ML20062K648
| ML20062K648 | |
| Person / Time | |
|---|---|
| Site: | 05200004 |
| Issue date: | 12/31/1993 |
| From: | GENERAL ELECTRIC CO. |
| To: | |
| Shared Package | |
| ML20062K642 | List: |
| References | |
| NUDOCS 9312230116 | |
| Download: ML20062K648 (89) | |
Text
. ... .. . - . . - . _ . - ..
.1 l
l l
Q l
i Attachment 1 ;
Sections 18.1 through 18.8 and Appendices 18E and 18F j of the' '
i SBWR SSAR Amendment 1 Draft :
.i December,1993
}
I a
LO ;
i
'I
.i
. i
.j l
I
'I 1
i t
i
-I O
9312230116 931214 fM' :
PDR -ADOCK 05200004. ,
iL A- PDR D ,
u
i 25AS113 Rev. A SBWR Standard Safety Analysis Report b
18.0 Human Factors Engineering 18.1 Introduction '
This chapter describes the SBWR human system : ..
81::c interface (HSI) (3!'!!S) design goals and bases, the standard HS1 A4M48 design features and the detailed IISI MM48 design and implementation process, with embedded design acceptance criteria, t for the SBWR standard plant operator interface. The SBWR Emercency Procedure Guidelines and the inventory ofinstrumentation and controls needed bv the control room stafffor the performance of Fmercency Oncratine Procedures are also described.
The incorporation of human factors engineering (HFE) principles into all phases of the design of these interfaces is provided for as described in this chapter.
Design goals and design bases for the HSI ! - .- ' : anA: :t :M S ;and np, - - 7 . :. in the main centrol room and in remote locations are established in Secdon 18.2. The overall design and implementation process is described in Section 18.3. Section 18.4 contains a description of the main control room standard HSI ep: - A:e design features and HSI technolocies. The Remote Shutdown System is described in Section 18.5. Section 18.6 discusses how the systems which make e up the HSI apn u4,*e,4e are integrated together and with the other systems of the
( plant. Section 18.7 discusses the detailed design implementation process. The SBWR Emergency Procedure Guidelines, which provide the basis for human factors evahiations of emergency operations, are contained in.Apperidix 18A. Appendix 18B discusses the differences between the SBWR Emergency Proceduca Guidelines and the U.S. Boiling Water Reactor Owners Group (BWROG) Emergency Procedur e Guidelines, Revision 4. The input data and results of calculations performed during the preparation of the SBWR Emergency Procedure Guidelines are contained in Appendix 18C. Appendix 18D presents a characterization of a main control room HSI op, -
7, equipment implementation that incorporates the SBWR standard design features discussed in Section 18.4. A general description of the design and implementation process for the SBWR HSI ep- - " * : - fa t . -~! mppr: ng plan' mw is presented in Appendix 18E. Appendix 18F contains the results of an analysis of the information and control needs of the main control room operators durine emercencv operations.
t introduction - Amendment 1 DRAFT 18.1-1/2
25AS113 Rev. A SBWR standantsafetyAnalysis Report r
(
18.2 Design Goals and Design Bases The primary goal for IISI eps . :fm e designs is to facilitate safe, efficient and reliable operator performance during all phases of normal plant operation, abnormal events and accident conditions. To achieve this goal, information displays, controls and other interface devices in the conu ol room and other plant areas are designed and shall be implemented in a manner consistent with good human factors engineering [
practices. Further, the following specific design bases are adopted:
s During all phases of normal plant operation, abnormal events and emergency conditions, the SBWR shall be operable by two reactor operators. In addition, the operating crew willinclude one assistant control room shift supervisor, one control room shift supenisor, and auxiliary equipment operators as required by task analysis. During accidents, technical assistance is available to the operating crew from personnelin the technical support center. Four licensed operators shall be on shift at all times, consistent with the stamng requirements of 10CFR50.54m. The i m.ain control room staff sire and roles snall be evaluated bv the COL annlicant as an action item (Subsection 18 R2).
e The USS SP"" :.pc - - "m e design shall promote eflicient and reliable
( operation through expanded application of automated operation capabilities.
m The liSI ap: - - . -f.x e design shall utilize only proven technology.
m Safety-related systems monitoring and control capability shall be provided in full compliance with pertinent regulations regarding divisional separation and independence.
m The IISI ep - -
3- - design shall be highly reliable and provide functional '
redundancy such that sufficient displays and control will be available in the main control room and remote locations to conduct an orderly reactor shutdown and to cool the reactor to cold shutdown conditions. ' fr ap; anon, even during design basis equipment failures.
a The principal functions of the Safety Parameter Display System (SPDS) as required by Supplement I to NUREG-0737, will be integrated into the IISI cp e: = ~ 2 .:c:fm c design.
a Accepted human factors engineering principles shall be utilized for the HSI
- ~
ep. :a:s - -
r design in meeting the relevant requirements of General Design Criterion 19.
(^ m The design bases for the Remote Shutdown System shall be as specified in
\ Section 7A.
Design Goals andDesign Bases - Amendment 1 DRAFT 182 12
25AS113 Rev. A i
SBWR Standard SafetyAnalysis Report l 1
l t
(x 18.3 Planning, Development, and Design 18.3.1 Introduction An integrated prograni phn oc incvporatellEE E ::a:: f- ,c::gn:cc ng principles and to achieve an integrated design of the control and instrumentation systems and HSI ap:: -
. : . r- . . of the SBWR was prepared and implemented. The program plan, j entitled " Design of Controls, Instrumentation and Man Machine Interfaces", presents a i comprehensive, synergistic design approach with provisions for task analyses and human factors evaluations. Also included are formal decision analysis procedures to facilitate selection of design features which satisfy top level requirements and goals of individual systems and ihe overall plant. Procedures developed as part of the program j plan address the following areas: ;
e development of system functional and performance requirements, s analysis of tasks and allocation of functions, e evaluation of human factors and man-machine interfaces, '
i w a design of hardware and software, and ;
a verification and validation of hardware and software.
The program plan and the associated procedures provided guidance for the conduct of ,
the SBWR HSI :: - c' :. ~! - ~;u:ne: i . - ? '!'!!S design development activities, including 1,11 definition of the standard design features of the control room HSI MME.
(P ^re . . : (Subsections 18.3.2 and 18.4.2). and (2) definition of the inventorv ofcontrols and instrumentation necewarv for the control room crew to follow the operation stratecies civen in the SBWR Emercency Procedure Guidelines and to complete the important operator actions described in the Probabilistic Risk Assessment (Subsection 18.3.3 and Appendix 18F).
i
.ms:.
1.
.,t7 p. , .. . , . ,i ; , ;3. . .! p. 7,s. , iii n; =7;. . . ; .3 . ,
g..i..it 7 7 , . ..t:,i.
_; ; i t .17 r. . . 3 g;.c _ ,; _ .: . ; .:
. 3 ra g7 .:t.: ;, 3 . i . : .. i . i . _ . _ . . , _ _ . ._~,i.: _ ...r........: , ..._..,..: t
.r
,-;c: :;;;;. np?c.nc: -d T:, p; ' s c'.'. ; :.!ud e s p; s 7 y u,3737 A-'
E rg u' 2' :p - (PRC) ': ..rm..= 3 7 7., .; e., -he; :i. .. p; , , , 7; gjp ;_ ;_
- p: ?' 8c .;g; !" '; N_ c? ngn;; :.pcci".: n::cp: ,; c . s ;;; ; -d : 82' s , ~'f" d;cr
- f n F.s : 3: : 1P3,Sc:' 3
- pp: -din ' SE.
%d l
f1anning, Development, and Design - Amendment 1 DRAFT 18.3-1
25A5t13 Rev. A SBWR standard sarery Analysis Report 18.3.2 Standard Design Features O.
The SBWR control room iISI : < N r" e design contains a group of standard features which form the foundation for the detailed IISI MMIS design. These features are described in Subsection 18.4.2.
The development of the control room IISI MM48 standard design features was accomplished through consideration of exisung control room operating experience; a resiew of trends in control room designs and existing control room data presentation methods; evaluation of new HS1 r . :na M .-arrFa OFilt technologies, alarm reduction and presentation methods; and validadon tesdng of two dynamic control room prototypes. The prototypes were evaluated under simulated normal and abnormal reactor operating conditions and utilized experienced nuclear plant control room operators. Following the completion of the prototype tests and employing their results, the standard control room HS1 MMIS design features were rmalized. ,
18.3.3 inventorv of Controls and instrumentation The SBWR Emercencv Procedure Guidelines (EPGsh presented in Annendix 18A. and the important operator actions identified in the Probabilistic Risk Assessment (PRAL 4
presented in Chanter 19. nrovided the bases for an anahsis of the information and control capability needs of the main control room operators based upon the operation stratecies. This analvsis defines a minimum set of controls disniavs. and alarms which O
will enable the operatinc crew to perform the actions that would be specified in the Fmercencv Opera:ine Procedures and the imnortant onerator actions identified in the PRA. Appendix 18F contains the tabulated results of this analvsis.The controls. displavs and alarms needed by the operators to perform and validate the completion of those stens and important actions are listed in Tables 18F-1 throuch 18F& resnectively.
18.3.4 Detailed Design implementation Process l l
The process by which the detailed equipment design implementation of the SBWR 1ISI n a" .i! u. .s . .. . , dan 7:an a. dSc . .:crface will be comnieted
. np!- ,:..c4 is discussed in Section 18.7 and in Appendix 18E. This process builds i upon the standard ]19 MMIS design features which are discussed in Subsection 18.4.2.
Embedded in the procest., "8 :"u e cd S 1 Figure A18E-11, are a number of NRC conformance reviews in which various aspects and outputs of the process are evaluated against established acceptance criteria nresented in Tables 18E-1 throuch 18E4 O
18.3 2 Planning. Development. and Design - Amendment 1 DRAFT
2SAS113 Rev. A SBWR Standard SafetyAnalysisReport O)
\
v 18.4 Control Room Standard Design Features 18.4.1 Introduction '
This section presents the standard design features of the HSI apcv N rr =c in the control room (Subsection 18.4.2). These standard design features are based upon proven technologies and have been demonstrated, through broad scope control room dynamic simulation tests and evaluation, to satisfy the SBWR HS1 up:- - t t --fu design goals and design bases as given in Section 18.2. Appendix 18D presents an example of a control room HSI cpe: :c: ...:. :f= c design implementation which incorporates these design features. F4rmiXal:dation of the imnlemented MCR desien will include evaluation of the standard desien features and will be nerformed as nart of ;
the desien implementation process as defined by the acceptance criteria presented in Tables 18E-1 throuch 18F-4 ^" r .t; .
da: d :' r.!g:: ce. = ._ :n i;; ;i, . = p2. . yr Ar A .:gn : np!- ' > -
- p :a n > ^ d '; '~ pr' c.
d e c-!pt : p: ided :--
App -& "'E 18.4.2 Standard Design Feature Descriptions 18.4.2.1 Listing of Features The SBWR control room HS1 ap , c .:ct r=c design incorporates the following .;
standard features:
(1) A single, integrated control console staffed by two operators; the console has ,
a low profile such that the operators can see over the console from a seated position.
(2) The use of olant nrocess comnuter svstem driven on-screen control video display units (VDUs) for safety-related system monitoring and non-safety-related system control and monitoringf:' n "- . 'h)^ p!"-:p: ::w-l
- np: '. ,& ,
(3) The use of a separate set of on-screen control VDUs for safety-related system control and monitoring and separate on-screen control VDUs for non-safety- .
related system control and monitoring; the operation of these two sets of VDUs is entirely independent of the process computer system. Further, the first set of VDUs and all equipment associated with their functions of safety-related system control and monitoring are divisionally separated and qualified to Class 1E standards.
(4) The use of dedicated function switches on the control console. l (5) Operator selectable automation of pre-defined plant operation sequences.
s Control ficom Standard Design Features - Amendment 1 DRAFT ' 18.4-1
25A5113 Rev. A SBWR standardsaretyAnalysis neport O
(6) The incorporation of an operator selectable semi-automated mode of plant operations, which prmides procedural guidance on the main control console VDUs but does not control plant svstems w*m and equipment.
(7) The capability to conduct all plant operations in an operator manual mode.
(8) The incorporation of a large display panel that presents information for use by the entire control room operating staff.
(9) The inclusion on the large display panel of fixed-position displays of key plant parameters and major equipment status.
(10) The inclusion in the fixed-position displays of both Class 1E<jualified and non-IE display elements.
(11) The independence of the fixed-position displays from the plant process computer.
(12) The inclusion within the large display panel of a large VDU which is driven by the plant process computer system.
(13) The incorporation of a " monitoring only"supenisor's console which includes VDUs on which display formats available to the operators on the main control console are also available to the supenisors.
(14) The incorporation of the SPDS function as part of the plant status summary information which is continuously displayed on the fixed-position displays on the large display panel.
(15) A spatial arrangement between the large display panel, the main control console and the shift supenisor's console, which allows the entire control room operating crew to conveniently view the information presented on the large display panel.
(16) The use of fixed-position alarm tiles on the large display panel.
(17) The application of alarm processing logic to prioridre alarm indications and to filter unnecessary alarms.
(18) The use of VDUs to prmide alarm information in addition to the alarm information pro ided through the fixed-position alarm tiles on the large display panel.
Validation of the desien of each of the main control room standard desien features is a COI. action item (Subsection 18 8.5).
18.4 2 ControlRoom Standard Design Features - Amendment 1 DRAFT
25AS113 Rev. A SBWR standardsateryAnarnisneport O
\") i The remainder of this subsection provides further descriptions of these standard design i features.
r 18.4.2.2 Main Control Console :
t The main control console comprises the work stations for the two control room plant operators. It is configured such that each operator is prosided with controls and .
monitoring information necessary to perform their assigned tasks and allows the -
operators to siew all of the displays on the large display panel (Subsection 18.4.2.7) from a seated position.
The main control console,in concert with the large display panel, prmides the controls and displays required to operate the plant during normal plant operations, abnormal events and emergencies. These main control console controls and displays include the following:
m On-screen control VDUs for safety-related system monitoring and non-safety-related system control and monitoring which are driven by the plant process computer system (Subsection 18A.2.3).
't e A separate set of on-screen control VDUs for safety-related system control and l monitoring and separate on-screen control VDUs for non-safety-related system ;
control and monitoring; the operation of these two sets of VDUs is entirely independent of the process computer system. Further, the first set of VDUs and all ,
equipment associated with their functions of safety-related system control and monitoring are dhisionally separated and qualified to Claw IE standards (Subsection 18.4.2.4).
m Dedicated function switches (Subsection 18.4.2.5).
The main control console is also equipped with a limited set of dedicated displays for selected functions (e.g., the Standhv Liould Control Svstem and the synchronization of the main generator to the electrical grid). .
In addition to the above equipment, the main control console is equipped with both intra-plant and external communications equipment and a laydown space is pro ided for hard copies of procedures and other documents required by the operators during the performance of their duties. ,
18.4.2.3 Process Computer System Driven VDUs !
A set of on-screen control VDUs is incorporated into the main control console design -
to support the following activities:
a monitoring of plant systems, both safety-related and non-safety-related; ControlRoom Standard Design Features- Amendment 1 DRAFT 18.4-3 W
l 25A5113 Rev. A SBWR standa.-d sareryAnatysis Report a control of non-safen-related system components; and 9
a presentation of system and equipment alarm information.
This set of VDUs is driven by the plant process computer system. Thus, data colic:ted by the process computer system is available for monitoring on these VDUs. All available display formats can be nisplayed on any of these VDUs.
18.4.2.4 Process Computer System Independent VDUs A set of VDUs which are independent of the process computer system are also installed on the main control console. These VDUs are driven byindependent processors. They are divided into two subsets:
(1) The first subset consists of those VDUs which are dedicated, divisionally separated devices. The VDUs in this group can only be used for monitoring and control of equipment within a given safety division. The VDUs are qualified, along with their supporting display processing equipment. in Class 1 E standards.
(2) The second subset of process computer system independent VDUs is used for monitoring and control of non-safety-related plant systems. The VDUs in this subset are not qualified- to Class 1 E standards.
18.4.2.5 Dedicated Function Switches Dedicated function switches are installed on the main control console. These devices provide faster access and feedback compared to that obtainable with soft controls.
These dedicated switches are implemented in hardware, so that they are located in a fixed position and are dedicated in the sense that each individual switch is used only for a single function, or for two very closely related functions (e.g., valve open/close).
The dedicated function switches on the main control console are used to support such functions as initiadon of automated sequences of safety-related and non-safety-related system operadons, manual scram and reactor operating mode changes.
18.4.2,6 Automation Design '
i The SBWR incorporates selected automadon of the operations required during a normal plant startup/ shutdown and during normal power range maneuvers.
Subsection 7.7.1.5 describes the Power Generation Control Sywem (PGC FGGS) fimction which is the primary SBWR function *ywem for implemendng the automation I features for normal SBWR plant operations.
O 18.4-4 Control Room Standard Design Features - Amendment 1 DRAFT l
25A5113Rev. A ,
SBWR StandardSafetyAnalysis Report n
l
\.
18.4.2.6.1 Automatic Operation When placed in automatic mode, the PGC FGGS performs sequences of automated plant operations by sending mode change commands and setpoint changes to lower-level, non safety- related plant system controllers. The PGC FGGS cannot directly change the status of a safety-related system.When a changein the status of a safety-related system is required to complete the selected operation sequence, the PGC FGGS provides prompts to guide the operator in manually performing the change using the appropriate safety-related operator interface controls provided on the main control console.
The operator can stop an automatic operation at any time. The PGC PGGS logic also ,
monitors plant status, and will automatically revert to manual operating mode when a major change in plant status occurs (e.g., reactor scram or turbine trip). When such abnormal plant conditions occur, PGC PGGS automatic operation is suspended and the logic in the individual plant systems and equipment directs the automatic response to ,
the plant conditions. Similarly,in the event that the operational status of the PGCPGGS i
or interfacing systems changes (e.g., equipment failures), operation reverts to manual operating mode. When conditions permit, the operator may manually reinitiate PGC PGGS automatic operation.
O' Evaluation of the effects of automation stratecies on operator reliability and the appropriateness of the SBWR automation desien is a COL action item (Subsection 18 83). Also. a consideration of malfunctions of the PGCis a COI action item (Subsection 18.8.10).
