ML20044H514
| ML20044H514 | |
| Person / Time | |
|---|---|
| Site: | 05200001 |
| Issue date: | 06/04/1993 |
| From: | Robare D GENERAL ELECTRIC CO. |
| To: | Borchardt R NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM), Office of Nuclear Reactor Regulation |
| References | |
| MFN-088-93, MFN-88-93, NUDOCS 9306090135 | |
| Download: ML20044H514 (121) | |
Text
E I
GE Nuclear Energy
- cm
'[. t o . f,; - ;
June 4, 1993 MFN 088-93 Docket No. STN 52-001 Document Control Desk U. S. Nuclear Regulatory Commission Washington, DC 20555 Attention: Mr. Richard W. Borchardt, Acting Director Standardization Project Directorate Subj ect: Submittal Supporting Accelerated ABWR Design Certification Review --
Submittal of Third Phase of Revised ABVR Tier 1/ITAAC Material
Dear Mr. Borchardt:
Enclosed are thirty-four (34) revised versions of selected ABWR Tier 1/ITAAC material for twenty-nine (29) ABWR systems. The attached table lists the items covered by this submittal. This material represents the third of four ABWR Tier 1/ITAAC submittals we have scheduled. Our letters of April 26 and .
May 21, 1993, provided material for a total of 54 systems; a final transmit-tal scheduled for June 18, 1993, will complete the submittal of the entire ABWR Tier 1 document.
The updated Tiet material in this and the other submittals noted above is being prepared in parallel with closure of open items on the SSAR and may not reflect very recent GE/NRC agreements on SSAR open issues. For example, some of the systems in either this and earlier transmittals may not fully reflect the outcome of GE/NRC discussions on probabilistic risk assessment and severe accident insights. Similarly, there are ongoing GE/NRC interac-tions on the specific items to be included in the Chapter 18, Appendix F list of main control room alarms, displays and controls. As a result, the table in Tier 1 entry 2.7.1 Main Control Room Panels has not been completed, and the individual system entries in Tier 1 may not reflect the final list that is agreed to. However, we do not view this parallel SAR resolution /
Tier 1 submittal process as causing major difficulties and plan to update the Tier 1 systems material as and when SAR changes are implemented. We anticipate this will result in some revisions being sent to you in the last half of June, 1993. We do not anticipate any major perturbations and do not believe this change process should impede your review of the ABWR Tier 1 document.
090003 -t-A
m i i
Document Control Desk June 4, 1993 U. S. Nuclear Regulatory Commission MFN 088-93 Washington, DC Docket No. STN 52-001 l Attn: Mr. Richard W. Borchardt The material in this and the other phased submittals (4/26/93, 5/21/93 and 6/18/93) is preliminary in that it has not been fully verified using GE procedures governing compliance with quality assurance requirements for engineering documentation. This activity is scheduled to be completed in early July 1993. Our current plan is to resubmit the complete set of verified ABWR Tier 1 material 7/30/93.
As always, GE personnel will be happy to provide any support the NRC staff review teams feel they need to complete their review of the attached ,
material.
Sincerely, l l
i
.C-avid J. Robare, Acting Manager Safety and Licensing (408) 925-6948 enclosures cc: T. A. Boyce (NRC)
N. D. Fletcher (DOE) ;
C. Poslusny (NRC) l A. J. James (GE) l R. Louison (GE)
N. D. Hackford (GE)
J . F. Quirk (GE) l J. N. Fox (GE) '
J. A. Beard (GE-Rockville) 1 I
i AJJ6 4:c
i ABWR DESIGN CERTIFICATION TIER 1 - PHASE D SUBMITTAL 6/4/93 CONTENTS Item System 2.2,1 Rod Control and Information System 2.2.6 Remote Shutdown System 2.2.8 Recirculation Flow Control System 2.2.9 Automatic Power Regulator System 2.2.10 Steam Bypass and Pressure Control 2 2,11----Precess-Gemputer-System -- DELETED FEOM TIER 1 2.3.1 Process Radiation Monitoring System 2.4.2 High Pressure Core Flooder System 2.6.2 Fuel Pool Cooling and Cleanup System 2.6.3 Suppression Pool Cleanup System 2.7.1 Main Control Room Panel 2.7.3 Local control Panels 2.7.5 Multiplexing-2.10.22 Off-Cas System 2.11.4 Turbine Building Cooling Water System 2.11.10 Turbine Service Water System 2.11.20 Sampling System 2.12.10 Electrical Wiring Penetrations 2.12.11 Combustion Turbine Generator 2.12.12 DC Power Supply 2.12.14 Vital AC Power Supply and AC Instrument and Control Power Supply Systems 2.12.16 Communication System 2.12.17 Lighting and Service 2.14.4 Standby Gas Treatment System 2.16.2 Oil Storage and Transfer System 2.16.3 Site Security 3.1 Human Factors Engineering 4.1 Ultimate Heat Sink 4.4 Turbine Service Water System 4.7 Communication System I
AJJ6-4:e
ABWR Design Docum:nt P.2 Control and Instrument 2.2.1 Rod Control and Information System.
Design Description The Rod Control and Infonnation System (RCIS) controls and monitors positioning of the control rods in the reactor by the fine motion control rod drive (FMCRD) units of the Control Rod Drive (CRD) System. The RCIS ,
controls rod position to accomplish power changes in the reactor core and to achieve compliance with fuel thermallimits, core thermal-hydraulic stability limits and required FMCRD movements following reactor scram and anticipated transients without scram (ARWS) events.
The RCIS consists of redundant microprocessor based controllers
- and the equipment required to monitor and control the FMCRD. The RCIS can operate ,
in either manual or automatic control mode and has the control interfaces shown on Figure 2.2.1.
The RCIS is classified as non-safety-related.
The RCIS provides the following: J (1) A rod worth minimizer which uses control rod position signals to enforce preestablished sequences for control rod movement when the reactor power (neutron flux) is below the low power setpoint.
l (2) An automatic thermal power monitor which uses control rod position and neutron flux signals to enforce fuel thermal limits when the reactor -
power is above the low power setpoint and the plant is in automatic
. operation.
(3) A selected control rod nm-in ftmction which uses a signal from the Recirculation Flow Control (RFC) System to insert selected control rods into the core.
(4) An automatic control rod run-in which uses a scram-follow signal from the Reactor Protection System (RPS) to insert all control rods into the .
core.
(5) An alternate rod insertion (ARI) function which uses signals from the-RFC System to insert all control rods into the core.
, O
- Except for controllers associated with indisidual FMCRDs.
6/1/93 1- 2.2
ABWR 0: sign Docum:nt (6) An automatic control rod movement block in response to:
("
(a) A signal from the Neutron Monitoring System (NMS) multi-channel rod block momtor. :
(b) A signal from the CRD System FMCRD hollow piston / ball nut separation switches.
(7) A permissive signal to the Refueling Equipment to prevent hoisting a fuel bundle over the reactor pressure vessel unless all control rods are inserted.
The RCIS equipment is located in the Reactor Building and Control Building.
The RCIS is powered by separate non-Class lE uninterruptible power supplies.
Inspections, Tests, Analyses and Acceptance Criteria Table 2.2.1 provides a definition of the inspections, tests, and/or analyses, together with associated acceptance criteria, which will be undertaken for the RCIS.
O u
i l
l 1
O 6/1/93 2.2.1
O O O s
aw 1
MANUAL CONTROL PLANT INPUT SIGNALS V
I I l RCIS - CONTROL ROD POSITION l RCIS lNMS - NEUTRON FLUX m Y g _ _ _ _MRBM SIGNAL I - ROD BLOCK AND CONTROL ROD INSERTION l -SELECTED CONTROL ROD g RCIS gRFC RUN-IN SIGNAL > CONTROLLER
- ARI SIGNAL I l_- _______________a ,
m REFUELING EQUIPMENT
> - ALL CONTROL RODS IN SIGNAL RPS - SCRAM-FOLLOW SIGNAL I I
- SEPARATION SWITCHES g lCRDS
, $' Figure 2.2.1 ABWR Rod Control and Information System Control Interface Diagram i
..s_ . . ,__ _ _ _ _ _ _ . . . _ _ _ _ _ __ _ _ _ _ _ _ _ _ _
' O O 3 Table 2 > 1 Rod Control and Information System B
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspection Tests Analyses
,, Acceptance Criteria
- 1. The equipment comprising the RCIS is 1. Inspections of the as-built system will be 1. The as-built RC!S conforms with the defined in Section 2.2.1. conducted. description in Section 2.2.1.
- 2. The RCIS consists of redundant 2. Tests will be performed by simulating 2. There is no loss of RCIS output upon loss microprocessor based controllers (except failure of each operating RCIS controller. of any one controller.
for controllers associated with individual FMCRDs).
- 3. The RCIS provides a rod worth minimizer 3. Tests will be conducted on the RCIS using 3. A control rod block signal occurs when an which uses control rod position signals to simulated control rod position signals. out-of-sequence control rod movement is enforce preestablished sequences for attempted when reactor power is below control rod movement when the reactor the low power setpoint.
power (neutron flux) is below the low power setpoint.
- 4. The RCIS provides an automatic thermal 4. Tests will be conducted on the RCIS using 4. A control rod block signal occurs when a
, power monitor which uses control rod simulated control rod and neutron flux control rod movement is attempted which
? position and neutron flux signals to signals. would cause fuel thermal limits to be enforce fuel thermal limits when the approached.
reactor power is above the low power setpoint and the plant is in automatic operation.
- 5. The RCIS provides a selected control rod 5. Tests will be conducted on the RCIS using 5. A control rod insertion signal occurs for run-in function which uses a signal from simulated control rod run-in signal from those positions assigned to this function the RFC System to insert selected control RFC System. upon receipt of a simulated signal from the rods into the core. RFC System.
- 6. The RCIS provides an automatic control 6. Tests will be conducted on the RCIS using a 6. A control rod run-in signal occurs upon rod run-in which uses a scram-follow simulated scram-follow signal from the receipt of a simulated scram-follow signal.
signal from the RPS to insert all control RPS.
rods into the core.
- 7. The RCIS provides an ARI function which 7. Tests will be conducted on the RCIS using 7. A control rod insertion signal occurs upon uses signals from the RFC System to insert simulated ARI signals from the RFC receipt of a simulated ARI signal.
all control rods into the core. System.
l e
04
, - 4 e . .- i . __ _4 _ _ _ _ _ _ . _ _ , _ _ _ _ _ _ _ . _ . _ _ . _ _ _ _ _ _ _ _ _ -
O O O g Table 2.2.1 Rod Control and Information System (Continued) la Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspection, Tests. Analyses Acceptance Criteria
- 8. The RCIS provides an automatic control 8. Tests will be conducted on the RCIS using 8. A control rod clock signal occurs upon rod movement block in response to: simulated signals from the NMS multi. receipt of simulated rod block and (a) A signal from the NMS multi-channel channel rod block monitor and from the separation signals.
FMCRD separation switches.
rod block monitor.
(b) A signal from the CRD System FMCRD hollow piston / ball nut separation switches.
- 9. The RCIS provides a permissive signal to 9. Tests will be conducted on the RCIS using 9. A permissive signal to the Refueling the Refueling Equipment to prevent simulated rod position information. Equipment occurs only when the simulated hoisting a fuel bundle over the reactor signals indicated all control rods are pressure vessel unless all control rods are inserted.
inserted.
- 10. The RCIS is powered by separate non-Class 10. Tests will be performed on the as-built 10. The test signal exists in only one control yi 1E uninterruptible supplies. RCIS by providing a test signalin only one channel at a time.
non-Class 1E uninterruptible power supply at a time.
l l N l
M i
l
ABWR D: sign Documsnt
, 2.2.6 Remote Shutdown System (v Design Description The Remote Shutdown System (RSS) provides remote manual control of safety-related systems to bring the reactor to hot shutdown and subsequent cold shutdown conditions from outside the main control room (MCR). Figure 2.2.6 shows the basic system configuration and scope.
The RSS has two divisional panels and associated controls and indicators for interfacing with the following systems:
(1) Residual Ileat Removal (RHR) System (2) High Pressure Core Flooder (HPCF) System (3) Nuclear Boiler System (NBS)
(4) Reactor Service Water (RSW) System (5) Reactor Building Cooling Water (RCW) System (6) Electrical Power Distribution (EPD) System (7) Atmospheric Control (AC) System (8) Emergency Diesel Generator (DG)
(9) Make-up Water System (Condensate), (MUWC)
(10) Flammability Control System (FCS)
(11) Suppression Pool Temperature Monitoring (SPTM) System RSS controls and indicators are hard-wired direct to the interfacing components and sensors.
The RSS is classified as a Class lE safety-related system.
1 Operation of transfer switches on the RSS panel overrides the controls from the l MCR and transfers control to the RSS. Transfer switch actuation causes alarms j in the MCR. Indications required for plant shutdown are provided on the RSS j panels as shown on Figure 2.2.6. l l
O l I
l 6/4/93 2.2.6
. ABWR Design Documnt RSS Division A has the following automatic controls and interlocks for RHR System Division A. RSS Division B has the following automatic controls and interlocks for RIIR System Division B and HPCF System Division B:
(1) RHR minimum Cow valve A(B) is commanded open when system Cow is low and pump discharge pressure is high. The valve is commanded closed when now is high.
(2) RHR pump A (B) is prevented from starting and commanded to stop unless a suction path is fully open as indicated by position signals from' ,
the valves in the suction piping.
(3) RHR injection valve A(B) is prevented from opening and commanded closed when reactor vessel pressure is above a setpoint.
(4) RHR shutdown cooling suction valve A is prevented from opening-unless S/P return valve A and S/P suction valve A are both fully closed.
(5) RHR shutdown cooling suction valve B is prevented from opening unless S/P return valve B, suppressing pool suction valve B, drywell1 spray valve B, and wetwell spray valve B are all fully closed.
(6) RIIR shutdown cooling isolation suction valves A(B) are prevented l' O from opening and commanded closed when reactor vessel pressure is above a setpoint.
(7) HPCF minimum flow valve B is commanded open when system now is ;
low and pump discharge pressure is high. The valve is commanded' 1 closed when flow is high.
(8) HPCF pump B is prevented from starting and commanded to stop unless a suction path is fully open as indicated by position signals from the valves in the suction piping.
Each of the two RSS divisions is powered from its respective Class IE division. In the RSS, independence is provided between Class 1E divisions, and also between the Class IE divisions and non-Class lE equipment.-
The RSS panels are located in the Reactor Building remote from the MCR.
1 Inspections, Tests, Analyses and Acceptance Criteria Table 2.2.6 provides a definition of the visual inspections, tests and/or analyses, together with associated acceptance criteria, which will be undertaken for the
.RSS.
6/4/93 2 '2.2.6 fl
.I
O O- O e
5w
- RHR FLOW
- HX. INLET TEMPERATURE
- HX. OUTLET TEMPERATURE - RX. WATER LEVEL MEDIUM VOLTAGE
- PUMP DISCHARGE PRESSURE - RX. PRESSURE - CST LEVEL BUS VOLTAGE I I I I
- HPCF FLOW '
- PUMP DISCHARGE - S/P '
I PRESSURE I TEMPERATURE - S/P LEVEL I - RCW FLOW l[I;; RUN/STOP m
l I ,1 mI I m i ml I 41 el el <l el 61 41 I s2 m1 ilzl El si El $1 $1 $1 215 $l zi zl mi <l si zl wlo al z I I I I I I I I I S T T Y Y Y V V V V n
RSS PANELS
- CONTROL & TRANSFER SWITCHES
- VALVE POSITION INDICATION
$ y - PUMP STOP-RUN INDICATION
[ - PLANT PARAMETERS INDICATORS z
0 AL Ak Ak Ak 4k Ak Al i I I I I- 1 I I I I I I I I I I I I I I I t t t t t t t RHR-A, B EPD NBS-A. B HPCF-B RCW-A, B RSW-A, B FCS-B DIVISION I & il NOTES:
- 1. RSS PANELS A AND B INTERFACE WITH SYSTEM IN DIVISIONS A AND B ( l AND 11) RESPECTIVELY, h Figure 2.2.6 Remote Shutdown System
T A g-
$ Table 2.2.6 Remote Shutdown System '
d Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The equipment comprising the RSS is 1. Inspections of the as-built system will be 1. The as-built RSS conforms with the defined in Section 2.2.6. conducted. description in Section 2.2.6.
- 2. Operation of transfer switches on the RSS 2. Tests will be conducted on each of the as- 2. Operation of transfer switches on the RSS panel overrides the controls from the MCR built RSS division by placing transfer panel overrides the controls from the MCR and transfers control to the RSS. switches in the RSS position. Continuity and transfers control to the RSS.
tests will then be conducted between RSS control devices and interfacing equipment.
- 3. Transfer switch actuation causes alarm in 3. Tests will be conducted on each of the as- 3. Transfer switch actuation causes alarms in the MCR. built RSS division by placing transfer the MCR.
switch in the RSS position.
- 4. RSS Division A has the following automatic 4. -
- 4. -
controls and interlocks for RHR System Division A. RSS Division B has the
. following automatic controls and interlocks i for RHR System Division B and HPCF System Division B.
4a. RHR minimum flow valve A(B)is 4a. Tests will be conducted on the RSS using 4a. RHR minimum flow valve receives an open commanded open when system flow is low simulated RHR System flow and pump signal when low flow and high discharge and pump discharge pressure is high. The discharge pressure signals. pressure signals are simulated. Valve valve is commanded closed when flow is receives a close signal when a high flow high. signal is simulated.
4b. RHR pump A(B)is prevented from starting 4b. Tests will be conducted on the RSS using 4b. RHR pump can receive a start signal when and commanded to stop unless a suction simulated valve position signals. simulated signals indicate a suction path is path is fully open as indicated by position fully open. A stop signal is received when signals from the valves in the suction simulated signals indicate absence of a piping. fully open suction path.
4c. RHR injection valve A(B)is prevented from 4c. Tests will be conducted on the RSS using 4c. RHR injection valve can receive an open opening and commanded closed when simulated reactor vessel pressure signals signal when a low reactor vessel pressure reactor vessel pressure is above a setpoint. signal is simulated.When a high reactor vessu pressure signal is simulated, the open signal is removed and a close signal is received.
N N'
e3
O 3 Table 2.2.6 Remote Shutdown System (Continued) la Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria 4d. RHR shutdown cooling suction valve A is 4d. Tests will be conducted on the RSS using 4d. RHR shutdown cooling suction valve A can prevented from opening unless S/P return simulated valve position signals. receive an open signal only when t valve A and S/P suction valve A are both simulated signals indicate that S/P suction fully closed. and return valves are both fully closed.
4e. RHR shutdown cooling suction valve B is 4e. Tests will be conducted on the RSS using 4e. RHR shutdown cooling suction valve B can 4
prevented from opening unless S/P return simulated valve position signals. receive an open signal only when valve B, S/P suction valve B, drywell spray simulated valve-fully-closed signals are valve B, and wetwell spray valve B are all present.
fully closed.
4f. RHR shutdown cooling isolation suction 4f. Tests will be conducted on the RSS using 4f. RHR shutdown cooling isolation suction valves A(B) are prevented from opening simulated reactor vessel pressure signals. valves can receive an open signal only and commanded closed when reactor when the simulated reactor vessel vessel pressure is above a setpoint. pressure signal is below c setpoint. The valves receive a close signal when the
, simulated signal indicates reactor vessel Y pressure is above a setpoint.
