Text

'

--.L.---....-

^~ '

.*. ~ '-

. :. = :a 0057j SYSTEMATIC EVALUATION PROGRAM TOPIC VII-2 ESF SYSTEM CONTROL LOGIC AND DESIGN HADDAM NECK PLANT Docket No. 50-213 January 1982

0. J. Morken Reliability and Statistics Branch Engineering Analysis Division EG&G Idaho, Inc.

4 Draft 1-29-82 1

8203170348 820305 PDR ADOCK 05000213 P

PDR

~-

..u-..>.

n =. =.~...-....

~

CONTENTS 1.0 I N TR O D U CT I O N....................................................

1 2.0 CRITERIA........................................................

1 3.0 DISCUSSION AND EVALUATION.......................................

2 3.1 Emergency Core Cooling System.............................

2 3.2 Con tai nment I sol ati on System..............................

4 4.0

SUMMARY

5

5.0 REFERENCES

5 APPENDIX A--NRC SAFETY TOPICS RELATED TO THIS REPORT..................

7 0

l 7

11

SYSTEMATIC EVALUATION PROGRAM TOPIC VII-2 ESF SYSTEM CONTROL LOGIC AND DESIGN HADDAM NECK PLANT

1.0 INTRODUCTION

The objective of this review is to determine if non-safety systems which are electrically connected to the Engineered Safety Features (ESF) are properly isolated from the ESF and if the isolation devices or tech-niques used meet current licensing criteria. The qualification of safety-related equipment is not within the scope of this review.

Non-safety systems generally receive control signals from ESF sensor current loops. The non-safety circuits are required to have isolation devices to ensure electrical independence of the ESF channels. Operating experience has shown that some of the earlier isolation devices or arrange-ments at operating plants may not meet current licensing criteria.

2.0 CRITERIA General Design Criterien 22 (GDC 22), entitled, " Protective System Independence," requires that:

The protection system shall be designed to assure that the effects of natural phenomena and of normal operating, maintenance, testing, and postulated accident conditions on redundant channels do not result in loss of the protection function, or that they shall be demonstrated to be acceptable on some other defined bases.

Design techniques, such as~

functional diversity or diversity in component design and principles of operation, shall be ujed to the extent practical to prevent loss of the protection function General Design Criterion 24 (GDC 24), entitled, " Separation of Protec-tion and Control Systems," requires that:

I The protection system shall be separated from control systems to the extent that failure of any single control system component or channel, l

1 l

l

y:

. -. - - -. ----.L.C '

~..

.s-

~

9 or failure or removal from service of any single protection system c mponent or channel which is common to the control and protection systems, leaves intact a system that satisfies all reliability, redun-dancy, and independence requirements of the protection system.

Inter-connectionoftheprotectionandcontrolsystemsshallgelimitedso as to assure that safety _is not significantly impaired.

IEEE-Standard 279-1971, entitled, " Criteria for Protection Systems'for Nuclear Power Generating Stations," Section 4.7.2, states:

The transmission of signals from protection system equipment for con-trol system use shall be through isolation devices which shall be classified as part of the protection system and shall meet all the requirements of this document.

No credible failure at the output of an isolation device shall prevent the associated protection system channel from meeting the minimum performance requirements specified in the design bases.

Examples of credible failures include short circuits, open circuits, grounds, and the application of the maximum credible AC or DC potential. A failure in an isolation device is evaluated in the same manner as a f ailure of other equipment in the protection system.3 3.0 DISCUSSION AND EVALUATION The Standard Review Plan, Section 7.1-III, defines Engineered Safety Features (ESF) systems as those functions which are required to operate to mitigate the consequences of a postulated accident. Based on this defini-4 tien, the Haddam Neck Technical Specifications identify the Emergency Core Cooling System (ECCS) and the Containment Isolation System (CIS) as ESF systems at the Haddam Neck Plant.

