ML20056H108
| ML20056H108 | |
| Person / Time | |
|---|---|
| Site: | 05200001 |
| Issue date: | 09/02/1993 |
| From: | GENERAL ELECTRIC CO. |
| To: | |
| Shared Package | |
| ML20056H107 | List: |
| References | |
| NUDOCS 9309080239 | |
| Download: ML20056H108 (14) | |
Text
. .. . . . - . .- -- . . . - . . . .. ..
l
~
~
l SSLC Sensor Instrumentation' i B 3.3.1.1 l BASES j BACKGROUND 3. Reactor Core Isolation Coolino (RCIC) System Isolation
( Continued ) (continued) ,
in the division II ESF SLU. The Functions used for RCIC i
- isolation initiation are
- i i
- RCIC area temperature
- RCIC steam supply line pressure-low 2
- RCIC steam supply line flow-high j RCIC turbine exhaust diaphragm pressure-high j 1'
1 4. Reactor Water Cleanuo System Isolation This isolation protects against breaks in lines carrying i Cleanup Water (CUW) and also serves to align CUW valves so !
they do not interfere with ECCS injection. Isolation 1 initiation for the inboard isolation valve is performed in l the division II ESF SLU and for the outboard isolation l valves in the division I ESF SLU. The Functions used for CUW ;
line isolation /ECCS lineup initiation are.
- CUW area temperatures-high f
- CUW differential flow-high !
- main steam tunnel temperature-high !
- reactor vessel water level-low, level 2 !
j - CUW isolation on Standby Liquid Control initiation !
- Reactor vessel steam dome pressure-liigh (This function is used only in division I to close the head spray valve) f:
- 5. Shutdown Coolino System Isolation r This isolation protects against breaks in lines used in the shutdown cooling mode of the 'RHR and also serves to align RHR valves so they do not interfere with ECCS injection. !-
Isolation initiation for the RHR loops are performed in the j ESF SLUs as follows: ;
RHR LOOP A B C Inboard Div. I Div. II Div. III 1 Outboard Div. II Div. III Div. I I
i (continued) 1 ABWR TS B 3.3-15 -P&R 08/30/93 9300080239 8730902 PDR ADOCK 05200001 PDR
@h A. $1 ;
j- .
I
. SSLC Sensor Instrumentation
). B 3.3.1.1 1
1 BASES
- 5. Shutdown Coolino System Isolation (continued)
! BACKGROUND
( Continued )
j{ The Functions used for RHR isolation /ECCS lineup initiation are:
, - RHR area temperatures-high
- - reactor vessel water level -low, level 3
- reactor vessel steam dome pressure-High s
OTHER ESF FUNCTIONS l 1 i The SSLC provides actuation Functions for various other ESF r i Functions. 3 i
{
l 1. Diesel Generator _(DG) Initiation. The DG are initiated r j on high drywell pressure, low reactor water l level, or I j Essential 6.9KV bus undervoltage (covered in LCO- :
, 3.3.1.3). 1
- 2. Standby Gas Treatment Actuation. The Standby Gas Treatment (SGTS). system is automatically initiated on ,
high drywell pressure, low level 3, Reactor building j area high radiation, or fuel handling area high ;
radiation. !
- 3. Reactor Building Cooling Water / Service Water l Actuation. This Feature is actuated on high drywell j pressure, low level 1, or 6.9 KV emergency bus -i undervoltage signals (covered in LC0 3.3.1.3). _j
- 4. Containment Atmospheric Monitoring System Start. The j Containment' Atmospheric Monitoring (CAM) system is automatically started on a high drywell pressure or low level I signal. ,
- 5. Suppression Pool Cooling Actuation. Suppression pool !
cooling is automatically initiated on high suppression !
pool temperature. .l t
ATWS Mitiaation ;
i The ABWR provides various features to mitigate a postulated Anticipated Transient Without Scram (ATWS) event. The Standby Liquid Control System (SLCS) and Feedwater Runback-(continued)
ABWR TS B 3.3-16 P&R 08/30/93 u
SSLC Sensor Instrumentation B 3.3.1.1 BASES BACKGROUND 5. Shutdown Coolina System Isolation (continued)
( Continued ) !