4g. HPCF minimum flow valve B is 4g. Tests will be conducted on the RSS using 4g. HPCF minimum flow valve receives an commanded open when system flow is low simulated HPCF System flow and pump open signal when low flow and high and pump discharge pressure is high.The discharge pressure signals. discharge pressure signals are simulated.
valve is commanded closed when flow is Valve receives a closed signal when a high high. flow signal is simulated.
4h. HPCF pump B is prevented from starting 4h. Tests will be conducted on the RSS using 4h. HPCF pump is permitted to start when and commanded to stop unless a suction simulated valve position signals. simulated signals indicate a suction path is path is fully open as indicated by position fully open. A stop signalis received when signals from the valves in the suction simulated signals indicate absence of a piping. fully open suction path.
- 5. In the RSS, independence is provided Sa. Tests will be performed on the RSS by Sa. The test signal exists only in the Class 1E between Class 1E divisions, and between providing a test signal in only one Class 1E division under test in the RSS. '
Class 1E divisions and non-Class 1E division at a time.
( equipment.
Sb. Inspection of the as-built Class 1E divisions Sb. In the RSS, physical separation exists in the RSS will be performed. between Class 1E divisions. Physical separation exists between these Class 1E l division and non-Class 1E equipment.
l [
l in
. ._, , , _ . _.. .. - _ __ ~ _ _ _ _ _ . _
i ABWR oesign Documnt 2.2.8 Recirculation Flow Control Systern U Design Description 1
The Recirculation Flow Control (RFC) System controls reactor power by controlling the recirculation flow rate through the reactor core. This is achieved by modulating the recirculation internal pump (RIP) speeds using voltage and frequency modulation of adjustable speed drive outputs.
The RFC System consists of redundant microprocessor-based controllers, adjustable speed drives (ASDs) and, motor generator (MG) sets. There are two MG sets, each of which supplies three of the ten ASDs which power the ten RIPS.
No more then three RIPS are connected to any one power supply bus.
The RFC System operates in either manual or automatic control modes and has the control interfaces shown on Figure 2.2.8.
The RFC System is classified as non-safety-related.
RFC System logic trips four of the ten RIPS when any one of the following conditions occurs:
(1) Turbine trip or generator load rejection when reactor power exceeds a preset level.
(2) Reactor water level drops below a preset level.
The RFC System has the following logic to mitigate an anticipated transient without scram (ATWS) event: l (1) A signal to open the alternate rod insertion (ARI) valves in the Control Rod Drive (CRD) System on either a high reactor vessel pressure signal i or a low reactor water level signal. l (2) A signal to the Rod Control and Information System (RCIS) to initiate I electrical insertion of all control rods on either high reactor vessel pressure signal or a low reactor water level signal.
(3) A signal to trip four of the ten RIPS on a high reactor vessel pressure signal.
(4) A signal to trip six additional RIPS on a low reactor water level signal.
Three of the six RIPS are tripped after a preset time delay.
%./
6/3/93 2.2.8 l
ABWR 0: sign Documsnt The RFC System logic issues signal to the RCIS for insertion (run in) of selected control rods (SCRRI) into the core to provide stability control when the following conditions occur:
(1) Two or more RIPS are tripped.
(2) The reactor is at or above the preset level.
(3) Core flow is at or below the preset level.
The RFC System is powered by separate non-Class lE uninterruptible power supplies.
The RFC System digital controllers and MG sets are located in the Control Building. The ASDs are located in the Reactor Building.
Inspections, Tests, Analyses and Acceptance Criteria Table 2.2.8 provides a definition of the inspections, tests, and/or analyses, together with the associated acceptance criteria, which will be undertaken for the RFC.
O I
6/3/93 2- 2.2.8 i
O O O s
e MANUAL CONTROL PLANT
- SENSORS V
r______.___.___,
l TURBlNE l l RPS TRIP / GENERATOR i y-
^
I_ _ _ -. LOAD REJECTION I' SPEED DEMAND
> F -----l ASD AND PUMP TRIP l _l > f\RIP)-
SIGNALS (TYPICAL OF 10) (TYPICAL OF 10)
__________l FDWC REACTOR WATER l m 9 ll SYSTEM LEVEL- l r _ARI_SIGNAL p__________3 RFC SYSTEM >lg TO CRD l REACTOR VESSEL l SYSTEM l l SB&PC m
' l PRESSURE l l SYSTEM F--------- 7 l ^ '
NBS "
l LEVEL. [ l CONTROL ROD l w__________ _s ml . RUN-IN I "l SIGNAL l
___________ TO RCIS l PLANT INPUT m
! SIGNALS t- I j Figure 2.2.8 Recirculation Flow System Control Interface Diagram
o Table 2.2.8 Recirculation Flow Control System inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections Test, Analyses Acceptance Criteria
- 1. The equipment comprising the RFC 1. Inspections of the as-built system will be 1. The as-built RFC System conforms with the System is defined in Section 2.2.8. conducted. description in Section 2.2.8.
- 2. RFC System consists of redundant 2. Tests will be conducted by simulating 2. There is no loss of RFC System output microprocessor based controllers. failure of each operating RFC System upon loss of any one controller.
controller.
- 3. The RFC System logic trips four of the ten 3. Tests will be conducted on the as-built RFC 3. The RFC System logic trips four of the ten RIPS when any one of the following System using a simulated turbine trip / RIPS when any one of the following conditions occurs: generator load rejection signal and a conditions occurs:
simulated reactor vessel pressure signal.
(1) Turbine trip or generator load rejection (1) Turbine trip or generator load rejection when reactor power exceeds a preset when reactor power exceeds a preset level. level.
(2) Reactor water level drops below a (2) Reactor water level drops below a preset level. preset level.
- 4. The RFC System has the following logic to 4. Test s will be conducted on the as-built RFC 4. The RFC System logic issues the following mitigate an ATWS event: System using simulated reactor vessel signals to mitigate an ATWS event:
pressure and reactor water level signals.
(1) A signal to open the ARI valves of the (1) A signalto open the ARIvalves Control CRD System on either a high reactor Rod Drive System upon receipt of vessel pressure signal or a low reactor either a simulated high reactor vessel water level signal. pressure signal or a simulated low reactor water level signal.
(2) A signal to the RCIS to initiate electrical (2) A signal to the RCIS to initiate electrical insertion of all control rods on either a insertion of all control rods upon high reactor vessel pressure signal or a receipt of either a simulated high low reactor water level signal. reactor vessel pressure signal or a simulated low reactor water level signal.
N co
. . , , . , _ _ . _ ._ _ _ _ - . ~ . . _ . _ _ _ - . _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ . -
D f3 0 (v V V .
$ Table 2.2.8 Recirculation Flow Control System (Continued) is inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Test, Analyses Acceptance Criteria
- 4. (continued) 4. (continued) 4. (continued)
(3) A signal to trip four of the ten RIPS on a (3) A signal to trip four of the ten RIPS high reactor vessel pressure signal. upon receipt of a simulated high reactor vessel pressure signal.
(4) A signal to trip six additional RIPS on a (4) A signal to trip six additional RIPS upon low reactor water level signal. Three of receipt of a simulated low reactor the six RIPS are tripped after a preset water level signal.Three of the six RIPS time delay, are tripped after a preset time delay.
- 5. The RFC System logic issues signal to the 5. Tests will be conducted on the as-built RFC 5. The RFC System logic issues signal to the RCIS for insertion of SCRRIinto the core to System using simulated two RIPS trip, RCIS for insertion of SCRRI into the core provide stability control when the reactor power and core flow signals. upon receipt of simulated signals for:
following conditions occur:
(1) Two or more RIPS are tripped.
6, (1) Two or more RIPS are tripped. (2) The reactor power is at or above a (2) The reactor power is at or ab(ve a preset level.
preset level. (3) Core flow is at or below a preset level.
(3) Core flow is at or below a preset level.
- 6. The RFC System digital controller is 6. Tests will be performed by providing a test 6. The test signals exist in only one digital powered by separate ncn Class 1E signal in only one uninterruptible power control channel at a time, uninter ruptible power supplies, supply at a time.
co
ABWR oesign occument ,
2.2.9 Automatic Power Regulator System ,
Design Description The Automatic Power Regulator (APR) System controls reactor power during reactor startup, power generation, and reactor shutdown by commands to j change rod positions, or to change reactor recirculation flow. The APR System consists of redundant microprocessor-based digital controllers and has the interfaces shown in the controlinterface diagram on Figure 2.2.9.
The APR System is classified as non-safety-related. ,
The APR System operates in either manual or automatic control mode. The system control logic is perfonned by redundant, microprocessor-based digital '
controllers. The digital controller receives inputs from interfacing system via the Non-essential Multiplexing System (NEMS). It perfonns power control ;
calculations and provides system outputs to the NEMS.
The APR System digital controllers are located in the Control Building.
Inspections, Tests, Analyses and Acceptance Criteria Table 2.2.9 provides a definition of the inspections, tests and/or analyses, O together with associated acceptance criteria, which will be used by APR.
h t
t O
6/1/93- 2.2.9'
O O O 3
B r---- l l Manual l l Control l u-----a V F - - -- - l p---- 1 ml RCIS l l
Plant l ---- "
APR_
1nput , ."
l System F----1 S,gnals i
l
'-----8 l >j RFC l l System l
, '-----2 5
w Figure 2.2.9 Automatic Power Regulator System Control Interface Diagram
. . . _ . _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . __.______.m_______ m_________________m__~ _ _ . , _ _ . _ _ . _ _ _ _ _ _- -
__ . _ _ _ _ _ _ _ _ -_____.a
3 Q /~'\
, V V 3 Table 2.2.9 Automatic Power Regulator System 3
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The equipment comprising the APR 1. Inspections of the as-built system will be 1. The as-built APR System conforms with System is defined in Section 2.2.9. conducted. description in Section 2.2.9.
- 2. The system controllogic is performed by 2. Tests will be performed by simulating 2. Thers is no loss of APR System output redundant microprocessor-based digital failure of each operating APR System upon loss of any one digital controller.
controllers. digital controller.
4' u
N
.'p j L
. - . . - . - - .= . - , - - - . -
a ABWR Design Docum:nt i 2.2.10 Steam Bypass and Pressure Control System
( Design Description i
The Steam Bypass and Pressure Control (SB&PC) System controls the reactor pressure during reactor startup, power generation, and reactor shutdown by control of the turbine bypass valves and signals to the Turbine Control System which controls the turbine control valves. The SB&PC System consists of '
redundant microprocessor-based digital controllers and has the interfaces shown in the control interface diagram on Figure ? 10.
The SB&PC System is classified as a non-safety-related system.
The SB&PC System operates in either manual or automatic control modes. The system control calculations and logic are performed by redundant, microprocessor-based digital controllers. .
The SB&PC System digital controllers are located in the Control Building.
inspections, Tests, Analyses and Acceptance Criteria Table 2.2.10 provides a definition of the inspections, tests, and/or analyses, ;
together with associated acceptance criteria, which will be undertaken for the O SB&PC System.
i l
e O
6/1/93 2.2.10 -
l 1
O O O R
5 w
i i
i MANUAL CONTROL V-l TURBINE - l 4*
>! CONTROL l l SYSTEM l p _ _ PLA
_NT INPUT I m SB&PC n _ _TURBINE
_ _ _ _ ,l j " Ulj BYPASS-SIGNALS l SYSTEM l g .
--______J L_ SYSTEM _. _ [
.c______,
l REACTOR VESSEL l kj PRESSURE l
- [ TO RFC SYSTEM j u
b g Figure 2.2.10 Steam Bypass and Pressure Control System Control Interface Diagram
e g Table 2.2.10 Steam Bypass and Pressure Control System w
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The equipment comprising the SB&PC 1. Inspections of the as-built system will be 1. The as-built SB&PC System conforms with System is defined in Section 2.2.10. conducted. the description in Section 2.2.10.
- 2. The SB&FC System consists of redundant, 2. Tests will be performed by simulating 2. There is no loss of SB&PC System output microprocessor-based digital controllers. failure of each operating SB&PC System upon loss of any one digital controller.
digital controller.
Y l
l i M 1
t _ __ . . .- .- . .. . _ _ _ _ _ _ _ _
ABWR Design Document 2.2.11 Process Computer System 7
' No entiv for this system.
O O
6/4/93 1- 2,2,11
ABWR Design Document 2.3 Radiation Monitoring 2.3.1 Process Radiation Monitoring System Design Description The Process Radiation Monitoring (PRM) System measures and displays radioacthity levels in process and effluent gaseous and liquid streams, initiates protective actions, and activates alarms in the main control room (MCR)on high radiation signals. The PRM System provides radiological monitoring during plant operation and following an accident. PRM System equipment consists of-radiation sensors, radiation process monitors, and effluent samplers. The PRM System consists ofindependent subsystems each of which contair:s between one and four monitoring channels. Figure 2.3.1, shows the PRM System control interfaces. As shown on Figure 2.3.1, the PRM System safety-related channel trip' signals are provided as inputs to the Safety System Logic and Control System l (S5LC) for generation of protective action signals.
Portions of the PRM System are classified as Class 1E safety-related (items 1 through 5 below); The remainder are classified as non-safety-related.
The PRM System provides the following monitoring functions:
(1) Main Steam Line (MSL) Tunnel Area-(4 channels)
The MSL tunnel area is monitored for gamma radioactivity in the steam flow to the turbine. Protective action signals are automatically initiated when any two out of four channels trip.
(2) Reactor Building Ventilation Exhaust - (4 channels) ,
The air vent exhaust from the secondag containment is monitored for gamma radioactivity. Protective action signals are automatically initiated when any two out of four channels trip.
(3) Fuel Handling Area Ventilation Exhaust- (4 channels) >
The air vent exhaust from the fuel handling area is monitored for gamma radioactivity. Protective action signals are automatically initiated when any two out of four channels trip.
(4) Control Building Intake Air Supply- (4 channels per intake) !
(q
./
The air supply intake to the Control Building is monitored for gamma radioactivity. Protective action signals are automatically initiated when any two out of four channels tnp. <
l 6/3/93 2.3
ABWR D3 sign Docum:nt j
/q (5) Drywell Sump Liquid Discharge - (1 channel per sump)
O The liquid waste discharged from each of the drywell sumps to the Radwaste Building is monitored for gamma radioactivity. A protective action signal is automatically initiated when each channels trips.
(6) Post Treated Off-Gas Discharge - (2 channels)
The off-gas discharge from the charcoal vault to the stack is sampled and monitored for airborne radioactivity. Protective action signals are automatically initiated when both channels trip.
(7) Plant Stack Discharge - (2 channels)
The ventilation and the gaseous discharge from the plant stack is sampled and monitored for airborne radioactivity at a common release point. An alarm is initiated when the detected radiation level exceeds the trip setpoint.
(8) Radwaste Liquid Discharge - (1 channel)
The treated radwaste liquid discharge from the plant is sampled and (q) monitored for radioactivity. Protective action signals is automatically initiated when the channel trips.
Each safcty-related PRM System radiation monitoring channel is powered from its respective divisional Class 1E power source. In the PRM System, ,
independence is provided between Class 1E divisions, and also between the Class 1E divisions and non-Class 1E equipment.
The PRM System radiation sensors and the effluent samplers are installed locally in the plant, while the radiation process monitors are located in the Control ;
Building.
The PRM System has the following alarms and displays in the MCR:
(1) Displays of radiation levels.
(2) Channel trip status.
(3) Plant stack discharge alarms. l Ov 6/3/93 2.3.1
ABWR assign Document
- j Inspections, Tests, Analyses and Acceptance Criteria ,
- O Table 2.3.1 provides a definition of the inspections, tests and/or analyses, i
together with the associated acceptance criteria, which will be undertaken for j
the Process Radiation Monitoring System.
3 4
l t
-t t
1 1 '
.t, i
i 6/3/93 -3 2.3.1
e PROTECTIVE ACTIONS LOCAL AREA r ,
PLANT SENSORS PRM SYSTEM LOGIC : MIy,$,%ser PROCESSORS MSL Tunnel Area Radation
'" - System Coincidence Trip Decision S R
- Control and interlock Logic Reactor Buil6ng HVAC SSLC - Division Maintenance Bypass -
Containment Exhaust Radabon : logic (Isolation)
PRM processing FuelHandling Area HVAC equipment p Exhaust Radation D'ywe# LCW Radiation iLjiai
_3 c : HA
. DWR HCW Radaton g Safety Systems g INTERDIVISIONAL SIGNAL TRANSFER K FOR '-OUT-OF-4 COINCIDENCE LOGIC :
4 i
Notes:
- 1. Diagram represents one of four PRM System divisions.
$ Figure 2.3.1 Process Radiation Monitoring System Control interface Diagram
O O O
$ Table 2.3.1 Process Radiation Monitoring System 5
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The equipment comprising the PRM 1. Inspection of the as-built system will be 1. The as-built PRM System conforms with System is defined in Section 2.3.1. conducted. the description in Section 2.3.1.
- 2. The MSL tunnel area is monitored for 2. Tests will be conducted using simulated 2. Protective action signals are automatically i gamma radioactivity in the steam flow to radioactivity signals to cause trip initiated any two out of four channels have the turbine. Protective action signals are conditions. tripped.
automatically initiated when any two out of four channels trip.
- 3. The air vent exhaust from the secondary 3. Tests will be conducted using simulated 3. Protective action signals are automatically containment is monitored for gamma radioactivity signals to cause trip initiated any two out of four channels have radioactivity. Protective action signals are conditions. tripped.
automatically initiated when any two out of four channels trip.
- 4. The air vent exhaust from the fuel handling 4 Tests will be conducted using simulated 4. Protective action signals are automatically
. area is monitored for gamma radioactivity. radioactivity signals to cause trip initiated any two out of four channels have
? Protective action signals are automatically conditions. tripped.
initiated when any two out of four channels trip.
- 5. The air supply intake to the Control 5. Tests will be conducted using simulated 5. Protective action signals are automatically Building is monitored for gamma radioactivity signals to cause trip initiated any two out of four channels have radioactivity. Protective action signals are conditions. tripped.
automatically initiated when any two out of four channels trip.
- 6. The liquid waste discharged from each of 6. Tests will be conducted on each drywell 6. A protective action signals is automatically the drywell sumps to the Radwaste sump using a simulated signals to cause a initiated when each channel trips.
Building is monitored for gamma trip condition.
radioactivity. A protective action signals is automatically initiated when each channel trips.
- 7. The off-gas discharge from the charcoal 7. Tests will be conducted using simulated 7. Protective action signals are generated vault to the stack is sampled and signals to cause trip conditions. .when both channels trip.
monitored for airborne radioactivity.
Protective action signals are automatically
.g initiated when both channels trip.
f a b
g Table 2.3.1 Process Radiation Monitoring System (Continued) us Inspections, Tests, Analyses and Acceptance Criteria Design Commitment Inspections, Tests, Analyses Acceptance Criterim
- 8. The ventilation and the gaseous discharge 8. Tests will be conducted using simulated 8. An alarm is initiated when the detected from the plant stack is sampled and signals to cause trip conditions. radiation level exceeds the trip setpoint.
monitored for airborne radioactivity at a common release point. An alarm is initiated when the detected radiation level exceeds the trip setpoint.
- 9. The treated radwaste liquid discharge from 9. Tests will be conducted using simulated 9. Protective action signals is automatically the plant is sampled and monitored for signals to cause trip conditions. initiated when the channel trips.
rad:cactivity. Protective action signals is automatically initiated when the channel trips.
