PT 429, PT 430 and PT 431. Each ,

transmitter feeds a current loop. The current loops are identified as The three c channel 1 (red), channel 2 (white) and channel 3 (blue).loopsareidentical,thusonlyth -

  • The channel I current loop is comprised of a pressure transmitter (PT-429), a power supply (PQ-429), a lead / lag module (PM-429B), an isolation alarm module (PC-429E), an isolation current repeater module (PC-429A), a second lead / lag module (TM-4018), isolation module (TM-405 0), and isolation j module (PC-429 D/C). PC 429E, PC-429A, and PC-429 D/C are Foxboro isolation devices, Model M/63S with bistable output signals. PM-429A and TM-405 0 are Foxboro isolation current repeaters, Model M/66-BR with current input and current output signals.

2

Lead / lag module PM-429B conditions the signal from transmitter PT-429 and provides an output signal to isolation device PC-429E, whicn initiates a bistable output signal to the RPS low pressurizer pressure trip relay logic. PC-429A provides a bistable output signal to the RPS high pres-surizer pressure relay logic. PM-429Aprovidesanisolatedgurrentoutput to the pressurizer control system, indicators and recorders. Lead / lag module TM-401B mixes and conditions the pressurizer pressure current signal with input from the RPS nuclear instrumentation and an RPS average tempera-ture (T 0 input sianal and PT-429 current signal. However, the signals are al1 Nr)ived from the same channel and there are no interconnections

~

between channels. TM-405 0 provides an isolated current output signal to indicators and a three pen recorder. PC-429 D/C provides two bistable w output signals. Output from PC-429C feeds a 2/3 relay logic in the SIS logic initiation circuit. PC-429D output feeds a 2/3 SIS unblock relay logic circuit.

Output signals from bistaole: PC-430 E/F, channel II and PC-431 I/G, channel III complete the input signals to the 2/3 pressurizer pressure logic of the SIS initiation circuitry. Output signals from the 2/3 logic modules provide redundant inputs to a one-out-of-four OR gate, latching relays and the safeguard sequence unit. The safeguard sequence unit opens the SIS isolation valves and starts the high head and low head safety injection pumps. The safeguard sequence unit also loads two of the service water pumps, the two auxiliary feedwater pumps and the four containment fan coolers onto the safeguard buses.

Circuitry from the output of the pressurizer pressure current loops is composed of relay logic, with auxiliary relay contacts used for starter l indication, annunciation and event recording inputs.

3.2.2 Low Steam Line Pressure. Low steam line pressure will

( initiate the SIS. Two sets of three pressure transmitters monitor the two i

steam line loops. Pressure transmitters PT-468, PT-469 and PT-482 monitor l

steam line loop A while PT-478, PT-479, and PT-483 monitor steam line loop B. The four current loops for PT-468, 469, 478 and 479 are identical.

l Current loops for PT-482 and 483 are also identical but are different from the other four loops.8 Therefore, cu-rent loops for both PT-468 and PT-482 will be discussed.

Channel I current loop 1s comprised of a pressure transmitter (PT-468), a series current repeater (FM-464A), a lead lag module (PM-468A),

a series current repeater (PM-468B), an alarm bistable module (PC-468A) and a power supply (PQ-468). The current repeater FM-464A is a Foxboro series multiplier-divider Model M/66 DR with two inputs, steam line flow and steam line pressure, with an output to a square root extractor. The series multi-plier does not provide isolation between the steam line flow input and the steam line pressure input. It does provide isolation between the input signals and the output signal. The input signals are from the same channel and there are no interconnections between channels. FM-464A signal from the square root extractor feeds a series current repeater isolation module FM-464C, Foxboro Model M/66BR. The lead / lag module PM-468A conditions the steam line pressure current signal and feeds the bistable module PC-468A.

l The module provides low and low-low bistable output signals which initiate l

l 3 l

relays for the first out annunciator and the SIS 2/3 logic. PC-468A is a Foxboro isolation device model M/63BR. PM-4688 is a Foxboro model M/66BR current repeater and provides an isolated output current to pressure indicators and the recorder.

Channel III current loop (PT-482) is similar to Channel I with the exception it does not have a steam flow / steam pressure input module as in Channel I (FM-464A). Otherwise, the current loop and the isolation modules are identical to Channel I as described above.

Output signals from the steam line pressure current loop bistables .