(FWRB) are initiated by Reactor Vessel Steam Dome Pressure -
High or Reactor Water Level - Low, Level 2 Functions. The i initiation signals are provided by Analog Trip Modules (ATM) that are located in the SSLC cabinets. t There is an ATM in each division for each of the functions.
The ATMs are connected directly to the sensors in the division associated with the ATM. The outputs of all four ATMs are connected to four logic units (one in each division) using suitable isolation. Each logic unit uses 2 out of 4 logic to create initiation signals. The SRNM ATWS !
permissive function will permit initiation only when power level is above a specified value. The initiation signals from the four logic units are connected to a series / parallel arrangement of load drivers such that an initiation signal i
l from only two of the logic units will cause actuation of the ATWS mitigation features. '
SSLC
SUMMARY
The SSLC is a complex of equipment and software that !
supports a variety of Functions and Features in a variety of configurations. Table B3.3.1.1-1 is a summary of the SSLC functions and the protective equipment supported by the Functions along with the LC0 actions applicable to the ,
Functions.
APPLICABLE The actions of the SSLC are assumed in the safety analyses ,
SAFETY ANALYSIS, of References 1, 2, 3, 8, 10, and 11. The SSLC initiates LCO, and appropriate protective actions when a monitored parameter is APPLICABILITY outside of a specified Allowable Value to preserve the integrity of the fuel cladding, the Reactor Coolant Pressure Boundary (RCPB), and the containment. The Allowable Values given in Table 3.3.1.1-1 are calculated using a prescribed ,
setpoint methodology. The SSLC provides initiation signals for RPS, ECCS and plant isolation.
SSLC instrumentation satisfies Criterion 3 of the NRC Policy Statement. Functions not specifically credited in the ABWR '
SSAR analysis are retained for the overall redundancy and ,
(continued)
ABWR IS B 3.3-17 P&R 08/30/93
i SSLC Sensor Instrumentation B 3.3.1.1 BASES APPLICABLE 1.a & b, Startuo Ranae Neutron Monitor (SRNM) Neutron SAFETY ANALYSIS, Flux-Hiah/Short Period (continued)
LCO, and APPLICABILITY protection against control rod withdrawal errors and results
( Continued ) in peak fuel energy depositions below the fuel failure threshold criterion.
The SRNMs are also capable of limiting other reactivity excursions during startup, such as cold water injection events, although no credit is specifically assumed.
The ten SRNM fixed in-core regenerative fission chambers are each connected to electronics suitable for monitoring neutron flux for power levels up to 15% RTP. The SRNM ;
detectors are evenly distributed throughout the core and are <
located slightly above the fuel mid-plane. The SRNM's are assigned to the four Neutron Monitoring System (NMS) l divisions as follows:
l Division I: SRNM Detectors A, E & J '
Division II: SRNM Detectors B & F Division III: SRNM Detectors C, G & L 1
Division IV: SRNM Detectors D & H For each division, a high flux, short period, or IN0P trip from any one SRNM channel will result in a trip signal from that division. The SRNM trip data is transmitted to the TLUs in the SSlC.
l The SRNM channels are divided into three bypass Groups. One channel from each Group may be bypassed using three bypass switches on the operators console (i.e. bypass of up to three channels). The Groups are arranged so there is at least one unbypassed channel in each division and one unbypassed channel in each core quadrant. The SRNMS are assigned to the bypass Groups as follows:
Group 1: SRNM A, B, F, G Group 2: SRNM C, E, H Group 3: SRNM D, J, L (continued)
ABWR TS B 3.3-21 P&R08/30/93
q l
SSLC Sensor Instrumentation B 3.3.1.1 !
