ML20057A677
| ML20057A677 | |
| Person / Time | |
|---|---|
| Site: | 05200003 |
| Issue date: | 09/01/1993 |
| From: | Kenyon T Office of Nuclear Reactor Regulation |
| To: | Office of Nuclear Reactor Regulation |
| References | |
| NUDOCS 9309150137 | |
| Download: ML20057A677 (58) | |
Text
- ~ -o CE$
$y me %
[,,
i
. [t UNITED STATES NUCLEAR REGULATORY COMMISSION g
j';((gji y j WASHINGTON. D.C. 10555-0001
\ ,,,,, E September 1, 1993 Docket No.52-003 APPLICANT: Westinghouse Electric Corporation PROJECT: AP600
SUBJECT:
SUMMARY
Of MEETING TO DISCUSS INSTRUMENTATION AND CONTROL (I&C)
SYSTEMS FOR THE AP600 DESIGN On August 10 and 11, 1993, representatives of the Nuclear Regulatory Commission and Westinghouse met to discuss the I&C systems design for the AP600. Enclosure 1 is a list of attendees. Enclosure 2 is a copy of the slides presented by Westinghouse.
Westinghouse started the meeting with an overview of the I&C issues that have been raised during the AP600 review. Then the participants discussed specific issues, including
- compliance with industry standards pertaining to I&C systems a the IEEE-796 microprocessor system bus
- the technical specifications for software-based protection systems a the failure modes and effects analysis
- the defense-in-depth analysis
- the inspections, tests, analyses, and acceptance criteria for I&C software a the software development process
- the remote shutdown station a the design of the global trip subsystem
- the alarm system and bypass status indication a the portable tester system
- the scope of equipment qualification a the effect of a control room isolation event, and
- compliance with the EPRI ALWR Requirements Document In the morning of August 11, 1993, the staff was taken on a tour of Westinghouse *s Process Control Division.
During the meeting, Westinghouse expressed its concern regarding which design descriptions need to be in Tier I and which in Tier 2. Their concerns centered primarily in the area of software, because there is little regulatory guidance in this area. The staff indicated that it would include portions of the standard safety analysis report (SSAR) and its related design process description into the Tier 1 document. The remainder of the SSAR would be in the Tier 2 document. The staff's safety evaluation report will also identify portions of the design that are described in the SSAR (and included in the Tier 2 document) that will require staff approval for design modification.
The staff indicated that it would need to review Westinghouse's detailed plans for developing the software, or receive a description of the criteria that D0 DD 0 3 hhJ I[
September 1, 1993 l
Westinghouse intends to meet as it develops the software. The staff's goal is to be able to base its findings on the quality of the process because no product currently exists. In summary, Westinghouse should provide the developmental process itself, or make a commitment against which the process will be developed.
In summary, the staff and Westinghouse agreed to the following action items:
. Westinghouse will describe the design development process, or make a commitment against which the process will be developed.
. Westinghouse will correct inconsistencies between their defense-in-depth evaluation and the SSAR for the AP600.
- Westinghouse will correct their responses to Q420.73 and Q420.75.
. Westinghouse will provide a discussion of the global trip subsystem.
. Westinghouse will provide a discussion on the software development process.
. The staff will provide references to the Electric Power Research Institute utility requirements document where Westinghouse appears to be in conflict with post-72 hour requirements.
. The staff will evaluate Westinghouse's position that reporting requirements for software is a combined license issue.
. The staff will follow up certain discussion items with formal requests for additional information.
. A meeting will be setup to discuss SECY-93-087, " Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light-Water Reactor (ALWR) Design," and the related staff requirements memorandum as it pertains to I&C issues. (Original signed by)
Thomas J. Kenyon, Project Manager Standardization Project Directorate Associate Director for Advanced Reactors and License Renewal Office of Nuclear Reactor Regulation
Enclosures:
DISTRIBUTION w/ enclosures:
As stated Docket File PDST R/F TKenyon PShea PDR DCrutchfield cc w/ enclosures: DISTRIBUTION w/o enclosures:
See next page WTravers FHasselberg RBorchardt HLi, 8H3 ,
TMurley/FMiraglia JGallagher, BH3 MChiramal,8H3 TEssig i JMoore, 15B18 TGody, ED0 ACRS (11) 0FC: LA:PDST:ADAR PM:P DAR 4 S :ADAR OFFICIAL RECORD NAME: PShea @ TKe tz
{t COPY: I&C81011.TK DATE:d/g/ ag /g 3 q/g /93
Docket No.52-003 Westinghouse Electric Corporation cc: Mr. Nicholas J. Liparulo ;
Nuclear Safety and Regulatory Analysis Nuclear and Advanced Technology Division Westinghouse Electric Corporation P.O. Box 355 Pittsburgh, Pennsylvania 15230 ,
Mr. B. A. McIntyre Advanced Plant Safety & Licensing Westinghouse Electric Corporation Energy Systems Business Unit Box 355 Pittsburgh, Pennsylvania 15230 Mr. John C. Butler Advanced Plant Safety & Licensing Westinghouse Electric Corporation Energy Systems Business Unit Box 355 Pittsburgh, Pennsylvania 15230 Mr. M. D. Beaumont Nuclear and Advanced Technology Division Westinghouse Electric Corporation One Montrose Metro 11921 Rockville Pike Suite 350 Rockville, Maryland 20852 Mr. Sterling Franks U.S. Department of Energy NE-42 .