18.4.2.6.2 Semi-Autornated Operation The PGC EGGS also includes a semi-automatic operational mode which provides :
automatic operator guidance for accomplishing the desired normal changes in plant status; however, in this mode, the PGC FGGS performs no control actions. The operator l must activate all necessary system and equipment controls for the semi-automatic scouence p!' aper::. ns to proceed. The PGC FGGS monitors the plant status during the semi-automatic mode in order to check the progression of the semi-automatic scouence p!~ apr _ .r. and to determine the appropriate operator guidance to be activated.
i 18.4.!c. 6.3 Manual Operation The manual mode of operation in the SBWR corresponds to the manual operations of conventional BWR designs in which the operator determines and executes the appropriate plant control actions without the benefit of computer-based operator aids.
The manual mode provides a default operating mode in the event of an abnormal
\ condition in the plant. The operator can completely stop an automated operation at ControlRoom Standard Design features - Amendment 1 DRAFT 18.4-5
25AS113Rev. A SBWR standardsaretyAnstrsis Report O
any time by simply selecting the manual operating mode. The PGC PCCS logic will also automatically revert to manual mode when abnormal conditions occur.
18.4.2.7 Large Display Panel The large display panel prmides information on overall plant status with real-time data during all phases of plant operation. The information on the large display panel can be viewed from the main control console and the supenisor's console. The large display panelincludes fixed-position displays (Subsecdon 18.4.2.8), a variable display (Subsection 18.4.2.9) and spatially dedicated alarm windows (Subsection 18.4.2.12).
18.4.2.8 Fixed-Position Display The fixed-position portion of the large display panel provides key plant information for viewing by the entire control room staff. The dynamic display elements of the fixed-position displays are driven by dedicated microprocessor-based controllers which are independent of the plant process computer system.
Those portions of the large display panel which present safety-related information are qualified to Class 1E standards.The COL applicant shall address the human factors aspects of TM1 Item I.F.S. Saferv Svstem Status Monitorine. as an action item (Subsection 18 8.9).
The information presented in the fixed-position displays includes the critical plant parameter information, as defined by the SPDS requirements of NUREG-0737, Supplement 1. and the Type A post-accident monitoring (PAM) instrumentation required by Regulation G:dde 1.97. (Refer to Subsection 18.4.2.11 for a discussion of the SPDS and to Section 7.5 for a discussion of the PAM variables.)
18.4.2.9 Large Variable Display The large variable display which is included on the large display panel is a VDU which is driven by the plant process computer system. Any screen format resident in il e i process computer system can be shown on this large variable display.
18.4.2.10 Supervisors' Jonsole A console provided for the control room supenisors whe+h is equipped with VDUs on which any screen format resident in the process computer system and available to the operators at the main control console is also available to the supenisors. The location of this console in the control room is discussed in Subsection 18.4.2.15.
18.4.2.11 Safety Parameter Display System NUREG-0737 prosides guidance for implementing Three Mile Island (TMI) action items. NUREC.-0737, Supplement 1, clarifies the TMI action items related to 18.4 6 ControlRoom Standard Design features - Amendment 1 DRAFT
25AS113Rev. A SBWR standard sarery Analysis Report emergen cy response capability, including item 1.D.2, " Safety Parameter Display System".
The principal purpose of the SPDS is to aid control room personnel during abnormal and emergency conditions in determining the safety status of the plant and in assessing
, whether abnormal conditions warrant corrective action by operators to prevent core l damage. During emergencies, the SPDS serves as an aid in evaluating the current safety status of the plant,in executing symptom-based emergency operating procedures, and in monitoring the impact of engineered safeguards or mitigation activities. Selection of the paramciers for inclusion in the SPDS displav is based upon the SBWR Emercency Procedure Guidelines ( Annendix 18AL The SPDS also operates during normal -
operation, continuously displaying information from which the plant safety status can be readily and reliably assessed. The SBWR does not provide a separate SPDS, but rather, the principal functions of the SPDS (as required by NUREG-0737, Supplement
- 1) are integrated into the overall control room display capabilities. Displays of critical plant variables sufficient to provide information to plant operators about the following critical safety functions are provided on th t large display panel as an integral part of the fixed-position displays:
a reactivity control; a reactor core cooling and heat removal from the primary system;
\
a reactor coolant system integrity; a radioactivity control; and a containment conditions.
Displays to assist the plant operator in execution of syrnptom-based emergency operating procedures are available at the main control console VDUs. Examples of these VDU displays are trend plots and operator guidance. Information regarding entry conditions to the symptomatic emergency procedures is provided through the fixed-position display of the critical plant parameters on the large display panel. The critical plant parameters on the large display panel are also viewable from the control room supervisor's monitoring station. The supplemental SPDS displays on the VDUs on the main control console are also accessible at the control room supervisor's monitoring station and may be provided in the technical support center (TSC) and, optionally, in the emergency operations facility (EOF). (Refer to Section 13.3 for the requirements on the TSC and EOF.)
Entry conditions to the symptomatic emergency operating procedures (EOPs) are annunciated on the dedicated hardware alarm windows on the large display panel. The
{,
Control Room Standard Design Features - Ament nent 1 DRAFT 18.4-7
2SAS113Rev A SBWR standard sarery Analysis Report O
large display panel also displays the containment isolation status, safety-related systems status, and the following critical parameters:
(1) reactor pressure vessel (RPV) pressure; (2) RPV water level; (3) core neutron flux (startup range and power range i.istruments);
(4) suppression pool temperature; (5) suppression pool water level; (6) drywell temperature; (7) drywell pressure:
(8) drywell water level; (9) control rod scram status; (10) drvwello oneration):
- oxygen concentration, (when monitors are in 94 (11) drvwell + m+aimm*H hydrogen concentration (when monitors are in operation);
(12) wetwell ovvcen concentration (when monitors are in on ration):
(13) wetwell hydrocen concentration (when monitors are in operation): and 1 (l4) containment radiation levels. ,
The oxygen monitoring instrumentation system is normally in continuous operadon and hence the large display panel also includes continuous fixed-position display of wetwell and drywell oxygen concentrations. The hydrogen monitoring instrumentation is automatically started on a lostrof-coolant accident (LOCA) signal and, hence, continuous display is not required. Additional post-accident monitoring parameters, such as effluent stack radioactivity release (refer to Section 7.5 for a list of post-accident monitoring parameters), may be displayed at the large variable display or at the main l control console VDUs on demand by the operator. )
i The SPDS is required to be designed so that the displayed information can be readily j perceived and comprehended by the control room operating crew. Compliance with j this requirement is assured because of the incorporation of accepted human factors !
18 R Control Room Standard Design Features - Amendment 1 DRAFT l
l
[
25A5113 Rev. A SBWR standard sareryAnalysisReport n
(
engineering principics into the overall control room design implementation process (refer to Subsection 18.7 for a discussion of the design implementation process).
All of the continuousiv displayed information necessary to satisfy the requirements for the SPDS. as defined in NUPEG-0737. Sunnlement 1. is included in the fixed-nosi ion displav list in Table 18F-2. Table 18F-2 also includes other displavs. bevond those required for the SPDS.
The evaluation of the SPDS acainst the reonirements of Paracranh 3.8a of NURFG-0737. Sunnlement 1. and confirmation that the desien meets all annlicable criteria is a COL license information requirement.
s 18.4.2.12 Fixed-Positicen Alarms Specially dedicated fixed-position alarm tiles on the large display panel annunciate the key, plant-level alarm conditions that indicate entry into the emergency operating procedures or otherwise potentially affect plant availability or plant safety, or indicase the need ofimmediate operator action.
18.4.2.13 Alarm Processing Logic Alarm prioritization and filtering logic is employed in the SBWR design to enhance the presentation of meaningful alarm information to the operator and reduce the amount ofinformation which the operators must absorb and process during abnormal events.
Alarm prioritizing is accomplished in the SBWR through the designation of three categories of alarm signals. The first of these is the important p!:- 'e r! alarms. These are defined as those alarms which nodfy the operators of changes in plant status regarding safety and include those items which are to be checked in the event of accidents, principal events or transients. The imnortant p!r f r.c! alarms are displayed on the fixed-position tiles discussed in Subsection 18.4.2.12.
The second category is the system-specific alarms which are provided to notify the operators of system-level abnormalities or non-normal system statuses. Examples of these are as follows:
a main pump trips caused by system process, power source or control abnormalities; _
a valve closures in cooling or supply lines; a I decreases in supply process values; a loss of a backup system; e )
a system isolation;
)
1 ControlRoom Standard Design Features ~ Amendment 1 DRAFT 18.4 9
l l
25AS113 Rev. A SBWR standard safery Analysis Report Ol1 1 I
by passing safety-related systems; and a systems are undergoing testing.
i The system-specific alarms are also shown on the fixed-position tiles discussed in Subsection 18.4.2.12.
Equipment alarms make up the third categm y of alarms in the prioritizing scheme and are discussed in Subsection 18.4.2.14.
Alarm suppression in the SBWR is based upon the following concepts a Suppreuion based on the operating mode. The plant operating mode is defined on the basis of the hardware or process status, and alarms which are not relevant to the current operating mode are suppressed. For example, alarms which are needed in the "RUN" mode but are unnecessary in the "SIIUTDOWN" mode are suppressed.
s Suppression of subsidiary alarms. Alarms are suppressed if they are logically consequent to the state of operation of the hardware or to the process status. For example, scram initiation (a plant-level alarm condition announced with a fixed-position. alarm tile on the large display panel) willlogically lead to a fine motion control rod drive (FMCRD) hydraulic contiol unit scram accumulator low pressure (also an alarm condition). Such subsidiary alarms are suppressed if they simply signify logical consequences of the systems operation, a Suppression of redundant alarms. When there are overlapping alarms, such as "high' and "high-high* or low" and " low-low", only the most severe of the conditions is alarmed and the others are suppressed.
Operators may activate or deactivate the alarm suppression logic at any time.
18.4.2.14 Equipment Alarms Alarms which are not indicated by fixed-position alarm tiles on the large display panel
'i.e., .mc r.larms of nominally lower level importance such as those related to specific eg Anmr z vu tus) are displayed to the control room operating staff through the main
< e.@c,. sole VDUs. The supplemental alarm indications anci supporting iir t'. <.atiori regardirig the plant-level alarms which are presented on the large display panel are A presented on the VDUs.
18.4.2.15 ControlRoom Arrangement in the SBWR main control room arrangement, the main control console is located directly in front of the large display panel for optimum viewing efficiency by the plant operators seated at the main console. The shift supervisor's console is also placed in 18.4-10 Control Room Standard Design Features - Amendment 1 DRAFT
l i
25A5113Rev. A SBWR standard saretyAnalysisReport m
front of the large display panel, but at a somewhat grcater distance than the main control console. The shift super isor is, thus,in a position behind the control console operators. This arrangement allows all control room personnel to view the contents of the large panel displays.
18.4.3 Control Room F_SJ MMITechnology .
The SIMR main control room standard design features described in the preceding subsections include,in their design, equipment that utilizes a variety of technologies to l
~'
control and monitor the plant processes. This mbsection provides a summary listing and description of the technologies which are utilized in these control and monitoring '
functions. For this purpose, the term " technology"is taken to have the following definition: "the equipment, including both hardware and software, employed to directly ;
accomplish the functions of control and monitoring of the plant processes."
Ilardware such as consoles. nanels. cabinets, control room lichtinc and HVAC and plant communication couipment which h i m he a supporting role but is ace not directly involved in the control and monitoring processes is excluded;, :': = n c!=,
p c'..,c; F :c::,, u - ~' , - !!g!: ::g : ~' !"".C a:;-! ;P ' r - c:m-c:p::jn , a
[, i The scope of this section is limited to the main control room and the remote shutdown '
stadon areas of the plant and includes all technology, regardless of use in prior designs.
The list format includes a brief description of each item of equipment:
(1) Hardware switches such as multi-position rotary, pushbutton, rocker, toggle and pull-to-lock types.
(2) Soft switch, the functions of which may be changed through the execution of .
software functions.
(3) Continuous adjustment controls, such as rotary controls and thumbwheels. ;
(4) Visual display units with full color screens, including large reverse projection !
screens, cathode ray tubes and flat panel display screens.
1 (5) On4creen control utilized with the units in 3 and 4, above.-
i (6) . VDU screen format such as large screen optical projecuon display formats, text displays, including menus and tabular information and graphical displays, _,
including trend plots,2-D Plots, P& ids and other diagrams and pictorial information. ;
Control Room Standard Design Features - Amendment 1 DRAFT 18.4-11
i i
25A5113 Rev. A SBWR Standard SafetyAnalysis Report O-(7) Analog meters which employ a hardware medium to pictorially or graphically present quantitative and qualitative information concerning plant process parameters This inc ludes analog meters using digitally controlled LEDs and digital readouts.
(8) Fixed-position digital displays which present alphanumeric information in a <
hardware medium. These can be back-lit.
(9) Fixed-positicia hardwaie inimic displays which schematically represent plant systems and components and their relationships utilizing pictonal elements, labels and indicator lights.
(10) Fixed-position alarm tiles which use light to indicate the alarm state.
(11) An audio signal system which is coordinated to the alarm tiles in #10, above, and utilizes prioritizadon and alarm reduction logic and pre-<lefined set points to alert operators to plant status changes.
(12) Printers and printer / plotters used to provide hard copy output in the form of plots, logs and text.
(13) Keyboards which are composed of alphanumeric and/or assignable function keys and function as computer input devices.
O 18412 Contml Room Standard Design Features - Amendment 1 DRAFT
I l
2SAS113 Rev. A SBWR standarssaretyAnarysis neport i
C r
l 18.5 Remote Shutdown System The Remote Shutdown System (RSS) provides a means to safely shut down the plant from outside the main control room. It provides control of the plant systems needed to bring the plant to hot shutdown, with the subsequent capability to attain r.old shutdown, in the event that the control room becomes uninhabitable.
The RSS design is described in St:h::cie:s ' A ' A =d ' A.2.1 Section 7.4.2. Allof the controls and instrumentation required for RSS operation are identified in S:%erpe-
'd' A '
A Section 7.4.2 and in Figure 21.7.4-2.
The RSS uses conventional, hardwired controls and indicators to maintain diversity from the main control room. These dedicated desices are arranged in a mimic of the interfacing systems process loops.
Evaluation of alternate desien annroaches for reliabilitt and confirmation of the adcouarv of the RSS desien is a COI, action item (Subsection 18.8.6).
i r
{ i r
t t'
t i
f Remote Shutdown System - Amendment 1 DRAFT 18.5-1/2 e
e .
25AS113Rev. A SBWR Standard SafetyAnalysis Report O
(
18.6 Systems Integration '
18.6.1 Safety Related Systems The operator interfaces with the safety-related systems through a variety of methods.
Dedicated hardware switches are used for system initiation and logic reset, while system mode changes are made with other hardware switches. Safety-related VDUs provide capability for indisidual safety equipment control, status display and monitoring; non-safety-related VDUs are used for additional safety-related system monitoring. The large fix. d position display provides plant oveniew information. Instrumentation and ,
control aspects of the microprocessor-based safety system logic and control (SSLC) are described in Subsection 7.3.4.
Divisional separation for control, alarm and display equipment is maintained. The SSLC processors provide alarms signals to their respective safety-related alarm processors and provide display information to the divisionally dedicated VDUs. The SSLC rnicroprocessors communicate with their respective divisional VDU controllers through the essential multiplexing system (EMS). The divisional VDUs have on-screen control capability and are classified as safety-related equipment. These VDUs provide ,
control and display capabilities for individual safety systems if control of a system component is required. Normally, such control actions are performed for equipment surveillance purposes only, as the normal method of system control is through the mode-oriented master sequence switches. ,
p:. , .a g r. . , . .i _ . _. , g , :,37,- i. . ,, t i = rg. . et . . , , m. . . . , .
- af :y rc'-:cd a : - :. . a c:,ru.: .:b , 'r _a_.;
r :. 3\ ; ,; 2rc;y ;c33 c;>
equ;pe - 2" $ ~ -
np: :: , - N +"hy 3 2:e :fe:j e'" ~' :7. e- : p: f e- '
4!s e .:g: fe c ' ' = *. r mp!'", -!1 - - "2 "-
' r -" - -
- "- ^ ' :7 / - -
wehke::,: r : ,,; .. a' in Chaph :
i Divisionalisolation devices are provided between the safetv-related systems and non-safetv-related communication networks so that failures in the non-saferv-related couipment veill have no impact on the ability of the saferv-related systems to perform their desien functions. The non-saferv-related communication network is part of the Non-Essential Multinlex System (NEMS) described in Subsection 7.7.7.
Operation controls throuch dedicated hardware switches and master senuential ;
switches communicate with the SSLC locic tmits throuch conventional hardwire sienal transmission fi.e . not multiplexed). Communications between the SSLC locic units ,
and alarm nancis and the safetv-related fhed-nosition disniavsis throuch multiplex data links.
Safetv-related system process narameters. alarms and system statusinformation from the '
SSI C are communicated to the NEMS throuch isniation devices for use bv othr2 l l
Systems integration - Amendment 1 DRAFT 18.6-1
i 2SAS113 Rev. A !
SBWR standardsaretyAnarrsisneport I
couinment connected to the communication network. Selected onerator control functions are nerformed throuch dedicated hardware control switches which are Class 1E oualified and divisionally separated on the main control console. These ,
hardware switches communicate with the safetv-related systems locir units throuch I hardwire transmission lines.
The divisionally dedicated VDUs are classified as safetv-related couinment. These VDUs nrovide control and disniav canabilities for individual safetv-related systems if control of a system comnonent is reouired. Normally, such control actions are performed for couinment surveillance nurnoses ontv. as the normal method of wstem controlis throuch the mode-oriented master scouence switches.
18.6.2 Non-Safety-Related Systems For non-safety-related systems, operation controlis accomplished using master sequence switches, and on-screen control through the non-safety-related VDUs. The hardware switches for non-safety-related equipment on the main control console communicate with the non-safety related systems logic units through hardwire transmission lines.