- 10. In the PRM System. independence is 10a. Tests will be performed on the PRM 10a.The test signal exists only in the Class 1E provided between Class 1E divisions, and System by providing a test signal to only division under test in the PRM System.
between Class 1E divisions and non-Class one Class 1E division at a time.
, 1E equipment.
? 10b. Inspection of the as-built Class 1E 10b.In the PRM System, physical separation divisions in the PRM System will be exists between Class 1E divisions. Physical performed. separation exists between these Class 1E divisions and non-Class 1E equipment.
- 11. Main control room alarms and displays 11. Inspection will be performed on the main 11. Alarms and displays exist or can be provided for the PRM System are as control room PRM System alarms and retrieved in the main control room as defined in Section 2.3.1. displays. defined in Section 2.3.1.
f.'.
u ABWR Design Document }
l 2.4.2 High Pressure Core Flooder System -
V Design Description The High Pressure Core Flooder (HPCF) System is comprised of two separate divisions. The function of the HPCF System is to provide emergency makeup water to the reactor vessel for transient or loss-of<oolant accident (LOCA) _
events. Each HPCF division consists of a pump, piping, valves and controls and can utilize either of two water sources, the condensate storage tank (CST) or the suppression pool (S/P). The primary source of suction water supply is from the CST. The S/P water is the secondary source of supply. Figure 2.4.2a shows the
- ic system configuration and scope. Figure 2.4.2b shows the HPCF System control interfaces. j I
The llPCF System is classified as safety-related.
The HPCF System operates in the following modes:
l (1) High pressure flooder. ;
(2) Full flow test.
(3) Minimum flow bypass.
High Pressure Flooder Mode As hown on Figure 2.4.2b, the HPCF System channel measurements are provihd to the Safety System Logic and Control (SSLC) System for signal q processii.g, setpoint comparisons, and generating trip signals. The HPCF System ;
is automatically initiated in the high pressure flooder mode when either a high .I drywell pressure or low reactor water level condition exists. The SSLC System l processors use a tww"t-of-four voting logic for system initiation and shutdown. ;
Manual HPCF Sy> .nitiation can also be performed.
Following receipt of an initiation signal, the HPCF System automatically initiates and operates in the high pressure flooder mode to provide water to the core q region of the reactor. The pumps are motor-driven centrifugal pumps that 1 provide flow as a function of reactor vessel pressure. The flow in each division is-3 not less than a value corresponding to a straight line between a flow of 182 m /-
hr at a differential pressure of 82.8 kg/cm2 and a flow of 727 m3 /hr at a - :
differential pressure of 7 kg/cm 2. The differential pressure values represent the j difference between the reactor vecsel pressure and the pressure of the air space .j of the source water for the pump. System flow into the reactor vessel is achieved L j within 16 seconds of receipt of an initiation signal and power available at the emergency buses.
6/4/93 l 2.4.2
ABWR Design Documsnt The IIPCF pumps have sufficient net positive suction head (NPSH) available at
( the pumps.
During this mode, pump suction is from the CST. Automatic transfer of pump suction from the CST to the suppression pool occurs when a low CST water level or high suppression pool water level signal exists. The CST and suppression pool water level signals are processed through the SSLC twomut-of-four voting logic to initiate suction transfer.
When high water level in the reactor pressure vessel has been established, the reactor vessel injection valve is automatically closed. When the low water level initiation signal recurs, the injection valve automatically re-opens to reestablish HPCF flow.
Full Flow Test Mode Each division of the HPCF System has a full flow test mode to permit testing during plant operation. In this mode, water is taken from the suppression pool and returned to the suppression pool via the test return line. The injection valve is kept closed to prevent any vessel injection during the test.
If a system initiation signal occurs during the full flow test mode, each division of the HPCF System automatically aligns to the high pressure flooder mode.
?
Minimum Flow Bypass Mode:
Each division of the HPCF System has a minimum flow bypass mode that assures there is always flow in the llPCF pumps when they are operating. This is accomplished by monitoring pump discharge flow, and opening a minimum flow valve to the suppression pool when flow falls below the minimum value. The minimum flow valve closes when the pump flow exceeds the minimum value.
Minimum flow bypass operation is automatic based on a flow signal opening the minimum flow valve when the flow is low, with a concurrent high pump discharge pressure signal.
The remaining discussion in this section is not mode specific and applies (unless stated otherwise) to the entire IIPCF System.
The HPCF System is classified as Seismic Category 1. Figure 2A.2a shows the ASME Code Class for the 1IPCF System. The HPCF System is located both inside the primary containment and within the Reactor Building.
Each of the two llPCF divisions is powered from the respective Class lE division as shown on Figure 2A.2a. In the HPCF System, independence is provided between Class 1 E divisions, and also between Class 1 E divisions and non-Class 1E O
%.J equipment.
6/4/93 -2 2.4.2
ABWR D: sign Document g Outside the containment, except for piping from the CST, each mechanical division of the HPCF System (Divisions B and C) is physically separated from the other division. Except for piping from the CST, both IIPCF divisions are physically separated from the Reactor Core Isolation Cooling (RCIC) System.
The IIPCF System has the following displays and controls in the main control room:
(1) Parameter displays for the instruments shown on Figure 2.4.2a.
(2) Controls and status indication for the active safety-related components shown on Figure 2.4.2a.
(3) Manual system level initiation capability for the high pressure flooder mode.
IIPCF System components with displays ands controlinterfaces with the Remote Shutdown System (RSS) are shown on Figure 2.4.2a.
The safety-related electrical equipment shown on Figure 2.4.2a located inside the primary containment and in the Reactor Building is qualified for a harsh environment.
(3 G! The motor-operated valves (MOVs) shown on Figure 2.4.2a have active safety-related functions and perform these functions under differential pressure, fluid flow, and temperature conditions.
The IIPCF System pumps have interlocks which prevent operation if both suction valves are closed.
The HPCF System suction piping and components have a design pressure of 28.8 kg/cm 2g for intersystem LOCA (ISLOCA) conditions.
Inspections, Tests, Analyses and Acceptance Criteria Table 2.4.2 provides a definition of the inspections, test and/or analyses, together with associated acceptance criteria, which will be undertaken for the HPCF System.
A.
6/4/93 2.4.2
O O O e
PRIMARY CONTAINMENT R --N - N - j /
2 l F 7 MUWC HPCF j FROM _ --____ -___-____ _ V. y ,
, p STORAGE TANK I
I I
I f/ 1 l l 1 R .
l i ' I l MUWC l I
I I
/[
/
P I
l 2 HPCF I L___ _4 ,
I g /
TO HPCF l TO HPCF l
/
DIVISION C} ~ ~ DIVISION B1 TO S/P VIA -
^
I~ R r RHR TEST h l l l 9 j[ R RETURN LINE OF pjfffff y l g l SAME DIVISION /
RCIC HPC lHPCF SPCSl _____ _I_________ p ___ .
~~
l~ ~ ~ l HPCF RHR / 1 l
p i R l [ _ j/
l R h h
] /[
I l S/P j I L____ /
I g _ _ _ _ M _ _ g_f_@ /
I R /,,,,,,,7,,,,,,,,,,3 l
MAIN PUMP l l R 1 NOTES:
- 1. DIVISION B SHOWN, DIVISION C IDENTICAL EXCEPT INTERFACE I
I
{ l I CONNECTIONS WITH RSS ON DIVISION B ONLY.
I l---- @ _--- M - 2. ALL ELECTRICAL POWER LOADS FOR THE CLASS 1E COMPONENTS SHOWN ON THIS FIGURE ARE POWERED FROM CLASS 1E DIVISION 11 (DIVISION C POWERED FROM CLASS 1E DIVISION 111).
[ Figure 2.4.2a High Pressure Core Flooder System
p r~
J U (
e
$w MAIN CONTROL ROOM HPCF LOGIC & CONTROL HPCF HPCF LOCAL AREA PLANT SENSORS Manual System Janua, Pump and Valve initiation g3 System Flow Pump Discha<ge Pressure HPCF Pump Sucten Pressure e o e LOCAL AREA Condensate Storage Tank Suction Valve Position Sigoression Pool Suction Valve Positen 06VICO MCIU8lOIS
' s 1r 1r1r 1r
~ ~
Automatic
-> and HPCF LOGIC PROCESSORS + Manual System In/flaflon
> (DTM, SLUs)
NBS Drymet w, g,,c,,, Pre,ssure
,, t,y,, gnd controf
- Sensor Channel Trip Decision
- System Coincidence Trip Decision k
m % E Manuai
, E SSLC :Ov"UIDN"o'Nlp ' 9*
Y' '
Muwe condensate Staage Tank water Lem M
S
+ processin
%e equipmenk
- Sensor Bypass
- Division Maintenance eypass
- Calibration, Self-Diagnosis M
S
--* Pump and Valve Acruation
" " " HPCF Initiation r-~Ic'g-~]
ss Signal to:
g Processing l --*
ACS Suppression Poca Water Level ---* l tm Other : - Emergency Diesel
, Sasty Sysmms t Generator System INTERDfVtSONAL SIGNAL TRANSFER g FOR 2-out-of-4 COINCOENCE LOGC :
Notes:
- 1. Diagram represents one of two HPCF divisions.
[ Figure 2.4.2b High Pressure Core Flooder System Control Interface Diagram j
O O Table 2.4.2 High Pressure Core Flooder System Inspections, Tests, Analyses and Acceptance Criteria Design Commitment Inspections, Tests, Analyses Acceptance Criteria
- 1. The basic configuration of the HPCF 1. Inspections of the as-built system will be 1. The as-built HPCF System conforms with System is as shown on Figures 2.4.2a and conducted. the basic configuration shown on Figures 2.4.2b. 2.4.2a and 2.4.2b.
- 2. The ASME Code components of the HPCF 2. A hydrostatic test will be conducted on 2. The results of the hydrostatic test of the System retain their pressure boundary those Code components of the HPCF ASME Code components of the HPCF integrity under internal pressures that will System required to be hydrostatically System conform with the requirements in be experienced during service. tested by the ASME Code. the ASME Code, Section 111.
3a. The HPCF System is automatically initiated 3a. Tests will be conducted using simulated 3a. Each division of the HPCF System receives in the high pressure flooder mode when input signals for each process variable to an initiation signal.
either a high drywell pressure or a low cause trip conditions in two, three, and reactor water level condition exists. four instrument channels of the same process variable.
3b. Manual HPCF System init:ation can be 3b. Tests will be conducted by manually 3b. Each division of the HPCF System receives a performed in the high pressure flooder initiating each HPCF division. an initiation signal.
mode.
3c. Following receipt of an initiation signal,the 3c. Tests will be conducted on each HPCF 3c. Upon receipt of a simulated initiation HPCF System automatically initiates and division using a simulated initiation signal, signal, the following occurs:
operates in the high pressure flooder mode to provide water to the core region of the a) The HPCF pump receives a signal to reactor, start, b) _ The RPV injection valve receives a signal to open, c) The condensate storage tank suction valve receives a signal to open, d) The test line return valve receives a signal to close.
N P
w
__ - __.4 _ - _ . _ _ ______
O O O g Table 2.4.2 High Pressure Core Flooder System (Continued) la Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria 3d. The HPCF System flow in each division is 3d. Tests will be conducted on each division of 3d. The converted HPCF flow satisfies the not less than a value corresponding to a the as-built HPCF System in the HPCF high following:
straight line between a flow of 182 m3/hr at pressure flooder mode. Analyses will be a differential pressure of 82.8 kg/cm3 and a performed to convert the test results to the The HPCF System flow in each division is flow of 727 m3/hr at a differential pressure conditions of the Design Commitment. not less than a value corresponding to a of 7 kg/cm 2 straight line between a flow of 182 m3/hr at a differential pressure of 82.8 kg/cm3 and a flow of 727 m3/hr at a differential pressure of 7 kg/cm2, 3e. System flow into the reactor vessel is 3e. Tests will be conducted on each HPCF 3e. The HPCF System flow is achieved within achieved within 16 seconds of receipt of an division using simulated initiation signals. 16 seconds of receipt of a simulated initiation signal and power available at the initiation signal.
emergency busses.
3f. The HPCF pumps have sufficient NPSH 3f. Inspections, tests and analyses will be 3f. The available NPSH exceeds the NPSH
. available at the pumps. performed upon the as-built system. The required.
Y analyses will consider the effects of:
Pressure losses for pump intet piping and components, Suction from the suppression pool with water level at the minimum value, 50% minimum blockage of the pump suction strainers, Design basis fluid temperature (100 C),
Containment at atmospheric pressure. ,
3g. Automatic transfer of pump suction from 3g. Tests will be conducted on each HPCF 3g. HPCF System receives suction transfer the CST to the suppression pool occurs division using simulated input signals for initiation signal.
when a low CST water level or high each process variable to cause trip suppression pool water level signal exists. conditions in two, three, and four instrument channels of the same process variable.
1 b
__m__ . _ _ _ _ _ _ _ _ _ _ __ 2 _ _ __ _ _ _ _ . _ . - _. m_ _ _ _ _ _ . _ _ _ _ _
( OG C-3 Table 2.4.2 High Pressure Core Flooder System (Continued) ta Inspections, Tests, Analyses and. Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria 3h. Following receipt of a suction transfer 3h. Test will be conducted on each HPCF 3h. Upon receipt of a simulated suction initiation signal, the HPCF System division using simulated suction transfer transfer initiation signal, the following automatically switches pump suction. initiation signals. ,
occurs:
a) Suppression pool suction valve receives open signal.
b) CST suction valve receives close signal.
3i. When high water level in the reactor 3i. Tests will be conducted on each HPCF 3i. The HPCF System receives a shutdown pressure vessel has been established, the division using simulated high reactor water signal to close the reactor vessel injection reactor vessel injection valve is level signals to cause trip conditions in valve. ,
automatically closed. two, three, and four instrument channels of water level variable.
3j. Following receipt of a shutdown signal, the 3j. Tests will be conducted on each HPCF 3j. Upon receipt of a simulated shutdown HPCF System automatically closes the division using a simulated shutdown signal, the reactor vessel injection valve
, vessel injection valve. signal. closes.
m 3k. Following HPCF System shutdown on a 3k. Test will be conducted on each HPCF 3k. Upon receipt of a simulated low reactor high reactor water level signal, when the division using a simulated low reactor water level signal, the vessel injection ,
low water level initiation recurs the vessel water level signal. valve opens.
injection valve automatically re-opens to reestablish HPCF flow.
- 31. Each division of the HPCF System has a full 31. Tests will be conducted on each as-built 31. Water is pumped at a flow rate of not less flow test mode to permit testing during HPCF division, using installed controls, than 182 m3 /hr in the tett flow mode.
plant operation. power supplies and other auxiliaries. Water will be pumped in the test flow mode with system head equivalent to a pressure differential of 82.8 kg/cm2 between the RPV and the air space of the source water for the pump. '
3m.lf a system initiation signal occurs during 3m. Tests will be performed on each HPCF 3m.Upon receipt of a simulated initiation the full flow test mode, each division of the division using simulated initiation signals. signal, each HPCF division automatically HPCF System automatically aligns to the reverts to the high pressure flooder mode high pressure flooder mode. of operation from the test mode.
t' u
b' J
s g Table 2.4.2 High Pressure Core Flooder System (Continued) ia Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria 3n. Each division of the HPCF System has a 3n. Tests will be conducted on the pump 3n. The pump minimum flow valve receives a ;
minimum flow bypass mode that assures minimum flow valve interlock logic using signal to open when signals indicative of there is always flow in the HPCF pumps simulated pressure and flow signals. the following conditions exist concurrently: ,
when they are operating. .
a) Pump discharge pressure is high when the pump starts and, b) Pump flow is low.
The pump minimum flow valve receives a '
signal to close when a signalindicative of the following condition exists:
a) Pump flow exceeds the minimum value.
4
- 4. In the HPCF System, independence is 4a. Tests will be performed on the HPCF 4a. The test signal exists only in the Class 1E 43 provided between Class 1E divisions, and System by providing a test signal in one division under test in the HPCF System.
between Class 1E divisions and non-Class Class 1E division at a time.
1E equipment. 4b. In the HPCF System, physical separation 4b. Inspection of the as-built Class 1E divisions exists between Class 1E divisions. Physical in the HPCF System will be performed. separation exists between these Class 1E divisions and non-Class 1E equipment.
- 5. Outside the containment, except for piping 5. Inspections of the as-built HPCF System 5. Except for piping from the CST, ea':h from the CST, each mechanical division of will be performed. mechanical division of the HPCF System is the HPCF System (Divisions B and C)is physically separated from the other physically separated from the other mechanical division of the HPCF System, division. Except for piping from the CST, and both HPCF divisions are separated both HPCF divisions are physically from the RCIC System, by structural and/or separated from the RCIC System. fire barriers with the exception of equipment within the primary 'i containment.
- 6. Main control room displays and controls 6. Inspections will be performed on the main 6. Displays and controls exist or can be provided for the HPCF System are as control room displays and controls for the retrieved in the main control room as
- defined in Section 2.4.2. HPCF System. defined in Section 2.4.2.
l
. m l
l
O O O '
3 Table 2.4.2 High Pressure Core Flooder System (Continued) a Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 7. Remote Shutdown System (RSS) displays 7. Inspections will be performed on the RSS 7. Displays and controls exist on the RSS as .
and controls provided for the HPCF System displays and controls for the HPCF System. defined in Section 2.4.2.
are as defined in Section 2.4.2.
- 8. MOVs designated in Section 2.4.2 as 8. Opening and/or closing tests of installed 8. Each MOV opens and/or closes. The having an active safety-related function valves will be conducted under following valve opens in the following time open and/or close under differential preoperational differential pressure, fluid limit upon receipt of the actuation signal.
pressure, fluid flow, and temperature flow, and temperature conditions.
conditions. Valve Time (sec) l injection valve 5;16 open
- 9. The HPCF System pumps have interlocks 9. Tests will be conducted on each HPCF 9. Each HPCF System pump is prevented which prevent operation if both suction System pump start logic using simulated from operating unless signals indicative of valves are closed. valve position signals. one of the following conditions exists:
a) A suction path from the S/P is available (the S/P suction valve is fully open).
o b) A suction path from the condensate storage tank is available (the CST suction valve is fully open).
a b
. . ~ . . _ . . . . _ . _ . . . . . . _. . _ . ___. . . _ . . .. __ _ _._
o ABWR Design Document 2.6.2 Fuel Pool Cooling and Cleanup System Design Description The Fuel Pool Cooling and Cleanup (FPC) System (Figure 2.6.2) removes decay -l heat generated by the spent fuel assemblies in the spent fuel storage pool. It also ;
monitors and maintains the water level above the spent fuel in the spent fuel ~ j storage pool. Figure 2.6.2 shows the basic FPC System configuration and scope. ]
The FPC System is classified non-safety-related, except for piping connectio'ns !
and valves for safety-related fuel pool makeup and supplemental cooling by the Residual Heat Removal (RHR) System.
The safety-related makeup water source for the spent fuel storage pool is provided by the RHR System which pumps suppression pool water to the FPC System.
i The FPC System components, with the exception of the filter /deminerahzer.
- unit, are classified as Seismic Categog 1. Figure 2.6.2 shows the ASME Code class ,
for the FPC System piping and components.
The FPC System is located in the Reactor Building.
The FPC System has parameter displays in the main control room for instruments shown on Figure 2.6.2.