Washington, D.C. 20585 ,
Mr. S. M. Modro +
EGSG Idaho Inc.
Post Office Box 1625 Idaho Falls, Idaho 83415 ,
Mr. Steve Goldberg '
Budget Examiner 725 17th Street, N.W. '
Room 8002 Washington, D.C. 20503 <
Mr. Frank A. Ross l U.S. Department of Energy, NE-42 Office of LWR Safety and Technology 19901 Germantown Road Germantown, Maryland 20874
AP600 INSTRUMENTATION 1 CONTROL SYSTEMS MEETING NRC/ WESTINGHOUSE TUESDAY. AUGUST 10. 1993 I NAME AFFILIATION H. Li NRC/HICB J. Gallagher NRC/HICB T. Kenyon NRC/PDST H. Chiramal NRC/HICB B. Wyman. LLNL/NRC J. Palomar LLNL/NRC V. Polizzi ARC D. Bland SNC/ ARC J. J. Birsa Westinghouse K. Deutsch Westinghouse D. Vaglia Westinghouse S. Kihin Westinghouse B. McIntyre Westinghouse W. Szmek Westinghouse D. Adomaitis Westinghouse K. Tsuru Westinghouse A. Sterdis Westinghouse f
b Enclosure I t
WESTINGHOUSE ELECTRIC CORPORATION PRESENTATION TO UNITED STATES NUCLEAR REGULATORY COMMISSION WESTINGHOUSE ENERGY CENTER AUGUST 10 AND 11,1993 9
2 a
w 0004als
--, . ..i AGENDA IN August 10 and 111993 August 10,1993, 8:30 am. CR 401B
- Introduction B. A. McIntyre
- Overview of I&C issues J. B. Reid Industry Standards J. J. Birsa
- IEEE-796, Microprocessor System Bus H. Li (NRC)
- Technical Specifications C.W.Suggs
- Failure Modes and Effects Analysis J. J. Birsa .
- FMEA Discussion H. Li (NRC)
Lunch 0004als
- ~ . . _ _ - _ . _ _ _ _ _ . _ _ . . . _ . . . . . _ . _ _ . . . . .
_..-_._.-.....----._.._.---.--.~..-.-_.._..-,-..-,..-_.,.._.....~_-...._._---._.._..--.._;..
~1 ,
AGENDA August 10 and 111993 August 10,1993, continued
- AP600 Defense-in-Depth / Diversity Report J. J. Birsa
. LLNL Defense-in-Depth / Diversity Report H. Li (NRC)
. AP600 ITAAC Process B. A. McIntyre ITAAC Discussion (NRC criteria and objectives) H. Li (NRC) 0002nis
k ,
INTRODUCTION B. A. MCINTYRE, MANAGER ADVANCED PLANT SAFETY AND LICENSING 0004als
~. . - _ . . . . . , . , . . _ - - . _ _ _ . . - . . , . . . . . . _ . . _ . . - _ . . . . - . _ _ _ . - - . . _ _ _ . - _ _ . . - - - _ _ _ . - . _ . _ _ _ . _ _ . _ - - - - - _ _ .
AP600 DESIGN CERTIFICATION SCHEDULE !k SECY-93-097
- RAls issued by June 93 s RAI responses to NRC by September 93
- DSER due May 94 NRC/ DOE meetings held June 3,1993 and August 2,1993
- Need for intermediate milestones
- NRC reviewing detailed integrated schedule 1
1 0004als i
4 -
gnyl A
AP600 DESIGN CERTIFICATION AP600 design differences and advances necessitate:
- Revisiting bases for regulatory criteria and guidance
- Avoidance of force-fitting current implementations
. - "Open-minded" review-approach Evaluation of AP600 conformance with current criteria and guidance
- SSAR- -
Regulatory Guides General Design Criteria
- SRP Compliance WCAP 0004als >
AP600 DESIGN CERTIFICATION M!
NRC/ Industry efforts underway
- ALWR URD review
- AP600 review Progress is being made Regulatory Treatment of Non-Safety Systems NRC/ industry consensus reached May 20,1993
- Submittal of AP600 RTNSS information in September 1993 a
0004als
i Y i
OVERVIEW OF I&C ISSUES J. B. REID, MANAGER PLANT INSTRUMENTATION AND CONTROL SYSTEMS .