The non-safety-related systems communicate with other equipment in the operator interface through the NEMS network. The non-safety-related portion of the large display panel fix^d-posidon displays is driven by a controller separate from the process computer system. Alarm processing microprocessor units separate from the process computer system perform alarm filtering and suppression and also drive dedicated alarm tiles on the large display panel. The alarms for entry conditions into the symptomatic emergency operating procedures are provided by the alarm processing units, both safety and non-safety-related. Equipment level alarm information is presented by the process computer system on the main control console VDUs, An additional set of non-safety-related on-screen control VDUs is provided on the main control console for control and display of non-safety-related systems. These VDUs are independent of the process computer system. In the unlikely event ofloss of the process computer system, these independent VDUs, in conjunction with the large display panel safety-related displays, have sufficient information and control capability to allow the following operations to be performed:
a steady-state power operation, a power decrease, i
e plant shutdown to hot standby conditions, and l a plant shutdown to cold shutdown conditions.
l 18.6-2 Systems integration - Amendment 1 DRAFT l
25AS113 Rev. A SBWR standardsate:yAnalysisneport t
N l Without the plant process computer system, controlis carried out through the master sequential switches and the process computer-independent, on-screen control VDUs. 1 Monitoring is accomplished with the independent VDUs and the fixed position display on the large display panel. Power increases cannot be performed in the absence of the process computer system because core thermal margin limit information provided by the process computer to the automatic thermal limit monitor (described in Subsection 7.7.2.2) would not be available.
i.
i L
1 O
I\
d 1
[ ,
i N
l' SystemsIntegration- Amendmen 1 DRAFT 18.6 3
25AS113Rev. A SBWR standardsareryAnalysis Report p) u 18.7 Detailed Design of the Operator Interface System The standard design features of the SBWR main control room 11SI MMIS, discussed in Subsection 18.4.2, proside the framework for the detailed equipment hardware and software designs that will be developed following Q1e design and implementation ,
process : c ' .. ' / ypi::.-!!y described in Appendix 18E. This :yp::a' de .ign 2nd-i+np!-- -
- process is made up of eicht maior elements, as illustrated in Ficure 18F-1. p:::.c: ~!:-P- :'~ :rc "gn c 21 IFF ' :d desc t'-d *-
.1 ae. :i:. e - .y . ,er 3
, 4 .._r.t. ge. .:iea ae ,.gu . g c . i . . .
- p.
- a _ : ..: n 3: 1ppendh !Pr, ope: ur ', e n!y: c:. 'l' he p::' ned ; -5
. c., _v.. r
. ::g dc ?' c the dr.?gn np! .., .. . . g uuic 9 , , aun; 9 gc 7g 7t; ;a., , , . cr .t; ,
. 7g. , ;a .c' c de:agn 3": 0de ' r - - -- -
c r. t .. cm en ..- .; ...7,
.. + ~! Ae agr 72:u.e.
r E
As nart of the Annendix 18E discussion of the HSI desien and implementation plan elements. detailed acceptance criteria are speci6ed that shall be used to covern and direct all SRWR HSI desien implementations which reference the Certified Desien.
These detailed accentance criteria. nresented in Section 18E.2 of Annendix 18E.
encompass the set of necessarv and sufficient desien implementation related activities reonired to maintain the implemented HS1 desien in compliance with accented HFE ,
principles and accepted dicital electronics equipment and software develonment methods.
Also. as nart of the detailed desien imnlementation nrocess described in Annendix 18F.
operator task anahses will be nerformed as a basis for evaluatinc details of the desien implementation and HSI reouirements will be speci6ed. These HSI requirements will include the instrumentation and controls listed in Tables 18F-1 throuch 18F-3 as a subset The evaluation of the intecrated control room desien willinclude the conGrmation of the SBWR main control room standard desien features. i i
k DetailedDesign of the Operatorinterface System - Arnendment 1 DRAFT 18.7-1/2
l l
25AS113 Rev. A SBWR StandardSafetyAnalysis Report l
(~
\ l 18.8 COL License Information 18.8.1 HSI Design implementation Process The IISI Design Implementation Process is described in Appendix 16E is the responsibility of the COL applicant and is to be considered general COL license information. In addition, the following specific COL action items are in effect.
18.8.2 Number of Operators Needing Controls Access The number of operators needing access to the controls on the main contre; panel shall be evaluated and the ABWR control room staffing arrangement (Subsection 18.2, Item 1) shall be confirmed as adequate. In addition, the roles and responsibilities of the shift supenisor and assistant shift supenisor shall be specified. The results of the evaluation shall be placed in the IIFE Issue Tracking System (Subsection 11.2 of Table 18E-1).
18.8.3 Automation Strategies and Their Effect on Operator Reliability Automation strategies for plant operation shall be evaluated for effects on operator reliability and the appropriateness of the SBWR ABWR automation design
/ Subsection 18.4.2.6.1) shall be confirmed. This evaluation shall be performed s according to the criteria of Subsection 11 ofTable 18E-1 and the results of the evaluation shall be placed in the IIFE Issue Tracking System. 't 18.8.4 SPDS Integration With Related Emergency Response Capabilities ;
The design of the SPDS (Subsection 18.4.2.11) shall be evaluated against the requirements of Paragraph 3.8a of NUREG-0737, Supplemei. s 1, and confirmed to be in compliance with all applicable criteria. The results of the evaluation shall be placed 1 in the HFE Issue Tracking System.
18.8.5 Standard Design Features Design Validation.
The design of each of the main control room standard design features (Subsection 18.4.2.1) shall be validated using the applicable criteria in Subsection Vill of Table 18E-1. The results of the validation shall be placed in the HFE Issue Tracking !
System.
18.8.6 Remote Shutdown System Design Evaluation Digital versus analog design approaches for the Remote Shutdown System (RSS) shall be evaluated for reliability and the adequacy of the SRWR ARWR RSS design (Subsection 18.5) shall be confirmed. The results of the evaluation shall be placed in the IIFE Issue Tracking System.
t COL License information - Amendment 1 DRAFT 18.8-1 n-,
25A5113 Rev. A i SBWR standardsateryAnatysis Report l O 18.8.7 Local Valve Position Indication The necessity for providing local valve position indication (VPI) for each valve in any of the following categories shall be evaluated:
l (1) All power-operated valves (e.g., motor, hydraulic and pneumatic).
(2) All large manual valves (i.e.,5 cm or larger). :
(3) Small manual valves (i.e.,less than 5 cm) w hich are important to safe plant operations.
These evaluation records shall be placed in the HFE Issue Tracking System.
18.8.8 Operator Training An operator training program which meets the requirements of 10CFR50 shall be established (Subsection ll.1.c of Table 18E-1).
18.8.9 Safety Systern Status Monitoring The COL applicant shall address the human factors aspects of TMI Item I.E.3, " Safety System Status Monitoring", as part of the detailed design implementation process (Subsection 18.4.2.8).
18.8.10 PGCS Malfunction As part of the verification and validation effort, the COL applicant shall consider malfunctions of the Power Generation Control function of the process computer system (Subsection 18.4.2.6.1 ).
18.8.11 Local Control Stations The COL applicant shall evaluate all operations at local control stations which are critical to plant safety, as defined in Paragraph V.I.c of Table 18E-1. The results of these evaluations shall be incorporated into the IIFE Issue Tracking System.
18.8.12 As-Built Evaluation of MCR and RSS The COI, applicant shall prepare a report which documents that the ashuilt main control room (MCR) and remote shutdown station (RSS) conform to the certified and validated main control room and remote shutdown station confinitations. Aspects of the as-built MCR and RSS to be considered in this report are the area and panellayouts.
operator environment, alarms, displavs. controls and ceneral human-system interface characteristics.
O 18 B-2 COL License Information - Amendment 1 DRAFT
25A5113 Rev. A SBWR StandardSafetyAnalysis Repon C
\
18.8.13 Accident Monitorina Instrumentation The COI annlicant shall evaluate ihe instrumentation described in TMI Item II.F.1.
" Additional Accident-Monitorine Instrumentation" with recard to the impact c,f the includon of that instrumentation in the MCR llSi on the notential for operator error.
The results of this evaluation shall be placed in the IIFE Issue Trackine System. ;
18.8.14 in-Core Coolina instrumentation The Col, annlicant shall evaluate the instrumentation described in TMI Item II.F.2.
" Instrumentation For Detection ofinadcouate CoreCooline", with recard to the imnact of the inclusion of that instrumentation in the MCR IISI on the notential for onerator error. The results of this evaluation shall be niaced in the 11FE Issue Trackinc Syst em.
18.8.15 Performance of Critical Tasks The Col, annlicant shall evahiate the adecuacy of the IISI with resnect to nrovidinc the controls. displavs and alarms necessarv for timelv nerformance of critical tasks. Critical tasks shall include. as a minimum. ihose operator actions which have sienificant imnact on the PRA results as presented in Section 19D.7. and the operator actions isolate the
[
reactor and inicct water for the nostulated event scenarios of a common-mode failure of the Safety Svstem 1 ocic and Control System and/or the Essential Multiplexinc !
Svstem concurrent with the desien basis main steamline, feedwater line or shutdown cooline line break I OCA (Paracranh V.2.d of Table 18E-1). The results of this evahiation shall be niaced in the liFF issue Trackinc System.
18.8.16 Plant Status and Post-Accident Monitorina The main controlinstrumentation described in TMI Item 1.D.5 (2). " Plant Status and Post-Accident Monitorine" shall be evaluated with recard to the imnact of the inclusion of that instrumentation in the MCR IISI on the notential for onerator error and the results of the evaluation shall be placed in the HFE issue Trackine System.
- t l
COL License information - Amendment 1 DRAFT 18.8-3
-- - - r -
l 2SAS113 Rev. A SBWR StandardSafetyAnalysis Report t
k
( ,
18E SBWR ABWR Human-System Interface Design implementation Process i l
18E.1 Introduction Section 18.3 discusses the program of human factors related activities conducted ,
throughout the development of the SIMR A44R plant system designs, including the development of the Main Control Room (MCR) and Remote Shutdown System (RSS) designs. Appendix 18E describes the process through which the MCR and RSS human system interface (IISI) design implementadons will be conducted and evaluated through the application of accepted human factors engineering (IIFE) practices and principles. Section 18E.2 discusses the basic elements of this IIFE design implementation process and includes identification of where in the process the results are planned to be made available for NRC review. The criteria to be used by the NRCin l
their review of the design implementation (i.e., the Design Acceptance Criteria (DAC))
are presented in Section 18E.3 18E.2 HSI Design implementation Process :
The designs of the MCR and RSS areas of operator interface, for the execution of normal plant operation and emergency operation, will be implemented and evaluated in accordance with the process illustrated in Figure 18E-1. As shown in Figure 18E-1, the implementation process begins with the establishment of the Iluman Factors Engineering (IIFE) Design Team which prepares the HFE Program and Implementation Plans and guides the process through the remaining steps to the final validation of the implemented design. Figure 18E-1 also identifies the relative timing of the planned NRC conformance reviews along with the corresponding table in Section 18E.3 that defines the acceptance criteria applicable to the individual reviews. ,
18E.2.1 The HFE Design Team j The IIFE Design Team will be composed of experienced indhiduals whose collective ,
expertise cover a broad range of disciplines relevant to the design and implementation process. These disciplines will include technical project management, control and instrument engineering, plant operations and architect engineering, as well as human factors engineering.
The duties of the IIFE Design Team will be to establish the IIFE Program and ,
Implementation Plans, to guide and oversee the design implementation process and to assure that the execution and documentation of each step in the process is carried out in accordance with the established program and procedures. The team will have the authority to insure that all its areas of responsibility ar e accomplished and to identify problems in the implementation of the liSI design. The team will have the authority to x determine where its input is required and to access work areas and design S8WR ABWR Human-Satem Interface Design implementation Process - Amendment 1 DRAFT 18E1 l
l l
l
25A5113 Rev. A SBWR standardsafery Analysis Repon G
documentation. The team will also have the authority to control further processing, delivery, installation or use of HFE/HSI products until the disposition of a non-conformance, deficiency or unsatisfactory condition has been achieved.
18E.2.2 The HFE Program and implementation Plans The HFE Design Team will establish the IIFE Program and Implementation Plans that provide overall direction and integration of the LIFE-related design implementation and evaluation activities for the specific HSI scope which includes the RSS and MCR areas of operational interface. The HFE Program Plan will identify the individuals who comprise the IIFE Design Team and establish the processes through which the HFE Design Team will perform its functions. Included in the HFE Program Plan will be a system for documendng human factors issues, that may be identified throughout the implementation of the designs, and the actions taken to resolve those issues. The HFE Design Team will also establish the Implementation Plans for conductin, each of the following HFE-related activities:
(a) System functional requirements analysis (b) Allocation of functions (c) Task analysis (d) 11uman-system interface design (c) Human factors verification and validation The Implementation Plans wili adlish methods and criteria, for the conduct of each of these HFE-related activities, which are consistent with accepted HFE practices and principles. (For additional detailed information regarding the scope and content of the HFE Program and Implementation Plans, refer ta the acceptance criteria presented in Table 18E-1.)
18E.2.3 System Functional Requirements Analysis Analyses of the system functional requirements will be conducted through application of the methods and criteria established by the HFE Design Team in the System l Fu nctional Requirements Analysis Implementation Plan. The system funetional analysis I will determine the performance requirements and constraints of the HSI design and establish the functions which must be accomplished to meet these requirements. Safety j functions will be specifically identified along with any functional interrelationship that l those safety functions may have with non-safety systems. In addition, critical functions l (i.e., functions required to achieve major system performance requirements or functions which,iffailed, could degrade system performance or pose a safety hazard to j plant personnel or the general public) will be identified. Detailed narrative descriptions l will be developed for each of the identified functions.
I 18E-2 SBWR ABWR Human-Syttem Interface Design Implementation Process - Amendment 1 DRAFT
2SAS113Rev. A SBWR standard safety Anairsis neport i t
%.)
18E.2.4 Allocation of Functions The functions defined through the function analysis will then be allocated (i.e., defined as a function to be performed by the human, the system equipment or by a combination of the human and system equipment) per the methods and criteria established by the llFE Design Team in the Allocation of Functions Implementation Plan. The allocation of functions will be done to take advantage of areas of human strengths and avoid allocating functions to personnel which would be impacted by human limitations. The allocation of functions to personnel, systems or personnel-system combinations will be made to reflect: sensitisity, precision, time and safety requirements, required reliability of system performance, and the number and level of skills of personnel required to operate and maintain the system.
As alternative allocation concepts are developed, analyses and trade-off studies shall be conducted to determine adequate configurations of personnel and system-performed functions. Analyses will be done to confirm that the personnel elements can properly perform tasks that are allocated to them while maintaining proper operator situational awareness, workload and sigilance.
- 18E.2.5 Task Analyses
( Following completion of the function allocation step, task analyses will be performed on those functions which have been allocated to personnel. These task analyses will be ,
performed per the methods and criteria established by the IIFE Design Team Task Analysis Implementation Plan. The task analyses will identify the behavioral requirements of the tasks associated with individual functions. Tasks are defined as .
groups of activities that have a common purpose, often occurring in temporal proximity, and which utilize the same displays and controls. The task analyses will:
(1) prmide one of the bases for making design decisions (e.g., determining before hardware fabrication, to the extent practicable, whether system performance ,
requirements can be met by combinations of anticipated equipment, software and personnel); (2) assure that human performance requirements do not exceed human capabilities; (3) be used as basic information for developing manning, skill, training and communications requirements of the system; and (4) form the basis for specifying the requirements for the displays, data processing and controls needed to carry out the tasks. i The scope of the task analyses shall include all operations performed at the operator interface in the main control room and at the Remote Shutdown System. The analysis
[
shall be directed to the full range of plant operating modes, including startup, normal operations, abnormal operations, transient conditions, low power and 's hutdown conditions. The analysir shall also address operator interface operations during periods of maintenance test and inspection of plant systems and equipment and of the HSI .
equipment.
SBWR ABWR Human-System interface Design Implementation Process - Amendment 1 DRAVT 18E-3 i
i
2SA5113 Rev. A SBWR standardsarety Analysis Report 18E.2.6 Human-System Interface Design Ol l l
As established by the llFE Design Team in their development of the IISI Design Implementation Plan, human engineering criteria will be applied along with all other design requirements to select and design the particular equipment for application to the MCR and RSS IISI. The 1151 design will implement the information and control requirements that have been developed in the task analysis, including the displays, control and alarms necessary for the execution of those tasks idendfied in the task analyses as being critical tasks. The equipment design configuration will satisfy the functional and technical design requirements and insure that the 11S1 is consistent with applicable IIFE principles.
18E.2.7 Procedure Development l
Plant and emergency operating procedures will be developed to support and guide human interactions with plant systems and to control plant-related events and activities.
Plant procedure development is discussed in Section 13.5.
18E.2.8 Human Factors Verification and Validation Following the methods and criteria established by the IIFE Design Team in the Human i Factors Verification and Validation Plan, the successful incorporation of human factors engineering into the implemented I151 design and the acceptability of the resuldng IISI will be thoroughly evaluated as an integrated system.
The evaluations will include consideration of the liS1, the plant and emergency operating technical procedures and the overall work emironment (e.g., lighting, ventilation, etc.). Individual llSI clements will be evaluated in a static mode to assure that all controls, displays and data processing that were identified in the task analyses
- are available and that they are designed according to accepted IIFE principles, I
practices, and criteria. In addition, the integration of HSI elements with each other and with personnel will be evaluated and validated through dynamic task performance evaluation using evaluation tools such as a dynamic HSI prototype driven by real-dme plant simulation models. The dynamic task performance evaluation will be conducted over the full range of operational condidons and plant maintenance acdvities including: normal plant operation; plant system and equipment failures; HSI l equipment failures; plant transients and postulated plant emergency conditions.
18E.3 HSIimplementation flequirements Section 18E.2 describes the process through which the SBWR ABWR Main Control Room (MCR) and Remote Shutdown System (RSS) areas of operator interface will be implemented and evaluated. Figure 18E.1 presents the relative timing of the NRC conformance reviews which are planned throughout the MCR and RSS Human-System Interface (IISI) design implementation. Tables 18E-1 through 18E-4 of this secdon 18E 4 SBWR ABWR Human-System Interface Design Implementation Process - Amendment 1 DRAFT
2SAS113 Rev. A SBWR StardardSafetyAnalysis Report
( )
\. d define the requirements that are to be met by the llSI design implementation actisities that are to be made available for review by the NRC. The HSI design implementation-related I)esign Acceptance Criteria (DAC) which are established through Rulemaking, (refer to Section 3.1 of the Tier i Design Ces tification material for the GE SBWR AEWR design), are defined such that there exists a direct correspondence between the DAC entries and requirements imposed herein on those design acdvities whose results are to be made available for the NRC conformance reviews, as identified in Figure 18E-1.
Those requirements presented in Tables 18E-1 through 18E-4 which correspond to individual Tier 1 DAC acceptance criteria are specifically identified. Therefore, ,
satisfaction of those specific requirements shall result in full compliance with the Certified Design Commitment and the corresponding Acceptance Criteria presented in the Tier 1 (Rulemaking) DAC established for the HSI design implementation.