BASES I
APPLICABLE 1.a & b. Startuo Rance Neutron Monitor (SRNM) Neutron f SAFETY ANALYSIS, Flux-Hiah/Short Period (continued) l LCO, and l APPLICABILITY Each of the three multiposition operator switches l
( Continued ) corresponds to one of the Groups. j An SRNM division is OPERABLE if one or more channels in the !
division is OPERABLE. The division of sensor bypass in the i RPS portion of the SSLC does not bypass the SRNM trip signal l l
input. l 1
Operability of the SRNM function of the SSLC also requires at least one OPERABLE SRNM channel in each core quadrant. ;
The arrangement of SRNM channels into bypass Groups and the actions of LC0 3.3.2.1 ensure this requirement is satisfied. ;
The Startup Range Monitor Neutron Flux-High/Short Period 1 Function must be OPERABLE during MODE 2 when control rods l t may be withdrawn and the potential for criticality exists. !
i In MODE 5,' when a cell with fuel has its control rod f l withdrawn, the SRNMs provide monitoring for and protection against unexpected reactivity excursions. In MODE 1, the APRM System, the thermal power monitor (TPM), and the i Automatic Therm; 'imit Monitor (ATLM) function of the RC&IS provide protectic against control rod withdrawal error events and the SRNMs are not required. :
i 1.c. SRNM ATWS Permissive !
l During some low power plant conditions the ATWS trips could interfere with normal plant maneuvering and cause unnecessary stress on plant equipment. In order to prevent l the risks associated with the stresses, and to confirm that l l a ATWS may have occurred, the ATWS Functions are disabled at i low neutron flux levels.
The SRNM ATWS Permissive Function is used in some of the
! systems that implement ATWS Functions to permit initiation of ATWS functions' when the power level as detected by the SRNM is greater that the Allowable Value. When all of the
. SRNM channels indicate that power level is less than the Allowable Value then the permissive is removed and all ATWS trips are automatically bypassed.
(continued)
ABWR TS B 3.3-22 P&R 03/30/93 i
l
SSLC Sensor Instrumentation B 3.3.1.1 i l
BASES f
j APPLICABLE 1.c SRNM ATWS Permissive (continued) l SAFETY ANALYSIS, LCO, and This Function is required to be OPERABLE in Mode 1 since !
APPLICABILITY this is the MODE where the ATWS functions must be OPERABLE.
( Continued ) See the RPT LCO (LC0 3.3.4.1) for the operability basis.
The Allowable Value is selected be high enough to permit the l
necessary plant maneuvers, and low enough to assure that ATWS is available when the plant power level will not permit
- l l
long term cooling by the ECCS and their support systems.
t 1.d. SRNM-inop This trip signal provides assurance that a minimum number of SRNMs are OPERABLE. Whenever the SRNM self test and monitoring feidures detect a condition that could prevent it ,
from generating a trip when needed an IHOP/ TRIP signal will :
be sent to all four RPS TLUs. This Function was not I specifically credited in any ABWR SSAR analysis, but it is retained for the overall redundancy and diversity of the RPS as required by the NRC approved licensing basis.
O 1his Function is provided by seif test and other monitoring features and is a discrete signal so there is no Allowable .
Value for this function. ,
This Function is required to be OPERABLE when the Startup Range Monitor Neutron Flux-High/Short Period Functions are required. j 2.a. Averaae Power Ranae Monitor Neutron Flux-Hiah.