PC-468A, PC-469A and PC-482A feed a 2/3 relay logic module. PC-478A, PC-479A and PC-483A feed a second 2/3 relay logic module. The output of ,

the two 2/3 logic modules feed separate 2/2 modules which also require inputs from the pressurizer pressure SIS unblock logic to produce output signals. Each 2/2 logic module feeds the one-out-of-four OR gate to the SIS. The output of the OR gate is described in Section 3.2.1 above.

Auxiliary relay contacts in the 2/2 module provide annuciator status signals.

3.2.3 High Containment Pressure. High containment pressure will initiate the SIS. High containment pressure is monitored by three pressure transmitters, PT-945, PT-947 and PT-949. Each transmitter feeds a current loop. The current loops are identified as Channel I (red), Channel II

-(white) and Channel 3 (blue). The three current thusonlyChannelI(red)willbedescribedhere.foopsareidentical, Channel I current loop is comprised of the pressure transmitter (PT-945), Power Supply (PQ-945), an isolation current repeater (PM-945) and an isolation alarm module (PC-945 A/B). The current repeater PM-945 is a Foxboro isolation device Model M/66BR with an output to a remote indicator.

PC-945 A/B is a dual output bistable alarm module, Foxboro Model M/635 with the "A" output feeding the SIS relay logic circuitry and the "B" output feeding the containment spray logic.7 (See Section 3.4 for evaluation of containment spray). The output of PC-945A is fed to a 2/3 relay logic and, in conjunction witn PC-947A (Channel II) and PC-949A (Channel III), provides the thrp9 Hi containment pressure signals to a 2/3 relay logic module. The output of the 2/3 logic module feeds the SIS one-out-of-four OR gate to initiate SIS as described in Section 3.2.1.

Manual switches on the analog instrument cabinets as well as manual pushbuttons on the relay logic cabinets permit logic testing. Remote manual switches are provided for manual operation of the pumps and valves. -

Power for the SIS analog logic circuit is supplied from four instru-ment buses, lA, 18, 1C and 10. Buses lA and 1C are powered from inverters

  1. 1 and #2 which are fed from the 125V DC buses 1 and 2. Buses IB and 10 are powered by constant voltage transformers fed by 480V MCC IB and MCC 1D respectively. The relay logic is separated into train A and train B.

Train A receives power from the 125V DC control board panel lA and train B from the 125V DC control board panel 1B. Power to the SIS pumps is from 480V Bus #14 for train A and 480V Bus #16 for train B. Motor-operated 4

valves receive power from 480V MCC #1C for train A and 480V MCC #10 for train B.

3.2.4 SIS Evaluation. lhe analog logic is separated in three separate channels and are electrically isolated from each other. Foxboro isolation devices p" ovide adequate isolation between the ESF safety system logic and the control and non-safety systems. Isolation between the ESF's two digital logic trains is by relay logic. Isolation between power sys-tems is by the use of separate power buses for each train and thermal-magnetic breakers isolate individual pumps and valves from other devices on

- the same bus. Valve status indication is from position switches on the valves. Pump status is from auxiliary relay contacts in the motor breaker circuits.

3.3 Steam Line Isolation System. The steam line isolation valves are closed upon receipt of high steamline flow in conjunction with an SIS sig-nal, by Hi-Hi containment pressure or by manual initiation.

3.3.1 High Steam Line Flow and SIS.10 High steam line flow is monitored by two flow transmitters in each flow loop (A and B). FT-464, Channel I (red), and FT-465, Channel II (white), monitor steam flow in loop A. FT-466, Channel 1 (red), and FT-467, Channel II (white), monitor steam flow in loop B. Each transmitter feeds separate current loops and the four current loops are identical. Therefore, only Channel I (red) will be described.

A flow transmitter (FT-464) feeds a current loop comprised of a power supply (PQ-464A), isolation current repeaters (FM-464D and FM-464C), model M/66 BR, a series multiplier-divider (FM-464A), Foxboro model M/66 DR and an isolation alarm module (FC-464A), Foxboro model M/66 35. The current repeater GM-4640 supplies an isolated current signal to remote instruments.

The multiplier-divider FM-464A, mixes an RPS steam line flow input signal with the pressure input signal from the steam line pressure transmitter PT-468 to provide a modified output flow signal. The multiplier-divider module FM-464A does not provide isolation between the flow and pressure input signals. It does provide isolation between the output and the input signals. The flow and pressure signals are both from Channel I and there is no intertie between channels. FM-464A output signal feeds the isolation amplifier FM-464C which provides input signals to instrumentaton and con-trols, Hi flow and Hi-Hi flow.