The piping and components of the FPC System at the suction side of the RHR System, from the upstream isolation valve have a design pressure of 28.8 kg/
cm2g for intersystem LOCA (ISLOCA) conditions'. '
Inspections, Tests, Analyses and Acceptance Criteria Table 2.6.2 provides a definition of the inspections, tests and/or analyses, together with associated acceptance criteria, which will be undertaken for the FPC System O '
6/4/93 2.6.2
O MU OC RP FS WC C P R F CW P
C R .
3 3 R
E T G N U A C 4 EA H P H C S X -
E C3 P
F B- C M'
k R R R j H H H m R R R ' t e
C " - " s y
P F i U S C
3 P p S u l
S n N a N
l e
N C .
W R O E K E d L
F G N Z n R ! L I
a E R A RA g U E T R S T V n O E 4 L I N i
?
l I
FI
,- o O
M o 4 E C
D N l o
L S o E EE U
- ' N P F GL N l e
C i E T PS _' 2 P > > S F3 V - " 6 R B C 2 H
R RH R
e r
H u .
R R g i
F N' N _
S _
g P
M U
P I C P
F
( _
O .
s8 ,w {
O O~ O v
$ Table 2.6.2 Fuel Pool Cooling and Cleanup System 3
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. A basic configuration for the FPC System is 1. Inspection of the as-built system will be 1. The as-built FPC System conforms with the shown on Figure 2.6.2. conducted. basic configuration shown on Figure 2.6.2.
- 2. The ASME Code compon9nts of the FPC 2. A hydrostatic test will be conducted on 2. The results of the hydrostatic test of the System retain their pressure boundary those code components of the FPC System ASME Code components of the ASME integrity under internal pressures that will required to be hydrostatically tested by the Code components of the FPC System be experienced during service. ASME Code. conform with requirements in the ASME Code, Section 111.
- 3. The safety-related makeup water source 3. Test will conducted on the as-built FPC and 3. The combined RHR System and FPC for the spent fuel storage pool is provided RHR Systems by aligning the systems so System operation transfers water from by the RHR System which pumps that the RHR System draws water from the suppression pool to the spent fuel storage suppression pool water to the FPC System. pool.
suppression pool and discharges into the spent fuel storage pool.
- 4. Main control room displays provided for 4. Inspections will be performed on the main 4. Displays exist or can be retrieved in the
. the FPC System are as defined in Section control room displays for the FPC System. main control room as defined in Section Y 2.6.2. 2.6.2.
i N
P w
. , . - . . , . . . - .~, -
ABWR oesign occum:nt
, 2.6.3 Suppression Pool Cleanup System Design Description The Suppression Pool Cleanup (SPCU) System removes particulates and dissolved impurities from the suppression pool by circulating suppression pool i water through the Fuel Pool Cooling (FPC) System water treatment equipment.
The SPCU System also provides a source of makeup water to the spent fuel storage pool and the Reactor Building Cooling Water (RCW) System surge tanks using either the suppression pool or condensate storage tank water via the High Pressure Core Flooder (HPCF) System supply piping. Figure 2.6.3 shows the l basic system configumtion and scope.
]
Except for the primary containment penetration and isolation valves, the SPCU !
System is classified as non-safety-related. l The SPCU System piping and components, as shown on Figure 2.6.3, are I classified as Seismic Category I. Figure 2.6.3 shows ASME Code class for the l SPCU System piping and components. l The SPCU System is located outside the primary containment in the Reactor ['
Building.
The inboard containment isolation valves are powered from Class 1 E Division II, and the outboard containment isolation valve is powered from Class 1 E Division I. In the SPCU System, independence is provided between the Class 1E divisions, ,
and also between Class IE divisions and non-Class 1E equipment.
The main control room has control and open/close status indication for the ,
containment isolation valves.
The safety-related electrical equipment located outside the primary containment in the Reactor Building is qualified for a harsh environment.
The motoroperated valves (MOVs) shown on Figure 2.6.3 have active safety- ,
related functions and close under differential pressure, fluid flow, and .
temperature conditions.
Inspections, Tests, Analyses and Acceptance Criteria Table 2.6.3 provides definition ofinspections, tests, and/or analyses, together ,
with associated acceptance criteria, which will be undertaken for the SPCU System.
1 P
6/3/93 '2.6.3 s
R -
E Z
R O C A E
Z I
L R
ll A
R E
N P I F E M "
MEIRN E U D C OTM C-R P p RILE P S3 g3 FFD F E C
P 4 CP OIL TF Tl p p
F F 2' m' OU3 I
' 3
- P C L
L K "p E O N S UO A F P T TE W E NG CG EA RR P
S R OU O TS m OT e TS t s
y S
p u
n.
a
=
l e
C l
o o
> P n
o O 3 N
i s
s e
r p
3 2 p U u O C P E S S
M2 '
L S3 F
6
- - P A1 V1 N 2 H e
- - N NO 1 r -
C OIOITN u T '
O I SA TI LIO g N 7 '
AV OS i E L LI I F M O DSV I I
N - - SE TD I 1 TSEN E I
A R y T
N
- - F N SM S 1
O ,
EA N S MLI C /// ///j////////// ////f /
'j/f/ INCAA TL Y
R
- / AM NC A -
.N O - /
/
TOOM NR M
I I
S L / OF CO DR R 1T C DED AD RF lgl,I g l S /
U
/ OWTE S /
- NBIOU PO W
/ S EEEP O
/ E HRH
/ T S
/p// s///////h///j/
' ' /f! O N1 T.A T I O
8B , f
O O O
$ Table 2.6.3 Suppression Pool Cleanup Systern 3
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment Inspections, Tests, Analyses Acceptance Criteria
- 1. The basic configuration of the SPCU 1. Inspections of the as-built system will be 1. The as-built SPCU System conforms with System is as shown on Figures 2.6.3. conducted. the basic configuration shown on Figure 2.6.3.
- 2. The ASME Code components of the SPCU 2. A hydrostatic test will be conducted on 2. The results of the hydrostatic test of the System retain their pressure boundary those code components of the SPCU ASME Code components of the SPCU integrity under internal pressures that will System required to be hydrostatically System conform with the reouirements in be experienced during service. tested by the ASME Code. the ASME Code Section ill.
- 3. In the SPCU System, independence is 3a. Tests will be conducted in the SPCU 3a. The test signal exists only in the Class 1E provided between Class 1E divisions, and System by providing a test signal in only division under test in the SPCU System.
between Class 1E divisions and non-C! ass one Class 1E division at a time.
1E equipment. t 3b. Inspections of the as-built Class 1E 3b. In the SPCU System, physical separation divisions in the SPCU System will be exists between Class 1E divisions. Physical performed. separation exists between these Class 1E 4 divisions and non. Class 1E equipment.
- 4. Main control room displays and controls 4. Inspections will be conducted on the main 4. Displays and controls exist or can be i provided for the SPCU System are as control room displays and controls for the retrieved in the main control room as defined in Section 2.6.3. SPCU System. defined in Section 2.6.3.
- 5. MOVs designated in Section 2.6.3 as 5. Closing tests of installed valves will be 5. Each MOV closes.
having an active safety-related function conducted under preoperational close under differential pressure, fluid flow, differential pressure, fluid flow, and and temperature conditions. temperature conditions.
Y m
id
ABWR D: sign Document 1 1
-2.7 Control Panels i ,
'2.7.1 Main Control Room Panels l Design Description i The Main Control Room Panels (MCRP) is comprised of four major i components. These are main control console, large display panel, the :
supervisor's console, the auxiliary or back panels, and their respective internal ,
wiring.
The MCRP locates and configures the alarms displays and controls for plant systems that contain Class IE equipment is classified as Seismic Category I.
Non-Class lE and divisional Class 1E control and instrument power is provided for the MCRP. Independence is provided between Class lE divisions and also between the Class IE divisions and non-Class IE equipment.
The MCRP has the fixed alarms, displays, and controls shown on Table 2.7.la.
Inspections, Tests, Analyses and Acceptance Criteria e Table 2.7.1b provides a definition of the inspections, tests and/or analyses, together with associated acceptable criteria, wliich will be undertaken for the MCRP System. ;
t C
6/3/93 2.7
+
b M re ev- - , r y v' --
ABWR Design Document
,f-~ Table 2.7.1a Main Control Room Panels :
Fixed Position Alarms, Displays and Controls A. Fixed Position Controls B. Fixed Position Displays
}
C. Fixed Position Alarms c
NOTE Entries in this table will be provided when GE/NRC agreement is in place on SSAR Chapter 18, Appendix 18F.
I i
O !
6/3/93 2- 2.7.1
,w . . _ . ., _ , . , . . - . ._[_.. - . . . _. -,
O O O
- $ Table 2.7.1b Main Control lloom Panels
~$
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. Equipment comprising the MCRP is 1. Inspections of the as-built system will be 1. The as-built MCRP conforms with the defined in Section 2.7.1. conducted. description in Section 2.7.1.
- 2. In the MCRP, independence is provided 2a. Tests will be conducted on the MCRP by 2a. The test signal exists only in Class 1E between Class 1E divisions, and between providing a test signal to only one Class 1E division under test in the MCRP.
Class 1E divisions and non-Class 1E division at a time.
equipment.
2b. Inspections of the as-built Class 1E 2b. In the MCRP, physical separation exists divisions in the MCRP will be conducted. between Class 1E divisions. Physical separation exists between these Class 1E divisions and non-Class 1E equipment.
9 m
- - . - - _ _ . - - _ . - _ _ - . . _ . _ - - - - - - _ . - - - - - - - ~ , - -- a
ABWR D: sign Documsnt l 1
2.7.3 Local Control Panels !
Design Description l l
The Local Control Panels (LCP) consist of safety-related and non-safety-related local panels, control boxes, instrument racks and their r espective internal -
wiring. LCPs f un ction as protective housings and support structures for electrical and electronic equipment and facilitate local control operation.
LCPs that support safety-related equipment are classified as safety-related, Seismic Category I. Safety-related LCPs are located in Seismic Category I
structures in their divisional areas.
Safety-related LCPs are powered from their respective Class lE divisions.
Independence is provided between Class 1E divisions, and also between Class 1 E divisions, and also non-Class 1E equipment.
Inspections, Tests, Analyses and Acceptance Criteria Table 2.7.3 provides a definition of the inspections, tests, and/or analyses, together with associated acceptance criteria, which will be undertaken for the -
Local Control Panels.
O .
i e
1 l
l ,
l l
i i
I 6/3/93 2.7.3
b b v
$ Table 2.7.3 Local Control Panels 8
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The basic configuration of the LCPs is 1. Inspections of the as-built system will be 1. The as-built LCPs conform with the basic described in Section 2.7.3. conducted. configuration described in Section 2.7.3.
- 2. Independence is provided between Class 2a. Tests will be performed in the LCPs by 2a. A test signal exists in only the Class 1E 1E divisions and between Class 1E providing a test signal to only one Class 1E division under test in the LCPs.
divisions and non-Class 1E equipment. division at a time.
2b. Inspections of the as-built Class 1E 2b. In the LCPs, physical separation exists divisions in the LCPs will be performed. between as-built Class 1E divisions.
Physical separation exists between these Class 1E divisions and non-Class 1E equipment.
M to
. _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . . _ _ _ _ _ . _ . . _ _ ~. - _ _ . _ _ _ _ _ _ _ . _ _ _ . _ _ _ . _ _ _ _ _ _ _ _ _ _
ABWR D: sign Document
, 2.7.5 Multiplexing System t
\ The Multiplexing System consists of the essential multiplexing system (EMS) and the non-essential multiplexing system (NEMS).
Essential Multiplexing System The EMS provides distributed data acquisition and control networks that support the control and monitoring of the plant protection and safety systems.
EMS comprises electrical devices and circuity. This includes remote multiplexing units (RMUs), transmission lines, and control room multiplexing units (CMUs) that acquire data from remote process sensors and discrete devices located within the plant, and then multiplex the data to Safety System Logic and Control (SSLC) equipment in the main control room area. SSLC operates on the input signals according to the required system logic functions, and transmits multiplexed control signals to RMUs outside of the main control room. The RMUs distribute the signals to the final actuators of the supported systems' driven equipment. In addition to SSLC, EMS also supports the data acquisition and transmission of other safety-related signals used for display and recording.
The EMS is classified as a Class lE, safety-related system.
There are four divisions of EMS instrumentation, with no interconnections among divisions. Each division of ege.ipment has independent control of data acquisition and multiplexing. System timing is asynchronous among the four divisions; so that timing and clock signals in any one division only influence data transmission functions within that division.
Class 1E analog and discrete sensors of the plant safety systems are connected to RMUs outside the main control room. These RMUs perform signal conditioning, analog-to<ligital conversion for continuous process inputs, change-of-state detection for discrete inputs, and data message formatting prior to signal transmission. The RMUs are limited to acquisition of sensor data and the output of control signals. Trip decisions and other control logic functions are performed in SSLC processors in the main control room area. The RMUs transmit serial, time-multiplexed data streams representing the identity and status of the plant variables over dual redundant channels to the CMUs.
The CMUs demultiplex the data and condition the signals for use in either the controllers of SSLC or in monitoring systems. After the input data is processed I in SSLC, the resulting trip logic decisions are transmitted (for engineered safety ;
features (ESF) functions only) as a serial, time-multiplexed data stream to the l CMUs, which acquire the data and transmit it via EMS to RMUs in the local areas, l where the digital data is converted to signals for actuation of control devices. The !
I data reaching the RMUs is compared in 2-out-of-2 voting logic to confirm final 6/4/93 2.7.5
ABWR D3 sign Document output to the actuators. The voting logic can be bypassed to achieve continued I operation in a 1-out-of-1 condition with a failed channel.
Data communications to non-safety-related systems or devices for control or display purposes use an isolating transmission medium and buffering devices.
Data cannot be transmitted from the non-safety-related side to EMS.
The EMS features automatic self-test and automatically reconfigures after detecting failure of one channel (either a cable break or device failure) within a division. The system returns to normal operation after reconfiguration with no interruption of data communication. If an RMU or CMU fails, that unit is automatically removed from senice. Self-test runs continuously and faults are indicated in the main control room.
Each of the four EMS division is powered from its respective division's Class 1E division. Independence is provided between Class 1E divisions, ari also between Class IE divisions and non-Class 1E equipment.
The EMS is located in the Reactor Building and the Control Building.
EMS has the following alarms and displays in the main control room:
(1) Inoperative indication for each RMU and CMU.
(2) Channel availability (Channel 1 or 2) for each EMS division.
(3) Technician interface for display and control of data transmission parameters and off-line self-test functions.
Non-Essential Multiplexing System The NEMS provides data communications for non-safety-related plant functions.
NEMS acquires non-safety-related data from process sensors and discrete devices located throughout the plant and transmits these signals to the non-safety-related control systems for control ftmction processing. Equipment status data is transmitted to operator control panels for monitoring alarm annunciation and to the plant computer systems for data recording and displays. NEMS also transmits processed, non-safety-related, control signals to actuator circuits to activate valves, motor drives, alarms, monitors and indicators of the interfacing systems. The electrical devices of NEMS, which consist of remote multiplexing units (RMUs), transmission lines, and control room multiplexing units (CMUs).
The NEMS is classified as non-safety-related.
l
\
6/4/93 2.7.5
ABWR D: sign Docum:nt ;
1 l
, Inspections, Tests, Analyses and Acceptance Criteria l
'A Table 2.7.5 provides a definition of the visual inspections, tests and analyses, together with associated acceptance criteria, which will be undertaken fbr the l Essential Multiplexing System.
i l
l l
I O
V !
6/4/93 3- 2.7.5
O V (/ . (V
')
$ Table 2.7.5 Essential Multiplexing System B
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The equipment comprising the 1. Inspection of the as-built EMS will be 1. The as-built EMS conforms with the Multiplexing System is defined in Section conducted. description in Section 2.7.5.
2.7.5.
- 2. The EMS features automatic self-test and 2. Tests will be conducted on each as-built 2. There is no loss of EMS data automatically reconfigures after detecting EMS division by individually simulating the communication as a result of the fault.
failure of one channel (either a cable break following, while simultaneously Fault occurrence is displayed in the main or device feature) within a division. The transmitting and monitoring test data control room.
systern returns to normal operation after streams:
reconfiguration with no interruption of data communication. a. Single cable break.
- b. Loss of one RMU.
- c. Loss of one CMU.
A 3. In the EMS, independence is provided 3a. Tests will be performed on EMS by 3a. The test signal exists only in the Class 1E between Class 1E divisions, and between providing a test signalin only one Class 1E division under test in EMS.
Class 1E divisions and non-Class 1E division at a time.
equipment.
3b. Inspection of the as-installed Class 1E 3b. In EMS, physical separation exists between divisions in the EMS will be performed. Class 1E divisions. Physical separation exists between these Class 1E divisions and non-Class 1E equipment.
- 4. Main control room alarms and displays 4. Inspections will be performed on the main 4. Alarms and displays exist or can be provided for EMS are as defined in Section control room alarms and displays for EMS. retrieved in the main control room as 2.7 5. defined in Section 2.7.5.
m
- w w
- m. , _ _ _ _ . . _ _ _ _ _ _ _ _ _ _ . _ _ . _ _ _ _ _ _ _ _ . _ _ _ .
- ABWR D: sign Document 2.10.22 Off-Gas System J Design Description The Of f-Gas System (OGS) treats the gas exhausted from the main turbine condensers to control the release of gaseous radioactivity discharged to the plant environment.
The OGS has redundant hydrogen / oxygen recombiners to reduce process gas volume and noble gas adsorption beds to provide radionuclide retention / decay.
A high efficiency particulate air (IlEPA) filter is also provided. Figure 2.10.22 shows the basic system configuration.
Radiation levels in the OGS discharge stream are monitored. A main control room alarm and automatic OGS isolation are initiated when radiation level exceeds setpoints.
The OGS is classified as non-safety-related.
The OGS is located in the Turbine Building.
Inspections, Tests, Analyses and Acceptance Criteria Table 2.10.22 provides a defmition of the inspection, tests and/or analyses, together with associated criteria, which will be undertaken for the OGS.
t
\
5/16/93 -1 2.10.22
\I
~ .
Il J3 P
r A ER P T E L HIF H m A E e R t
~ s y
N S
O s I
a T
B S G-R DE f O B f S
D O
mJ e,\ A 2 2
p 0 1
2 l I I, e
r u
g i
~ F R R E E N^
I NB I
B B M M O^
C O
C E E R R yAE pBE A A J J S S m
/,L 5$w $ N$U
O O O Table 2.10.22 Off-Gas System a
inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The basic configuration of the OGS is as 1. Inspections of the as-built system will be 1. The as-buiit OGS conforms with the basic shown on Figure 2.10.22. conducted. configuration shown in Figure 2.10.22.
- 2. The OGS pressure retaining components 2. A hydrostatic test will be conducted on 2. The results of the hydrostatic tests retain their integrity under internal those pressure retaining components of demonstrate that the pressure retaining pressure that will be experienced during the OGS. components of the OGS can retain their service. integrity under internal pressure that will be experienced during service.
- 3. Automatic OGS isolation is initiated when 3. Tests will be conducted on the as-built OGS 3. OGS automatically isolates when the radiation levels in the discharge stream using a simulated radiation signal. simulated signal exceeds the setpoint.
exceed the setpoint.
- 4. Main control room alarm provided for the 4. Inspections will be conducted on the main 4. Alarm exists in the main centrol room as OGS is as defined in Subsection 2.10.22. control room alarm for the OGS. defined in Section 2.10.22.