I I
0004els
4 1;"
~~
- I&C ISSUES OVERVIEW t
4
- Need for NRC to define regulatory bases Codes
. - lEEE 279
- GDCs
- SRP Regulatory Guidance
- I&C-related Regulatory Guides Revisit bases for safety detarmination Focus on defining criteria and objectives for plant safety-Avoid prescriptive design implementation requiremenis 1
0004els
- . - . . . . . . . _ . . _ . . . _ _ _ . _ . . _ _ _ . . _ . . _ . . , . . _ ~ . . . - . _ . , . . , - . _ _ . _ _ . _ . _ . . . . _ _ _ _ _ _ , _ , _ , . . _ , . . . . _ _ . _ _ . _ . . _ _ _ -_ - . . . . , _ . . ~ .
I&C ISSUES OVERVIEW bl 1
. Need for industry to implement the design Codefied requirements Regulatory guidance Industry design standards URD Systems engineering trade-offs t
0004als
. - . . . - . - . - - . , - . , - . . . - - . . - . ~ , . - . . -
l ..
BEATING THE SOFTWARE " BAD RAP" fM
- Misrepresentation of design errors and poor quality i assurance as software errors unique to digital systems L
IEN 93-57 ;
- Pushbutton logic i -
IEN 93-49 Maintenance / poor quality assurance issues
- N Y P A .A M S A C
> - Salem annunciator failure
- FitzPatrick Temperature Monitoring Watt's Bar deadband setting
- Systems engineering versus software engineering i
- Digital systems provide opportunities for improvement Self-diagnostics Reliability Flexibility 0004 sis
.. - . . . - . _ _ . . _ _ _ _ - . _ - . - . . . _ . , . - . . _ _ _ . . _ _ . . . _ . . . . _ - - . ~ . . . , _ _ . . . . _ . . . . . . . .
t
~
WESTINGHOUSE I&C EXPERIENCE l ; ;; ; 2 7 Integrated System Concept i . ,, =r , 1 French Joint Development pg ; g-y IPS Prototype (Model 414)
I n: se an ow 1 First WDPF on Utility M=-w>== -
= C USNRC Approval (RESAR 414)
-x we as e T -
Japanoso APWR 0 ; :s ** ** 3 I fu sp am es. O - Sizewell PPS Contract Italian Joint Developraen t O E ?>
- t ris I -
/ s s e a r. < m. \
2nd Generation Prototypes d.R-TDat 7 k
[- 1 SE2K:2W: h PPS Sp'ecific Prototype NOK ANIS Design f .N $):451$):
r 7 Sequoyah Eagle 21 Advanced Digital Feedwater Control Q dY $ $ $ PPS xEquipment Manufacture f } $.$ 1 iSCO Contract ISCO Equipment on Sito ~ g g g :*g PPS Site ommissioning ggg ? Temelin Contract
'N - _
s Mi; ff. $ ,j . I.~
%+-w.,, w.,+w -p w *w- 4-u naWm b pm-e eweq -+ g e en n----v- .+-e*=m-'v==- '--e--*- e >+p- _--m* -------__. mm m--*-
i WESTINGHOUSE I&C EXPERIENCE b __
SYSTEM: , U.S. INTL. TOTAL CLASS IE SYSTEMS:
EAGLE 21 PROCESS PROTECTION SYSTEMS 9 0 9 INTEGRATED DIGITAL PROTECTION SYSTEM 0 3 3 OUALIFIED DISPLAY PROCESSING SYSTEM (ODPS) 2 0 2 PLANT SAFETY MONITORING SYSTEM (PSMS) 5 0 5 REACTOR VESSEL LEVEL MONITORING (RVLIS) 16 3 19 THERMOCOUPLE MONITOR 2 2 4 THERMOCOUPLE / CORE COOLING MONITOR 4 3 7 INADEQUATE CORE COOLING MONITOR 10 3 13 NON - CLASS IE SYSTEMS:
ACOUSTIC LEAK MONITORING 2 5 7 AUTOMATIC CAllBRATION TEST SOURCE 1 0 1 ADVANCED DIGITAL FEEDWATER CONTROL SYSTEM 9 0 9 ATWS MITIGATION SYSTEM ACTUATION CIRCUITRY 14 2 16 AXIAL POWER DISTRIBUTION MONITOR 1 0 1 DIGITAL METAL IMPACT MONITORING (DMIMS) 14 13 27 DIGITAL FLUX MAPPING 3 6 9 DIGITAL ROD POSITION INDICATION (DRPI) 27 20 47 DIGITAL RADIATION MONITORING 2 0 2 INTEGRAL CONTROL SYSTEM (ICS) 0 3 3 DIVERSE ACTUATION SYSTEM 0 1 3
1 _ .: .