Hi flow output signal from either Channel I (PC-454A) or Channel II (PC-465A) of loop A provides one input to a two input relay logic AND

- gate. The other input to the AND gate comes fror.. a low Tavo bistable signal. An output from the AND gate when combined with an SIS signal will initiate closure of loop A steam line isolation valves MSIV iA. The logic for loop B is identical to that of loop A.

The loop A Hi-Hi output bistable signals, PC-464B and PC-4658, feed a two input relay logic OR gate. The output of the OR gate when combined with an SIS signal will also close the steam line isolation valve in loop A.

l The logic for loop B is identical.

I 5

Manual control switch PB/ MMS 1 will close loop A steam isolation valve MSIV 1A and PB/ MMS 2 will close loop B steam isolation valve MSIV 1B.

Each isolation alarm module provides a status indicator light for both Hi and Hi-Hi indication. Hi flow input signals to the flow SIS AND gate provide an annunciator output signal. Steam line valve status is indicated by position switches on the valve.

Power to valve MSIV 1A is from the 125V DC battery 1A and to MSIV 1B is from the 125V DC battery IB. Both valve actuation circuits are isolated from other functions on the same battery bus by line fuses. The current ,

loop power supplies for Channel I and Channel II are fed from instrument buses lA and 18. .

3.3.2 High Containment Pressure. Steam line isolation may also be initated from Hi-Hi containment pressure. Hi-Hi containment pressure is monitored by three pressure transmitters, PT-946 Channel II (white), PT-948 Channel III (blue) and PT-950 Channel IV (yellow). Each transmitter feeds a separate current loop and the three current loops are identical. There-fore, only Channel II (white) will be described.

Pressure transmitter PT-946 feeds a current loop comprised of a power supply (PQ-946), an isolator current repeater (PM-946), Foxboro model M/66 BR and an isolation alarm module (PC-946 A/B), Foxboro model M/635. The current repeater PM-946 provides an isolated output current to an indicat-ing instrument on the control board. The isolation alarm module PC-946 A/B provides two bistable output signals, A and B. Bistable output signal A goes to a 2/3 Hi-Hi containment pressure trip logic. Bistable output B goes to the contairment spray logic (see Section 3.4 for details on con-tainment spray). PC-948A and PC-950A also feed the 2/3 Hi-Hi containaent pressure trip logic. The 2/3 trip module provides an output closing signal to each of the steam line isolation valves MSIV 1A and MSIV 18.

Auxiliary reloy contacts from the containment pressure bistable alarm modules provide annunciator status in the control room. Manual pushbutton swiches provide testing of the individual trains of relay logic. Other pushbutton switches provide testing of the analog channels.

Power to the analog logic circits is from instrument bus 18, IC and

10. Power for the relay logic is from the 125V DC control board 1A for train A and the 125V DC control board IB for train 18. Isolation of safety -

functions from other functions on the same bus is by thermal-magnetic cir-cuit breakers and fuses.

3.3.3 Evaluation. Tne analng channels are separated into four steam flow channels and three containoent pressure channels. Each channel is independent and electrically isol;ted from the others. Foxboro isola-tion devices provide adequate isolation of the analog channels from control and non-safety systems. The analog channels feed relay logic separated into two independent logic trains. The relay logic provides adequate isolation between the trains and from control and non-safety systems. -

Isolation between power sources is by the use of separate power buses and 6

i 1

in-line fuses. System status indication is by auxiliary relay contacts and valve position switches'.

3.4 Containment Spray System. The containment spray system consists of two pumps, one spray additive tank, valves, piping and spray nozzles.

Initiation of containment spray is from coincident signals from two sets of 1 2/3 high containment pressure signals monitoring containment Hi-Hi pressure.

The actuation signal will start the pumps.and open the discharge valves to I the spray header. Valves for the spray additive tank open after a time delay and may be controlled by the operator.

3.4.1 Hi-Hi Containment Pressure. Hi-Hi containment pressure is monitored by the same pressure transmitters used for SIS initiation, PT-945, PT-947 and PT-949 (Section 3.2.3) and steam line isolation PT-946, PT-948 i and PT-950, (Section 3.3.2). The analog current loops are as described in the above referenced section and will not be repeated here.

i The "B" bistable output from each of the isolation alarm modules PC-945 j A/B, PC-946 A/B, PC-947 A/B, PC-948 A/B, PC-949 A/B and PC-950 A/B provide the Hi-Hi pressure level setpoint for actuation of the containment spray.

PC-945B, PC-9478, and PC-949B feed a 2/3 relay logic in logic train A.