(h (J'
1 i
SBWR ABWR Human-System Interface Design Implementation Process - Amendment 1 DRAFT 18E-S
25AS113 Rev. A SBWR stansantsareryAnalysisReport O
Table 18E-1 Human Factors Engineering Design Team and Plans (1) IIFE Design Team Composidon (Sadsfaction of the requirements presented herein shall result in the creation of an llFE Design Team which is in full compliance with the Item 1a Acceptance Criteria presented in Table 3.1 of the Tier 1 Design Cernfication Material for the GE SRWR ARWR design)
(1) The composition of the liuman Factor Engineering (HFE) Design Team shall include, as a minimum, the technical skills presented in Ardcle (4),
below.
(2) The education and related professional experience of the HFE Design Team personnel shall sadsfy the minimum personal qualification requirements specified in Article (4), below, for each of the areas of required skills, in those skill areas where related professional experience is specified, qualifying experience of the individual HFE Design Team personnel shallinclude experience in the SBWR ABWR main control room and Remote Shutdown System (RSS) liuman System Interface (IISI) designs and design implementation activities. The required professional experience presented in those personal qualifications of Article (4) are to be sansfied by the HFE Design Team as a collecdve whole. Therefore, satisfacdon of the professional experience requirements associated with a particular skill area may be realized through the combinadon of the professional experience of two or more members of the life Design Team who each, individually, satisfy the ;
other defined credendals of the particular skill area but who do not possess all of the specified professional experience. Similarly, an individual member of the IIFE Design Team may possess all of the credendals sufIicient to satisfy the HFE Design Team qualification requirements for two or more of the i defined skill areas.
I (3) Alternative personal credentials may be accepted as the basis for satisfying the minimum personal qualification requirements specified in Article.(4),
below. Acceptance of such alternative personal credendals shall be evaluated on a case-by-case basis and approved, documented and retained in auditable plant construction files by the COL applicant. The following factors are examples of alternative credentials which are considered acceptable:
(a) A Professional Engineer's license in the required skill area may be substituted for the required Bachelor's degree.
(b) Related experience may substitute f or education at the rate of six semester credit hours for each year of experience up to a maximum of 60 hours6.944444e-4 days <br />0.0167 hours <br />9.920635e-5 weeks <br />2.283e-5 months <br /> credit.
18E 6 SBWR ABWR Human-System Interface Design implementation Process - Amendment 1 DRAFT
25A5113Rev. A SBWR standardsaferyAnalysis neport !
(
t
\
l l
i Table 18E-1 Human Factors Engineering Design Team and Plans (Continued) i (c) Where course work is related tojob assignments, post-secondary education may be substituted for experience at the rate of two years of ,
education for one year experience. Total credit for post-secondary education shall not exceed two years experience credit.
(4) Required Skill Area Personal Qualification (a) Technical Project Bachelor of Science degree, and five years .
Management experience in nuclear power plant design operations, and three years management :
experience (b) Systems Engineering Bachelor of Science degree, and four years cumulative experience in at least three of the following areas of systems engineering; design, development, integration, operation, and test and evaluation ,
b
, (c) Nuclear Engineering Bachelor of Science degree, and four years k nuclear design, development, test or operations experience ;
(d) Instrumentation and Bachelor of Science degree, and four years Control (I&C) experience in design of process control systems, Engineering and experience in at least one of the following :
areas of I&C engineering; development, power plant operations, and test and evaluation (c) Architect Bachelor of Science degree, and four years Engineering power plant control room design experience l
[
Y l
SBWR ABWR Human-System Interface Design implementation Process - Amendment 1 DRAFT 18E-7 ;
25AS113 Rev. A SBWR Standard Safety Analysis Repon O
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(f) lluman Factors Bachelor of Science degree in human factors engineering, engineering psychology or related science, and four years cumulative experience related to the human factors aspects of human-computer interfaces. Qualifying experience shall include experience in at least two of the l following human factors related activities; design, development, and test and evaluation, ;
and four years cumulative experience related to 1 the human factors field of ergonomics. Again, qualifying experience shall include experience in at least two of the following areas of human factors activities; design, development, and test and evaluation (g) Plant Operations llave or have held a Senior Reactor Operator license; two years experience in BWR nuclear power plant operations (h) Computer System Bachelor of Science degree in Electrical Engineering Engineering or Computer Science, or graduate degree in other engineering discipline (e.g., j Mechanical Engineering or Chemical Engineering), and four years experience in the design of digital computer systems and real time systems applications (i) Plant Procedure Bachelor of Science degree, and four years i Development experience in developing nuclear power plant !
operating procedures (j) Personnel Trainng Bachelor of Science degree, and four years )
experience in the developmc at of personnel training programs for power plants, and experience in the application of systematic ,
training development methods -l l
Ol l 18E-8 SBWR ABWR Human-System Interface Design Implementation Process- Amendment 1 DRAFT
25A5113 Rev. A Standant Safety Analysis Report SBWR p
(L Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(11) lluman Factors Engineering Program Plan (1) (Satisfaction of the requirements ptesented herein shall result in the creation of a iluman Factors Engineering Program Plan which is in full compliance with the item 1.b. Acceptance Criteria presented in Table 3.1 of the Tier 1 Design Cerdfication material for the GE SBWR ARWR design.)
The iluman Factors Engineering (IIFE) Program Plan shall establish:
(a) Methods and criteria, for the development and evaluation of the Main Contral Room (MCR) and Remote Shutdown System (RSS) IISI which ate consistent with accepted IIFE practices and principics. Within the defined scope and content of the IIFE Program Plan, accepted IIFE methods and criteria are prescated in the following documents:
(i) AR 602-1, iluman Factors Engineering Program, (Dept. of Defense)
(ii) DI-IIFAC-80740, Iluman Engineering Program Plan, (Dept. of Defense)
(iii) DOD-IIDBR-763,iluman Engineering Procedures Guide, Chapters 5-7 and Appendices A and B, (Dept. of Defense)
(iv) EPRI NP-3659, iluman Factors Guide for Nuclear Power Plant '
Control Room Development,1984, (Electric Power Research Insdtute)
(v) IEEE-1023,IEEE Cuide to the Application ofIluman Factors Engineering to Systems, Equipment and Facilities of Nuclear Power Generating Stadons, (IEEE)
(vi) MIIell-46855B, Human Engineering Requirements for Militan Systems, Equipment and Facilities, (Dept. of Defense)
(vii) NUREG-0700, Guidelines for Control Room Design Reviews, 1981, (US Nuclear Regulatog Commission)
(viii) NUREG-0737, Clarification of TMI Action Plan Requirements (Item I.C.5, " Feedback of Operadng Experience to Plant Staff'),
1983, (US Nuclear Regulatory Commission)
(ix) NUREG-0899, Guidelines for the Preparation of Emergency Operating Procedures,1982, (US Nuclear Regulatory Commission)
(x) NUREG/CR-3331, A Methodology for Allocadng Nuclear Power Plant Control Functions to lluman and Automated Control, 1983, (US Nuclear Regulatog Commission) 18E-9 SBWR ABWR Human-System Interface Design Implementation Process - Am&ndment 1 DRAFT
2SAS113 Rev. A S8WR StandardSafetyAnalysisReport O
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(xi) TOP l-2-610, Test Operating Procedure Part 1, (Dept. of Defense)
Note that within the set of documents listed above, differences may exist regarding specific methods and criteria applicable to the IIFE Program Plan. In situations that such differences exist, for a particular issue, all of the methods and criteria presented within those documents which address that particular issue are considered to be equally appropriate and valid and, therefore, any of those documents may be selected as the basis for how that particular issue is addressed in the IIFE Program.
(b) The methods for addressing:
(i) The ability of the operating personnel to accomplish assigned tasks (ii) Operator workload levels and vigilance (iii) Operating personnel " situation awareness" (iv) The operator's information processing requirements J (v) Operator memory requirements (vi) The potential for operator error (c) IISI design and evaluation scope which applies to the Main Control Room (MCR) and Remote Shutdown System (RSS).
The liS1 scope shall address normal, abnormal and emergency plant operations and test and maintenance interfaces that impact the function of the operations personnel. The 1151 scope shall also address the development of operating technical procedures for normal, abnormal and emergency plant operations and the identification of personnel training needs applicable to the IISI design. The
! development of operating technical procedures are a COL action item L
(see Section 13.5). The establishment of an operator training program which meets the requirements of 10CFR50 is also a COL license j information requirement (see Subsection 18.8.8).
l 1SE-10 SBWR ABWR Human-Satem Interface Design implementation Process - Amendment 1 DRAFT
2SA5113 Rev. A SBWR standars saretyAnalysisRepo:t i 1
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(d) The HFE Design Team as being responsible for:
(i) The development ofIIFE plans and procedures (ii) The oversight and review of HFE design, development, test, and evaluation activities 4 (iii) The initiation, recommendation, and provision of solutions through designated channels for problems idendfied in the ;
implementation of the HFE acdvities -
(iv) Verification ofimplementation of solutions to problems l (v) Assurance that IIFE activities comply to the HFE plans and procedures ;
(vi) Phasing of activities (c) The methods for identification, closure and documentation of human ,
factors issues.
/' (f) The IISI design configuration control procedures.
t (2) The HFE Program Plan shall also establish:
(a) That each HFE issue / concern shall be entered on the HFE Issue Tracking System log when first identified, and each action taken to climinate or reduce the issue / concern should be documented. The ;
final resolution of the issue / concern, as accepted by the HFE Design Team, shall be documented along with information regarding HFE Design Team acceptance (e.g., person accepting, date, etc.) the individual responsibilities of the HFE Design Team members when an HFE issue / concern is identified, including definition ofwho should ,
log the item, who is responsible for tracking the resolution efforts, who :
is responsible for acceptance of a resolution, and who shall enter the necessary closcout data. I (b) That th ? IIFE Issue Tracking System shall address human factors issues ;
that are identified throughout the development and evaluations of the l Main Control Room and Remote Shutdown System IISI design ;
implementation.
(c) That the MCR and RSS designs shall be implemented using HSI equipment technologies which are consistent with those defined in Section 18A.S. !
s (d) That in the event other IISI equipment technologies are alternatively selected for application in the MCR and RSS design implementations:
SBWR ABWR Human-System Interface Design implementation Process - Amendment 1 DRAFT 18E-11 i i
25A5113 Rev. A SBWR StandardSafetyAnalysis Report O
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(i) A resiew of the industry experience with the operation of those selected new 1151 equipment technologies shall be conducted.
(ii) The Operating Fxperience Review (OER) of those new IISI equipment technologies shallinclude both a review ofliterature pertaining to the hu uan factors issues related to similar system applications of those new liSI equipment technologies and interviews with personnel experienced with the operation of those systems.
(iii) Any relevant IIFE issues / concerns associated with those selected new HSI equipment technologies, identified through the conduct of the OER, shall be entered into the HFE Issue Tracking System for closure.
(c) That a review of IISI operating experience shall be conducted as follows:
(i) For the first implementation of the SIMR ABWR Certified l Design.
(a) That the lessons learned from the review of previous l nuclear plant llSI designs, as defined by Attachment I to I this Table 18E-1, shall be entered into the HFE Issue l Tracking System to assure that problems observed in l previous designs have been adequately addressed in the l S_BWR APA'R design implementation. !
(b) Reviews of operating experience with the following SBWR ARWR HSI design areas,in which further development of the industry's experience base can be expected, shall be completed: l Use of flat panel and CRT displays Use of electronic on-screen controls Use of wide display panels Use of prioritized alarm systems Automation of process systems Operator workstation design integration 9
18E-12 SBWR ABWR Human System Interfxe Design implementation Process - Amendment 1 DRAFT
1 l
}
25AS113 Rev. A SBWR standardsafetyviatysis Report j
L '
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
Those operating experience resiews shall include review of reports prmided by industry organizations (i.e., EPRI, etc.);
review of applicable research in these design areas, as may be documented in reports from universities, national laboratories and the NRC, and in proceedings published by HFE professional societies; and review of applicabic research and experience reports published by the HS1 equipment vendors. Further, the review of operating experience in each of the six above identified areas shall include feedback obtained from actual users.
Therefore,if the documents selected for the conduct of the operating experience review for a particular area do not include '
the results of user feedback, then inteniews with users of at least two applications of that particular technology area shall also be ,
conducted. Finally, the results from all these operating experience review activities shall be entered into the HFE Issue Tracking System to assure that the SBWR ABWR implementation -
\ reflects the experience gained by the resolution of design problems in operating plants.
(ii) For all subsequent implementations of the SBWR ABWR design: i (a) If a previously implemented SBWR ARWR IISI design is ,
utilized dir ectly and without change, then no further review of operating experience is required.
(b) If a previously implemented SBWR ABWR HS1 design is not "
being utilized directly, then the operating experience of the most recent implementations, up to three, shall be reviewed through the conduct of operator inteniews and surveys and the evaluation of Licensing Event Reports and the results of these reviews shall be entered into the HFE Issue Tracking System to assure that previous design problems have been adequately addressed in the SBWR ARWR design implementation.
(3) The HFE Program Management Plan document shallinclude: -
(a) The purpose and organization of the plan. [
., (b) The relationship between the HFE program and the overall plant ,
equipment procurement and construction program (organization and phasing).
(c) Definition of the HFE Design Team and their activities, including:
SBWR ABWR Human. System Interface Design implementation Process - Amendment 1 DRAFT 18E-13 l
l
25ASY13 Rev. A SBWR ,
standardsaretyAnalysisnepon O
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(i) Description of the HFE Design Team function within the broader scope of the plant equipment procurement and construction program, including charts to show organizational and functional relationships, repordng relationships, and lines of communication.
(ii) Description of the responsibility, authority and accountability of the HFE Design Team organization.
(iii) Description of the process through which management decisions will be made regarding HFE.
(iv) Descrim son of the process through which technical decisions will be- 1 'he HFE Design Team.
(v) Description of the tools and techniques (e.g., review forms, documentation) to be utilized by the HFE Design Team in fulfilling their responsibilities.
(vi) Description of the HFE Design Team staffing, job descriptions of the individual HFE Design Team personnel and their personal qualifications.
(vii) Definition of the procedures that will govern the internal management of the HFE Design Team.
(d) Definition of the H5'E Issue Tracking System and its implementation, including:
(i) Individual HFE Design Team member responsibiliS, regarding HFE issue identification, logging, issue resolution, and issue closcout.
(ii) Procedures and documentation requirements regarding HFE issue identification.
These shallinclude description of the HFE issue, effects of the issue if no design change action is taken and an assessment of the cridcality and likelihood of the identified HFE issue manifesting itselfinto unacceptable HSI performance.
O l
18&14 SBAR ABnR Human-System interface Design implementation Process - Amendment 1 DRAFT
,?5AS113 Rev. A SBWR standardsareryAtratysis Report I
O v -
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(iii) Procedures and documentation requirements regarning HFE issue resolution.
These procedures shallinclude evaluation and documentation of '
proposed solutions, implemented soludons, evaluated residual effects of the implemented solution and the evaluated criticality and likelihood of the implemented resolution of the HFE issue manifesting itselfinto unacceptable HS1 performance.
(e) Identification and description of the following implementation plans ,
to be developed: !
(i) System Functional Requirements Development (ii) Allocation of Function (iii) Task Analysis (iv) Human-System Interface Design (v) Human Factors Verificadon and Validation (f) Definition of the phasing ofIIFE program activities, including:
(i) The plan for completion of HFE tasks which addresses the relationships between life elements and activities, the
- development of HFE reports and the conduct of HFE reviews (ii) Identification of other plant equipment procurement and ,
construction activities which are related to HFE Design Team activities but outside the scope of the team (e.g., ILC equirment mantifacture)
(g) Definition of HFE documentation requirements and procedures for retention and retrieval.
(h) Description of the manner in which HFE Program requirements will be communicated to applicable personnel and organizations, including those which may be subcontracted, who are responsible for the performance of work associated with the Main Control Room and Remote Shutduwn System design implementation.
i l
i l
l
{v '
SBAR ABWR Human System Interface Design Implementation Process - Amendment 1 DRAFT 18E-15 l
25A5113 Rev. A SBWR Standard SafetyAnalysis Report O
Table 18E 1 Human Factors Engineering Design Team snJ Plans (Continued)
(111) System Functional Requirements Analysis Implementation Plan (1) (Satisfaction of the requirements presented herein shall result in the creation of a System Functional Requirements Analysis Implementation Plan which is in full compliance with the Item 2.a acceptance criteria presented in Table 3.1 of the Tier 1 Design Certification material for the GE SBWR AW4R design). The System Functional Requirements Analysis Implementation Plan shall establish:
(a) Methods and criteria for conducting the System Functional Requirements Analysis which are consistent with accepted life practices and principles. Within the context of system functional requirements analysis, accepted life methods and criteria are presented in the following documents:
(i) AD/A233168, System Engineering Management Guide, (Dept.
of Defense, Defense Systems Management College, Kockler, F., et al)
(ii) AR602-1, iluman Factors Engineering Program, (Dept. of Defense)
(iii) EPRI NP-3659, iluman Factors Guide for Nuclear Power Plant Control Room Development,1984, (Electric Power Research Institute)
(iv) IEC 964, Design for Control Rooms of Nuclear Power Plants, 1989, (Bureau Central de la Commission Electrotechnique Internationale)
(v) IEEE-1023 IEEE Guide to the Application ofliuman Factors Engineering to Systems Equipment and Facilities of Nuclear Power Generating Stations,1988, (IEEE)
(vi) Mllell-46855B, liuman Engineering Requirements for Military Systems, Equipment and Facilities, (Dept. of Defense)
(vii) NUREG4700, Guidelines for Control Room Design Resiews, 1981, (US Nuclear Regulatory Commission)
(viii) NUREG/CR-3331, A Methodology for Allocating Nuclear Power Plant Control Functions to liuman and Automated Control, 1983, (US Nuclear Regulatory Commission)
O 18E-16 SBWR ABaR Human-System Interixe Design implementation Process - Amendment 1 DRAFT
25AS113 Rev. A SBWR StandardSaletyAnalysisReport Table 18E-1 Hurnan Factors Engineering Design Team and Plans (Continued)
Note that within the set of documents listed above, differences may exist regarding the specific methods and criteria applicable to the conduct of system functional requirements analysis. In situations that such diff erences exist, for a particular issue, all of the methods and criteria presented within those documentwhich address that pardcular -
issue are considered to be equally appropriate and valid and, therefore, any of those documents may be selected as the basis for defining how that particular issueis addressed in the system functional requirements . ;
analysis.
(b) That system requirements shall define the system functions and those system functions shall provide the basis for determining the associated HS1 performance requirements.