Setdown The APRM divisions receive input signals from the local i i power range monitors (LPRM) within the reactor core to l provide an indication of the power distribution and local ;
! power changes. The APRM divisions average these LPRM ,
signals to provide a continuous indication of average reactor power from a few percent to greater than Rated Thermal Power (RTP). For operation at low power (i.e.,
MODE 2), the Average Power Range Monitor Neutron Flux-High/Setdown Function is capable of generating a trip signal that prevents fuel damage resulting from abnormal l operating transients in this power range. For most O (coatiauee)
ABWR TS B 3.3-23 P&R 08/30/93
-- - _ . . -. - . -_ .. . = _
i <
t 1 f SSLC Sensor Instrumentation B 3.3.1.1 l l 4
BASES (
' L, APPLICABLE 2.e. Rapid Core Flow Decrease (continued) l SAFETY ANALYSIS, .
I LCO, and The flow is measured using 4 independent flow transmitters l APPLICABILITY that monitor the core plate pressure drop. i
( Continued )
The Neutron Monitoring System Rate of Core Flow Decrease-High function is automatically bypassed when thermal power ;
is less than 80% RTP. The thermal power value calculated for the Average Power Range Monitor Simulated Thermal Power-High/ Flow Biased Function is used to implement the bypass.
P Three unbypassed divisions of this function are required to I be OPERABLE to ensure that no single failure will preclude a ' l scram from this function on a valid signal. j l
The Allowable Value for this function is derived from the !
l analytic limit used in the all pump trip analysis. {
i The Neutron Monitoring System Rate of Core Flow Decrease- l High function is required to be OPERABLE in MODE 1 when i thermal power is greater than 80% RTP where there is a possibility of a rapid flow decrease jeopardizing the MCPR SL. At power levels less than 80% RTP a trip of all j recirculation pumps will not violate the MCPR SL. j 2.f. Oscillation Power Rance Monitor The Oscillation Power Range Monitor (0PRM) Function detects .
the existence of neutron flux oscillations that could cause i I
violation of the fuel thermal limits. This Function is not ~
assumed in any analysis in the ABWR SSAR. However, it is included for redundancy and diversity and to provide confidence that the assumptions used in fuel limits !
calculations are preserved.
The OPRM uses two algorithms to detect flux oscillations. ;
Each algorithm cperates on several groups of LPRMs (called l OPRM cells). Tb 'PRM cells are selected to provided a ;
representation of the radial neutron flux distribution so i that local flux oscillations will be detected. l The amplitude / growth rate algorithm measures the amplitude of flux oscillations as a fraction of the average value (i.e !
% of point). The algorithm is-invoked if the peak to average '
value exceeds a specified amount. The algorithm measures the i
(continued) l ABWR TS. B 3.3-28 P&R 08/30/93 l I
r
1
~
RPS and MSIV Actuation B 3.3.1.2 BASES APPLICABLE 2. MSIV and MSL Drain Valves Actuation (continued)
SAFETY ANALYSIS, i LCO, and Three unbypassed LOGIC CHANNELS and OUTPUT CHANNELS must be I APPLICABILITY OPERABLE to assure that no single instrument failure can
( Continued ) preclude MSIV closure when needed.
i The Manual Scram push buttons are completely independent of i and isolated from the RPS automatic trip divisions. This Function was not specifically credited in the accident ;
analysis, but it is retained for.the overall redundancy and diversity of the RPS as required by the NRC approved licensing basis.
There are two independent manual scram switches, one in ['
division 11 and one in division III. Each switch removes power from one set of scram solenoids and energizes one of ,
the air header dump valves so the function completely !
bypasses the automatic scram logic divisions. Both switches must be activated to cause a scram. l There is no Allowable Value for this function since the I divisions are mechanically actuated based solely on the 1 position of the push buttons, j Two divisions of Manual Scram are required to be OPERABLE in MODES I and 2, and _in MODE 5 with any control rod withdrawn from a core cell containing one or more fuel assemblies, -!
since these are the MODES and other specified conditions ;
when control rods are withdraw. :
- 4. Reactor Mode Switch-Shutdown Position The Reactor Mode Switch-Shutdown Position Function provides !
manual reactor trip signals, via the manual scram logic l divisions (II and III), that are redundant to the automatic protective instrumentation divisions. This Function was not .
specifically credited in the accident analysis, but it is :
retained for the overall redundancy and diversity of the RPS :
as required by the NRC approved licensing basis.