PC-946B, PC-9488 and PC-5908 feed a 2/3 relay logic in logic train B. The output of the two 2/3 logic units feeds a two input relay AND gate. With input signals from both 2/3 logic circuits,-the AND gate output signal goes to a second two input relay AND gate with a momentary manual reset signal

as the second input. Operation of the reset signal will only momentarily j reset containment spray as long as a Hi-Hi containment pressure signal or a

, manual actuation signa' is present.

Manual actuation at ontainment spray requires simultaneous operation of two push button switches, PB/MSl and PB/MS2. Manual test switches also

permit testing the relay logic. Auxiliary relay contacts provide 2/3 logic annunciation for each train and annunciation of the core spray actuation signal. Bistable output signals from the analog logic channels actuate I trip status lights and annunciators for each channel.

I Power for the analog circuits are from the four instrumentation buses.

I Power to the relay logic is supplied by the 125V DC control board panels.

(See Sections 3.2.3 and 3.3.2 of this report for details.) Power to the containment spray valves M0V 860A and MOV 860C is from the 480V MCC #1C while MOV 860B and MOV 860D are powered from the 480V MCC #10. Containment spray pumps lA and IB receive power from 480V Bus #14 and Bus #16, respec-tively. Pump status indication is from auxiliary contacts on the pump b motor breaker and valve status indication is from position switches on the i

valves.

3.4.2 Evaluation. Isolation of analog channels are described in i Sections 3.2.3 and 3.3.2 of this report. Relay logic circuits are ade-j quately isolated by relay contacts. Power systems use separate power buses for the two trains and thermal-n,agnetic breakers for isolation from other functions on the same buses.

J 7

-w --,- - - -

, . - - - , --a.-- ,,,m.--e- -- - , - , , - --- , - ~ - - - w-,--n, - - - , - --,--,-n-,,-----,w --,, --- -

3.5 Containment Isolation System. Containment isolation is initiated by an SIS signal or manually. Actuation of containment isolation trips the containment sump pumps, closes all containment isolation valves (contain-ment sump pump discharge isolation valves, steam generator isolation blow-down valves, reactor coolant drain tank vent header and pump suction valve, containment ventilation purge valves, containment depressurization valves, containment air test supply valve, and containment air test valves), and trips the purge supply and exhaust fans. Containment ventilation valves are also isolated on high containment activity or from a manual containment spray signal.

3.5.1 Containment Isolation. Containment isolation is initiated '

by an SIS signal or by manual operation of two pushbutton switches, PB/ MCI and PB/MC2. The analog logic is described under SIS actuation, (Sec- -

tions 3.2.1, 3.2.2 and 3.2.3) and will not be repeated here.

Contacts from the SIS latching relay provide containment isolation actuation. A momentary reset pushbutton will reset the containment isola-tion valves only upon loss of the SIS signal. Annunciation of containment isolation is from auxiliary contacts on the actuation latching relay.

Remote actuated containment isolation valves are either motor-operated or air-operated. Single air-operated valves have two relays in series powered from separate DC sources and from separate control logic channels.

Where two air-operated isolation valves are in series there is one solenoid for each valve, each supplied from a different DC power source. Motor-operated valves are fed from one of two 480V MCCs.

Control switches provide individual control of certain isolation valves while other isolation valves are manual controlled by valve groups from com-mon switches.

3.5.2 Containment Ventilation Isolation. The containment ven-tilation isolation system, initiated by SIS, Hi containment activity or manually, is adequately described in SEP Topic VI-4.13 SIS initiation isolation logic is discussed in Section 3.2.3 of this report. Drawings of the Containment Radioactivity Detectors RCll and RCl2 were not available for detail review. However, as identified in SEP VI-4, Section 2.3, the radiation monitors used to initiate isolation are not class lE equipment.

The digital logic of the radiation monitor system is derived from bistable outputs from RCll and RCl2. Either monitor can initiate contain- .

ment ventilation isolation actuation through relay logic OR gates. SIS or manual actuation of either containment isolation or containment spray will also initiate containment ventilation isolation.

Power to the relay logic as well as to the air-operated valves is pro-vided from the two 125V DC sources. Power for the ventilation fans is from 480V buses #14 and #16 and motor-operated valves are power from MCC IC and MCC 1D. Isolation of the fan motors and motor-operated valves from other 8

functions on the same buses is by ther;nal-magnetic breakers. Solenoid operated valve circuits are individually fused.