WESTINGHOUSE I&C EXPERIENCE
!h 4
NUCLEAR: 90 WESTINGHOUSE PROTECTION SYSTEMS DESIGNED PLANTS REACTOR CONTROL SYSTEMS DALANCE OF PLANT CONTROLS 05 WESTINGHOUSE LICENSEE PLANT COMPUTER SYSTEMS DESIGNED PLANTS NUCLEAR INSTRUMENTATION SYSTEMS SPECIAllZED DIAGNOSTIC &
MONITORING SYSTEMS CONTROL DOARDS FOSSIL & > 000 WDPF CONTROL SYSTEMS PROCESS CONTROL SYSTEMS INDUSTRIAL: DATA ACQUISITION SYSTEMS OPERATOR (MMI) STATIONS STORAGE & RETRIEVAL LOGCING & ALARMING 0004els
- . - - - . . . _ - . . . - . , . . , - . . - . . . . . . ~ . . . , , , . - . . . - - . . , . . - . . - . . . .. . - - - - - - . - .- - - _ _ - - - - _ _ _ . - - - _ - _
WESTINGHOUSE I&C EXPERIENCE b
Ct. ASS IE SYSTEM: PLANT EAGLE 21 PROCESS PROTECTION SYSTEMS SEQUOYAH 1 & 2 TURKEY POINT 3 & 4 WATTS BAR ZION 1 & 2 DIABLO CANYON 1 & 2 INTEGRATED DIGITAL PROTECTION SYSTEM SIZEWELL B
(+ 2 PROTOTYPES)
QUALIFIED DISPLAY PROCESSING SYSTEM (ODPS) SOUTH TEXAS 1 & 2 PLANT SAFETY MONITORING SYSTEM (PSMS) BEAVER VALLEY 2 VOGTLE 1 & 2 DIGITAL RVLIS/ICCM's 26 SYSTEMS 0004als
eel
.i ,
USE OF INDUSTRIAL STANDARDS IN INSTRUMENTATION AND CONTROL SYSTEM DESIGN l
l J. J. BIRSA l
! PLANT INSTRUMENTATION AND CONTROL SYSTEMS 0002els
. _ . _ . _ - _ - . _ - _ . . _ _ . - - - _ ~ - . . . _ . - - - . - . _ - . _ _ . . - - - _ _ _ . - , . . , - - - _ - -
i _ . . , .
PHILOSOPHY OF STANDARDS UTILIZATION At
- Use Codified Standards Required For Regulatory Compliance
- Select Design Standards as Appropriate presijb1
~1 _.
CATEGORIES OF lNDUSTRIAL STANDARDS A Industrial Standards Are a Means of Communicating:
- Engineering Practices / Requirements
- Requirements / Testing Methodology
- Interface Definition
' presjjb1
O I
Engineering Practices / Requirements b IEC (International Electrotechnical Commission) 880-1986, " Software for Computers in the Safety Systems of Nuclear Power Stations."
IEEE Standard 518-1982, "lEEE Guide for the Installation of Electrical Equipment to Minimize Electrical Noise inputs to Controllers from External Sources."
IEEE Standard 730.1-1989 (ANSI), " Software Quality Assurance Plans."
IEEE Standard 828-1990, " Software Configuration Management Plans."
lEEE Standard 829-1991, " Software Test Documentation."
IEEE Standard 830-1984 (ANSI), " Software Requirements Specifications."
IEEE Standard 983-1986 (ANSI), " Software Quality Assurance Pianning."
IEEE Standard 1012-1986 (ANSI), " Software Verification and Validation Plans."
presijb1
I i .
Engineering Practices / Requirements (cont) A IEEE Standard 1016.1-1987 (ANSI), " Software Design Descriptions."
IEEE Standard 1028-1988 (ANSI), " Software Reviews and Audits."
IEEE Standard 1042-1987 (ANSI), " Software Configuration Management."
IEEE Standard 1050-1989, "lEEE Guide for Instrumentation and Control Equipment Grounding in Generating Station."
NCR information Notice IN 83-83, "Use of Portable Radio Transmitters inside Nuclear Power Plants."
presjjb1
Requirements / Testing Methodology b l ANSI /IEEE Standard C37.90.1-1989, "lEEE Standard Surge Withstand i Capability Tests for Protective Relays and Relay Systems."
ANSI /IEEE Standard C37.90.2-1987, "lEEE Trial Use Standard Withstand Capability of Relay systems to Related Electromagnetic interference from Transceivers."
IEC Standard 801-1, " Electromagnetic Compatibility for Industrial-Process Measurement and Control Equipment-General Introduction."
IEC Publication 801-2, " Electromagnetic Compatibility for Industrial-Process Measurement and Control Equipment, Part 2: Electrostatic Discharge Requirements."
IEC Standard 801-3, " Electromagnetic Compatibility for industrial-Process Measurement and Control Equipment-Radiated Electromagnetic Field Measurement."