3.1 Emergency Core Cooling System. The function of the ECCS is, in the event of a loss-of-coolant accident, to automatically inject borated i

water into the reactor vessel in sufficient quantities to limit fuel clad metal-to-water reaction to a negligible amount.

The ECCS is comprised of high pressure safety injection (HPSI) pumps, low pressure safety injection (LPSI) pumps, charging pumps, and the associated valves and piping.

i 2

_...m m

.m

.... _ __ _ _ _ y _- _ _. a _ L O '

-n {

e The ECCS is initiated automatically from either a two-out-of-three low pressurizer pressure trip signal or from a two-out-of-three high contain-ment pressure signal.

It can also be initiated manually from the control The ECCS may be manually blocked from the control room when the room.

reactor pressure is below 1700 psig, but the block is autcmatically over-ridden when the reactor pressure is.above this limit.

The low pressurizer pressure safety injection trip signal is obtained from the three pressurizer pressure channels of the reactor protection system.5 Pressure transmitters PT 401-1, PT 401-2 and PT'401-3 each supply signals to Thermovolt meter relays PIA 401-1, PIA 401-2 and PIA 401-3. Contacts on the Thermovolt meter relays'are set to close at different pressure levels. Two of'the actuation trip signals feed the reactor protection system scram functions (see SEP Topic -VII-1.A).6 The third trip signal from each of the Thermovolt units goes to safety injec-tion scram relays XP), XP2 and XP.

Contacts of these relays are 3

arranged in two-out-of-three logic networks in two safety injection (SI) initiation circuits or trains.

Initiation of ECCS by high containment pressure is from two sets of three Mercoid pressure switches. This arrangement provides two trains of three channels per train. Train A includes pressure switches lA, 2A and 3A, the contacts of which are arranged in a two-out-of-three-logic, which' drives DC relay HPCA. Train B includes pressure switches 18, 2Bland 38, l

also arranged in a two-out-of-three logic, driving DC relay HCPB.

The two-out-of-three contact arrangements of.the XP, XP, and' j

2 XP3 relays in the two trains are in parallel with the contacts of the HPCA and the HPCB relays. Actuation of either parameter in either train l

will initiate WL type safety injection relays 4A and 48.

I Contacts from either relay 4A or 48 will initiate ECCS valve align-ment. They also actuate the "under voltage trip, lockout and start buses (Nos. 8 and 9)" logic trains. These logic trains start timers for loading the HPSI, LPSI and charging pumps on the line in a. timed sequence.7 i

3 i-(

l.

1---

^

m.

Other contacts on the 4A and 4B relays provide annunciation and control functions associated with ECCS initiation. Position switches on the valves indicate valve status, and auxiliary contacts on the pump starters indicate pump status. Manual switches permit manual operation of the ECCS functions for testing.

Power to the three logic channels is from three of the four vital buses.

Isolation from other functions is by circuit breaker.

Power to the two safety injection relay trains is from 125 VDC bus A for train A and bus B for train B.

Line fuses isolate the relay logic groups from other 125 VDC functions on the same bus'es.

Evaluation.

The high press'urizer pressure ECCS channels are isolated from the reactor protection system by relay contacts on the Thermovolt meter relays. The remainder of the ECCS logic and the associated control and non-safety system are isolated from each other by relay logic.

Power sources for the monitor logic and the actuation logic are from separate power sources.

Isolation from other systems is by circuit breakers and line fuses.

3.2 Containment Isolation.

The CIS consists of the containment spray system, the containment purge and air recirculation system, and the isola-tion logic for automatic realignment of the isolation valves upon receiving an isolation signal.

The containment spray system is a back-up to the purge and ventilation system.

It is manually initiated when required and is not classified as a safety system. Control is by manua,1 switch and breaker operation.

The containment purge and air recirculation system has been described 8

in SEP Topic VI-4 and will not be described further here.

Isolation between channels and from non-safety functions is by relay logic.