(c) That functions critical to safety shall be defined (i.e., those functions required to achieve safety system performance requirements; or those functions which, if failed, could pose a safety hazard to plant personnel or to the general public).
d (d) That descriptions shall be developed for each of the identified functions and foi the overall system configuration design itself. Each function shall be identified and described in terms ofinputs (observable parameters which will indicate systems status) functional processing (control process and performance measures required to achieve the function), functional operations (including detecting signals, measuring information, comparing one measurement with another, processing information, and acting upon decisions to produce a desired condition or result such as a system or component operation actuation or trip) outputs, feedback (how to determine correct discharge of funcdon), and interface requirements so that i subfunctions are related to larger functional elements.
(2) The Systr m Functional Requirements Analysis Implementation Plan shah include:
(a) The methods for identification of system level functions based upon ,
system performance requirements. The functions shall be defined as the most general, yet difTerentiable means whereby the system requirements are met, discharged, or satisfied. Functions shall be ar anged in a logical sequence so that any specified operational usage of the sy.; tem can be traced in an end-twend path.
s SBa? ABWR Human System Interface Design implementation Process - Amendn ent 1 DRAFT 18E-17
25A5113 Rev. A SBWR standard sareryAnalysissteport Table 18E-1 O
Human Factors Engineering Design Team and Plans (Continued)
(b) The methods for developing graphic function descriptions (e.g.,
Functional Flow Block Diagrams and Time Line Diagrams). The functions shall be described inidally in graphic form. Funcdon diagramming shall be done starting at a " top level", where major functions are described, and continuing to decompose major functions to lower levels until a specific critical end-item requirement emerges (e g., a piece of equipment software, or en operator).
l (c) The method for developing detailed function narrative descriptions which encompass:
(i) Observable parameters that indicate system status (ii) Control process and data required to achieve the function (iii) llow to determine the manner in which proper discharge of function is to be determined (d) Analysis methods which define the integration of closely-related subfunctions so that they can be treated as a unit.
(c) . Analysis methods which divide identified subfunctions into two groups according to whether:
(i) Common achievement of the subfunction is an essential condition for the accomplishment of a higher level function.
(ii) The subfunction is an alternative supporting funcdon to a higher level function or the subfunction's accomplishment is not necessarily a requisite for a higher level function.
(O Requirements to identify for each integrated subfuncdon:
(i) The basis for why accomplishment of the subfuncdon is required (ii) The control actions necessary for accomplishment of the subfunctions (iii) The parameters necessary for the subfunction control actions (iv) The criteria for evaluadng the results of the subfunction control actions (v) The parameters necessary for evaluation of the subfunction (vi) The criteria to be used to evaluate the subfunction (vii) The criteria for selecting alternative function assignmentsif the l evaluation criteria b is not satisfied O
l 18E 18 SBWR ABWR Human-System Interface Design Implementation Process - Amendment 1 DRAFT l
l l
l 1
l 25AS113 Rev. A SBWR standardsafetyAnalysisRepon l iD U 1 Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(IV) Allocation of Function Implementation Plan (1) (Satisfaction of the requirements presented herein shall result in the creation of an Allocation of Function implementation Plan which is in full ,
compliance with the item 3.a Acceptance Criteria presented in Table 3.1 of i the Tier 1 Design Certification material for the GE SBWR ARWR design).
The Allocation ofIunction implementation Plan shall establisa:
i (a) The methods and criteria for the execution of function allocation which are c.onsistent with acepted ilFE practices and principles.
Within the (ontext of funcion allocadon, accepted HFE practices and principles are presented in the following documents:
(i) AD/A223168 System Engineering Management Guide, (Dept. !
of Defense, Defeuse Systens M peyyment Colfege, Kockler, F., et al)
(ii) AR 602-1, Hurnan Factors Engineering Program , (Dept. of Defense)
(iii) EPRI NP-3059. Iluman Factors Guide for Nuclear Power Plant Cmraui bom Development,1984, (Electric Power Research Institute)
(iv) IEC 964, Design for Control Rooms of Nuclear Power Plants, (Bureau Central de la Commission Electrotechnique Internationale)
(v) NUREG-0700, Guidelines for Control Room Design Reviews, 1981, (US Nuclear Regulatory Commission)
(vi) NUREC/CR-3331, A Methodology for Allocating Nuc! car Power Plant Control Functions to Human and Automated Control, 1983, (US Nuclear Regulatory Commission)
Note that within the set of documents listed above, differences may exist regarding the speciSc methods and criteria applicable to the conduct and analysis of function allocation. In situations that such differences exist, for a particular issue, all of the methods and criteria presented within those documents which address that particular issue '
are considered to be equally appropriate and valid and, therefore, any of those documents may be :; elected as the basis for defining how the -
particular issue is to be addressed in the conduct of the function
~
allocation and. analysis.
SBWR ABWR Human-System Interface Design implementation Process - Amendment 1 DRAFT 18E-19 i i
25AS113 Rev. A SBWR standard sarety Analysis neport O
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(b) That aspects of system and functinm. definition shall be analyzed in terms of resulang human perio,mance requirements based on the expected mer population.
(c) That the allocation of functions to personnel, system elements, and personnel system combinations shall reflect:
(i) Areas of humari strer.gths and limitations 3 (ii) Sc nsitivity, precision, time, and safety requirements (iii) Reliability of system performance (iv) The number and the necessary skills of the personnel required to operate and maintain the system (d) That the allocation criteria, rationale, analyses, and procedures shall be documented.
(c) Analyses shall confirm that the personnel can perform tasks allocated to them while maintaining operator situation awareness, acceptable personnel workload, and personnel vigilance.
(2) The Allocation of Function implementation Plan shallinclude:
(a) Establishment of a structured basis and criteria for function allocation.
(b) Definition of function allocation analyses requirements, including:
(i) Definition of the objectives and requirements for the evaluation of funcdon allocations (ii) Development of alternative funcdon allocations for use in the conduct of comparative evaluadons (iii) Development of criteria to be used as the basis for selecting between alternative funcdon allocations (iv) Development of evaluation criteria weighing factors (v) Development of test and analysis methods for evaluating function allocation alternatives (vi) Definition of the methods to be used in conducting assessments of the sensitivity of the comparative function allocation alternatives analyses results to the individual analysis inputs and criteria (vii) Definition of the methods to be employed in selecung individual function allocation for incorporation into the implemented design 18E-20 $8WR ABWR Human-System Interface Design implementation Process - Amendment 1 DRAFT
l 25A5113Rev. A l
SBWR standardsaferyAnalysisReport j O l k
Table 18E 1 i Human Factors Engineering Design Team and Plans (Continued)
(V) Task Analysis implementation Plan (1) (Satisfaction of the requirements presented herein shall result in the creation of a Task Analysis Implementation Plan which is in full compliance i with the hem 4.a Acceptance Criteria presented in Table 3.1 of the Tier 1 Design Certification material for the CE SP,WR ARWR design). The Task Analysis implementation Plan shall establish:
(a) The methods and criteria for conduct of the task analyses which are consistent with accepted IDE practices and principles. Within the context of performing task analysis, accepted IIFE rrethods and F criteria are presented in the following documents:
(i) AD/A223168, System Engineering Management Guide, (Dept.
of Defense, Defense Systems Management College, Kockler, F., et al)
(i) DOD-11DIIK-763, iluman Engineering Procedures Guide, Chapters 5-7 and Appendices A and B,1991, (Dept. of Defense)
(ii) EPRI NP-3659. Iluman Factors Guide for Nuclear Power Plant Control Room Development,1984, (Electric Power Research Institute)
(iii) IEC 964, Design for Control Rooms of Nuclear Power Plants, (llureau Central de la Commission Electrotechnique Internationale)
(iv) IEEE-1023 IEEE Guide to the Application ofIluman Factors Engineering to Systems, Equipment and Facilities of Nuclear Power Generating Stations, (IEEE)
(v) Mll,11-46855B,Iluman Engineering Requirements for Military Systems, Equipment and Facilities, (Dept. of Defense)
(vi) Mll STD-1478, Task Performance Analysis, (Dept. of Defense)
(vii) NUREC-0700, Guidelines for Control Room Design Reviews, 1981, (US Nuclear Regulatory Commission)
(viii) NUREG/CR-3331, A Methodology for Allocating Nuclear Power Plant C<mtrol Functions to Iluman and Automated Control, 1983, (US Nuclear Regulatory Commission)
(ix) NUREG/CR-3371, Task Analysis of Nuclear Power Plant Control Room Crews (Vol.1).1983, (US Nuclear Regulatory Commission)
SBWR ABWR Human-System interface Design imple' mentation Process - Amendment 1 DRAFT 18E 21
25AS113 Rev. A SBWR standardsatery Anotysis neport O
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
I Note that within the set ,f documents listed above, differences may exist regarding the specific methods and criteria applicable to the conduct of IIFE task analysis. In situations that such differences exist, for a particular issue, all of the methods and criteria presented within ;
those documents which address that particular issue are considered to be equally appropriate and valid and, therefore, any of those documents may be sciected as the basis for defining how that particular issue is addressed in the task analysis.
(b) The scope of the task analysis, which shallinclude operations performed at the operator interface in the Main Control Room and at the Remote Shutd<,wn Sptem. The analpes shall be directed to the full range of plant operating mode , including startup, normal operations, abnormal operations, transient conditions, low power and shutdown conditions. The analyses shall also address operator interface operations during periods of maintenance, test and inspection of plant systems and equipment, including the IISI equipment (c) That the analysis shall link the identified and described tasks in operational sequence diagrams. The task descriptions and operational sequence diagrams shall be used to identify which tasks are critical to safety in terms ofimportance for function achievement, potential for human error, and impact of task failure. Iluman actions which are identified through PRA sensitivity analyses to have significant impact on safety shall also L considered " critical" tasks. Where critical functions are automated, the analyses shall address the associated human tasks including the monitoring of the automated function and the backup manual actions which may be required if the automated function fails.
(d) Task analysis shall develop narrative descriptions of the personnel activities required for successful completion of the task. A task shall be a group of activities, often occurring in temporal proximity, which utilize a com mon set of displays and controls. Task analyses shall define the input, process, and output required by and of personnel.
(e) The task analysis shall identify requirements for alarms, displays, data processing, and controls.
(f) The task analysis results shall be made available as input to the personnel training programs.
1 18E 2 SBWR ABWR Human. System interface Design Implementatoon Process - Amendment 1 DRAFT l I
25AS113 Rev. A S8WR standard sareryAnalysisReport A
f Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(2) The Task Analysis Implementation Plan shallinclude:
(a) The methods and data sources to be used in the conduct of the task analysis.
(b) The methods for conducting the initial (high level) task analysis, including:
(i) Converting functions to tasks (ii) Developing narrative task descriptions (iii) Developing the basic statement of the task functions (iv) Decomposition of tasks to individual activities (v) L)evelopment of operational sequence diagrams (c) The methods for developing detailed task descriptions that address:
(i) Information requirements (i.e.,information required to execute a task, including cues for task initiation)
(ii) Decision-making requirements (i.e., decisions that are probably based on the evaluadons, description of the decisions to be made and the evaluations to be performed)
(iii) Response requirements (i.e., actions to be taken, frequency of action, speed / time line requirements, any tolerance / accuracy requirements associated with the action, consideration of any operational limits of personnel performance or of equipment body movements required by an action taken, and any overlap of task requirements such as serial vs. parallel task elements)
(iv) Feedback requirements (i.e., feedback required to indicate adequacy of actions taken)
(v) Personnel workload (i.e., both cognidve and physical workload and the estimation of the level of difficulty associated with a particular workload condition)
(vi) Any associated task support requirements (i.e., special/protecdve clothing. job aids or reference materials required; any tools and equipment required, or any computer processing support aids)
(vii) Workplace factors (i.e., the workspace envelope required by the acdon taken, workspace emironmental conditiona, locadon that l
the work is to be performed, the physical / mental attributes of the wot k)
SBWR ABWR Human-System Interface Design Implementation Process - Amendment I CRAIT 18E-23 i
i
25A5193 Rev. A SBWR StandardSafety Analysis Report Table 18E-1 O
Human Factors Engineering Design Team and Plans (Continued)
(viii) Staffing and communication requirements (i.e., the number of personnel, their technical specialty, and specific skills, the form and content of communications and other personnel interaction required when more than one person is involved)
(ix) The identification of any hazards involved in execution of the task (d) The methods for identification of critical tasks. The identified critical tasks shall include, at the minimum, those operator actions which have significant impact on the PRA results, as presented in Section 19D.7, and the operator actions to isolate the reactor and inject water for the l postulated event scenarios of a common mode failure of the Safety System Logic and Control System and/or the essential Multiplexing System concurrent with a design basis main steamline, feedwater line or shutdown cooling line break LOCA.
(c) The methods for establishing information and control requirements.
(f) The methods for conducting alarm, display, processing, and control requirements analysis.
(g) The methods through which the application of task analysis results are assembled and documented to provide input to the development of personnel training programs.
(h) The methods to be used to evaluate the results of the task analysis.
(VI) IISI Design Implementat ion Plan (1) (Sati , faction of the requirements presented herein shall result in the creation of an IISI Design Imp!cmentation Plan which is in full compliance with the item 5.a Acceptance Criteria presented in Table 3.1 of the Tier 1 Design Certification material for the GC SBWR ARWR design). The IISI Design Implementation Plan shall rstablish:
(a) The methods and criteria for IISI equipment design and evaluation of 1ISI human performance, equipment design and associated work place factors, such as illumination in the MCR and in the RSS area, which are consistent with accepted IIFE practices and principles. Within the context of performing these 1I51 design evaluations, accepted IIFE methods and criteria are presented in the following documents:
(i) AD/A223168, System Engineering Management Guide, (Dept.
of Defense, Defense Syst ems Managunent College, Kockler, F., et 18E 24 SBWR ABWR Human-Systern interface Design implementation Process - Amendment 1 DRAFT
25AS113 Rev. A SBWR standardsaretyAnalysis Report
/~~N
\v)
I Table 18E-1 .
Human Factors Engineering Design Team and Plans (Continued)
(ii) ANSI IIFS-100, American National Standard for Human Factors Engin eering of Visual Display Terminal Workstations, (Am. Nat'l.
Standards Institute)
(iii) EPRI NP-3659, Iluman Factors Guide for Nuclear Power Plant Control Room Development,1984, (Electric Power Research Institute)
(iv) EPRI NP-3701, Computer-Generated Display System Guidelines, 1984, (Electric Power Research Institute)
(v) ESD-TR-86-278, Guidelines for Designing User Interface Software, (Department of Defense)
(vi) IEC 964, Design for Control Rooms of Nuclear Power Plants, (Bureau Central de la Commission Electrotechnique Internationale) ,
(vii) MIL-H-46855B, Human Engineering Requirements for Militag 7 Systems, Equipment and Facilities, (Dept, of Defense)
(viii) Mll,HDBK-759A,Iluman Factors Engineering Design for Army, Material (Dept. of Defense)
(ix) DOD-IIDBR-761 A, Human Engineering Guidelines for Management Information Systems, (Dept. of Defense)
(x) MIL-STD-1472D, iluman Engineering Design Criteria for Military Systems, Equipment and Facilities, (Dept. of Defense)
(xi) NUREG4)696, Functional Criteria for Emergency Response ,
Facilides,1980, (US Nuclear Regulatog Commission)
(xii) NUREG 0700, Guidelines for Control Room Design Resiews, 1981, (US Nuclear Regulatory Commission)
(xiii) NUREG-0800, Standard Review Plan, (US Nuclear Regulatory Commission)
(xiv) NUREG-0899, Guidelines for the Preparation of Emergency Operating Procedures,1982, (US Nuclear Regulatory Commission)
(xv) NUREG/CR-5228, Techniques for Preparing Flowchart Format Emergency Operating Procedures (Vols. 1 & 2),1989, (US Nuclear Regulatory Commission)
O SBWP ABWR Human-System Intetisce Design Implementation Process - Amendment 1 DRAFT 18E-25
25A5193 Rev. A SBWR standard sarery Analysis neport O
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(xsi) NUREC/CR-4227, iluman Engir,ecting Guidelines for the Evaluation and Assessment of Video Display Units,1985, (US Nuclear Regulatory Commission)
(xvii)Gilmore, et. al. (1989), User-Computerinterface in process control: A humanfactors engineering handbook. San Diego, CA: Academic Press,1nc.
Note that within the set of documents listed above, difTerences may exist regarding the specific methods and criteria applicable to the conduct of lisI design evaluations. In situations that such differences exist, for a particular issue, all of the methods and criteria presented within those documents which address that particular issue are considered to be equally appropriate and valid and, therefore, any of those documents may be selected as the basis for defining how that pardcular issue is addressed in the IISI design evaluations.
(b) That the 11S1 design shall implement the information and control requirements developed through the task analyses, including the displays, controls and alarms necessary for the execution of those tasks identified in the task analyses as being critical tasks (see paragraph V.2.d of this table).
(c) The methods for comparing the consistency of the IISI human performance equipment, design and associated workplace factors with that modeled and evaluated in the completed task analysis.
(d) That the HSI design shall not incorporate equipment (i.e., hardware or software function) which has not been specifically evaluated in the task analysis.
(e) Thi 'ISI design criteria and guidance for control room operadons durii.; periods of maintenance, test and inspection of control roon 11S1 equipment and of other plant equipment which has control room personnel interface.
(f) The test and evaluation methods for resohing HFE/HS! design issues. l These test and evaluation methods shallinclude the criteria to be used l in selecting IIFE/HSI design and evaluation tools which:
(i) May incorporate the use of static mockups and models for j evaluating access and workspace-related HFE issues (ii) Shall require dynamic simulations and IISI prototypes for conducting evaluations of the human performance associated with the activities in the critical tasks identified in the task analysis 18E.26 SBWR ABWR Human-System Interface Design Implementation Process - Amendment 1 DRAFT
25AS113 Rev. A
'SBWR Standard SafetyAnalysis Report w
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued) -
(2) The Iluman System Interface Design Implementation Plan shallinclude:
(a) Identification of the specific IIFE standards and guidelines documents which substantiate that the selected IISI Design Evaluation Methods and Criteria are based upon accepted IIFE practices and principles.
(b) Definition of standardized IIFE design conventions.
(c) Definition that the standard design features (Section 18.4.2), the standard IISI equipment technologies (Section 18.4.3), and the ,
displays, controls and alarms (Tables 18F-1,18F-2 and 18F-3) shall be incorporated as requirements on the HSI design.
(d) Definition of the design / evaluation tools (e.g., prototypes) which are to be used in the conduct of the IISI design analyses, the specific scope of evaluations fo which those tools are to be applied and the rationale for the selection of those specific tools and their associated scope of application.