4 5
9 U
ABWR 0: sign Document ,
1 l
2.11,4 Turbine Building Cooling Water System l Design Description. l l
The Turbine Building Cooling Water (TCW) System removes heat from the auxiliary equipment in the Turbine Building and rejects this heat to the. Turbine Service Water (TSW) System. Figure 2.11.4 shows the basic system configuration and scope. ;
The TCW System is classified as a non-safety-related.
The TCW System is located inside the Turbine Building.
Inspections, Tests, Analyses and Acceptance Criteria i
Table 2.11.4 provides a defmition of the inspections, tests, and/or analyses, together with associated acceptance criteria, which will be undertaken for the -
TCW System.
J h
I t
O 1 I
6/4/93 -1 2.11.4
- - - - , ., __ l
O O O
-R w
SURGE TANK e
I TSW Ik y I TCW NNS i
> HEAT -
__g + T' -
EXCHANGER l
I h Ik g TSW V ,
i TCW NNS TO E - " -
-+ TURBINE BUILDING FROM > ---O ,
EXCHANGER AUXILIARY EQUIPMENT TURBINE BUILDING i AUXILIARY EQUIPMENT I I I I
I TSW TCV! NNS lk f
- - -O - p _
HEAT _i EXCHANGER
~~
Figure 2.11.4 Turbine Building Cooling Water System -
O O O 2 Table 2.11.4 Turbine Building Cooling Water System 8
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. A basic configuration for the TGV System 1. Inspection of the as-built system will be 1. The as-built TGV System conforms with is shown in Figure 2.11.4. conducted. the basic configuration shown on Figure 2.11.4.
h N
'2 a
ABWR ossign Documznt 2.11.10 Turbine Service Water System 1
Design Description 1
The Turbine Service Water (TSW) System removes heat from the Turbine l Building Cooling Water (TCW) System and rejects this heat to the heat sink. The portions of the TSW System that are in the Turbine Building are within the Certified Design.Those portions of the TSWSystem that are outside the Turbine Building are not in the Certified Design. Figure 2.11.10 shows the basic system configuration and scope of the portion within the Certified Design.
The TSW System is classified as non-safety-related.
Interface Requirements .
The portions of the TSW System which are not part of the Certified Design shall meet the following requirement:
- Design features shall be provided to permit maintenance ofindividual system components without interruption of the TSW System function, inspections, Tests, Analyses and Acceptance Criteria Table 2.11.10 provides a definition of the inspections, tests, and/or analyses, '
together with associated acceptance criteria, for the portions of the TSW System within the Certified Design.
E r
f t
i t
t t
6/4/93 . 2.11.10 4
ABWR 0: sign Document O
V TURBINE BUILDING TCw TSW NNS
~~~~~l g_ _ , _
e TCW . l
{ !
I HEAT l l
EXCHANGER g l l
~ ~
l _ _ _ _ _ ._' ~l i I I I
~~~~~
g_ _ : _j TCw I ,
g HEAT l t O
l
\ l l EXCHANGER l I
I I
~~~~
TCw l
' I HEAT l l
l EXCHANGER l - - - -
, a -
NNS SITE TSW SPECIFIC SCOPE 3
Figure 2.11.10 Turbine Service Water System G/4/93 2.11.10
)
$ Table 2.11.10 Turbine Service Water System 3
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections. Tests, Analyses Acceptance Criteria
- 1. The basic configuration of the TSW System 1. Inspections of the as-built system will be 1. The as-built TSW System conforms with is as shown on Figure 2.11.10. conducted. the basic configuration shown on Figure 2.11.10.
h i
t l
N
~$
is 1
. _ _ _ _ _ _ _ _ ____m._ _ _ _ _ _ _ _ _ _ . _ _ _ _ . _ _ _ _ _ _ . _ _ _ _ _ _ _ _ ___ __ ,, , ,
ABWR Design Documsnt 2.11.20 Sampling System ,
f~
Design Description \
-)
The Sampling (SAM) System includes a post-accident sampling system (PASS). l The PASS can take post-accident gas samples from the containment and reactor ;
coolant samples for analysis.
The Sampling System is classifica as non-safety-related.
Inspections, Tests, Analyses and Acceptance Criteria Table 2.11.20 provides a definition of the inspections, tests, and/or analyses, together with associated acceptance criteria, which will be undertaken for the-Sampling System.
O 4 5
o 1
O l u
6/4/93 2.11.20
= . .= -l
O O O
$ Table 2.11.20 Sampling System 3
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The basic configuration of the Sampling 1. Inspections of he as-built Sampling System 1. The as-built Sampling System conforms System is described in Section 2.11.20. will be conducted. with the basic configuration described in Section 2.11.20.
i r
2 N
ABWR 0: sign Docum:nt 2.12.10 Electrical Wiring Penetration Design Description Electrical penetrations are provided for all electrical cables passing through the primary containment.
Electrical penetrations are classified as safety-related.
Electrical cables penetrating the primary containment are provided with redundant fault current protective devices in series,if the maximum fault current can exceed the continuous current rating of the penetration.
Electrical penetrations are classified as Seismic Category I.
Divisional electrical penetrations only contain cables of one Class IE division.
Independence is maintained between divisional electrical penetrations and also between division electrical penetrations and penetrations containing non{ lass 1E cables.
Electrical penetrations are qualified for a harsh emironment.
Inspections, Tests, Analyses and Acceptance Criteria O Table 2.12.10 provides a definition of the inspections, tests, and/or analysis, together with the associated acceptance criteria, which will be undertaken for the Electrical Wiring Penetrations.
O V
6/4/93 2.12.10
O O
$ Table 2.12.10 Electrical Wiring Penetration inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The basic configuration of the Electrical 1. inspections of the as-built Electrical Wiring 1. The as-built Electrical Wiring Penetration Wiring Penetration is described in Section Penetration will be conducted. conforms with the basic configuration 2.12.10. described in Section 2.12.10.
- 2. Electrical cables penetrating the primary 2. Analyses will be performed for the as-built 2. Analyses exist and conclude that the containment are provided with redundant electrical cable penetrations comparing the redundant fault current protection devices fault current protective devices in series, if fault current clearing-time curves of the are coordinated with the penetration's the maximum fault current can exceed the penetration's redundant fault current rated short circuit thermal capacity data continuous current rating of the protection devices with the rated short and prevents fault currents from exceeding penetration. circuit thermal capacity data for the the continuous current rating of the as-built penetrations. electrical cable penetrations.
- 3. Divisional electrical penetrations only 3. Inspections of the as-built divisional 3. Divisional electrical penetrations only contain cables of one Class 1E division. electrical penetrations will be conducted. contain cables of one Class 1E division.
- 4. Independence is maintained between 4. Inspections of the as-built electrical 4. Independence is maintained between
, divisional electrical penetrations and also penetrations will be conducted. divisic nal electrical penetrations and also between divisional electrical penetrations between divisional electrical penetrations and penetrations containing non-Class 1E and penetrations containing non-Class 1E cables. cables.
. .m U
i ABWR D: sign Document 2.12.11 Combustion Turbine Generator
%J Design Description The Combustion Turbine Generator (CfG) is a self-contained unit with its own supporting auxiliary systems. The CTG functions as an alternate AC power source.
The CTG is classified as non-safety-related.
-The CTG can supply power to the non-Class 1E plant investment protection (PIP) busses or to the Class lE divisional busses. The CTG capacity to supply power is at least as large as the capacity of an emergency diesel generator (DG).
The CTG is located in a non-safety-related area of the plant.
CTG has the following displays and controls in the main control room (MCR):
(1) Displays for the UrG output voltage, amperes, kVA, and frequency.
(2) Controls for manually initiating the UfG.
Inspections, Tests, Analyses and Acceptance Criteria Table 2.12.11 provides a definition of the inspections, tests, and/or analyses, together with associated acceptance criteria, which will be undertaken for the CTG.
A U
6/4/93 2.12.11
O O O
$ Table 2.12.11 Combustion Turbine Generator (CTG) 3 Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The basic configuration of the CTG is 1. Inspections of the as-built CTG will be 1. The as-built CTG conforms with the basic described in Section 2.12.1. conducted. configuration described in Section 2.12.11.
- 2. The CTF can supply power to the non-Class 2. Tests will be conducted by connecting the 2. The as-built CTG can supply power to the 1E busses or to the Class 1E divisional as-built CTG to the non-Class 1E PIP busses non-Class 1E PIP busses or to the Class 1E busses. and to the Class 1E divisional busses. divisional busses.
- 3. The CTG capacity to supply power is at 3. Inspections of the as-built CTG will be 3. The as-built CTG capacity to supply power least as large as the capacity of a DG. conducted. is at least as large as the capacity of a DG, as determined by the CTG and DG nameplate ratings.
- 4. MCR displays and controls provided for the 4. Inspections will be conducted on the MCR 4. Displays and controls exist or can be CTG are as defined in Section 2.12.11. displays and controls for the CTG. retrieved in the MCR as defined in Section 2.12.11.
+
N iO.
h
ABWR D: sign Document 2.12.12 Direct Current Power Supply Design Description The Direct Current Power Supply consists of Class lE and non-Class IE batteries and their respective electrical distribution equipment and battery chargers. The Class 1E Direct Current Power Supply and its interfaces to the Electrical Power Distribution (EPD) System are shown on Figure 2.12.12.
The Class IE direct current (DC) electrical power distribution system consists of four Class 1 E divisions (Divisions I,ll,III, and IV) of batteries with their respective DC electrical distribution panels, DC Motor Control Centers (MCC), if required for motor loads, and battery chargers. The Class IE DC distribution system provides DC power to Class 1E DC equipment and instrumentation and control circuits.
The non-Class IE DC electrical power distribution system consists of redundant non-Class 1E batteries with their respective DC electrical distribution panels, DC MCC, if required for motor loads, and battery chargers. The non-Class IE DC distribution system provides DC power to non-Class IE DC equipment and instrumentation and control circuits.
Except for Division IV, each Class IE divisional (Divisions I,II, and III) batten is provided with a normal batten charger supplied alternating current (AC) power O from a MCC in the same Class lE division as the batten. The Division IV normal batten charger is supplied AC power from a MCC in the same Class lE division that supplies AC power to the Division IV Vital AC Power Supply. In addition to the Class lE nonnal batten chargers, two Class IE standby battery chargers are provided. One Class IE standby batten charger is shared between the Divisions ;
I and II batteries and is supplied AC power from a MCC in either Division I or 11.
The second Class IE standby batten charger is shared between the Divisions 111 and IV batteries and is supplied AC power from a MCC in either Division III or the division that supplies power to the Division IV normal batteg charger. The ;
Class IE normal and standby batten charger supply and/or load circuit breakers l are controlled by key switches, at both the AC power supplies to the batten chargers and at the DC power outputs from the battery chargers, to prevent paralleling between divisions.
Each Class IE batten is sized to supply its Class 1E design loads, at the end-of-installed-life, for a minimum of 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> without recharging. j Each Class 1 E normal and standby batten charger is sized to supply its respective Class 1 E dhision's normal steady state loads while charging its respective Class 1E batten.
6/4/93 1 2.12.12
ABWR D: sign Document The Class IE DC AICCs, their circuit breakers, and battery charger circuit breakers are sized to supply their load requirements. The Class lE DC NICCs, their circuit breakers, and batten charger circuit breakers are rated to withstand l fault currents for the time required to clear the fault from the power source.
Class lE batteg charger and DC SICC circuit breakers are rated to interrupt fault currents.
DC electrical distribution system circuit interrupting devices are coordinated so that the circuit interrupter closest to the fault opens before other devices.
Class 1E DC electrical distribution system cables are sized to supply their load requirements and are rated to withstand fault currents for the time required to ,
clear the fault from the power source. i The Class IE DC electrical distribution system design ensures that the operating .
voltage supplied at the terminals of the Class lE utilization equipment is within' the utilization equipment's voltage tolerance limits.
Each Class IE batten is located in a Seismic Categog I structure and in its respective dhisional batten room, which is separate from the room containing its chargers and distribution equipment.
Class 1E DC hfCCs, central distribution panels, and local distribution panels are identified according to their Class lE division and are located in Seismic
-O Category I structures and in their respective divisional areas.
Class lE DC distribution system cables and raceways are identified according to their Class 1E division. Class IE divisional cables are routed in Seismic Category I structures and in their respective divisional raceways.
For the DC electrical distribution system, independence is provided between Class IE divisions, and also between Class IE dhisions and non-Class 1E ;
equipment.
Displays for DC bus voltages are provided in the main control room (hfCR). i Class IE cables which are routed in harsh environments are qualified for harsh emironments.
Inspections, Tests, Analyses and Accoptance Criteria Table 2.12.12 provides a definition of the inspections, tests, and/or analyses,'
- together with associated acceptance criteria, which will be undertaken for the .
Direct Current Power Supply. 1
~
O j
-2 2.12.12 '
6/4/93 l
,m .. -- . __ _ _ _ _ _
O O O s
B DIV 11 BATTERY DIV I BATTERY DIV IV BATTERY DiV lit B_ATTERY
~~ ~~
DIV11 DIV I ~- DIV (NOTE 1) DIV 111 AC MCC AC MCC AC MCC AC MCC b h h G G I h
aah o
g n) am g rv)
~ ,A sh b~ ~ h &a h -
NORMAL STANDBY NORMAL NORMAL STANDBY NORMAL CHARGER CHARGER CHARGER CHARGER CHARGER CHARGER DC DISTR PNL DC DISTR PNL DC DISTR PNL DC DISTR PNL la h h b b b' fh h ob U U V' V V V V V V LOCAL CVCF DCMCC LOCAL CVCF LOCAL CVCF LOCAL CVCF DISTR INVERTER DISTR INVERTER DISTR INVERTER DISTR INVERTER PNL PNL PNL PNL (TYP) (TYP) (TYP) (TYP)
\ / \ / \ / \ /
DIV 11 DC DIV I DC DIV IV DC DIV ill DC P
l
. NOTES:
- 1. SEE SECTION 2.12.12 DIVISON IV AC ER SUPPLY.
- 2. KEY INTERLOCKS ARE IDENTIFIED BY .
l E C Figure 2.12.12 Direct Current Power Supply (Class 1E) u
_ _ _ . _ _ _ _ _ _ . _ , _ _ _ . _ _ _ _ . - -_ __ m - -
_ __ ___________.___.___._.____z..
O O
$ Table 2.12.12 Direct Current (DC) Power Supply Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria The basic configuration of the Direct 1. Inspections the as-built system will be 1. The as-built Direct Current Power Supply 1.
configuration for the Direct Current Power conducted. conforms with the basic configuration Supply is described in Section 2.12.12. described in Section 2.12.12.
- 2. Except for Division IV, each Class 1E 2. Inspections of the as-built Class 1E Direct 2. Each as-built Class 1E divisional (Divisions divisional (Divisions I,II, and 111) battery is Current Power Supply will be conducted. 1,lI, and ill) battery is provided with a provided with a normal battery charger normal battery charger supplied AC power supplied AC power from a MCC in the from a MCC in the same Class 1E division same Class 1E division as the battery.The as the battery. The Division IV normal Division IV normal battery charger is battery charger is supplied AC power from supplied AC power from a MCC in the a MCC in the same Class 1E division that same Class 1E division that supplies AC supplies AC power to the Division IV Vital power to the Division IV Vital AC Power AC Power Supply.
Supply.
In addition to the Class 1E normal battery 3. Inspections of the as-built Class 1E Direct 3. In the as-built Direct Current Power Supply, 3.
chargers, two Class 1E standby battery Current Power Supply will be conducted. two Class 1E standby battery chargers are a provided. One Class 1E standby battery chargers are provided. One Class 1E standby battery charger is shared between charger is shared between the Divisions i and 11 batteries and is supplied AC power the Divisions I and ll batteries and is supplied AC powsr from a MCC in either from a MCC in either Division i or 11. The second Class 1E standby battery charger is Division i or 11.The second Class 1E standby battery charger is shared between shared between the Divisions til and IV batteries and is supplied AC power from a the Divisions ill and IV batteries and is supplied AC power from a MCC in either MCC in either Division 111 or the division Division 111 or the division that supplies that supplies power to the Division IV power to the Division IV normal battery normal battery charger.
charger.
Tests of the as-built Class 1E battery 4. The as-built Class 1E normal and standby
- 4. The Class 1E normal and standby battery 4.
charger supply and/or load circuit breakers charger interlocks will be conducted by battery charger supply and/or load circuit are interlocked, at both the AC power attempting to close each interlocked pair of breaker interlocks prevent paralleling the breakers using their respective interlock AC and DC divisional power supplies.
supplies to the battery chargers and at the '
DC power outputs from the battery key.
chargers, to prevent paralleling between l
divisions.
! N c
! h
f
- $ Table 2.12.12 Direct Current (DC) Power Supply (Continued) j e
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections. Tests, Analyses Acceptance Criteria
- 5. Each Class 1E battery is sized to supply its 5. Analyses to determine the capacity of the 5. Analyses for the as-built Class 1E batteries as-built Class 1E batteries will be exist and concludes that each Class 1E i Class 1E design loads, at the end-of-installed-life, for a minimum of 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> performed based on the design load profile battery has the capacity, as determined by without recharging. for each battery. its nameplate rating, to supply its Class 1E analyzed design loads, at the end-of-installed. life, for a minimum of 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> without recharging.
Each Class 1E normal and standby battery 6. Tests of each as-built Class 1E battery 6. Each as-built Class 1E normal and standby
- 6. '
charger is sized to supply its respective charger will be conducted by supplying its battery charger can supply its respective Class 1E division's normal steady state respective Class 1E division's normal Class 1E division's normal steady state loads while charging its respective Class 1E steady state loads while recharging the loads while charging its respective Class 1E battery. battery. battery.
- 7. The Class 1E DC MCCs, their circuit 7a. Analyses for the as-built Class 1E DC 7a. Analyses for the as-built Class 1E DC '
breakers, and battery charger circuit MCCs, their circuit breakers, and battery MCCs, their circuit breakers, and battery breakers are sized to supply their load charger circuit breakers will be performed. charger circuit breakers exist and conclude '
Y requirements. that the capacities of as-built Class 1E DC MCCs, their circuit breakers, and battery charger circuit breaker's, as determined by their nameplate ratings, exceed their analyzed load requirements.
7b. Load tests of the as-built Class 1E DC 7b. Connected as-built Class 1E loads operate ;
MCCs, their circuit breakers, and battery at the minimum allowable battery voltage charger circuit breakers will be conducted and at the maximum battery charging by operating connected Class 1E loads at voltage.
the minimum allowable battery voltage and the maximum battery charging voltage.
+
G
'G t
_____._._____m -
__ ____m_ _ _ _ - a v .i ,.m- . ri.<-% .,-. - c..w. ,- s---e v , . -
O 2 Table 2.12.12 Direct Current (DC) Power Supply (Continued) ia .
w inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections Tests, Analyses Acceptance Criteria 8a. The Class 1E DC MCCs, their circuit 8a. Analyses to determine fault currents for the 8a. Analyses for the as-built Class 1E DC breakers, and battery charger circuit as-built Class 1E DC electrical distribution MCCs, their circuit breakers, and battery '
breakers are rated to withstand fault system will be performed. charger circuit breakers exist and conclude -
currents for the time required to clear the that the capacities of as-built Class 1E DC fault from the power source. MCCs, their circuit breakers, and battery charger circuit breaker's current capacities exceed their analyzed fault currents for the time required, as determined by the breaker coordination analyses, to clear the fault from its power source.