IEC Standard 801-4, " Electromagnetic Compatibility for Industrial-Process Measurement and Control Equipment - Electrical Fast Transient / Burst Requirements."
prosjjb1
Requirements / Testing Methodology (cont) db -
i IEEE Standard C63.'12-1987 (ANSI), "American National Standard for Electromagnotic~ Compatibility Limits-Recommended Practice.
1 IEEE Standard C62.1-1984, on impulse voltage.
IEEE. Standard C62.41-1980 (ANSI), " Guide for Surge Voltages in Low-Voltage AC Power Circuits."
1 IEEE Standard C.62.45-2987 (ANSI), " Guide on Surge Testing for Equipment Connected to Low-Voltage AC Power Circuits." '
, IEEE Standard 572-1985, "lEEE Standard for Qualification of Class IE Connection Assemblies for Nuclear Power Generating Stations."
IEEE Standard 587, on surge protection.
MIL-STD-461(A,B,C), " Electromagnetic Emission and Susceptibility Requirements for the: Control of Electro-magnetic Interference."
MIL-STD-462, " Electromagnetic Interference Characteristics Measurement."
presjjb1
pry Requirements / Testing Methodology (cont) A SAMA PMC 33.1-1978, " Electromagnetic Susceptibility of Process Control Instrumentation."
NUREG CR-3270, " Investigation of Electromagnetic interference (EMI) Levels in Commercial Nuclear Power Plants."
presHb1
Interface Definition b ANSI ASC X3T9.5-1988, " Fiber Distributed Data interface (FDDI)."
IEEE Standard 802.2-1985, " Standard for Local Area Networks: Logical Link Control."
IEEE Standard 802.5-1985, " Token Ring Access Method and Physical Layer Specifications."
ISO 7498-1984, "Open System interconnection - Basic Reference Model."
MIL-STD-1399, " Interface Standard for Shipboard Systems, DC Magnetic Field Environment."
+ Other Communications Standards e.g. EIA-RS-232 pres ljb1
i IEEE-796 MICROPROCESSOR SYSTEM BUS H. Li INSTRUMENTATION AND CONTROL SYSTEMS BRANCH NUCLEAR REGULATORY COMMISSION 0004als J
DIVISION D - ARCHITECTURE IDENTICAL TO DIVISION B
@ = _,
iPC tsr AC mC 3 ;
y g,
- 1 1 i DIVISION B ' e p' _ . . j
!: DE DIC ATED ji I cot 4Tnoga
. - . . - - ,..... .4 sOQCginO _, , , , , , _ ,
C DEDIC AT ED l DE DICAT ED NOTE 1 -"} DI cONinOtS a i: .
=h ji; 5.--- v nNESFAC h I
,, ,s : . t ji I I fi MANUAL j j ji I! !j I7TbSEi0 RSR MUX l 6
. .: l j j.
iI jl . . I DE DtC ATED - !
i l ig i i Ij CONinOts a iNDiCATOnS I j i I l! l ! Div D INSIDE j i ll I I !l ,
l , 'g-. 3 INSIDE i"~ CON T AINMENT CONTAINMENT .-
I! ! j :
l i i i.
l i
j: ~j l MANUAL inlP }.~
=
^ sort CONTn ST A TIONS -W-"- T jl jlj jj , ,s .h -" 1 Dtv C ll NOTE 1 f
i j i.
.i. I .j. l .7....I SFAC
. . }. ~
r; iPC l
. I Cf. DIVISION A - ARCHITECTURE IDENTICAL TO DIVISION B 4
. .k.L.....i.... ..I... . . .. .. .
ie O "' IPC ESFAC IPC O DIVISION C , ARCHITECTURE IDENTICAL TO DIVISION B ,
NOTE t. nEDUNDANT SOFT CONinOL STATIONS COMMON TO ALL DIVISIONS HARDWIRED CONNECTIONS FIGURE RAI 420.11-2
- - - -- -- DEDICATED DATAllNKS PROTECTION AND SAFETY MONITORING SYSTEM DATAHIGHWAYS INTERACTIONS AND SEPARATION FILE: RAl11 A.DRW JJB/SK - 03/25/93
, - ~ < - - ,er ., - , -
l _ _ _ _ _________ -___
l l
1 I
e TECHNICAL SPECIFICATIONS b
I I
C. W. SUGGS, Jr.
4 TECH SPEC PROGRAM SERVICES
.i .
- ._ _. __- _._ =_.._ _ ..-_.- - - - - _ _ - - - _ . _ . - - _ _ _ _ -
l .
p,g TECHNICAL SPECIFICATIONS A.
L Purpose of Technical Specifications Safety Analysis: Protect Public Health and Safety Tech Specs Preserve Safety Analysis Assumptions .
Structures, systems, components: operability initial conditions: within limits assumed l&C Systems operability = safety. function Setpoints Time Response Logic j Functions: alarm / interlock / display / trip / actuation NRC. MEET.AP6
~
TECHNICAL SPECIFICATIONS M History
- 1956 10CFR50.36 issued defining Technical Specifications 1968 10CFR50.36 amended Required separate document identified major sections of document 1983 10CFR50.36 amended i
Revised reporting requirements
- 1987 Interim Policy Statement on Technical Specification Improvements NRC-MEET.AP6
~
TECHNICAL SPECIFICATIONS M
! History .