(VII) Human Factors Verification and Validation Implementation Plan
( (1) (Satisfaction of the requirements presented herein shall result in the creation of a Human Factors Verification and Validadon Implementation Plan which is in full compliance with the Item 7.a Acceptance Criteria presented in Table 3.1 of the Tier 1 Design Certification material for the SBWR ARWR design). The Iluman Factors Verification and Validation (V&V) Implementation Plan shall establish:
(a) fluman factors V&V methods and criteria which are consistent with accepted HFE practices and principles. Within the context of performing human factors V&V, accepted HFE methods and criteria are presented in the following documents:
(i) AD/A223168, System Engineering Management Guide, (Dept.
of Defense Defense Systems Management College, Kockler, F., et al)
(ii) DOD-IIDBK-763, Human Engineering Procedures Guide, Chapters 5-7 and Appendices A and B, (Dept. of Defense)
(iii) DOD 5000.2, Defense Acquisition Management Policies'and Procedures, (Dept. of Defense)
(iv) EPRI NP-3701, Computer-Generated Display System Guidelines, :
1984, (Electric Power Research Institute)
I SBWR ABWR Human-System Interface Design Implementation Process - Amendment 1 DRAFT 18E-27 I
25A5113 Rev. A SBWR standardsafetyAnalysisacport O
Table 18E-1 i Human Factors Engineering Design Team and Plans (Continued)
(v) IEC 964, Design for Control Rooms of Nuclear Power Plants, (Ilureau Central de la Commission Electrotechnique Internationale)
(vi) IEEE-845, IEEE Cuide to Evaluation of Man-Machine Performance in Nuclear Power Generatmg Station Control Rooms and Other Peripheries, (IEEE)
(vii) MIIell-46855II,Iluman Engineering Requirements for Military Systems, Equipment and Facilities, (Dept. of Defense)
(viii) DOD-IIDilK-76] A, iluman Engineering Guidelines for Management Information Systems. (Dept. of Defense)
(ix) NUREG 0700, Guidelines for Control Room Design Reviews, 1981, (US Nuclear Regulatory Commission)
(x) NUREG-0899, Guidelines for the Preparation of Emergency Operating Procedures,1982, (US Nuclear Regulatory Commission)
(xi) TOP l-24110, Test Operating Procedure Part 1 (Dept. of Defense)
(xii) NSAC-39, Verification and Validation for Safety Parameter Display Systems (Electric Power Research Institute)
(xiii) NUREC/CR-4227, Iluman Engineering Guidelines for the Evaluadon and Assessment of Video Display Units,1985, (US Nuclear Regulatory Commission)
Note that within the set of documents listed above, differences may exiu regarding the specific methods and criteria applicable to the conduct of human factors V&V. In situations that such differences exist, for a particular issue, all of the methods and criteria presented within those docurnents which address that particular issue are considered to be equally appropriate and valid and, therefore, any of those documents may be selected as the basis for defining how that particular issue is addressed in the human factors V&V.
O 1S & 28 SBWR ABWR Human-System Interface Design Implementstion Process - Amendment 1 DRAFT
2SA5113Rev. A SBWR standardsaretyAnalysisReport :
A) 1 V
Table 1SE-1 Human Factors Engineering Design Team and Plans (Continued)
(b) That the scope of the evaluations of the integrated IISI shallinclude:
(i) The Iluman-System Interface (including both the interface of the operator with the IISI equipment hardware and the interface of the operator with the llSI equipment's software-driven functions) .
(ii) The plant and emergency operating technical procedures (iii) IISI work environment (c) That static and/or "part-task mode evaluations of the IISI equipment shall be conducted to confirm that the controls, displays, and data processing functions identified in the task analyses are designed per accepted IIFE guidelines and principles.
(d) The integration of1ISI equipment with each other, wi:' _he operating personnel and with the plant and emergency operadng technical procedures shall be evaluated through the conduct of dynamic task performance testing. The dynamic task performance testing and evaluations shall be performed over the full scope of the integrated 1ISI s
design using dynamic IISI prototypes (i.e., prototypical IISI equipment which is dynamically-driven using real time plant simulation computer models). In the event that the particular 1151 design implementation under consideration is referenced to a presious IISI design for which dynamic task performance test and evaluation results are available, those existing results, along with the results oflimited scope dynamic task performance tests which address the areas of difference between the two subject iISI designs, may be used to satisfy this requirement.
The methods for defining the scope and application of the dynamic IISI prototype, past test results and other evaluadon tools shall be documented in the implementation plan. The dynamic task performance tests and evaluations shall have as their objectives:
s o
i
\
SBAR ABWR Human-Systerm Interface Desogn implementation Process - Amendment 1 DRAFT 18E-29
25AS113 Rev. A SBWR standardsaery Analysis neport O
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(i) Confirmation that the identified critical functions can be achieved using integrated IISI design (ii) Confirmation that the 1151 design and configuration can be operated using the established main control room stalling levels (iii) Confirmation that the plant and emergeng operating technical procedures of the scope as defined in Section 13.5 provide direction for completing the identified tasks associated with normal, abnormal and emergency operations (iv) Confirmation that the time dependent and interactive (e.g.,
display format selection) aspects of the 11S1 equipment performance allow for task accomplishment (v) Confirmation that the allocation of functions are sufficient to enable task accomplishment (vi) Confirmation that the integrated IISI design implementation is consistent with accepted IIFE practices and principles (c) That dynamic task performance test evaluations shall be conducted over the range of operational conditions and upsets, including:
(i) Normal plant operations, such as plant startup, shutdown, full power operations, and plant maintenance activities (ii) Plant system and equipment failures (including instrumentation failures)
(iii) IISI equipment failures (iv) Plant transients (v) Postulated plant accidents conditions, as defined in paragraph V.2.d of this tabic (f) The life performance measures to be used as the basis for evaluating the dynamic task performance test results. These performance measures shall include:
O 18E 30 SBWR ABWR Human-System Interface Design Implementation Process - Amendment 1 DRAFT
-)
25A5113 Rev. A SBWR standard safetyAnalysis Report l 1
/%
y) t l
i i
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(i) Operating crew primary task performance characteristics, such as task times and procedure compliance (ii) Operating crew errors and error rates (iii) Operating crew situation awareness (iv) Operating crew wor kioad (v) Operating crew communications and coordinadon (vi) Anthropometry evaluations (vii) HSI equipment performance measures (g) The methods to confirm that ilFE issues identified and documented in the Human Factors issue Tracking System have been resolved in the integrated HSI design.
(h) The methods and criteria to be used to confirm that critical human actions, as defined by the task analysis, have been addressed in the '
integrated IISI design.
(i) The methods and criteria to be used to evaluate the adequacy of the j operating technical procedures.
(2) The Human Factors Verification and Validation Implementadon Plan shall include:
(a) Definition of test objectives (b) Definition of test methods and procedures (c) Identification of the participants in the dynamic task performance testing, which shall include licensed operators as test subjects (d) Definition of dynamic task performance test conditions which shall include:
(i) Plant startup operations l (ii) Plant power operations (iii) Plant shutdown operations (iv) Plant refueling and maintenance operations (v) Individual plant system and equipment failures (including instrumentation failures)
(vi) Individual HSi equipment failure (e.g., loss of VDU functions)
(vii) Design basi., transients (e.g., turbine trip, loss of feedwater) s SBWR ABWR Human-System Interface Design implementation Process- Amendment 1 DRAFT 18E-31
2SA5113Rev. A SBWR StandardSafetyAnalysis Report O
Table 18E-1 Human Factors Engineering Design Team and Plans (Continued)
(viii) Design basis ac cidents (e.g., LOCAs)
(ix) Execution of symptom-based emergency procedures (x) Execution of task scenarios which contain critical tasks as identified in the task analyses (e) Methods for defining scope and configuration of the prototypical HSI required to support testing (f) Methods for defining criteria and performance measures to be used in evaluating test results (g) Method for conducting analysis of test data (h) Requirement that the HSI design shall be reviewed and confirmed:
(i) To have incorporated the inventory of controls, displays and alarms presented in Tables 18F-1,2 and 3 (ii) That the implemented design is consistent with the standard design features and technologies as presented in Sections 18.4.2 and 18.4.3, respectively (i) Requirements for the development of documented test & evaluation plans and procedures (j) Requirements for documenting test results l
l 1
l l
O 18 & 32 GRWR ABWR Human. System interface Design implementation Process- Amendment 1 ) RAFT
i 25AS113 Rev. A SBWR standard sareryAnalysis Report Y
i Table 18E-2 ,
Attachment 1 to Table 18E-1 Results of Operating Experience Review of Previous Nuclear Power Plant HSI Designs ,
(A) Control Room Design '
(1) The large size of the controlioom and console and their configuration contributed to operator dissatirfaction.
(2) Traflic flows should not be impeded by placement of consoles.
(3) Adequate levels ofillumination are necessary to ensure that visual i effectiveness is suflicient for task performance. Emergency lighting should be available.
(4) Noise levels in the main control room should be maintained within I acceptable industry levels.
(5) The climate control system in the control room should be capable of .
continuously maintaining temperature and humidity within the human comfort zone.
O i
(6) Convenient storage should be provided so that procedures, logs, and drawings needed for routinejob performance are conveniently available.
Storage should also be provided for equipment needed for emergency operation.
(11) Control Board Design (1) Control boards should be optimized for minimum manning.
(2) Panels in the control rooms were observed to have large arrays ofidentical controls and displays and repetitive labels. The systems, subsystems, and components should be separated by appropriate demarcation methods.
(3) Controls and related displays should be located in close proximity so that the two items are readily associated and can be used conveniently with one another. Controls should be placed in an obvious and consistent order.The displays and controls used to monitor major system functions should be assigned to and arranged in functional groups. -
(4) Flow arrangements between CRT display formats and controls on panels should not differ.
(5) Flow mimics should be used to aid (and not mislead) the operators.
(6) Panel arrangements for similar systems should be the same.
p (7) Location of controls in areas and orientations that render them vulnerable
( to accidental contact and disturbance should be avoided.
SBWR ABWR Human System Interface Design Implementation Process - Amendment 1 DRAFT 18E-33
25AS113 Rev. A SBWR standardsaferyAriarysis Report O
Table 18E-2 Attachment 1 to Table 18E 1 Results of Operating Experience Review of Previous Nuclear Power Plant HS! Designs (Continued) ,
(8) Undear, illogical, overly complex, or mirror-imaged control board or panel layout arrangements have been observed to promote operational mishaps and should be avoided.
(C) Computer L (1) Computer data should be available on CRT and hard copy output.
(2) Computer audible alarms should not be distracting.
(D) CRT Displays (1) The nomenclature, labeling, and arrangement of systems on the CRT displays should be similar to the panels.
(2) CRT display should be comprehensible with a minimum of visual search.
When data is presented in lines and columns, the lines of data should be ;
separated by a space (blank line), one character high, every 4-5 lines.
(3) Display access should be efficient and require a minimum of key strokes. i (4) CRT displays should have convenient brightness, focus, and degauss controls.
(5) The character height should be the appropriate height for the viewing distance during normal and emergency conditions.
(6) Visibility of CRT displays should not be afTected by glare.
(E) Anthropometrics (1) Panel dimensions should accommodate the 5 to 95 percentile range of the user population to ensure that personnel can see and reach the displays and controls or the front and back panels. Displays should not be placed beyond the visual range of the operators.
(2) Controls should not be located in the control panels that require the operator to lean into the panel. This is a potential health risk to the operator and to the equiprnent.
(F) Controls (1) Large controls were observed to have been used in place of preferred smaller 3 controls. Larger controls impact panel size and should be avoided.
1 (2) Labeling or coding techniques should be used to differentiate controls and l indicator lights of similar appearance. ,
(3) Control configurations should not introduce parallax problems. i 1SE-34 SBWR ADWR Human-System Interface Design implementation Process - Amentirrmnt 1 DRAFT
)
2SA5113 Rev. A SBWR standardsareryAnalysisneport l
. im Table 18E-2 Attachment 1 to Table 18E-1 Results of Operating Experience Review of Previous Nuclear Power Plant HSI Designs (Continued)
(4) Control switches that must be held by the operator for operation should be avoided unless necessary.
(5) Projecting control handles should not cover or obstruct labels.
(6) Key lock switches require administrative control and should be avoided if possible.
(7) Control handles should not be difficult to operate and should not cause the .
operators to resort to using unauthorized mechanical leveraging devices (i.e., " cheaters") so as to achieve reduced difficulty in operation.
(8) Controls should be built and installed following standard conventions for OPEN/CLOSE and INCR. EASE / DECREASE. Setpoint scales should not move up in response to a downward movement of the controller thumbwheel.
(9) Inadvertent operation of adjacent controls may be reduced through the use ,
t by of shape cooing such as using similar shaped handles for similar functions (i.e., pistol grips for pumps and round handles for valves).
(G) Indicator Lights (1) Instances ofimproper use of qualitative indicators were observed where quantitative displays such as meters aould bt more effective.
(2) Light status (on/off) should be visible to the < -rator. Extinguished bulbs should be obvious and a test method providec Lamp designs should allow for easy access for lamp removal. l (3) The use of so-called negative indications (the absence of an indication) should not be used to conveyinformation to the operator.
(4) Indicator design selection and layout should be standardized to conserve panel space.
(5) A color code standard should be established for indicating lights.
(II) Display and Information Processing (1) Plant parameter validity should not have to be inferred. In addition to secondary information, the quality or validity of the displayed parameter should be available to allow operators to readily idendfy improper ESF or ,
other safety equipment status under various operating modes.
s 59WR ABWR Humen-System Interface Design implementation Process - Amendment 1 DRAFT 18E-35
25AS113 Rev. A SBWR standardsafetyAnalysis neport O
Table 18E-2 Attachment 1 to Table 18E-1 Results of Operating Experience Review of Previous Nuclear Power Plant HSI Designs (Continued)
(2) Necessary information should be available during events such as SBO and I.OOP. Systems and indications such as Neutron Monitoring System, control rod position indication, and dnwell area radiadon indication should all be available during these events.
(3) The main control room should contain an integrating overview display. The overview display should provide a limited number of key operating parameters.
(4) The sarne displays that are used during normal operation should be used by the operators during accident conditions to ensure their familiarity with the interface.
(1) Meters (1) Proper use of minor, intermediate, and major scale markings in association with scale numerals should be made. Formats should be customized to take into account idendfication of normal operating values and limits. Scale ,
numerical progressions and formats should be selected for the process parameter being presented.
(2) Placement of meters above and below eye level, making the upper and lower segment of the scale difficult to read (especially with curved scales), can present parallax problems.
(3) Meters were observed that fail with the pointer reading in the normal operadng band of the scale. The ;nstrument design should allow the operator to determine a valid indication from a failed indication.
(4) Placement of meters on panels should prevent glare and reflections caused l by overhead illummauon. i 1
(5) Where redundant channcls ofinstrumentation exist, software-based displays l should provide for easy inspection of the source data and intermediate results without the need to display them continuously.
(6) Data presented to the operator should be in a usable form and not require the operator to calculate its value. Scale graduations should be consistent ;
and easily readable. Zone markings should be provided to aid in data
{
interpretation.
(7) Meter pointers should not obscure the scale on meters. ,
(8) Process units between the control room instruments and the operating procedures should be consistent. '
18E 36 SBWR ABWR Human-System Interface Design Implementation Process - Amendment 1 DRAFT
l 1
l 2SAS113 Rev. A SBWR standard sarcryAnarysisne; wit m .
Table 18E-2 )
Attachment 1 to Table 18E-1 Results of Operating Experience Review l of Previous Nuclear Power Plant HSI Designs (Continued) ,
(j) Chart Recorders (1) Recorders should not be used in place of meters. Recorders should be '
selected with consideration given to minimizing required maintenance and high reliability. ,
(2) A recorder designed to monitor 24 parameters was observed to have 42 '
parameters assigned to it. This makes it extremely difIicult to read the numerical outputs on the chart paper. The inputs assigned should be consistent with the design of the recorder. !
(3) Operational limits should be defined on recorders. Proper selection of recorder scales will climinate the need for overlays. The units for the process should be labeled on the recorder.
(4) Monitored inputs should be assigned to recorder pens in alphabetical order. ;
5 The correlation of pen color to input parameter should be clearly defined by multi-pen recorder labels.
(5) The change of chart speed should aho be noted on the chart paper when the paper is changed. The paper scales should match the fixed scales.
(6) Recorders should have fast speed and po'mt select capability.
(7) Proper placement of recorders and adequate illumination should prevent glare and parallax problems with recorder faces.
(8) The pointers should not cover the graduation marks.
(9) When upper and lower pens coincide, the printout of the upper scale should still be visible.
(K) Annunciator Warning Systems (1) Annunciators should be located near the control board panel elements to which they are related. Divisional arrangements should be consistent.
Annunciators should be functionally located near the applicable system. ;
(2) " Advisory alar ms" reporting expected conditions should not be grouped with true alarms. The audio and visual warning system signal should be prioritized to reduce the audio and visual burden placed on the operators during an event.
(3) Some alarms were observed to lack specificity. Multi-input alarms (e.g. xyz
{J pressure / levels, hi/lo) frustrate, rather than inform the operator.
SBWR ABWR Human System Interface Design Implementation Process - Amendment 1 DRAFT 18E 37
I 25AS113 Rev. A SBWR standardsarety Analysis neport I
Table 18E-2 O:
Attachment 1 to Table 16E-1 Results of Operating Experience Review of Previous Nuclear Power Plant HSI Designs (Continued) l (4) Excessive alarms were observed during emergency conditions. Auditory signals should be coded to aid the operator in determining the panel location.
(5) Alarm operating sequence controls should be placed at specific locadons to encourage operator acknowledgment. i (6) For standing and sit-down workstations, window size and lettering height should be consistent with the viewing distance.
(7) The labels should use consistent abbreviations and nomenclature and not be ambiguous.
(8) For traceability to response procedures, the windows should be identified with a location reference code.
(9) A consistent color coding convention should be employed.
(10) A "First Out" feature should be provided that presents prioridzed parameters important to safety parameters for immediate operator response.
(11) Means should be provided for identification of out of-senice annunciators.
(12) Annunciators for conditions which signal an EOP entry condi6on should be located based on the functional analysis.
(L) Coding of Displays and Controls (1) The color codes for the control boards should be systematically applied.
Effective color coding should be used to aid in differentiating between identical controls placed in close proximity.
(2) The coding ofindicators should inform the operator whether a valve is open or closed.
(3) Systematic approach to color and shape coding of controls should be taken.
(M) Labeling (1) Label abbreviations, numbering,and nomenclature should be consistent. A label placement standard for the control room should be established. Labels should be placed consistently above or below the panel elements being identified and not placed between two components.