- 8b. Class 1E battery charger and DC MCC 8b. Analyses to determine fault currents for the 8b. Analyses for the as-built Class 1E DC circuit breakers are rated to interrupt fault as-built Class 1E DC electrical distribution MCCs and battery charger circuit breakers j system will be performed. exist and conclude that the analyzed fault i currents.
currents do not exceed the DC MCCs and '
battery charger circuit breaker's interrupt capacities, as determined by their 4 nameplate ratings.
- 9. DC electrical distribution system circuit 9. Analyses to determine breaker _
- 9. Analyses for the as-built Class 1E DC MCCs interrupting devices are coordinated so coordination for the as-built Class 1E DC and battery charger circuit breakers exist l that the circuit interrupter closest to the electrical distribution system will be and conclude that the analyzed circuit fault opens before other devices. performed. interrupter closest to the fault will open 4
before other devices.
- 10. Class 1E DC electrical distribution system 10. Analyses to determine required as-built 10. Analyses for the as-built Class 1E DC cables are sized to supply their load Class 1E DC electrical distribution system electrical distribution system cables exist requirements. cable sizes will be performed. and conclude that the Class 1E DC electrical distribution system cable capacities, as determined by cable ratings, exceed their analyzed load requirements.
i N
I O
1 N
e Table 2.12.12 Direct Current (DC) Power Supply (Continued) e W
Inspections, Tests, Analyses and Acceptance Criteria Design Commitraent inspections Tests Analyses Acceptance Criteria
- 11. Class 1E DC electrical d;stribution system 11. Analyses to determine the as-built Class 1E 11. Analyses for the as-built Class 1E DC ,
cables are rated to withstand fault currents DC electrical distribution system fault electrical distribution system cables exist for the time required to clear the fault from currents will be performed. and conclude that the Class 1E DC the power source. electrical distribution system cables will i withstand the analyzed fault currents for the time required, as determined by the breaker coordination analyses, to clear the fault from its power source. ,
- 12. The Class 1E DC electrical distribution 12. Analyses on the as-built Class 1E DC 12. Analyses for the as-built Class 1E DC 4 system design ensures that the operating electrical distribution system will be electrical distribution system exist and voltage supplied at the terminals of the performed to determine system voltage conclude that the analyzed operating Class 1E utilization equipment is within the drops. voltage supplied at the terminals of the ]
utilization equipment's voltage tolerance Class 1E utilization equipment is within the limits, utilization equipment's voltage tolerance limits, as determined by their nameplate ratings.
p
- 13. Each Class 1E battery is located in a 13. Inspections of the as-built Class 1E 13. Each as-built Class 1E battery is located in Seismic Category I structure and in its batteries will be conducted. a Seismic Category I structure and in its respective divisional battery room, which respective divisional battery room, which is separate from the room containing its is separate from the room containing its chargers and distribution equipment. chargers and distribution equipment. i
- 14. Class 1E DC MCCs, central distribution 14. Inspections of the as-built Class 1E DC 14. As-built DC MCCs, central distribution panels, and local distribution panels are MCCs, central distribution panels, and local panels, and local distribution panels are identified according te meir Class 1E distribution panels will be conducted. identified according to their Class 1E division and are located in Seismic d: vision and are located in Seismic
- Category I structures and in their Category I structures and in their respective divisional areas. respective divisional areas.
- 15. Class 1E DC distribution system cables and 15. Inspections of the as-built Class 1E DC 15. As-built Class 1E DC distribution system raceways are identified according to their distribution system cables and raceways cables and raceways are identified Class 1E divisios Class 1E divisional cables will be conducted. according to their Class 1E division. Class are routed in Seismic Category I structures 1E divisional cables are routed in Seismic and in their respective divisional raceways. Category I structures and in their respective divisional raceways.
to d
h
_ _ ,_ _-__ __ _ _ _ _- - Pr r-r,t 1* *eu- F w h w ==- s^e a -_ -- _ - -
O O O Table 2.12.12 Direct Current (DC) Power Supply (Continued) 3 Ta laspections, Tests Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria -
- 16. For the DC electrical distribution system, 16a. Tests will be conducted on the as-built DC 16a. A test signal exists in only the Class 1E independence is provided between Class electrical distribution system by providing division under test in the DC electrical 1E divisions, and between Class 1E a test signal in only one Class 1E division at distribution system.
divisions and non-Class 1E equipment. a time.
16b. Inspections will be conducted on the as- 16b. In the DC electrical distribution system, built DC electrical distribution system will physical separation exists between as-be conducted. built Class 1E divisions, and between these Class 1E divisions and non-Class 1E equipment.
- 17. MCR displays provided for the Direct 17. Inspections will be conducted on the 17. Displays exist or can be retrieved in the Current Power Supply are as defined in displays for the Direct Current Power MCR as defined in Section 2.12.12.
Section 2.12.12. Supply.
N N
O h
ABWR D: sign Documsnt l
. 2.12.14 Vital AC Power Supply and AC instrument and Control Power Supply Systems Design Description l The Vital AC Power Supply and AC Instrument and Control Power Supply ,
Systems consist of Class 1E and non-Class 1E uninterruptible (Vital AC Power Supply System) power supplies, and Class IE interruptible (AC Instrument and Control Power Supply System) power supplies. The Class 1E Vital AC Power Supply and AC Instrument and Control Power Supply Systems interfaces to the Electrical Power Distribution (EPD) System and the Direct Current Power .
Supply are shown on Figure 2.12.14.
Vital AC Power Supplies The Class 1E Vital AC Power Supply System consists of four divisions (Division - ,
1,11,111, and IV) of uninterruptible power supplies with their respective 4
distribution panels. Each Class IE power supply provides uninterruptible, regulated 120 VAC power to Class 1E instrument and control circuits which ;
requires continuity of power during a loss of preferred power (LOPP). Each Class 1E vital AC power supply is a constant voltage constant frequency (CVCF) static inverter power supply unit.
The non-Class 1E Vital AC Power Supply System consists of redundant O
uninterruptible power supplies with their respective distribution panels. Each non-Class 1E power supply provides uninterruptible, regulated 120 VAC power to non-Class IE instrument and control circuits which require continuity of power during a LOPP. Each non-Class 1 E vital AC power supply is a CVCF static inverter power supply unit. j Each Class 1E CVCF has three input power sources. Except for the Division IV CVCF, the normal power to each Class IE CVCF is supplied from an alternating ;
current (AC) motor control center (MCC) in the same Class IE division as the l CVCF. The Division IV Class 1E CVCF is supplied AC power from the AC MCC l in the same division that supplies power to the Division IV battery charger. The ;
hackup power for each Class 1E CVCF is supplied from the DC battery in the l same Class IE division as the CVCF. In addition, each Class IE CVCF unit contains an alternate power supply. The alternate power supply is a voltage .
regulating transformer, and is supplied power from the same AC power source as the normal power supply.
Each Class 1E CVCF normal and backup power supply is synchronized, in both 1 frequency and phase, with its alternate power supply for continuity of power transfer from the inverter to the alternate supply. Automatic transfer between the Class 1E CVCF unit's three power sources maintain a regulated output.
Manual transfer between each Class 1 E CVCF unit power source is also provided.
6/4/93 2.12.14
ABWR D: sign Docum:nt Each Class IE CVCF unit is sized to provide output power to its respective 7) f V
distribution panel instrumentation and control loads.
Class 1E CVCFs and their respective distribution panels are located in Seismic Category I structures and in their respective divisional areas. Independence is provided between Class IE divisions, and also between Class lE divisions and non-Class 1E equipment.
AC Instrument and Control Power Supplies The Class IE AC Instrument and Control Power Supply System consists of three divisions (L)ivision I,II, and III) ofinterruptible power supplies with their respective distribution panels. Each power supply provides regulated 120 VAC power to Class 1E instrument and control circuits which can accommodate a power interruption during a LOPP.
Each Class IE AC instrument and control power supply is a voltage regulating transformer. The power to each Class IE AC instrument and control power supply voltage regulating transformer is supplied from an AC MCC in the same Class IE division as the transformer.
Each Class 1 E AC instrument and control power supply is sized to provide output g power to its respective distribution panel instrumentation and control loads.
Class 1E divisional AC instrument and control power supplies and their respective distribution panels are located in Seismic Categmy I structures and in their respective divisional areas. Independence is provided between Class 1E divisions, and also between Class 1E divisions and non-Class IE equipment.
Inspections, Tests, Analyses and Acceptance Criteria Table 2.12.14 provides a definition of the inspections, tests, and/or analyses, together with associated acceptance criteria, which will be undertaken for the Vital AC Power Supply and AC Instmment and Control Power Supply Systems.
O O
6/4/93 2 2.12.14
O O O g
b CLASS 1E VITAL AC POWER SUPPLY DC AC DIST PANEL MCC 6 6 6 7 7 7 CLASS 1E AC INSTRUMENT AND CONTROL POWER SUPPLY VOLTAGE CVCF REGULATING ^
INVERTER TRANSFORMER a) m
- 6) 6) 6) o 6) o f
REACTOR CONTROL f -
REACTOR CONTROL BUILDING BUILDING BUILDING BUILDING
\ / 'N /
TYPICAL OF 4 TYPICAL OF 3 1 PER DIVISION 1 PER DIVISION (DIV I, it, lit,IV) (DIV I, II, Ill)
N
--_ _ _ _ _ - . = _ _ - _ . - _ - _ _ _ _ .._. _. _.__ - -. . .
. . - . _. _ _ _ _ _ = _ _ _ _ ____-__ - _ - _
O O
$ Table 2.12.14 Vital AC Power Supply and AC Instrument and Control Power Supply Systems 3 i Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The basic configuration of the Vital AC 1. Inspections of the as-built system will be 1. The as-built Vital AC Power Supply and AC Power Supply and AC Instrument and conducted. Instrument and Control Power Supply Control Power Supply Systems is Systems conform with the basic described in Section 2.12.14. configuration described in Section 2.12.14.
- 2. Each Class 1E CVCF has three input power 2. Inspections of the as-built Vital AC Power 2. Each as-built CVCF has three input power sources. Except for the Division IV CVCF, Supply system will be conducted. sources. Except for the Division IV CVCF, the normal power to each Class 1E CVCF is the normal power to each CVCF is supplied i supplied from an AC MCC in the same from an AC MCC in the same Class 1E Clat.s 1E division as the CVCF.The Division division as the CVCF. The Division IV CVCF IV Class 1E CVCF is supplied AC power is supplied AC power from the AC MCC in from the AC MCC in the same division that the same division that supplies power to supplies power to the Division IV battery the Division IV battery charger.The backup charger. The backup power for each Class power for each CVCF is supplied from the 1E CVCF is supplied from the DC battery in DC battery in the same Class 1E division as !
the same Class 1E division as the CVCF. In the CVCF. In addition, each Class 1E CVCF f addition, each Class 1E CVCF unit contains unit contains an alternate power supply.
an alternate power supply. The alternate The alternate power supply is a voltage power supply is a voltage regulating regulating transformer, and is supplied transformer, and is supplied power from power from the same AC power source as the same AC power source as the normal the normal power supply.
power supply.
- 3. Automatic transfer between the Class 1E 3. Tests will be conducted on each as-built 3. Each as-built Class 1E CVCF unit CVCF unit's three power sources maintain Class 1E CVCF by providing a test signal in automatically and manually transfers a regulated output. Manual transfer one power source at a time. A test of the between the unit's three power sources between each Class 1E CVCF unit power manual transfer will also be conducted. and maintains a regulated output.
source is also provided.
- 4. Each Class 1E CVCF unit is sized to provide 4. Analyses will be performed for each as- 4. Analyses for each as-built Class 1E CVCF output power to its respective distribution built Class 1E CVCF by determining the exist and ennfirm that each CVCF capacity, panel instrumentation and control loads. power requirements of its instrumentation as determined by its nameplate rating, and control loads. exceeds its analyzed load requirements.
- 5. Class 1E CVCFs and their respective 5. Inspections of the as-built Class 1E CVCFs 5. The as-built Class 1E CVCFs and their distribution panels are located in Seismic will be conducted. respective distribution panels are located y Category 1. structures and in their in Seismic Category I structures and in y respective divisional areas. their respective divisional areas.
N
O O O 3 Table 2.12.14 Vital AC Power Supply and AC Instrument and Control Power Supply Systems (Continued)
B Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspectior s, Tests, Analyses Acceptance Criteria
- 6. In the Vital AC Power Supply System, 6a. Tests will be performed on the Vital AC 6a. A test signal exists only in the Class 1E independence is provided between Class Power Supply System by providing a test division under test in the Vital AC Power 1E divisions, and between Class 1E signal in only one Class 1E division at a Supply System.
divisions and non-Class 1E equipment. time.
6b. Inspection of the as-built Class 1E divisions 6b. In the Vital AC Power Supply System, in the Vital AC Power Supply System will physical separation exists between the be performed. Class 1E divisions. Physical separation exists and between these Class 1E divisions and non-Class 1E equipment.
- 7. The power to each Class 1E AC instrument 7. Inspections of the as-built AC Instrument 7. The power to each as-built Class 1E AC and control power supply voltage and Control Power Supply System will be instrument and control power supply regulating transformer is supplied from an conducted. voltage regulating transformer is supplied AC MCC in the same Class 1E division as from an AC MCC in the same Class 1E the transformer. division as the transformer.
'M 8. Each Class 1E AC instrument and control 8. Analyses will be performed for each as- 8. Analyses for each as-built Class 1E AC power supply is sized to provide output built Class 1E AC instrument and control instrument and control power supply exist power to its respective distribution panel power supply by determining the power and confirm that each AC instrument and instrumentation and control loads. requirements of its instrumentation and control power supply capacity, as control loads. determined by its nameplate rating, exceeds its analyzed load requirements.
- 9. Class 1E divisional AC instrument and 9. Inspections of the as-built Class 1E AC 9. The as-built Class 1E instrument and control power supplies and their respective instrument and control power supplies will control power supplies and their respective distribution panels are located in Seismic be conducted. distribution panels are located in Seismic Cate0ory I structures and in their Category I structures and in their respective divisional areas. respective divisional areas.
M i3 k
J_
g Table 2.12.14 Vital AC Power Supply and AC Instrument and Control ?ower Supply Systems (Continued) a inspections Tests Analyses and Acceptance Criter ia Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 10. In the AC Instrumentation and Control 10a. Tests will be performed on the AC 10a. A test signal exists only in the Class 1E Power Supply System, independence is Instrumentation and Control Power division under test in the AC provided between Class 1E divisions, and Supply System by providing a test signal in Instrumentation and Control Power also between Class 1E divisions and non- only one Class 1E division at a time. Supply System.
Class 1E equipment.
10b. Inspection of the as-built Class 1E 10b. In the AC Instrumentation and Control
- divisions in the AC Instrumentation and Power Supply System, physical separation !
Control Power Supply System will be exists between the Class 1E divisions.
performed. Physical separation exists between these Class 1E divisions and non-Class 1E equipment.
N' i
\
Y
- -N
_ _ . - _ _ _ - .A_m._a_. _m__.-m_______._u____2-.-_.___.-_______._.-_________a -_ _ _ _ . - - _ _ _ _ _ _ - _ _ _ _ _ . - c--+- -__m__.._-.__ =__ _
l ABWR Design Document 7
2.L.16 Communication System i
\
Design Description The parts of the plant Communication System within the Certified Design consist of a power-actuated paging and broadcasting system and a separate sound-powered telephone system.The parts of the Communication System associated with off-site or portable communications are not within the Certified Design.
The power-actuated paging system provides intraplant station to station communications and area broadcasting in buildings and outside areas for plant operations and personnel safety. The system consists of at least two channels, with one channel allowing access from the plant telephone system. Each channel is provided with an amplifier and distribution panel. Ilandsets and speakers are provided in conidors and in large rooms. The power-actuated paging system is powered from its own battery.
The sound-powered communication system consists of a main communication patch panel, a set of communication stations and a system of cables andjacks.
This system provides communication capability between the main control room (MCR), Remote Shutdown System (RSS) panel, electrical equipment area and diesel generator areas. The patch panel is located outside the MCR. The sound-d powered communication system does not requh e any electrical power source for its operation.
The plant Communication System is classified as non-safety related.
Interface Requirements The parts of the Conuuunication System which are not within the Certified Design shall meet the following requirements:
An emergency communication system for off-site communication and a portable radio communication system, independent of the other communication systems, shall be provided.
Inspections, Tests, Analyses and Acceptance Criteria Table 2.12.16 provides a definition of the inspections, tests, and/or analyses, together with the associated acceptance criteria, which will be undertaken for the communication system.
1 O l l
1 6/4/93 2.12.16
O O O Table 2.12.16 Communication System inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The basic configuration of the plant 1. Inspections of the as-built plant 1. The as-built plant Communication System Communication System is described in Communication System will be conducted. conforms with the basic configuration Section 2.12.16. described in Section 2.12.16.
9 e
5
ABWR c: sign Docum:nt i
2.12.17 Lighting and Servicing Power Supply
/
L Design Description The Lighting and Servicing Power Supply (LSPS) consists of Class IE and ;
Associated Class 1E systems. The systems are the standby alternating current i (AC) lighting system, the emergency direct current (DC) lighting system, and the guide lamp lighting system. Each Associated Class 1E standby AC lighting system supplies the lighting in its respective safety-related divisional equipment areas, and in the passageways and stairwells leading to its respective divisional equipment areas. The Associated Class IE emergency DC lighting system provides backup lighting power in the following areas:
(1) Main Control Room (MCR).
(2) Remote Shutdown Station (RSS).
(3) Emergency Diesel Generator (DG) areas and control rooms.
(4) Safety-related AC and DC electrical equipment areas.
Class 1E guide lamps are provided in safety-related area stairways, exit routes, and MCR, and RSS areas.
O. The Class 1E lighting and associated Class 1E lighting systems have:
n (1) Lighting fixtures mounted in safety-related areas have grids or diffusers to prevent broken material from becoming a hazard to personnel or to -
safety-related equipment.
(2) Explosion-prooflighting features when located in areas containing flammable material. l (3) Waterproofinstallations when located in areas subject to high moisture.
The Associated Class 1E lighting system consists of three divisions (Divisions I, II and III) of AC lighting, and four divisions (Divisions I, II, III, and IV) of DC 1 lighting.
Non-Class 1E lighting loads that are connected to a Class IE power source are
. identified as Associated Class IE circuits and treated as Class lE. Each of the :
Associated Class 1E lighting systems is supplied power from its respective, independent Class 1E AC divisional bus or divisional DC battery. In the LSPS, .
independence is provided between Class 1E divisions, and also between Class IE divisions and non-Class 1E equipment.
6/4/93 2.12.17 l
l l
ABWR Design Document l H
l g Class 1E or Associated Class 1E lighting distribution panels and fixtures are :
Q located in Seismic Category I structures, and in their respective divisional areas.
Class 1E or Associated Class 1 E lighting system cables and raceways are identified ;
according to their Class 1E division. The emergency lighting system cables and raceways are identified as DC. Class 1E or Associated Class 1E lighting system cables are routed in their respective divisional raceways and in Seismic Category I structures. DC lighting system cables are not routed with any other cables.