1992 NUREG-1431, Standard Technical Specifications, Westinghouse Plants, Rev. 0 (NRC coordinators: Chris Grimes, Chief TS Branch; Chris Hoxie, 1.0, 3.0, 5.0; Bob Tjader, 2.0, 3.1, 3.2; Carl i
Shulten, 3.3; Mag Weston,3.4,3.9; Karen Cotton,3.5; Calvin Moon,3.6; Jim Miller,3.7; Ed Tomlinson,3.8; Mary Reardon,4.0) :
t 1993 Final Policy Statement on Technical Specification improvements
, NFIC-MEET.APG
- - - . . _ _ _ _ _ _ _ _________.._..,_______.,_...__.,_,.-,,y...,.%,.p,. .m. , . , ._ _ .,, , ,,,, , ., _ , _,,. ,. , , , , , ,,, , , , , , ., .,, , , ,,,,,,,,,_,,._,,,,y
i TECHNICAL SPECIFICATIONS b Technical Specification Content - Screening Criteria - Rulemaking
- 1. Installed instrumentation that is used to detect, and indicate in the control room, a significant abnormal degradation of the reactor coolant pressure boundary.
- 2. A process variable, design feature, or operating restriction that is an initial condition of a Design Basis Accident or Transient analysis that either assumes the failure of or presents a challenge to the integrity of a fission product barrier.
- 3. A structure, system, or component that is part of the primary sucess path and which functions or actuates to mitigate a Design Basis Accident or Transient that either assumes the failure of or presents a challenge to the integrity of a fission product barrier NRC-MEET.APG
i TECHNICAL SPECIFICATIONS b Technical Specification Content - Screening Criteria
- 4. A structure, system, or component which operating experience or probabilistic safety ase: ssment has been shown to be significant ot public het .'.; and safety.
- AP600 Technical Specification content consistent with Screening Criteria and NUREG-1431 HRC-MEET.APG
TECHNICAL SPECIFICATIONS N Eagle 21 Technical Specifications Sequoyah, Diablo Canyon, Zion, Watts Bar
. No failure states for. software ,
- No surveillances for software NRC-MEET.AP6
2 1 ._, _ 1.
gr,eg TECHNICAL SPECIFICATIONS A Operability Determinations .
10CFR50.36(c)(2) When LCO not met: .
Y
^
Notify commission -Identify cause of condition and basis for corrective action
- 10CFR50 Appendix B Criteria XVI Corrective Action Identify promptly and correct conditions adverse to safety or-quality Reporting: 10 CFR 50.72,50.73,50.9(b), Part 21, l
j NRC-MEET.AP6
.. .. - . - - . - . --_ . - - . . - - ..- -. .. . .. . . . . . - . . . . = . . . . . . .
. l
'b TECHNICAL SPECIFICATIONS Operability Determinations
- Generic Letter 91-18 information on NRC Inspection Manual Compliance with regulations:
Resolution of degraded and nonconforming conditions Operable / Operability: Ensuring the functional capability of a system or component To comply with regulations, licensee must have procedures for investigation of degraded and nonconforming conditions and for making operability determinations NRC-MEET.AP6
i TECHNICAL SPECIFICATIONS A What is Software?
Software is part of the system design Like a hard wired circuit, pump selection, or pipe design:
- Must meet regulatory requirements and industry codes
- TS surveillances verify function
- Do not normally evaluate design
- Functional failure could lead to design investigation NFIC. MEET.APG
. . . , ~ ~ . . . . . _ . - _ . . . . . - . - _ . . . . . _ _ _ _ . . _ . . - . - _
o yn j TECHNICAL SPECIFICATIONS RAl 420.101
- a. Provide the TS definition for failures that are attributed to ,
software errors.
Not Required - Channels are either operable or not operable
- b. Address the potential common mode failure aspects of such errors.
1 Procedures for investigation of degraded and nonconforming conditions and for operability determinations in accordance with regulations
i . .
TECHNICAL SPECIFICATIONS f8k Question 420.101 ,
- c. Identify the appropriate LCOs for different categories of identified software errors based on the impact of the error on system (s) operability. (TS 3.3.1 and TS 3.3.2 of Chapter 16)
Not applicable
~
- NRC-MEET. AP6
-l
~ . . , c, . . . , ~ ~ - - . . . . . . . . .
9 1
L AP600 FAILURE MODES AND EFFECTS ANALYSIS .
J. J. BIRSA PLANT. INSTRUMENTATION AND CONTROL SYSTEMS 0004als
AP600 FMEA !b!