The reactor mode switch is a single switch with independent j contacts for initiating scram when the switch is in the j i
(continued)- ;
ABWR TS B 3.3-85 P&R 08/30/93 l.
B 3.3.1.2 s
BASES APPLICABLE 4. Reactor Mode Switch--Shutdown Position (continued)
SAFETY ANALYSIS, LCO, and SHUTDOWN position. This function removes power from the APPLICABILITY scram solenoids and energizes the air header dump valves so
( Continued ) it completely bypasses the automatic scram logic divisions.
There is no Allowable Value for this Function since the divisions are mechanically actuated based solely on reactor mode switch position.
Two divisions of Reactor Mode Switch--Shutdown Position Function are available and required to be OPERABLE. The Reactor Mode--Switch Shutdown Position Function is required to be OPERABLE in MODES 1 and 2, and in MODE 5 with any control rod withdrawn from a core cell containing one or .,
more fuel assemblies, since these are-the MODES and other specified conditions when control rods are withdrawn.
- 5. Manual MSIV Actuation The Manual Initiation push button Function provides signals to the OLU in each division that are redundant to the automatic protective instrumentation and provide manual isolation capability. There is no specific ABWR SSAR safety analysis that takes credit for this Function. It is retained for overall redundancy and diversity of the isolation function as required by the NRC in the plant licensing basis.
Thera are four MSIV manual actuation pushbuttons. The data is routed directly to the OLUs for the MSIVs so this function bypasses the EMS, DTMs and TLUs. ,
Pressing any two of the four manual pushbuttons will cause i isolation of all four steam lines. There is no Allowable Value for this Function since the channels are mechanically actuated based solely on the position of the push buttons.
Three divisions of the MSL Manual Initiation Function are required to be OPERABLE in MODES 1, 2, and 3, since these are the MODES in which the MSIVs are required to be OPERABLE. 1 1
(continued) l ABWR TS B 3.3-86 P&R 08/30/93 I E
RPS and MSIV Actuation B 3.3.1.2 l
BASES ]
i ACTIONS A Note has been provided to modify the ACTIONS related to l RPS and MSIV Actuation channels. Section 1.3, Completion i Times, specifies that once a Condition has been entered, i subsequent trains, subsystems, components, or variables !
expressed in the Condition, discovered to be inoperable or - l not within limits, will not result in separate entry into :
the Condition. Section 1.3 also specifies that Required j Actions of the Condition continue to apply for each i additional failure, with Completion Times based on initial i entry into the Condition. However, the Required Actions for ,
inoperable RPS and MSIV Actuation channels provide appropriate compensatory measures for multiple inoperable channel s . As such, a Note has been provided that allows i separate Condition entry for each inoperable RPS'or MSIV ;
Actuation channel. .i A.I. A.2.1. A.2.2.1, and A.2.2.2 j These Adions assure that appropriate compensatory measures I are taken @en one LOGIC CHANNEL or MSIV manual channel [
becomes inopa sble. For these Functions, a failure in one channel will caue the actuation logic to become 1/3 or 2/3 .
depending on the nature of the failure ( i.e failure which !
causes a channel trip vs. a failure which does not cause a channel trip). Therefore, an additional single failure will i not result in loss of protection.
Action A.1 forces a trip condition in the inoperable i division which causes the initiation logic to become 1/3 for !
the Function. In this condition a single additional failure ;
will not result in loss of protection and the availability '
of the Function to provide a plant protective action is at least as high as 2/4 trip logic. Since plant protection ,
capability is within the design basis no further action is j required when the inoperable channel is placed in trip.