3.5.3 Evaluation. With the exception that the containment radio-activity monitor analog circuits are not class lE equipment, isolation of the channels and trains of the containment isolation from other ESF systems, controls and non-safety systems is adequate. j 3.6 Feedwater Isolation System. The feedwater isolation system is comprised of the four main feedwater and feedwater bypass isolation valves

. '(A0V 4269, A0V 4270, A0V 4271 and A0V 4272). These valves close upon receiving an SIS signal or by'a safeguards sequence initiate signal. They will fail closed on loss of power or air.

An evaluation of the SIS analog initiation channels and the digital actuation trains are contained in the discussion of the SIS, Section 3.2 of this report.

Each valve has redundant relay inputs with redundant solenoids for closing and a single relay contact input to a single solenoid to open..

Power to the feedwater valve solenoids is divided by trains between the two 125V DC sources. Isolation of each valve actuation circuit from its power Interlocks between the redundant valves is by relay con--

busisbyfges.

tact logic 3.6.1 Evaluation. The analog channels initiation logic and the digital train logic for feedwater valve isolation actuation is evaluated in Section 3.2.4 of this report. Isolation of redundant valve circuit. inter-locks is by relay contacts. Power to the redundant valves is from separate buses with fuse isolation of each valve circuit from other functions on the

.same bus.

4.0

SUMMARY

Based on current licensing criteria and review guidelines, the ESF system complies with all licensing criteria listed'in Section 2.0 of this report except for the following:

1. The containment radioactivity monitors do not qualify as class lE

! . equipment. The isolation of the containment ventilation isola-tion ESF system is not adequately isolated from non class lE

!' equipment.

5.0 REFERENCES

1. General Design Criterion 22, " Protection System Independence," of Appendix A, " General Design Criteria for' Nuclear Power Plants,"'10 CFR Part 50, " Domestic Licensing of Production and Utilization Facilities."
2. General Design Criterion 24, " Separation of Protection and Control Systems," of Appendix A, " General Design Criteria for Nuclear Power Plants," 10 CFR Part 50, " Domestic Licensing of Production and Utilization Facilities."

-9

3. IEEE Standard 279-1971, " Criteria for Protection Systems for Nuclear Power Generating Stations."
4. Table 3.5-2, Appendix A to Provisional Operating License No. DPR-18, Technical Specifications for R. E. Ginna Nuclear Power Plant No. 1, Rochester Gas and Electric Corporation.
5. Foxboro drawings 80-10, Rev. 4 and BD-2, Rev. 6.
6. Foxboro drawing 60-13, Rev. 6.
7. RG&EC Logic Diagram 8820612, Sh 6, Rev. 7,RG&EC Safeguard System Drawings 33013-660, Rev. 2 and 33013-662, Rev. 1.
8. Foxboro Drawings BD-6, Rev. 5 and BD-7, Rev. 5.
9. Foxboro Drawings BD-12, Rev. 5 and BD-14, Rev. 4.
10. RG&EC Logic Diagrams 8820612, Sh 6, Rev 7 and Sh 14, Rev. 5. Foxboro drawing DB-6, Rev. 5, BD-7, Rev. 5 and CD-5, Rev. 8. RG&EC 499B425, Sh 298, Rev. 5.
11. Foxboro drawings 80-12, Rev. 5 and B0-14, Rev. 4. RG&EC drawings 8820612, sh 6, Rev. 7, 330-13-661-Rev. O and 33013-663-Rev. O.
12. RG&EC Drawings 499B425-301, 10905-79/222/223/224/225/287 and 300, and 10995-229.
13. SEP Topic VI-4, " Electrical, Instrumentation, and Control Aspects of the Override of Containment Purge Valve Isolation," Final Draft, Dated July 1981.
14. RG&EC Drawings 33013-664-Rev. 4 and 8820612-Rev. 7.
15. RG&EC Drawings 33013-554-Rev. 4, 10905-274-Rev. O and 4998425, Sh. 298, Rev. 5.

9 10

APPENDIX A NRC SAFETY TOPICS RELATED TO THIS REPORT

1. III-l "Llassification of Structures, Components, and Systems"
2. VI-7.A.3 "ECCS Actuation System"
3. VI-10.A " Testing of Reactor Trip Systems and Engineered Safety Fea-tures, Including Response Time Testing"
4. VII-1.A " Reactor Protection System Isolation"
5. VII-3 Systems Required for Safe Shutdown"
6. VII-4 " Effects of Failures of Nonsafety-Related Systems on Selected ESFs" 11 i
Retrieved from "https://kanterella.com/w/index.php?title=ML20039G501&oldid=2589303"