- Evaluate effects of failure modes on the success of the .
protection and safety monitoring system a
List potential failures 9 Identify importance of the effects ;
Objective evaluation of design requirements Redundancy Failure detection systems Fail-safe characteristics :
Automatic and manual override Methods followed regulatory guidance ANSI /IEEE Standard 352-1987-IEEE Standard 577-1976 0004als
. . . . . . . . , . . - . . _ . , _ . . . ~ - _ _ - . . _ _ . _ . . , _ , . . -
. , _ , , - _ . _ _ _ . . , _ _ . . . . . . . . . . _ , . . . . , _ . . . . _ - - . . . . _ . , . _ . . . . _ _ _ . ~ . . . . _ _ . _ _ - . . . _ .
AP600 FMEA A.
- Results documented in WCAP-13594
- Conclusions Protection and safety monitoring system single failures do not effect plant operation i
0004els
m e t w AP600 DEFENSE-IN-DEPTH /
DIVERSITY REPORT
)
J. J. BIRSA f
PLANT INSTRUMENTATION AND CONTROL SYSTEMS -
0004els
- r AP600 DEFENSE-IN-DEPTH & DIVERSITY REPORT l PROCESS
- Conducted Probabilistic Risk Assessment Added Diverse Actuation System
- Evaluated AP600 instrumentation and Control Architecture Using Process Similar to NUREG-0493 included Diverse Actuation System in Evaluation pressb2
_ ._ . . . - . . _ . . _ , . _ _ _ . . - _ _ , _ . . . _ . - , _ _ . . _ . , . . _ , . _ _ . - _ - _ . . . _ _ . ,. .._______...____.__.m . ___ _
OPERATIONS AND DATA D! SPLAY AND CONTROL CENTERS SYSTEM PROCESSING SYSTEM ,
jOPERATOR:[COMPUT
- PLANT iDISTRIB-OPERATOR INTERFACE ! DISPLAY * !ERIZED .
- ALARM IUTED DESIGN S
,'YSTEM !iPROCED- f. SYSTEM .! PLANT $
! 'URES i .: i ! COMPUTER',
liSYSTEM
- iSYSTEM i
. .. i
.... .i;......; . . : i . . . . ; ,. ..:;....;.. -
MONITOR BUS m ,, ,,
PROTECTION PLANT DIVERSE SPECIAL INCORE AND SAFETY CONTROL ACTUATION MONITORING INSTRUMEN-MONITORING SYSTEM SYSTEM SYSTEM TATION SYSTEM SYSTEM DIVERSE '-
REACTOR TRIP AUTOMATIC AND REACTOR TRIP DIAGNOSTICS REACTOR CORE ESF ACTUATION MANUAL PLANT ESF ACTUATION AND MONITOR. DATA ACQUISI-MONITORING CONTROL MONITORING ING TlON SA* ETY-RELATED ,
FIGURE 2.1 AP600 INSTRUMENTATION AND CONTROL SYSTEMS INTERACTIONS FILE: FIG _2_1.ORW JJB 07/07/93
_ . . . . . _ _ . _ _ . _ . , . _ , _ . - _ _ _ . . _ . _ _ _ _ _ - ~ . . . . . _ . . _ . . - - _ . . _ . . . _ _ - . . . _ _ . _ . . _ . _ . . _ . _ _ _ . - - _ _ _ _ _ _ . _ - . _ _ _ _ _ _ . . . - -
. . - -=- - .. __
4 i
2
! LAYER 1 LAYER 3 I LAYER 2 NONSAFETY '
SAFETY i RELATED RELATED
""^ '
SYSTEMS A D SYSTEMS SYSTEMS NUREG 0493 PLANT [
CONTROL CONTROL ECHELON SYSTEM i (PLS) f NOTES 1 & 2 PROTECTION DIVERSE
, NUREG-0493 t AND SAFETY ACTUATION REACTOR ONUORING SYSTEM TRIP ECHELON SYSTEM (PMS) (DAS) [
NOTE 2 NOTE 2 l
- NUREG-0493 AND SAFETY ACTUATION ESF ,.
MONITORING SYSTEM ACTUATION !