Action A.2.1 bypasses the inoperable division which causes the logic to become 2/3 so a single failure will not result ;
in loss of protection.or cause a spurious initiation. Since :
overall redundancy is reduced, operation in this condition f is permitted only for a limited time. Action A.2.2.1 2 restores the inoperable channel. Action A.2.2.2 repeats Action A.1 if repairs are not made within the allowable t (continued) l l
t ABWR TS B 3.3-87 P&R 08/30/93 i
RPS and MSIV Actuation B 3.3.1.2 l
1 BASES l
ACTIONS A.l. A.2.1. A.2.2.1. and A.2.2.2 (continued) {
l
( Continued )
Completion Time of Action A.2.2.1. Either of the Actions A.2.2.1 or A.2.2.2 places plant protection capability within the design basis so no further action is required.
1 i The Completion Time of six hours for implementing Actions l
A.1 and A.2.1 is based on providing sufficient time for the l operator to determine which of the actions is appropriate.
The Completion Time is acceptable because the probability of an event requiring the Function, coupled with failures that -
would defeat two other channels associated with the Function, occurring within that time period is quite low.
The self-test features of the SSLC provide a high degree of i confidence that no undetected failures wC1 occur within the allowable Completion Time.
l Implementing Action A.2.1 provides confidence that Plant protection is maintained (2/3 logic) for an additional single instrument failure. However, with division I or III in bypass, a loss of the division 11 power supply could disable two of the remaining channels. Therefore, operation with one division in bypass is restricted to 30 days (Actions A.2.2.1 and A.2.2.2 Completion Time). The probability of an event requiring the Function coupled with undetected failures which cause the loss of two of the remaining OPERABLE divisions in the Completion Time is quite low. The self-test features of the SSLC provide a high +
degree of confidence that no undetected failures will occur within the allowable Completion Time.
B.I. B.2. and B.3 Condition B occurs if two LOGIC CHANNELS or MSIV manual channels become inoperable in a fashion that does not result in an Actuation. In this Condition, the actuation logic could become 2/2. Therefore, it is appropriate to place one division in trip (Action B.1) and the other in TLU output bypass (Action B.2). The trip logic then becomes 1/2 so a single f ailure in the remaining operable divisions would not :
cause loss of protection. However, a single failure in one of the operable divisions could result in a spurious trip.
The Completion Times for implementing Actions B.1 and B.2 is based on providing adequate time for the operator to (continued)
ABWR TS B 3.3-88 P&R 08/30/93
RPS and MSIV Actuation B 3.3.1.2 BASES ACTIONS B.1. B.2. and B.3 (continued)
( Continued )
implement the Required Actions. The Completion Times are acceptable because the probability of cn event requiring the Function, coupled with a failure in one or two of the other channels associated with the function, occurring within that time period is quite low.
Action B.3 restores at least one of the failed channels to OPERABLE status. A Completion Time of 30 days is permitted for this Action. The basis for the Completion Time is as given for Action A.2.2.1 and A.2.2.2 since the plant protective action capability is similar. ion based on the low probability of an undetected failure in both of the OPERABLE channels for the Function occurring in that time period. The self-test features of the SSLC provide a high degree of confidence that no undetected failures will occur within the allowable Completion Time.
Multiple entry into the condition table causes Condition A to be invoked on completion of Action B.3 so appropriate additional action is taken.
C.1 & C.2 This Condition applies when three LOGIC CHANNELS for the same Function or three MSIV manual initiation channels become inoperable. This Condition represents a case where intended protective action from a Function is 1/1 (one channels fails tripped) or is completely unavailable.
Action C.1 forces the initiation logic to become 1/1 so a protective Action from the Function is still available but the single failure criteria for plant protective action is not met.
Action C.2 causes restoration of a second channel for the Function so the initiation logic becomes 1/2 and plant protection is maintained for a single additional failure.
The six hour Completion Time for C.2 provides a reasonable amount of time to effect repairs on at least on of the inoperable channels and avoid the risks associated with plant shutdown.