The Associated Class IE standby AC lighting system in the Division IV battery room and other Division IV instrumentation and control areas is supplied from the lighting system in the same division as the other Class 1E divisional equipment (battery chargers, Constant Voltage Constant Frequency (CVCF) power supplies) supplying the Division IV areas. The MCR standby AC lighting is supplied from the same two divisions of the Associated Class lE standby AC lighting system as the divisions supplying the MCR Heating, Ventilating, and Air Conditioning (HVAC).
The Associated Class 1E emergency lighting for the safety-related areas is supplied from the Class lE battery in the same divisions as the areas. The MCR emergency DC lighting is supplied from the same two divisions of the Associated Class 1E emergency DC lighting system as the divisions supplying the Associated g Class 1E standby AC lighting.
The Class 1E guide lamps are self-contained battery pack units with a rechargeable battery. The Class 1E rechargeable batteries have a minimum 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> capacity, and the battery charger is supplied from the same power source as the Associated Chss 1E standby AC lighting system in the area in which it is ;
located.
Inspections, Tests, Analyses and Acceptance Criteria \
l Table 2.12.17 provides a definition of the inspections, tests, and/or analyses, together with associated acceptance criteria, which will be undertaken for the Lighting and Senice Power Systems.
O O
6/4/93 2.12.17
s r
(
t 3 Table 2.12.17 Lighting and Servicing Power Supply .
3 Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The basic configuration of the LSPS is 1. Inspections of the as-built system will be 1. The as-built LSPS conforms with the basic configuration described in Section 2.12.17.
described in Section 2.12.17. conducted.
- 2. Non-Class 1E lighting loads that are 2a. Tests will be conducted by providing a test 2a. The as-built non-Class 1E lighting loads, connected to a Class 1E power source are signal in only one Class 1E division at a identified as Associated Class 1E, receive a identified as Associated Class 1E circuits time. test signal from only the Class 1E division and treated as Class 1E. under test.
2b. Inspections of the Class 1E power sources 2b.The as-built non-Class 1E lighting loads will be conducted. treated as Associated Class 1E are identified.
- 3. Independence is provided between Class 3a. Tests will be performed on the LSPS by 3a. A test signal exists in only the Class 1E 1E divisions, and between Class 1E providing a test signal in only one Class 1E division under test in the LSPS.
divisions and non-Class 1E equipment. division at a time.
43 3b. Inspections of the as-built Class 1E 3b. In the LSPS, physical separation exists divisions in the LSPS will be conducted. between Class 1E divisions. Physical separation exists between these Class 1E divisions and non-Class 1E equipment.
- 4. Class 1E or Associated Class 1E lighting 4. Inspections of the as-built Class 1E and 4. The as-built Class 1E and Associated Class !
. distribution panels and fixtures are located Associated Class 1E lighting system will be 1E lighting distribution panels and fixtures in Seismic Category I structures,. and in conducted. are located in Seismic Category I their respective divisional areas (except for structures, and in their respective features in design commitment no. 7). divisional areas.
Class 1E or Associated Class 1E lighting Inspections of the as-built Class 1E and The as-built Class 1E and Associated Class
- 5. 5. 5.
system cables and raceways, are identified Associated Class 1E divisional cables and 1E lighting system cables and raceways are according to their Class 1E division.The raceways will be conducted. identified according to their Class 1E emergency lighting system cables and division. The emergency lighting system raceways are identified as DC. cables and raceways are identified as DC.
- 6. Class 1E or Associated Class 1E lighting 6. Inspections of the as-built Class 1E cnd 6. The as-built Class 1E and Associated Class system cables are routed in their respective Associated Class 1E divisional cr Mss and 1E divisional cables are routed in Seismic divisional raceways and in Seismic raceways will be conducted. Category I structures and in their Category i structures. DC lighting system respective divisional raceways. DC lighting
, [ cables are not routed with any other system cables are not routed with any cables. other cables.
O O O 3 Table 2.12.17 Lighting and Servicing Power Supply (Continued) la inspections, Tests, Analyses and Acceptance Criteria Design Commitment Inspections, Tests, Analyses Acceptance Criteria
- 7. The Associated Class 1E standby AC 7. Tests will be conducted by providing a test 7. The as-built Associated Class 1E standby lighting system in the Division IV battery signal in only one Class 1E division at a AC lighting in the Division IV battery room room and other Division IV time. and other Division iV instrumentation and instrumentation and control areas is control areas is supplied from the lighting supplied from the lighting system in the system in the same division as the other same division as the other Class 1E Class 1E divisional equipment (battery divisional equipment (battery chargers, chargers, CVCF power supplies) supplying CVCF power supplies) supplying the the Division IV areas. The MCR lighting is Division IV areas. The MCR standby AC supplied from the same two divisions of lighting is supplied from the same two the Associated Class 1E standby lighting divisions of the Associated Class 1E system as the divisions supplying the MCR '
standby lighting system as the divisions HVAC.
- 8. The Associated Class 1E emergency 8. Tests will be conducted by providing a test 8. The as-built Associated Class 1E lighting for the safety-related areas is signal in only one Class 1E division at a emergency lighting for the safety-related A supplied from the Class 1E battery in the time. areas is supplied from the Class 1E battery same divisions as the areas. The MCR in the same divisions as the areas. The emergency DC lighting is supplied from the MCR emergency DC lighting is supplied same two divisions of the Associated Class from the same two divisions of the 1E emergency DC lighting system as the Associated Class 1E emergency DC lighting divisions supplying the Associated Class system as the divisions supplying the 1E standby AC lighting. Associated Class 1E standby AC lighting.
- 9. The Class 1E guide lamps are self- 9a. inspections of the as-built Class 1E guide 9a. The guide lamps are self-contained, battery contained, battery pack units with a lamps will be conducted. pack units with a rechargeable battery. The rechargeable battery.The Class 1E as-built Class 1E rechargeable batteries ,
rechargeable batteries have a minimum 8 9b. Tests will be conducted by providing a test have a minimum 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> capacity.
hour capacity, and a battery charger signalin only one Class 1E division at a supplied from the Class 1E standby AC time. 9b. The battery charger is supplied from the lighting system in the area in which they same power source as the Associated are located. Class 1E standby AC lighting system in the area in which it is located.
N O
U
ABWR oesign Docum:nt 2.14.4 Standby Gas Treatment Systern l p '
0 Design Description The Standby Gas Treatment System (SGTS) is used to filter the gaseous effluent ,
from either the primary or secondary containment. The purpose of SGTS is to )
limit the discharge of radioacthity to the emironment on receipt of the signal l from the Leak Detection System (LDS). Figure 2.14.4 shows the basic system i configuration and scope. ,
The SGTS is classified as safety-related.
Each division of the SGTS except cooling fan and associated damper) is automatically initiated by signals from the LDS. Each SGTS disision can be manually initiated from Main Control Room (MCR).
The SGTS maintains a negative pressure in the secondag containment relative 3
to the outdoor atmosphere. Each SGTS process fim capacity is at least 6400 m /
hr (@760mm Hg, O C) with the secondary containment not isolated. The adsorber efliciency for elemental iodine removal is at least 99 percent.
After SGTS initiation, each cooling fan starts automatically when a signal f indicates the process fan in that division is not operating.
(
w The SGTS has four safety-related differential pressure sensors for monitoring secondary containment pressure with respect to ambient pressure outside. One sensor is located on each of the four sides of the Reactor Building.
The SGTS is classified as Seismic Categon 1.
The SGTS is located in the Reactor Building.
The SGTS Division B is powered from Class 1E Division II, except for the cooling fan and associated damper which is powered by Class lE Division III. The SGTS Division C is powered from class lE Division III except for the cooling fan and associated damper which is powered by Class lE Division II. Each of the four difTerential pressure sensors is powered from its respective Class 1E Division. In the SGTS, independence is provided between Class IE Divisions and also ;
between the Class 1E divisions and non-Class 1E equipment, l i
Except for the common connection to the plant stack, each mechanical division of the SGTS (Divisions B and C) is physically separated from the other division. 1 l
l 1
f% l b
I 6/3/93 2.14.4
ABWR Design Docum2nt The SGTS has the following displays and controls in the main control room:
(1) Parameter displays for the instruments shown on Figure 2.14.4.
(2) Controls and status indication for the active safety-related components shown on Figure 2.14.4.
(3) Manual system level initiation capability.
The safety-related electrical equipment located in the Reactor Building is qualified for a harsh environment.
Inspections, Tests, Analyses and Acceptance Criteria Table 2.14.4 provides a defmition of the inspections, tests, and/or analyses, together with associated acceptance criteria, that will be undertaken for the SGTS.
O 6/3/93 -2 2.14.4
g m" ?
O. K C
A T
S T
G S
S J
~.
l lI l 4
" M M E l
D I
l l S
5 1
S S n e S S
EN N EN N CA A CA A 1_
OF R
P mF OF R
P F
@ m p v t e
s y
3 E S D t IS n L
e t
m N a I
A N I
e r
B R A n T C R 1 .
T io R n T s is i
v E
T L
io s
R E
T
@ G a
O i
D I
F i v L I
y D F b d
2 n E t a
D I S S
L 4 4
1 2
I e
r
@ i u
g F
T YN " T v RE YN 1
E M AM RE D O ON t I f
I M AM I S
ROA S O ON U S RxA T I
FCENT T G G .
SO S F uT EN S E
C SO C
S C S A C A
T T N YE N RM YE AN RM MIA AN RT I
MI I A RT PN O O PN O C
C E" N[
p ,
{ \ l 1 V L/ d
$ Table 2.14.4 Standby Gas Treatment System 8
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The basic configuration of the SGTS is as 1. Inspections of the as-built system will be 1. The as-built SGTS conforms with the basic shown on Figure 2.14.4. conducted. configuration shown on Figure 2.14.4.
- 2. Each division of the SGTS (except cooling 2. Tests will be conducted on each as-built 2. The process fan starts and dampers open fan and associated damper) is SGTS division using simulated initiation to allow process flow, automatically initiated by signals from the signals.
LDS.
- 3. Each SGTS division can be manually 3. Test will be conducted by initiating each 3. Each division of SGTS receives an initiation initiated from the MCR. division ma iually. signal.
- 4. Each SGTS process fan capacity is at least 4. Tests will be c'nducted on each as-built 4. Each SGTS process fan capacity is at least 6400 m3/hr (@760mm Hg, O'C) with tne SGTS division. 6400 m3/hr (@760mm Hg. O C) with the secondary containment not isolated. secondary containment not isolated.
- 5. The adsorber efficiency for elemental 5. Inspections of the as-installed adsorber 5. The adsorber efficiency for elemental iodine removalis at least 99 percent. material will be conducted, iodine removal is at least 99 percent.
A
- 6. After SGTS initiation, each cooling fan 6. Tests will be conducted on each division 6. The cooling fan starts automatically when starts automatically when a signal using signals indicating process fan is not a signal indicates the process fan is not indicates the process fan in that division is operating. operating.
not operating.
- 7. In the SGTS, independence is provided 7a. Tests will be performed on SGTS by 7a. The test signal exists only in the Class 1E between Class 1E divisions, and between providing a test signalin only one Class 1E division under test in the SGTS.
Class 1E divisions and non-Class 1E division at a time.
equipment.
7b. Inspections of the as-built Class 1E 7b. In the SGTS, physical separation exists divisions in the SGTS will be performed. between Class 1E divisions. Physical separation exists between Class 1E l divisions and non-Class 1E equipment.
8.
Excekfor the common connection8.to Inspections plant stack, each mechanical division of the the performed.
of the as-built SGTS will be 8. Each mechanical division of the SGTS is physically separated from other
! separated from the other divisions. structure and/or fire barriers.
l 9. MCR displays and controls provided for the 9. Inspections will be performed on the MCR 9. Displays and controls exist or can be l p SGTS are as defined in Section 2.14.4. displays and controls for the SGTS. retrieved in the MCR as defined in Section
% 2.14.4.
a
ABWR 0: sign Docum:nt l 2.16.2 Oil Storage and Transfer System V Design Description The Oil Storage and Transfer System consists of three independent Emergency Diesel Generator ("'G) fuel oil storage and transfer systems with their respective fuel storage tanks, transfer pumps, day tanks, and instnunentation and controls.
Figure 2.16.2 shows the basic system configuration and scope. The three divisions (Divisions I, II, and III) of the Oil Storage and Transfer System provides fuel oil to their respective divisional DGs.
The three DG fuel oil storage tanks are separately located underground outside of the Reactor Building. Storage tank external equipment is located above the maximum flood level.
The Oil Storage and Transfer System is classified as safety-related.
The DG fuel oil storage tanks provide a minimum seven (7) day fuel oil supply with the respective DGs supplying their maximum design basis accident load demand.
DG fuel oil is transferred automatically from the storage tanks to the day tanks by day tank low level signals. Manual control of DG fuel oil transfer is also Q provided. DG fuel oil is transferred from the storage tanks to the day tanks at a rate which exceeds the DG consumption rates while supplying their maximum design basis accident load demand.
The DG fuel oil day tanks provide a minimum four (4) hour fuel oil supply with their respective DGs supplying their maximum design basis accident load demand. Fuel oil is transferred from the day tanks to the engine fuel oil pumps by gravity flow.
The Oil Storage and Transfer System is classified as Seismic Category 1. Figure 2.16.2 shows the ASME Code class for the Oil Storage and Transfer Systems.
Each of the three Oil Storage and Transfer System divisions is powered from its respective Class 1E division. In the Oil Storage and Transfer System, independence is provided between Class 1E divisions, and also between the Class 1E divisions and non-Class lE equipment.
i Within the Reactor Building, each mechanical division of the Oil Storage and Transfer System is physically separated from the other divisions.
I O
6/4/93 2.16.2 l
ABWR 0: sign Docum:nt !
The Oil Storage and Transfer System has the following displays and controls in Q the main control room (MCR):
(1) Displays for DG fuel oil storage tank levels and day tank levels.
(2) Controls and status indication for DG fuel oil transfer pumps.
Inspections, Tests, Analyses and Acceptance Criteria Table 2.16.12 provides the definition of the inspection, tests, and/or analyses, together with the associated acceptance criteria, which will be undertaken for the Oil Storage and Transfer System.
~'\
(G
,em i
l 6/4/93 2.16.2
)
1
f 's Q
(s s.v/
8 VENT J REACTOR
/ BUILDING 5
/
/ DIESEL VENT I ( FUEL OIL FILL
( DAY TANK
/
GRADE LINE E-TRANSFER M PUMP d OIL STORAGE DG e' g ,, AND TRANSFER
( h SYSTEM 3
BURIED TO DIESEL DIESEL ENGINE FUEL OIL FUEL PUMP STORAGE (GRAVITY FLOW)
NOTES:
OL 1. FIGURE REPRESENTS ONE OF THREE OIL STORAGE AND TRANSFER SYSTEM DIVISIONS.
- 2. EACH OF THE THREE DIVISIONS IS POWERED FROM ITS RESPECTIVE CLASS 1E DIVISION.
N
-@ Figure 2.16.2 Oil Storage and Transfer System
s
$ Table 2.16.2 Oil Storage and Transfer System 8
inspections Tests Analyses and Acceptance Criteria Design Commitment inspections Tests Analyses
, , Acceptance Criteria
- 1. The basic configuration of the Oil Storage 1. Inspections of the as-built system will be 1. The as-built Oil Storage and Transfer and Transfer System is e2 shown on Figure conducted. system conforms with basic cc.Cguration 2.16.12. shown on Figure 2.16.2.
- 2. The ASME Code components of the Oil 2. A pressure test will be conducted on those 2. The results of the pressure test of the Storage and Transfer System retain their code components of the Oil Storage and ASME Code components of the Oil Storage t pressure boundary integrity under internal Transfer System required to be pressure and Transfer System conform with the pressures that will be experienced during tested by the ASME Code. requirements in the ASME Code, Section
. service. Ill.
- 3. The DG fuel oil storage tanks provide a 3. Inspection of the as-built DG fuel oil 3. Inspection of the as-built DG fuel oil minimum seven (7) day fuel oil supply with storage tanks will be conducted to storage tanks will be conducted to the respective DGs supplying their determine usable fuel storage volume. determine the usable fuel storage volume.
maximum design basis accident load Analyses will be performed to determine ,
demand. the required fuel oil volume DG fuel consumption data and design basis A accident load demand.
- 4. DG fuel oil is transferred automatically 4. Tests will be conducted on the as-built DG 4. The as-built DG fuel oil transfer system from the storage tanks to the day tanks by fuel oil transfer systems using simulated operation occurs automatically on the day tank low level signals. Manual control day tank low level signals, and by manual simulated day tank low level signals, and of DG fuel transfer is also provided. control. when controlled manually.
- 5. DG fuel oil is transferred automatically 5. Tests will be conducted on each division of 5. DG fuel oil is transferred automatically from the storage tanks to the day tanks at a the as-built DG fuel oil transfer systems by from the storage tanks to the day tanks at a rate which exceeds the DG consumption transferring fuel oil while the DGs are rate which exceeds the DG consumption rates while supplying their maximum supplying their design basis accident rates while supplying their maximum design basis accident load demand. Ioads, design basis accident load demand.
- 6. The DG fuel oil day tanks are sized to 6. Inspection of the as-built DG, fuel oil day 6. The DG fuel oil day tanks are sized to provide a minimum four (4) hour fuel oil tanks will be conducted to determine provide a minimum four (4) hour fuel oil supply with their respective DGs supplying usab!e fuel storage volume. Analyses will supply with their respective DGs supplying their maximum design basis accident load be performed to determine the required their maximum design basis accident load demand. fuel oil volume using DG fuel consumption demand.
data, and design basis accident load demand.
N is u
-o e sr - v
$ Table 2.16.2 Oil Storage and Transfer System (Continued) is Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 7. In the Oil Storage and Transfer System, 7a. Tests will be conducted in the as-built Oil 7a. The test signal exists only in the Class 1E independence is provided between the Storage and Transfer System b / providing division under test in the Oil Storage and Class 1E divisions, and between the Class a test signalin only one Class 1E division at Transfer System.
1E divisions and non-Class 1E equipment. a time.
7b. Inspections of the as-built Class 1E 7b. In the Oil Storage and Transfer System, divisions in the Oil Storage and Transfer physical separation exists between Class System will be conducted. 1E divisions. Physical separation exists between these Class 1E divisions and non-Class 1E equipment.
- 8. Within the Reactor Building, each 8. Inspections of the as-built Oil Storage and 8. Within the Reactor Building, each mechanical division of the Oil Storage and Transfer System will be conducted. mechanical division of the Oil Storage and Transfer System is physically separated Transfer System is physically separated from the other divisions. from the other mechanical divisions by structural and/or fire barriers.
U 9. MCR displays and controls provided for the 9. Inspections will be conducted on the MCR 9. Displays and controls exist or can be Oil Storage and Transfer System are as displays and controls for the Oil Storage retrieved in the MCR as defined in Section defined in Section 2.16.2. and Transfer System. 2.16.2.
N 5
L
ABWR oxsign accument 2.16.3 Site Security Design Description Security for ope rating personnel and vital equipment is provided by a combination of plant layout, in-plant communications, and emergency lighting.
Access into vital equipment areas is achieved through the use of door controls.
The door control design is identified as Safeguards Information subject to the "need-to-know" provisions of 10 CFR 73 Part 21. Consequently, no design description is provided in this document.
In-plant communications is covered in Section 2.12.16, Light and Servicing Power Systems.
Emergency lighting is covered in Section 2.12.17, Communication System.
Inspections, Tests, Analyses and Acceptance Criteria No entries for this system.