1 (2) liierarchical labeling schemes, including size coding or differendation of labels, should be used to identify major console panels, sub-panels, and panel ]
elements. Ilierarchical labeling will climinate the need to place redundant i
labels on control or display desices.
l 18E-38 SBWR ABWR Human System interface Design Implememstion Process- Amendment 1 DRAFT l i
2SAS113 Rev. A h SBWR: standard sareryAnalysis neport o .
[ l
\.
Table 18E-2 i
Attachment 1 to Table 18E-1 Results of Operating Experience Review of Previous Nuclear Power Plant HSI Designs (Continued)- ,
(3) The content of the labels should be consistent with the procedures used by the operators.
(4) The labels should meet the readability guidelines and should not be obscured by the equipment that they are mounted near. A control room standard for labels should be established that addresses label character size and font.
(5) Maintenance tags should not obscure labels or panel components such as displays.
(6) To minimize the mispositioning of valves and other equipment, the controls and displays should be labeled with the unique number or name of the valve or piece of equipment.
(N) Communications n (1) Communications in the control room should consider the ambient noise ,
levels in the control room and plant. The control room operator should be able to communicate with necessary personnelin the plant. Communication equipment should also be provided at the remote shutdown panel.
(2) Communications equipment design should not limit the operator's access to the controls or displays. -
(3) The communication system should be accessible from the operator's workstations.
(O) Task Analysis '
(1) Controls and displays should be located for effective operator response to postulated events. Information needed by the operator in the control room should bc readily available and not located at remote panels in the plant.
(2) In addition to normal and emergency conditions, plant displays and controls should also consider low power and shutdown scenario information requirements.
(P) Procedures
]
(1) The measurement units in the procedure and the values indicated on display scales should be consistent.
(2) Control board designs should make provisions for the operator's ;
simultaneous referral to the procedures and the operation of the control '
k boards. 1 I
i SBWR ABWR Human-Spriem Interface Design implementation Process - Amendment 1 DRAFT 18E-39 l
.I j
25AS113 Rev. A SBWR standardsareryAnalysis Report O
Table 18E-2 Attachment 1 to Table 18E-1 Results of Operating Experience Review of Previous Nuclear Power Plant HSI Designs (Continued)
(3) The parameters displayed on electronic intormation sptems or on the control boards should be designed to support the EOPs as well as other required monitoring tasks.
(4) The safety function parameter status should be presented in an organized, readily accessible format compatible with the EOPs.
(5) A procedure should address operator action in the event of computer, CRT, or printer problems or complete failure.
(Q) Operator Errors (1) Operator mishaps were observed to be caused by the absence of a timely, attention-getting indication (either qualitative or quandtadve) that informs the operator that some element of the system is not operadng properly.
(2) Operator mishaps were also ob*erved to result from incorrect lineup of valves.
(R) Maintenance and Testing (1) The main control room should be designed in such a way that minimizes the need for maintenance and test personnel to work, or at least limit their presence,in the control room.
(2) Control room displays should be designed and installed for easy calibration and replacement.
(3) Access for inspection, operation, and routine maintenance of components should not be restrictive. l 1
l l
i i
isE-40 SBai: Asia 7: thaman Sat:m Int:.-!::c Design emp ementet:On kcess - Amendmem 1 DRAFT
. w- - -
25A5113 Rev. A SBWR StandardSafetyAnalysis Report 3
(O Table 18E-3 HFE Analysis (I) System Functional Requirements Analyses (1) (Satisfaction of the requirements presented herein shall result in the conduct of system functional requirements analyses which are in full compliance with the item 2.b Acceptance Criteria presented in Table 3.1 of the Tier 1 Design Certification material for the GE SBWR ABWR design).
The system functional requirements analyses shall be conducted in accordance with the requirements of the !!uman Factors Engineering Program Plan and the System Functional Requirements Analysis implementation Plan.
(2) The results of the systern functional requirements analyses shall be documented in a report that includes the following:
(a) Objectives of the system functional requirements analyses (b) Description of the methods employed in the conduct of system functional requirements analyses (c) Identification of deviations from the System Functional Requirements y Analysis Implementation Plan (d) Presentation and discussion of the results of the system functional requirements analysis, including a discussion of design change recommendations derived from these analyses and/or negative implications that the current design may have on safe plant operations (c) Conclusions regarding the conduct of the analyses and the analyses results (3) The results of the II' Design Team's evaluation of the conduct and results of the system funct; ,nal requirements analyses shai? be documented in a report that includes the following: '
(a) The methods and procedures used by the 11FE Design Team in their review of the system functional requirements analyses (b) The life Design Team's evaluation of the completed system functional requirements analyses, including an evaluation of the compliance with the System Functional Requirements Analysis Implementation Plan and the HFE Program Plan (c) Presentation and discussion of the IIFE Design Team's Review findings SBWR ABWR Human System Interface Design Implementation Process - Amendment 1 DRAFT 18E-41
25A5113Rev. A SBWR standard sateryAnalysisReport O
Table 18E-3 HFE Analysis (Continued)
(II) Function Allocation Analyses (1) (Satisfaction of the requirements presented herein shall result in the conduct of function allocation analyses which are in full compliance with the Item 3.b Acceptance Criteria presented in Table 3.1 of the Tier 1 Design Cerdfication material for the GE SIMR ARWP, design). The function s'iocation analyses shall be conducted in accordance with the requirements of the iluman Factors Engineering Program Plan and the Allocation of Funcdons Implementadon Plan.
(2) The results of the function allocation analysis shall be documented in a report that includes the following:
(a) Objecdves of the function allocation analyses l i
(b) Description of the methods employed in the conduct of the function j allocation analyses !
(c) Identification of deviations from the Allocation of Function Implementadon Plan (d) Presentation and discussion of the results of the function allocation analyses, including a discussion of design change recommendations derived from these analyses and/or negative implicauons that the cunent design may have on safe plant opctations (c) Conclusions regarding the conduct of the analyses and analysis results (3) The results of the HFE Design Team's evaluation of the conduct and results of the function allocation analyses shall be documented in a report that includes the following-(a) The methods and procedures used by the HFE Design Team in their l review of the function allocation analyses (b) The HFE Design Team's evaluation of the completed funce. ion allocation analyses, including an evaluation of the compliance with the Allocation of Function implementation Plan anu te HFr' Program Plan 1
tc) Presentation and discussion of the HFE Design Team's review findings 9
1BE 42 SBWR A8WR Human-System Interface Design Implementation Process - Amendment 1 DRAFT
i 25A5113Rev. A SBWR standardsafety Analysis Report i
Table 18E-3 ;
i HFE Analysis (Continued)
(111) Task Analyses (1) (Satisfaction of the requirements presented herein shall result in the conduct of task analyses which are in full compliance with the Item 4.b Acceptance Criteria presented in Table 3.1 of the Tier 1 Design Certification material for the GE SBWR ARWR Design). The task analyses shall be 1 conducted in accordance with the requirements of the iluman Factors Engineering Program Plan and the Task Analysis Implementation Plan.
(2) The results of the task analyses shall be documented in a report that includes ,
the following: ;
(a) Objectives of the task analyses (b) Description of the methods employed in the conduct of the task ,
analyses (c) Identificadon of deviations from the Task Analyses Implementttion ,
Plan (d) Presentation and discussion of the results of the task analyses, including discussion of design change recommendations derived from these analyses and/or negative implications that the c'erent design may have on safe plant operations (e) Conclusions regarding the conduct of the analyses and the analyses ;
results :
(3) The results of the IIFE Design Team's evaluation of the conduct and results ;
of the task analyses shall be documen'ed in a report that includes the following:
(a) The methods and procedures used by the IIFE Design Team in their review of the completed task analyses 3 (b) The HFE Design Team's evaluation of the completed task analyses ;
including an evaluation of the compliance with the Task Analysis ;
Implementation Plan and the HFE Program Plan (c; Presentation and discussion of the HFE Design Team's review findings l
'I s
SBnR ABWR Human-System Interface Design Implementation Process - Amendment 1 DRACT 18E-43 l
l
,- - }
25AS113 Rev. A SBWR Standard SafetyAnalysis Report i
O Table 18E-4 Human System interface Design (1) IISI Design Analyses (1) (Satisfaction of the 1equirements presented herein shall result in the conduct of IISI design analyses which are in full compliance with the item 5.b Acceptance Criteria presented in Table 3.1 of the Tier I Design Certification material for the GE SRWR ARWR design). The iluman System Interface (IISI) design implementation and analyses shall be conducted in accordance with the requirements of the Iluman Factors Engineering Program Plan and the 1151 Design Implementation Plan.
(2) The results of the IISI design analyses shall be documented in a report that includes the following:
(a) Objectives of the IISI design analyses l (b) Description of the methods employed in the conduct of the IISI design analyses (c) Identification of deviations from the HSI Design implementation Plan (d) Presentation and discussion of the results of the HSI design analyses, -
including discussion of design change recommendations derived from these analyses and/or negative implications that the current design may have on safe plant operations (e) Conclusions regarding the conduct of the analyses and the analysis results I (3) The results of the IIFE Design Team's evaluation of the conduct and results of the HSI design analyses shall be documented in a report that includes the following:
(a) The methods and procedures used by the IIFE Design Team in their ;
review of the HSI design analyses (b) The HFE Design Team's evaluation of the completed IISI design ;
analyses, including an evaluation of the compliance with the 11S1 Design Implementation Plan and HFE Program Plan '
(c) Presentation and discussion of the HFE Design Team's resiew findings j O.
18E-44 SBWR ABWR Human ~ System Interface Design implementation Process- Amendment 1 DRAFT
+
\
25A5113 Rev. A i SBWR standard safety Analysis Report i Table 18E-5
( Human Factors Verification and Validation (1) Iluman Factors Verification and Validation (1) (Satisfaction of the requirements presented herein shall result in the conduct of human factors verification and validation acthities which are in .
full compliance with the item 7.b Acceptance Criteria presented in Table 3.1 of the Tier 1 L)esign Certification material for the GE SBWR ARWR design).
The human factors verification and validation (V&V) of the human system interface (1151) design shall be conducted in accordance with the requirements of the lluman Factors Engineering Program Plan and the !
Iluman Factors V&V Implementation Plan.
(2) The results of the human factor verification and validation (V&V) activities [
shall be documented in a report that includes the following- -
(a) Objec' es of the human factors V&V (b) Description of the methods employed in the conduct of the human factors V&V (c) Identification of deviations from the lluman Factors V&V !
Implementation Plan (d) Presentation and discussion of the human factors V&V results, including discussion of design chs nge recommendations derived from the human factors V&V tests and euhiations and/or significant negative implications that the current 1151 design may have on safe plant operadons which may have been identified (c) Conclusions regarding the conduct of the human factorsV&V and the results (3) The results of the life Design Team's evaluation of the conduct and results of the human factor verification and validation (V&V) shall be documented ,
in a report that includes the following-(a) The review methodology and procedures used by the IIFE Design Team in their review of the human factor V&V v (b) The IIFE Design Team's evaluation of the completed human factors V&V, including an evaluation of the compliance with the Iluman Factors V&V Implementation Plan and IIFE Program Plan ,
(c) The HFE Design Team's evaluation of the completed human factors V&V, including an evaluation of the presentation and discussion of the :
IIFE Design Team's Human Factors review findings 1
N SBWR ABWR Human System Interface Design Implementation Process - Amendment 1 DRAFT 18E-45
2SA5113Rev. A SBWR standard sareryAnalysisReport HFE DESIGN TEAM i V
HFE PROGRAM AND 1
IMPLEMENTATION PLANS NR D (C SEE CONFORMANCE TABLE 18E.2.1 FOR REVIEW ACCEPTANCE CRITERIA)
SYSTEM FUNCTIONAL REQUIREMENTS ANALYSIS V
ALLOCATION OF FUNCTIONS .
U TASK ANALYSi5 A h NSC CONFORMANCE REVIEW M F (SEE TABLE 18E22 FOR ACCEPTANCE CRITERIA) 9, ;
U V i HUMAN-SYSTEM INTERFACE DESIGN PROCEDURE DEVELOPMENT I
NR kh (C CONFORMANCE SEE TABLE 1BE2.3 FOR REVIEW t ACCEPTANCE CRITERIA) !
U i HUMAN FACTORS VERIFICATION AND VALIDATION i
() NRC CONFORMANCE REVIEW i
(SEE TABLE 18E2.4 FOR ACCEPTANCE CRITERIA)
{
IMPLEMENTED DESIGN Figure 18E-1 $3.WB ABWR Human-System Interface Design implementation Process O\ '
18E-45 SBWR ABWR Human-System Interface Design Implementation Process - Amendment 1 DRAFT
- EAsn Ra A I SBWR Standard Safety Analysis Report O
18F Emergency Operation Information and Controls 18F.1 Introduction This appendix contains the results of an analysis ofinformation and control needs of the main control room operator s The analysis is based upon the operation strategies given in the SIBG APMR Emergency Procedure Guidelines (EPGs) as presented in Appendix 18A, ami-umWignifwanw+perau++-aaie e de ermined by the Pu+babiligir-Rid As :avenHPRA) ; gnea-inappendi .19D 7. The minimum inventory of controls, displays and alarms from this analysis are presented in Tables 18F-1 through 18F-3 of this appendix. The information and controls identified i from this analysis do not necessarily include those from other design requirements (such as those from Section 18A.2.11, SPDS), t Information and control needs for each operation instruction or action were developed ,
through task analyses conducted in the following manner:
{
m Each specific step in the EPGs (referred to as the EPG step) er specific opere:or anionaefewneed4nabe-PPA-4heecimefenelas,whe PRA ciep} was individually identified.
O a For each EPG step, aml*RA-aaion, a summa:T description of the step or operator action was developed.
a Information needs of the operator to perform the specific EPG step or4RA-waussion were then identified.
m Next, the control functions that the operaton perfonn to execute the actions 7 specified in the EPG step or*RA-operator,aaion were identified.
s The plant process parameters or other displays that are needed for execution of the ;
individual EPG step o,-P44A+pe+aw>r-aaion, were then identified. !
s Similarly the controls needed for the execution of the step were identified. !
?
m Annunciators necessarv for the execution of the step were identified.
s Operator aids, such as supplementarv procedures or other information needed for the execution of the step.were identified. >
a Displavs used to provide a feedback to the operators to confirm that the specified ,
control functions have been initiated or accomplished were identified. )
s Position of comrol devices that prmide feedback to the operators to confirm that proper conttols are manipulated to the conect positions were identified.
Emergency Operation Information and Controls - Amendment 1 DRAFT 18F-1 j
- SA5113 Rev. A SBWR _._. _ . ._ _. __
se msarzr sareryanatysis neport O
a Armom iaton wha h proside feedback to the opeiators to onfirm that proper (ontrol at tions .n e untiated or accomplished were identificci e Operatoi aids. wlm h piovide feedback to the operators to confirm that proper conn ol at tions aie ininated or accomplished, were identified.
'4 he-64b + wing-ope + at+* ,*4 nmw+e++te.ulered4*he4 mp* t a ta+1ma tw-aen+*w,--uuhe -
SIkWR-AlLWRSRA4*lew th+n-191M)4 s Manual 4aitkih+n+f-14e! Pm:! & Aan Pen! Cee!!ag-Sw. tem 4n4#Cl-nulw a Maimal4nitian++n44GravitpD+4ven-Geoling E .:em; e Mannabinitiati+nu4 :4DSi 44-) Ikulupmann.+1stinanon+f41PCF
- 42) Re4*we++f4eedwares-folkming a r. cram 474 Uw4+feuulenute4isestion-folk *ing*-ramwit-h reactoralepiemwimi
- 44) Conu+4444e*4or r:&r ! eve! !a-an-ATWS h (M E+nergeney41eprewnbanen of 6e reaner 44 Aligmnent-am14witiation-of4'aewate - " "' 4de+4 ion-with-F4GMailwe 44 Aligmnent-and4aitiation4Mwewa ter-for-divwell+prav
- 48) I nit iation-of-wetwelt+prayav4ng-R11R
- 49) h.olanorw4-wates.our<e:: n an internaMk*wling Tim 4hmwee-aheadv+pecified i : We EPC: and are :ncluded4n-the ara! pes ;
ILised upon the results of those operator task analyses, the listings of controls, displays and alarms that will be provided in the implemented Sim'R AIMR design to sup[> ort execution of the L Ps ami-PRA+ignifkant-operater ac: :as (as presented in Tables 18F-1,18F-2. and 18F-3) were generated.
O't
?
r t
18F 2 Emergency Operaroon Informatron and Controts - Amendment 1 DRAFT
25 A5 7 U Ae v 4 SBWR Standard Safety Analysis lieport O ;
Table 18-F1 Inventory _of Controls Based Upon the SBWR EPGs an4FRA-Require 4 Fixed-Position 44ainhtro44onsole No. Fixed Position CqntrSh 1 Manual Scram initiation Switch (A) 2 Manual Scram initiation Switch (B) 3 Reactor Mode Switch 4 Main Steam Line Manual isolation Switch Div.1 5 Main Steam Line Manual isolation Switch Div. 2 6 Main Steam Line Manual isolation Switch Div. 3 7 Main Steam Line Manual isolation Switch Div. 4 8 Containment Manual isolation Switch (Inboard) 9 Containment Manual isolation Switch (Outboard) 10 GDCS Logic (A) Initiation Switch 11 GDCS Logic (B) Initiation Switch 12 i C Logic (A) initiation Switch [
13 i C Logic (B) Initiation Switch 14 Condensate Pump Standby Mode initiation Switches (3) l 15 Reactor Feedpump Standby Mode initiation Switches (3)*
16 Condensate Pump Startup Mode Initiation Switches (3)* i 17 Reactor Feedpump Startup Mode Initiation Switcha (3)*
18 FAPCS Train (A) LPCI Mode initiation Switch
- 19 FAPCS Train (B) LPCI mode initiation Switch * .
20 Div.1 MSIV isolation Reset Switch 21 Div. 2 MSIV isolation Reset Switch 7 Div. 3 MSIV isolation Reset Switch 23 Div. 4 MSIV ! solation Reset Switch 24 MSIV Control Switches (4) 25 SLC Logic (A) Initiation Switch !