(continued)
ABWR TS B 3.3-89 P&R 08/30/93
I
.l
~
RPS and MSIV Actuation l B 3.3.1.2 ;
. l BASES t
ACTIONS C.1 & C.2 (continued)
( Continued )
Multiple entry into the condition table causes Condition B 1 to be invoked on completion of Action C.2 so appropriate i additional action is taken. j D.1 & D.Z ;
This Condition occurs when all of the LOGIC CHANNELS for the I same Function or all of the manual MSIV channels become l inoperable. In this Condition the intended protective action -
from a Function is completely unavailable.
Although Action D.1 does not restore the initiation l capability from the Function it is required so that the '
logic will become 1/1 when Action D 2 is completed.
Action D.2 causes restoration of at least one channel for the Function which causes the actuation logic to become 1/1 l so the intended protective action is restored. The one hour !
Completion Time for D.2 provides some amount of time to !
effect repairs on. at least on of the inoperable channels and. i avoid the risks associated with plant shutdown. Continued ;
plant operation in this condition for the specified time does not contribute significantly to plant risk because the i probability of an event requiring the Function within the !
completion Time is quite low. l Multiple entry into the condition table causes Condition C l to be invoked on completion of Action D.2 so appropriate !
additional action is taken.
i i U These Actions assure that appropriate compensatory measures l are taken when one OUTPUT CHANNEL becomes inoperable. For !
i these Functions, a failure in one channel will cause the- j actuation logic to become 1/3 or 2/3 depending on the type of failure ( i.e failure which causes a trip vs. a failure which does not-cause a trip). Therefore, an additional single failure will not result in loss of protection.
Action E.1 forces a trip condition in the inoperable channel which causes the actuation logic to become 1/3. In this (continued).
ABWR TS B 3.3-90 P&R 08/30/93 y- --
w - vr w--v-- -
e * -+r--w-m . - - - .- - - -w------ - -- - - * *- %- - - + - -< .m -- +v--
RPS and MSIV Actuation B 3.3.1.2 l
. l BASES ;
i ACTIONS E.1 (continued) h
( Continued )
condition a single additional failure will' not result in i loss of protection and the availability of the Function to :
provide a plant protective action is at least as high as for i j
the 2/4 trip logic. Since plant protection capability is within the design basis no further action is required. l 1
The Completion Time of six hours for implementing Action A.1 l is acceptable because the probability of an event requiring i the Function, coupled with failures that would defeat two i other channels associated with the Function, occurring l within that time period is quite low. l V
F.1 and F.2 Condition F occurs if two OUTPUT CHANNELS become inoperable l l
in a fashion that does not result in an Actuation. In this
' Condition, the actuation logic could become 2/2. Placing one of the inoperable channels in trip (Action F.1) causes the logic to become 1/2 so a single failure in the remaining operable channels would not cause loss of protection.
However, a single failure in one of the operable. channels could result in a spurious trip. l 1
The Completion Times for implementing Action F.1 is based on l providing adequate time for the operator _to_ implement the j Required Action. The Completion Time is acceptable because l the pt abability of an event requiring the Function, coupled i with undetected failures in one of the-0PERABLE channels :
associated with the Function, occurring within that time- [
period is quite low. l Action F.2 restores at least one of the failed channels to l OPERABLE status. A Completion Time of 7 days is permitted !
for this Action. The Completion Time is based on the low - :
probability of an undetected failure in both of the OPERABLE i channels for the function occurring in that time period. The
~
l self-test features of the SSLC provide a high degree of :
confidence that no undetected failures will occur within the i allowable Completion Time.
Multiple entry into the condition table causes Condition E to be invoked on completion of Action F.2 so appropriate )
additional action is taken. !
l' (continued)
ABWR TS B 3.3-91 P&R 08/30/93 I 1
- - _ _ . _ _ _ _ _ . _ _. . . , _ _ _ _ _ _ _ . , _ _ ,, _ ,,__ , _ _ ]