Containment isolation is initiated by high containment pressure or by low pressurizer pressure signals from the Safety Injection (SI) system.

Two sets of three pressure switches (PS 1816-1A, 2A, and 3A and PS 1816-18, 4

2B and 38) monitor containment pressure and are arranged in two redundant logic trains.9 Contacts of the pressure switches close on high contain-ment pressure actuating relays 63X 1A, 2A and 3A in train A and 63X 18, 28 and 3B in train B.

Contacts of the 63X relays are arranged in a two-out-of-three logic. Closure of two contacts in either train will energize a type WL relay (HCPA or HCPB). Energizing the WL relays in either train initiates valve realignment for containment isolation. A contact of

$1 relay 4A is in parallel with the two-out-of-three logic of the 63X relays in train A to actuate the HCPA relay. A contact from SI relay 4B operates in the same manner in train B.

A third relay, HCPC, actuated by conticts from either HCPA or HCPB, closes the air activity inlet valve, 50V-12-1, and the il seal bypass valve, MOV-331.

Auxiliary contacts on the 63X relays provide adequate isolation between channels and trains, and from control and non-safety systems.

Circuit breakers and fuses provide adequate isolation power to the instru-ment channels and logic trains from other functions on the same bus.

4.0

SUMMARY

Based on current licensing criteria and review guidelines, the ESF system electrical circuits comply with all current licensing criteria listed in Section 2 of this report.

5.0 REFERENCES

1.

General Design Criterion 22, " Protection System Independence," of Appendix A, " General Design Criteria for Nuclear Power Plants," 10 CFR Part 50, " Domestic Licensing of Producton and Utilization Facilities."

2.

General Design Criterion 24, " Separation of Protection and Control Systems," of Appendix A, " General Design Criteria for Nuclear Power Plants," 10 CFR Part 50, " Domestic Licensing of Production and Utilization Facilities."

3.

IEEE Standard 279-1971, " Criteria for Protection Systems for Nuclear Power Generating Stations."

4.

Appendix A to Facility Operating License DPR-61, " Technical Specifica-tions for the Connecticut Yankee Atomic Power Company, Haddem Neck Plant, Haddam, Connecticut," Amendment 42.

5

5.

CYAPC Drawings ED SK 318704-D, Revis ion 12; 318705-D, Revision 6; and 318712-D, Revision 11.

6.

Systematic Evaluation Program, Topic VII-1. A, "Isolatio'n of Reactor Protection System from Non-Safety Systems," Haddam Neck Plant, dated January 1982.

7.

CYAPC Drawings 16103-32112, sheet 32A, Revision 20; sheet 32 8, Revi-sion 20; sheet 8, Revision 15; sheet 9, Revision 10; 16103-32001, sheet SG, Revision 10 and sheet EP,-Revision 3.

8.

Systematic Evaluation Program Topic VI-4, " Electrical, Instrumenta-tion, and Control Aspects of the Override of Containment Purge Valve Isolation," Haddam Neck Plant, dated September 1980.

9.

CYAPC Letter, R. H. Graves to NRC, Office of Inspection and Enforce-ment, dated April 1, 1980.

CYAPC Drawings 16103-32001, sheet 118, Revision 23; sheet 11F, Revision 9; 16103-32112, sheet 29, Revision 9; 16103-32112, sheet 4, Revision 6.

hs l

f 6

l 1

APPENDIX A fiRC SAFETY TOPICS RELATED TO THIS REPORT 1.

III-1

" Classification of Structures, Components, and Systems" 2.

VI-7.A.3 "ECCS Actuation System" 3.

VI-10.A

" Testing of Reactor Trip Systems and Engineered Safety Fea-tures, including Response Time Testing" 4.

VII-1.A

" Reactor Protection System Isolation" 5.

VII-3

" Systems Required for Safe Shutdown" 6.

VII-4

" Effects of Failures of Nonsafety-Related Systems on Selected ESFs"

/

9 Y

7

- -