1 I
l l
5!16'93 2.16.3
I i
ABWR D: sign Document 3.1 Human Factors Engineering i l
Design Description l The ABWR certificd design's human-system interfaces (HSI) will be developed, designed, and evaluated based upon a human factors systems analysis and shall reflect human factors principles. The HSI scope applies to the main control room (MCR) and Remote Shutdown System (RSS). Further, within the MCR, the HSI scope includes that area which provides the displays, controls and alarms required for normal, abnormal and emergency plant operations.
The HSI design effort will be directed by a multi-disciplinary HFE Design Team comprised of personnel with expertise in HFE and in other technical areas relevant to the HSI design, evaluation and operations. The HFE Design Team shall develop a Program Plan to establish methods for implementing the HSI design through a process of human factor systems analysis as shown in Figure 3.1.
Implementation of that process will be as follows:
(1) A System Functional Requirements Analysis Implementation Plan will be developed which establishes that plant system functional requirements will be analyzed that to identify those functions which must be perfonned to satisfy the objectives of each ftmctional area.
System functional requirements analyses will be conducted to determine the objectives, performance requirements and constraints of the design, and establish the functions which must be accomplished to meet the objectives and required performance.
(2) An Allocation of Functions Implementation Plan will be developed to establish methods of alloca:ing functions to personnel, system elements and personnel-system combinations. An analysir of the allocation of system functions will be carried out according to the provisions of this Plan.
(3) A Task Analysis Implementation Plan will be developed to establish methods for conducting the task analysis. The task analysis will be conducted according to the provisions of the Plan and will be used to identify the behaviom! requirements of the tasks the personnel are :
required to perform in order to achieve the functions allocated to them.
The task analysis will identify the information and control requirements ;
that form the basis for specifying the requirements for the displays, data i processing and controls needed to carry out the tasks. The task analysis ;
will also be used to maintain human performance requirements within )
human capabilities, as an input for developing personnel skill, I
l 6/4/93 3.1
' ABWR D: sign Docum:nt personnel training, plant procedures and system communication requirements and as an input to the evaluation of established plant operations control room stafrmg levels.
(4) A Human-System Interface Design Implementation Plan will be developed to establish methods for applying human engineering principles in the design definition and evaluation of the HSI. Human engineering principles will be used, as prescribed by this Plan, during the HSI design definition and evaluation.
(5) A Plant and Emergency Opemting Procedure Development implementation Plan will be developed to establish methods for preparing plant and emergency operating procedures, which will be -
used to support and guide human interaction with plant systems and in the control of plant operations. Human engineering principles and criteria will be applied in the procedures preparation.
(5) A Human Factors Verification and Validation Implementation Plan will be developed to establish methods for conducting an evaluation of the HSI design as an integral system using HFE evaluation principles, procedures and criteria. The HSI design will be evaluated as an integrated system using the HFE evaluation principles, procedures and -
criteria prescribed by this Plan.
Inspections, Tests, Analyses and Acceptance Criteria Table 3.1 provides a definition of the instructions, tests, and/or analyses, together with associated acceptance criteria, which will be peiformed to demonstrate compliance with the HFE commitments for the certified design.
1
.j
.l 6/4/93 3.1
+ i' '
I I I I I I
- )
_;l I .- l
- ' i qiql _ -
K .
C .
_ - B A .
_ -D E -
_ - - E
- _ - F
_ - ( s -
T _ - s N e
_ - E c -
o M _ -
r
_ - P P n
O .
- L o E _ i t
N V a O - E _
t n
I T
I D i e
N E _ m I
F R l e
E U _ p D D N m E _ I S S C O n T N O _
I T g N O R A i s
E e SID I
T P _
M C S RL D.
E N D e OA I
R S _ c I U Y TV E a U F L _ CD T f Q F A AN NN r e
E O N FA EGI t
n R N A ,
MS I L O K NN EE A I S
_ AO MI LD P
m e
N T A t O A T
_ UA T M s y
- I C HC I S-T O _ I C L F I
n N L _ R a U A N E m F V u M
MG I
_ H E ES T TE _ 1 S Y SD 3 Y SC E e r
S u NA I g
AF i F
MR f UE HT N
l 3B ." s
Table 3.1 Human Factors Engineering +
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment Inspections. Tests. Analyses Design Acceptance Criteria 1.a A multi-disciplinary HFE Design Team shall 1.a The composition of the HFE Design Team 1.a The HFE design team shall be comprised of .
be established and be comprised of shall be reviewed. the following expertise:
personnel with expertise in HFE and in other technical areas relevant to the HSI (1) Technical Project Management design, evaluation and operation.
(2) Systems Engineering (3) Nuclear Engineering (4) Control and instrumentation Engineering (5) Architect Engineering (6) Human Factors (7) Plant Operations (8) Computer Systems Engineering
'(9) Plant Procedure Development (10) Personnel Training !
P,
__.__.m _ . _ _____________._______.m
$ Table 3.1 Human Factors Engineering (Continued) ia inspections Tests Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Design Acceptance Criteria 1.b An HFE Program Plaa shall be developed 1.b The HFE Program Plan shall be 1.b The HFE Program Plan shall establish:
which establishes that the human-system reviewed. ,
interfaces shall be developed, designed, (1) HSI design and evaluation methods and evaluated based upon human factors and criteria.
systems analysis and shall reflect human factors principles. The HSI scope shall (2) Methods for address!ng:
(a) The ability of the operating personnel to accomplish assigned tasks.
(b) Operator workloar'
- eels and vigilance.
(c) Operating persc. 4
' situation awareness."
v' (d) The operators'information processing requiremer.ts.
(e) Operator memory requirements.
(f) The potential for operator error.
(3) HSl design and evaluation scope which applies to the MCR and RSS. The HSI scope shall address normal, abnormal and emergency plant operations, and test and maintenance interfaces that impact the functions of the operations i
personnel. The HSI scope shall also 1
w
- - - - - - - - - - - - - - - - - - - - u - ,
2 Table 3.1 Human Factors Engineering (Continued) e Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Design Acceptance Criteria 1.b Continued 1.b. Continued address the development of operating technical procedures for normal, abnormal and emergency plant operations and the identification of personnel training needs applicable to the HSI design.
(4) The HFE Design Team as being responsible for:
(a) The development of HFE plans and procedures.
(b) The oversight and review of HFE design, development, test, and evaluation activities.
?
(c) The initiation, recommendation, and provision of solutions through designated channels for problems identified in the implementation cf the HFE activities.
l (d) Verification of implemention of solutions to problems.
(e) Assurance that HFE activities comply to the HFE plans and procedures.
(f) Phasing of activities.
l f (5) The methods for the identification, I closure and documentation of human I factors ir. sues.
l i (6) The HSI design configuration control l .w procedures.
g Table 3.1 Human Factors Engineering (Continued) !
s Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests. Analyses Design Acceptance Csiteria 2.a A System Functional Requirements 2.a The System Functional Requirements 2.a The System Functional Requirements Analysis implementation Plan shall be Analysis implementation Plan shall be Analysis Implementation Plan shall
- developed which establishes that plant reviewed. establish
system r6quirements shall be analyzed to identify those functions which must be (1) Methods and criteria for con-
. performed to satisfy the oojectives of each ducting the System Functional 4
functional area. System function analysis Requirements Analysis.
shall determine the objective, performance requirements, and (2) That system requirements shall constraints of the design, and establish the define the system functions and !
functions which must be accomplished to those system functions shall pro-4 meet the objectives and required vide the basis for determining the -
performance. associated HSi performance ,
requirements. '
> (3) That functions critical to safety
?
Y shall be identified.
(4) That descriptions shall be i developed for each of the identified functions arid for overall system configuration design itself. Each function shall be identified and described in terms of inputs (observable parameters which will indicate system status), functional ,
processing (control process and performance measures required to l achieve the function), functional operations (including detecting signals, measuring information, l comparing one measurement with I another, processing information, and acting upon decisions to produce a desired condition or result such as a system or component operation actuation or trip), outputs, feedback l
-, . - --- + - _ _ _ _ _ _ _
3 Table 3.1 Human Factors Engineering (Continued) ia inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Design Acceptance Criteria i 2.a Continued (how to determine correct discharge of 2.a Continued function), and interface requirements so that subfunctions are related to larger functional elements.
2.b An analysis of system functional 2.b The analysis of the system functional 2.b The system functional requirements requirements shall be conducted. requirements shall be reviewed. analysis, as corrected to account for nonconformances, is conducted in accordance with the requirements of the Human Factors Engineering Program Plan and the System 4
Functional Requirements Analysis implementation Plan.
.=
a
._. _ _ _ . . _ . . _ . _ _ ..___._.______.m_ . _ _ . _ . _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ . _ _ _ _ _ . _ _ _ _ _ . _ _ _ _ -
m____m + . . . . _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _
3 Table 3.1 Human Factors Engineering (Continued) [
a
" t inspections Tests Analyses and Acceptance Criteria i -
Design Commitment inspections, Tests, Analyses Design Acceptance Criteria 3.a An Allocation of Function implementation 3.a The Allocation of Function Implementation 3.a The Allocation of Function Implement-Plan shall be developed which establishes Plan shall be reviewed. ation Plan shall establish:
the methods for allocating functions to i personnel, system elements, and (1) The methods and criteria for the i personnel-system combinations. execution of function allocation.
(2) That aspects of system and l' l functions definition shall be t analyzed in terms of resulting {
human performance requirements l based on the user population.
1
, (3) That the allocation of functions to personnel, system elements, and personnel system combinations shall reflect: !
{ @ ;
(a) Sensitivity, precision, time, and l safety requirements.
l (b) Reliability of system performance.
(c) The number and the necessary
- r. kills of the personnel required to operate and maintain the system.
i
- (4) That allocation criteria, rationale, i
analyses, and procedures shall be ,
j documented.
(5) That analyses shall confirm that the personnel can perform tasks allocated to them while maintaining operator situation awareness, acceptable personnel workload, and personnel vigilance.
5'
_ _ _ _ . _-- . - ~ . r ~ . ., - , , - , ..m . , - - _ _ _ _ . _ _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _
3 Table 3.1 Human Factors Engineering (Continued) e Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections. Tests, Analyses Design Acceptance Criteria 3.b A functional allocation analysis shall be 3.b The functional allocation analysis shall be 3.b The function allocation analysis, as conducted. reviewed. corrected to account for nonconformances,
_ is conducted in accordance with the i 4
requirements of the Human Factors Engineering Program Plan and the Allocation of Functions implementation Plan.
- 4. A Task Analysis implementation Plan shall 4.a The Task Analysis implementation Plan 4.a The Task Analysis implementation Plan ,
- be developed which establishes that task shall be reviewed. shall establish
analysis shall be conducted and used to ,
identify the behavioral requirements of the (1) The methods and criteria for conduct of tasks the personnel are required to perform the task analyses.
in order to achieve the functions allocated to them. The task analysis shall be used to (2) The scope of the task analysis which maintain human performance shall include operations performed at g requirements within human capabilities; be the operator interface in the MCR and ,
used as an input for developing personnel at the RSS. The analyses shall be skill, personnel training, and system directed to the range of plant operating communication require.nents and as an modes, including startup, normal
- input to the evaluation of established plant operations, abnormal operations, operations control room staffing levels; transient conditions, low power and l
^
and form the basis for specifying the shutdown conditions. The analyses requirements for the displays, data shall also address operator interface processing and controls needed to carry operations during periods of out tasks. maintenance test and inspection of I plant systems and equipment and of the HSI equipment.
l (3) That the analysis shall be used to ,
identify which tasks are critical to safety. ,
w I
_ _ - _ _ - - - - - - - - ,w- e- - ----r ~- -- - - - -w
$ Table 3.1 Human Factors Engineering (Continued) a Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Design Acceptance Criteria 4.a Continued 4.a Continued (4) That task analysis shall develop narrative descriptions of the personnel activities required for successful completion of the task.
(5) That task analysis shallidentify requirements for alarms, displays, data processing, and controls.
(6) That task analysis results shall be made available as input to the personnel training programs.
4.b A task analysis shall be conducted. 4.b The task analyses shall be reviewed. 4.b The task analysis, as corrected to account for ncnconformances, is conducted in accordance with the requirements of the s
Human Factors Engineering Proaram Plan and the Task Analysis implementation Plan.
4 a
! Table 3.1 Human Factors Engineering (Continued) 5
, Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Design Acceptance Criteria 5.a HSI Design implementation Plan shall be 5.a The HSI Design implementation Plan shall 5.a The HSI Design Implementation Plan shall developed which establishes that human be reviewed. establish:
engineering principles and criteria shall be applied in the design definition and (1) The methods and criteria for HSI evaluation of the HSI. equipment design.
(2) That the HSI design shall implement the information and control require-ments developed through the task analyses, including the displays, controls and alarms necessary for the execution of those tasks identified in the task analyses as being critical tasks.
(3) The methods for comparing the consistency of the HSI human 9 performance, equipment design and associated workplace factors with that modeled and evaluated in the completed task analysis.
(4) The HSI design criteria and guidance for control room operations during periods of maintenance, test and inspection.
(5) The test and evaluation methods for resolving HFE/HSI design issues. These test and evaluation methods shall include the criteria to be used in selecting HFE/HSI design and evaluation tools.
1
y Table 3.1 Human Factors Engineering (Continued) m Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses. Design Acceptance Criteria 5.b The HSI design shall be implemented. 5.b The HSI design implementation shall be 5.b The HSI design implementation and reviewed. analyses, as corrected to account for
, nonconformances, are conducted in accordance with the requirements of the Human Factors Engineering 4
Program Plan and the HSI Design
' Implementation Plan, 6.a A Plant and Emergency Operating 6.a The Plant and Emergency Operating 6.a The Plant and Emergency Operating Procedure Development Implementation Procedure Development implementation Procedure Development implement-Plan shall be developed which establishes Plan shall be reviewed. ation Plan shall establish:
that plant and emergency operating procedures shall be developed to support (1) That operator actions identified in and guide human interaction with plant the task cnalysis shall be used as systems and in the control of plant the basis for specifying the operations. Human engineering principles procedures for operations.
g and criteria shall be applied in the procedures development. (2) That the procedures to be developed shall address normal, abnormal, and emergency plant
, operations including consideration of plant operations during periods when plant systems / equipment and primary operator interface (i.e.,
main control room) equipment is undergoing test, maintenance or
~ inspection.
2 (3) Methods and criteria for development of the operating technical procedures.
5.'.
_ _ . _ _ . __._m_ _ _ _ . _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _
$ Table 3.1 Human Factors Engineering (Continued) a Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Design Acceptance Criteria 4
6.a Continued 6.a Continued (4) That a Writer's Guide shall be i developed which establishes the process for developing the technical procedures for normal plant and
- system operation, abnormal plant operations, emergency plant operations and for responding to plant l alarm conditions.
i 6.b The Plant and Emergency Operating 6.b The Plant and Emergacy Operating 6.b The development of the Plant and Procedures shall be developed. procedure development results shall be Emergency Operating Procedures, as reviewed. corrected to account for nonconformances, is conducted in accordance with the requirements of the Human Factors
- Engineering Program Plan and the Plant y and Emergency Operating Procedure Development implementation Plan.
7.a A Human Factors Verification and 7.a The Human Factors V&V Plan shall be 7.a The Human Factors V&V implementation Validation (V&V) Implementation Plan shall reviewed. Plan shall 6stablish:
be developed which establishes that the HS! design shall be evaluated as an (1) Human factors V&V methods and
, integrated sys'em using HFE evaluation criteria.
principles, procedures and criteria.
(2) That scope of the evaluations of the integrated HSI shall include:
i 4
~
1 1
i $ Table 3.1 Human Factors Engineering (Continued)
- e l
Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections, Tests, Analyses Design Acceptance Criterie i
! 7.a Continued 7.a Continued (a) The HSI(including both the '
interface of the operator with the i HSI equipment hardware and the
! interface of the operator with the j HSI equipment's software driven
] functions).
i (b) The Pl ant and Emergency Operating Procedures. *
(c) The HSI work environment.
(3) That evaluations of the HSI equipment shall be conducted to confirm that the i controls, displays, and data processing
, functions identified in the task analyses (n are provided. ,
(4) That integration of HSl equipment with each other, with the operating ,
personnel and with the Plant and a Emergency Operating Procedures i shall be evaluated through the conduct 4
of dynamic task performance testing.
The dynamic task performance tests and evaluations shall have as their "
a objectives:
(a) Confirmation that the identified critical functions can be achieved I using the integrated HSI design.
,I (b) Confirmation that the HSI design and configuration can be operated i using the established MCR staffing i levels.
u t L !
l 3 Table 3.1 Human Factors Engineering (Continued) is inspections, Tests. Analyses and Acceptance Criteiia Design Commitment inspections, Tests, Analyses Design Acceptance Criteria 7.a Continued 7.a Continued (c) Confirmation that the Plant and ,
Emergency Operating Procedures l
, provide direction for completing the identified tasks associated with normal, abnormal and emergency ^
operations.
(d) Confirmation that the time .
' dependent aspects of the HS! ;
equipment performance allow for task accomplishment. ,
t (5) That dynamic task performance test i evaluations shall be conducted over the range of operational conditions and ,
3 upsets.
9 '
- (6) The HFE performance measures to be 1 used as the basis for evaluating the ;
- dynamic task performance test results. !
- These performance measures shall address
(a) Operating crew primary task
- performance characteristics, such as task times and procedure
, compliance.
(b) Operating crew errors and error i rates. l
, (c) Operating crew situation awareness. :
(d) Operating crew workload. '-
I (e) Operating c,ew communications i s and coordination. !
t 1
! Table 3.1 Human Factors Engineering (Continued) es Inspections, Tests, Analyses and Acceptance Criteria Design Commitment inspections Tests Analyses
, , Design Acceptance Criteria 7.a Continued 7.a Continued (f) Anthropometry evaluations.
(g) HSI equipment performance measures.
(7) The methods to confirm that HFE issues identified and documented have been resolved.
(8) The methods and criteria to be used to confirm that critical human actions, as defined by the task analysis, have been addressed in the integrated HSI design.
h 7.b A human factors engineering analysis of 7.b The analysss of the integrated HS! design 7.b The human factors engineering analysis of the integrated HS! design shall be shall be reviewed. the HSI design, as corrected to account for
- conducted. nonconformances, is conducted in accordance with the requirements of the Human Factors Engineering Program Plan and the Human Factors V&V Implementation Plan.
'I
.U
. m . .- s , , , . _ ,ms, _ _ _ _ _ _ _ _ . _ _ _ _ _
l ABWR D: sign occument j 4.1 Ultimate Heat Sink Interface Requirements The Ultimate Heat Sink (UHS) removes the heat load of the Reactor Service Water (RSW) System during all phases of plant operation. The UHS is within the Certified Design. The UHS will meet the following requirements:
(1) Provides cooling water to the RSW System for normal plant operation and to permit safe shutdown and cooldown of the plant and maintain the plant in a safe shutdown condition.
(2) Makeup water shall not be required for at least 30 days following a design basis accident.
(3) Any active safety-related system, structure, or components shall have three divisions powered by their respective Class IE divisions. Each division shall be physically separated and electrically independent of the other divisions.
l l
l l
l l
6/4/93 4.1
l l
ABWR 0: sign Documsnt 1
l 4.4 Turbine Service Water System !
l interface Requirements Covered under Section 2.11.10.
l 1
l l
I i
l 6/3/93 -1 4.4 l i
ABWR Design Document 4.7 Communication System Interface Requirements Covered in Section 2.12.16.
6/3/93 4.7