NOTE 2 NOTE 2 I t
PLANT DATA PROTECTION DIVERSE I MONITORING DISPLAY AND SAFETY ACTUATION (TO SUPPORT AND MONITORING SYSTEM ,
MANUAL PROCESSING (DAS)
SYSTEM (PMS) '
l ACTIONS) SYSTEM (DDS)
CLASS 1E SYSTEMS
! 1) THE PLS FUNCTIONS TO ENABLE THE PLANT TO MAINTAIN CONDITIONS i WITHIN OPERATING LIMITS AND ALSO PROVIDES AUTOMATIC AND
, MANUAL ACTUATIONS OF THE NONSAFETY-RELATED DEFENSE-IN-DEPTH "
. SYSTEMS l 2) AUTOMATIC AND MANUAL ACTIONS PROVIDED IN THE PLS, PMS, AND DAS
! FIGURE 2.3 AP600 INSTRUMENTATION AND CONTROL l ECHELONS OF DEFENSE FILE FIG _2_10RW JJB 06/2593 l ,
POTENTIAL FAILURE INFLUENCES EMl/RFI/ SURGE
- " ^ "'"
I ERFACE BASES PERSONNEL AO O \- /
REQUIREMENTS SPECIFICATION DESIGN ASSEMBLY INSTALLATION TEST CAllBRATION REPAIR REPLACEMENT O(g SYSTEM SUBSYSTEMS parts ASSEMBLIES COMPONENTS SOFTWARE
//////////
HVAC 6 l POWER FIRE SUPPRESSION GROUNDS MISSLES DRAINS FIRES DUST OTHER FLOODS I&C SYSTEMS SENSORS VlBRATION EARTHOUAKES CMF. PRE 40 4/30/93
, . c r, --.,.----_____ .
l, 1
! AP600 ITAAC PHILOSOPHY i
B. A. MCINTYRE, MANAGER ADVANCED PLANT SAFETY AND LICENSING 0004els
-r--.. w . , , , - , ,.2-., e <,.- ..sie . -, , w.ww_.~..-..w 4 ...m . .. . . - , . . _ . - _ . - - . , ---,__. . . . - ...,4 - -,. -
.- -,.#,.-, ,. - -- .. ....r _ . - ., , - - . _ ~ . .
gr,y:
A AP600 ITAAC PROGRAM
- AP600 ITAAC program is different
- Screening criteria
- Emphasis on objective, measurable ITAACs
- Industry participation in reviews
- December 15,1992 submittal Replaces pilot ITAAC submitted June 1992 36 system ITAAC .
- 12 safety systems
- 24 non-safety systems 0004als
.. g AP600 ITAAC PROGRAM A Nonsystem ITAAC
- Human factors
- Nuclear island building
- Safety-related piping
- Interface 0004sts
_ _ _ . . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ . ~ _ _ _ _ _ . _ _ . . - . _ . _ _ _ . . _ . . . _ _ _ _ _ _ . _ . . . . . - . . _ . . _ _ . - - _ _ , , . - - . _ . . - . _ . . ~ . . . - . _ _ . . . . _ . - _ . _ . - _ .-. -
i AP600 ITAAC fk!
- Reactor Fuel Handling and Refueling System
Reactor System
- Nuclear Safety Systems Automatic Depressurization System Containment System Passive Containment Cooling System Passive Core Cooling System Steam Generator System Main Control Room Habitability System 0004els l
. _ _ _ . _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ . _ _ . _ . . . . ~ . . - . _ _ _ , . , . _ . . - . _ . . . -
7 u, :
AP600 ITAAC Ih)
L - Instrumentation and Control Diverse Actuation System .
Data Display and Processing System '
l
- Incore Instrumentation System Plant Control System
- Protection and Safety Monitoring System Radiation Monitoring System
- Auxiliary Systems Component Cooling Water System Chemical and Volume Control System Standby Diesel and Auxiliary Boiler Fuel Oil System Fire Protection System Mechanical Handling. System
- l Primary Sampling System 1
- Normal Residual Heat Removal System .
Spent Fuel Pit Cooling System "
Service Water System Containment Hydrogen Control System 7 0004als !
"9'-u*-+. =-m._ _ . _ _ _ w+---.--eee_- arwew-+- an_m m. -- abu r e n - e-pesase--+= '+ee- mp+eo -'** -ee--sqF-ir-e-eiin.co .--my e g e gw- .an+rM*e=r.w-4 eTrCt-.-*v+ san- e.e-m'mes e '=s tes-me+ha---L_.m.a.__*.earw-wm: '
'as- Tw - - - - -a- ao-__--- -%-m_- -A-_~-e mw -uW
gr g ,
AP600 ITAAC A- >
- Steam and Power Conversion Systems Main and Startup Feedwater System Main Steam System
. Electrical Power Main ac Power System Non-class 1E de and UPS System Plant Lighting System Class 1E dc and UPS System Onsite Standby Power System
- Heating, Ventilating, and Air Conditioning Systems '
- Nuclear Island Nonradioactive Ventilation System .
Central Chilled Water System Annex / Auxiliary Building Nonradioactive Ventilation System Diesel Generator Building Ventilation System 0004als
. , _ . . . _ _ _ _ _ _ _ _ . . _ _ _ . _ _ . , . _ _ _ . . . . _ _ _ . _ _ . . _ _ _ . .J
yng >
- instrumentation and Control System ITAACs
- Protection and Safety Monitoring System Data Display and Processing System
- Incore instrumentation System Plant Control System Diverse Actuation System
- Radiation Monitoring System i
4 2
i 0004als i
__ _ ___ _ . _ . _ _ _ _ _ _ . - . _ _ _ _ __ . _ _ _ _. _ _ _