26 SLC Logic (B) Initiation Switch
- 30 ARI Logic (A) Bypass Switch' i
Emergency Operation Information and Controls - Amendment 1 DRAFT 18F.3 t
2515113 % a SBWR Standard Safety Analysis Report O
Iable_1_8 F1 inventory of Controls Based Upon the SBWR E_P_G_s_andPRA-Required 4ixed-Position 44aidentrol-Console (Continued)
No. Fixed Position Controls l I31 ARI Logic (B) Bypass Switch' 32 CRD Charging Water Pressure Low Scram Bypass Switch (A) 33 CRD Charging Water Pressure Low Scram Bypass Switch (B) 34 CRD Charging Water Pressure Low Scram Bypass Switch (C) 35 CRD Charging Water Pressure Low Screm Bypass Switch (D) 36 Manual Scram Reset Switch 37 RPS Div.1 Trip Reset Switch 38 RPS Div. 2 Trip Reset Switch 39 RPS Div. 3 Trip Reset Switch 40 RPS Div. 4 Trip Reset Switch 41 FAPCS (A) Suppression Pool Cooling Mode initiation Switch 42 FAPCS (B) Suppression Pool Cooling Mode initiation Switch 43 Containment Outboard Isolation Reset Switch 44 Containment inboard Isolation Reset Switch 45 FAPCS (A) Drywell Spray Mode initiation Switch 46 FAPCS (B) Drywell Spray Mode initiation Switch 47 FAPCS (A) Mode Selection Reset Switch 48 FAPCS (B) Mode Sel3ction Reset Switch ,
49 Turbine Trip Switch 50 ADS Logic (A) Manual Initiation Switch 51 ADS Logic (B) Manual Initiation Switch 52 FAPCS Manual Valve For injection of Firewater (F-346) 53 Turbine Building HVAC System Controls 54 RPS Div.1 Manual Trip Switch 55 RPS Div. 2 Manual Trip Switch 56 RPS Div. 3 Manual Trip Switch 57 RPS Div. 4 Manual Trip Switch 58 Fire Protection Motor Operated Pump Control Switch
- 59 Fire Protection Diesel Operater! Pump Control Switch
- 60 Fire Protection Jockey Pumps Control Switch i 1SF4 Emergency operatron Inforrnation and Controls - Amendment 1 DRAFT
2SA n 13 R .w .:
SBWR _
Standard Safety Analysis Report ,
Ta ble_1.8-F_1_
t Lnventmy_of Controls Basedypon th_e_SBWR EPGs_an4PRA-Require 4 Fixed- ,
Position 44aintontrottonsole (Continued)
No. Fixed Position Controlf ,
61 Div.1 MSIV and Main Steam Line Drain isolation Logic Bypass Switch 62 Div. 2 MSIV and Main Stearn Line Drain isolation Logic Bypass Switch 63 Div. 3 MSIV and Main Steam Line Drain Isolation Logic Bypass Switch 64 Div,4 MSIV and Main Steam Line Drain isolation Logic Bypass Switch 65 RWCU isolation Logic Bypass Syyitch (SLC Initiation, MSL Temperature, RPV Water Level 2) 66 Alternate Rod Insertion (ARI) Logic (A) Bypass Switch
- 67 "A" Scram Solenoid Main Power Breaker CS 68 "B" Scram Solenoid Main Power Breaker CS 69 RPS Div.1 Trip Inhibit Switch 70 RPS Div. 2 Trip inhibit Switch 71 RPS Div. 3 Trip Inhibit Switch 72 RPS Div. 4 Trip inhibit Switch 73 Control Rod Scram Test Switches 74 Rod Worth Minimiter Bypass Syyitch 75 CAMS (A) Operating Mode Switch 76 CAMS (B) Operating Mode Switch 77 CAMS (A) Sample Select Switch e 78 CAMS (B) Sample Select Switch !
79 Bypass Syyitch of LOCA Interlocks on Drywell Cooling Fans and Associated Cooling Water (RCCW)* ;
80 FCS (A) Control Switch 81 FCS (B) Control Switch 82 FCS (C) Control Switch 83 FCS (D) Control Switch l
84 Div.1 Logic Bypass Switch for Controlled Area HVAC isolation ;
85 Div. 2 Logic Bypass Switch for Controlled Area HVAC isolation j 86 Div. 3 Logic Bypass Switch for Controlled Area HVAC isolation -
87 Div. 4 Logic Bypass Switch for Controlled Area HVAC isolation
-]
88 High RPV Water Level (Level 8) Reactor Feedpumps Interlock Bypass Switch' 89 High RPV Water Level (Level 9) Reactor Feedpump Trip Logic Bypass _ Switch g i
l Emergency operation informetron and controls - Amendment 1 DRAFT 18F-5 1
J
25A5'13 few A SBWR stansanisatery Analysis neport O
. Table 18-F1 inventory _of Controls Based Upon the SBWR EPGs_andPRAAequiredfixed-Position-Maihtrol-Console (Continued)
No. Fixed Position Qpntrqls 90 High F.PV Water Level (Level 8) Reactor Feedpumps interlock Bypass Switch' 91 High RPV Water Level (Level 9) Reactor Feedpumps Trip Logic Bypass Switch
- Provided outside the main control room.
G' f
f l
l O
i 18F. 6 Emergency Operation Information and Controls - Amendment 1 DRAFT l l
4
__._________________.._________.________________.______l
l i
2SAS173 Rev. A SBWR Standard Safety Analysis Report
\
Table 18F-1 inventorroLControls Based _Upon the SBWR EPGs and-PRA (Continued) Requked Divisional-VDU N o. Divisional-VDU Qthyr_G9ntrplEynttions' 1 RWCU lsolation Valves Control Switch 2 i C (A) System Controls 3 i C (B) System Controls 4 i C (C) System Controls 5 Main Steam Line Drain inboard Isolation Valve Controls 6 Main Steam Line Drain Outboard Isolation Valve Controls 7 SRV Control Switches (8 Switches 4 per Division) 8 SLC Injection Line Shutoff Valve Control Switch 9 RBHVAC isolation Valves Controls 10 Atmospheric Control System isolation Valve Controls 11 CRD System Controls 12 Condensate and Feedwater System Controls 13 Feedwater Control System Control 14 FAPCS System Controls 15 Pressure Control System Controls .
16 RWCU System Controls ,
17 Main Steam System Controls 18 Rod Control and information System Controls 19 RWM Bypass Switch 20 Drywell Cooling System Controls 21 Nitrogen Vent And Purge Mode of ACS . Controls 22 Containment Purge Mode of Containment Supply and Purge Subsystem of RBHVAC Controls 23 Drywell Cooling Coils Fans Controls 24 Atmospheric Control System Corarols
'25 RB HVAC System Controls 26 FAPCS Pump (A) Room Cooler Fan Control 27 FAPCS Pump (B) Room Cooler Fan Control 28 RCCW Pump (A) Room Cooler Fan Control 29 RCCW Pump (B) Room Cooler Fan Control Emergency Operation information and Controls - Amendment 1 CRAFT 18F 7
+
- 5A5M3 Rev A SBWR Standard Safety Analysis Report O
Table 18F-1 Inven. tory _of Controls Based _tJpon_the_SBWR EPGiand-PRA (Continued) Required-DivisionaWDU No. DivisionabVDU Oftter Control Functior!s 30 CRD Pump (A) Room Cooler Fan Control 31 CRD Pump (B) Room Cooler Fan Control 32 RWCU Pump (A) Room Cooler Fan Control 33 RWCU Pump (B) Room Cooler Fan Control 34 Main Steam Tunnel Cooler Fan C_qnfrgh (A) 35 Main Steam Tunnel Cooler Fan Controls (B) 36 SJAE Steam Isolation Valve Control 37 Steam to Off-Gas Preheater isolation Valve Controls 38 Steam to Radwaste Isolation Valve Control 39 Steam to Turbine HVS isolation Valve Control 40 Turbine Extraction Steam Isolation Valve Control 41 Turbirie Bypass Valves Controls 42 RPV Head Vent Valve Controls
- Not necessarily provided at fixed positions.
t 0
1ST- 8 Emergency Operation Information and Controls - Amendment 1 DRAFT i
25A5113 Rev. A SBWR standard safety Analysis Repon ,
O Table 18F-2 inxentory of Displays Based _Upon the SBWR EPGs andPRA Requiredfixed-Position-Displayi-Main-Cont rol-Room No. Fixed Position pisp!Ay1 i i
1 RPV Water Level' 2 RPV Pressure 3 Time' 4 Drywell Pressure
- I 5 Reactor Power Level (APRM)*
6 Reactor Power Level (SRNM) 7 Reactor Simulated Thermal Power 8 Neutron Flux Rate of Change (APRM)*
9 Neutron Flux Period (SRNM)*
10 MSIV Position Status 11 Suppression Pool Bulk Temperature 12 RPV Water Level 8' 13 Scram Solenoid Status Light Indication (8) l 14 Manual Scram Switch (A) Status indicating Light 15 Manual Scram Switch (B) Status Indicating Light 16 RPV isolation Status 17 SRV Valves Status (8)*
18 DPV Valves Status (6) 19 GDCS (A) Pool Level' 20 GDCS (B) Pool Level' !
21 GDCS (C) Pool Level
- 22 GDCS (A) injection Valve Status 23 GDCS (B) Injection Valve Status 24 GDCS (C) Injection Valve Statu ,
25 - 1 C (A) Condensate Return Valve Status j 26 i C (A) Condensate Return Bypass Valve Status l
27 I C (B) Condensate Return Valve Status
- i 28 i C (B) Condensate Return Bypass Valve Status l 29 1 C (C) Condensate Return Valve Status I 30 i C (C) Condensate Return Bypass Valve Status l Emergency Operation informaten and Controls -- Amendment 1 DRAFT 1SF 9
2s45113 Rn a SBWR _ ___
Standard Safety Analysis Report O
T_able 18F-2 Inventory _of Displays Based Upon the SBWR EPGs and-PRA Requiredfixed-Position-Display: Main Control-Room (Continued)
No. Fixed Position Displays 31 Containment Water Level' 32 Wetwell Pressure 33 Condensate and Feedwater Pumps Operating Status RPV Water Level 3 Indication
- 34 35 RPV Water Level 8 Indication
- 36 FAPCS System injection Valve Status 37 FAPCS Injection Valve Status 38 FAPCS Pump (A) Discharge Pressure 39 FAPCS Pump (B) Discharge Pressure 40 FAPCS Pump (A) Discharge Flow 41 FAPCS Pump (B) Discharge Flow 42 FAPCS Pump (A) Operating Status 43 FAPCS Pump (B) Operating Status 44 RPV Water Level 1m Above TAF Indication
- 45 Main Condenser Pressure 46 Main Steam Line Pressure 47 Turbine Bypass Valves Status 48 Suppression Pool Water Level
- 49 Main Steam Line Flow 50 RWCU4solatk>n-Va!vec Statust 54 RWCU-T4ain4A) !n!ct VO!v0 Status 52 RWCU Tra!HB)!n!ct Va!ve Status 53 RWCU-Train 4A}-F4ewi 54 RWCU-Tram 4B}54owi 66 RWCU-T4ain4A)4HLByp::: V:!ve Status 66 RWCU-T<ain4BFRMLBypace V !ve Status 57 RWCU-Pump 4A)41atus j 58 RWCUJ4unp48) Status l 59 RWCUDemin4A} Inlet-Valve 4tatus 60 RWCU-Demin48)-4ntet Ve!ve Status 16F 10 Emergency Operation hformation and Controls - Amendment 1 DRAFT
26A5113 Rev. A SBWR standard Safety Analysis Report O
Table 18F-2 inventory of Displays Based Upon the S_BWR EPGs and-PRA Required Fixed-Position-Display 9Aain-Control-Room (Continued)
No. Fixed Position pisplays 5 RWCU-Oemin '^) Bypass #elve4tatus 62 RWCU4emin-4BFBypassNelve4tatus ,
63 RWCMHX4A)4nlet-V41ve4tatus 64 RWCU RHX48)lnietNaiveStatus 66 RWCU RHX {^) BypassNaive4tatus 66 RWCU RMX-4B)BypassNalve4tatus ,
67 RWCU4Al-Return to FeedwaterNelve4tatus 68 RWCU 19) Return ta5eede/eter Valve 4tatus 69 RWCU%ain {A) 9HX4nlet-Temperature 70 RWCU-Tsain49) RHX !n!ct-Temperature 74 RWCU4ain4Al-NRHX4utlet-Temperaturei 72 RWCU Trein (B)J4RHX4ut!et Temperature 2 73 RWCU4ein (A) Domin Outlet Valve-States 74 RWCU4ein4bbDemio4ut!et Ve!se Status 76 RWCutissharge4Jne4044am4ondenser-Velve4t atus 76 RWCU Diccharge4Jne4e4kwiwasteNaive4tatus 77 50 SLC injection 'Jalve (A) Ststus 7851 SLC Injection Line Shutoff Valve Status 7932 SLC Accumulator Level' 8053 SLC Accumulator Pressure * ,
8434 Average Upper Drywell Temperature 8235 Average Lower Drywell Temperature 8333 Wetwell Hydrogen Level' ,
8432 Drywell Hydrogen Level
- I 8633 FAPCS Drywell Spray Valve Status 863R Containment Purge Exaust Radioactivity Level * ;
8739 Drywell Oxygen Concentration
- 883J Wetwell Oxygen Concentration
- 8932 Safety Envelope HVAC Exaust Radiation Level' 9033 Refueling Area Air Ventilation Exaust Radiation Level
- l 1
Emergency Operatton Information and Controls - Amendment 1 DR AFT 18F-11
25A5113 Rev. A SBWR Standard Safety Analysis Report 9:
Table 18F-2 inventory _of DJsplays_ Based _Upon the SBWR EPGs and-PRA Requ'wedfixed-Position-Displayi-Main-Controt-Room (Continued)
No. Fixed Position Displays l 94f4 Isolation Condenser (A) Pool Discharge Vent Radiation Leve!* j 92J5 Isolation Condenser (B) Pool Discharge Vent Radiation Level' 93]A Isolation Condenser (C) Pool Discharge Vent Radiation Level' ,
94J2 Reactor Building HVAC Exaust Radiation Level' 9533 Stack Radioactivity Level
- 96J2 RPV Water Level 9*
971Q Fire Protection System Status Display t 9811 Fire Line Header Pressure t 9912 CAMS (A) System Lineup Display 40013 CAMS (B) System Lineup Display 40424 FCS (A) Operating Status 402-25 FCS (B) Operating Status 4031Q FCS (C) Operating Status 4041Z FCS (D) Operating Status 40513 Containment Purge Exaust Radioactivity Level 40612 Safety Envelope HVAC Exaust Radiation Level 407JQ Refuelling Area Air Ventilation Exaust Radiation Level 40811 Isolation Condenser (A) Pool Discharge Vent Radiation Level
- 40932 Isolation Condenser (B) Pool Discharge Vent Radiation Level' 44033 Isolation Condenser (C) Pool Discharge Vent Radiation Level
- 44434 Reactor Building HVAC Exhaust Radiation Level i 442J5 Area Radiation MoMtors Levels
- 44336 Stack Radiation Level i 44431 RCCW System (A) Radiation t 44633 RCCW System (B) Radiation' 44632 Radwaste Effluent Radiation' HQ Reactor Made Switch Mode Indications i
f
- Roa Guide 1.97 parameter.
t Not necessarifv provided at fixed positions. Ol 18F-12 Emergency Operation Information and Controls - Amendment 1 DRAFT I
I
l 25A5113 Rev. A SBWR Standant Safety Analysis Report O
Table 18F-2 inventory _of Displays Based Upon the SBWR EPGs and-PRAJContinuedlRequired- I Divisional-VDU-Displays No. Divisional-VDU Q1her Displays 1 RPV Water Level Instrument Reference Leg Temperature 2 RPV Water Level Instrument Area Temperature l 3 Narrow Range Water Level i 4 CRD Charging Water Pressure e
5 GDCS (A) System Lineup Display 6 GDCS (B) System Lineup Display 7 GDCS (C) System Lineup Display 8 i C (A) System Lineup Display i C (B) System Lineup Display 9
10 l C (C) System Lineup Display 11 Main Steam Line Tunnel Area Temperature 12 Turbine Area Main Steam Line Temperature ,
13 SLC System Lineup Display ,
14 Controlled Area HVAC isolation Valves Status Display 15 BWCU isolation Valves Statui r 16 RWCU Train (A) Inlet Valve Status !
12 RWCU Train (B) Inist Valve Status 18 FWCU Train (A) Flow
- 1 13 RWCU Train (B) Flow
21 RWCU Train (B) RHX Bvoass Valve Status 22 RWCU Pumo (A) Status 23 RWCU Pumo (B) Status 24 RWCU Demin (A) f nlet Valvg_Sigtp_s 25 RWCU Demin (B) Inlet Valve Status !
2$ RWCU Demin (A) Byp_ ass Valve Status 22 RWCU Demin (B) Bvpass Valve Status 28 RWCU RHX (A) Inlet Valve Stalus i 29 RWCU RHX (B)lniet Valve Status 30 EW_C_l)JHX ( A) Byggss Valve Status Emergency Operation Information and Controls - Amendment 1 DRAFT 18F-13
l
- 5AS113 Rev. A SBWR __
Standard Safety Analysis Report O
Table 18F-2 inventory of Displays _ Base _d_Upon the SBWR EPGs andPRAJContinuedLRequired Divisional-VDU-Displays No. Divisional-VDU Oher Displays 3J RWCV RHX (B_LBypass Valve Stains 32 _RWCU (A) Return to Feedwater Valve Stalgs 33 RWCU (B) Return to Feedwater Valve Status 34 RWQU Train (A) RHX Inlet Temoerature 35 RW0l) Train 1Bj_RHX Inlet Temoerature af RWCU Train ( A) NRHX Outlet Temoerature*
31 RWCJJ Train (B) NRHX Outlet Temoerature*
3B RWC_ti Train (A) Demin Outlet Valve Status 39 RWCU T_ rain (b) Demin Outlet Valve Status 4Q RWCU Discharae Line to Main Condenser Valve Status 41 RWCU Discharge Line to Radwaste Valve Status
- Rea, Guide 1.57 parameter.
O.
18F-t4 Emergency Operation information and Controls - Amendment 1 DRAFT
i 25A5113 Rev. A SBWR- star:dard sarery Analysis nepair O !
l Table 18F-3_
hventory_of Alarms Based Upon the SBWR EP_Gs_an4PRA G Required-Fixed-Position-Alarms No. Fixed Position A_IAtms 1 mdicated RPV Water Level Abnormal 1 2 RV Water Level 3 3 RFV Pressure High 4 Drywell Pressure High 5 Nettfron Flux High-High 6 Neutron Monitoring System Trouble 7 Neutron Flux Rapid increase 8 Neutrcn Flux Short Period 9 CRD Charging Water Pressure Low 10 MSIV Chsure 11 Supprestion Pool Bulk Temperature High 12 RPV Water Level 8 13 Reactor Scram 14 RPV Water t.evel 2 Isolation incomplete 15 RPV Level 1 tsolation incomplete 16 RPV Water Ltvel s 1m Above TAF 17 SRV Open 18 ADS Logic (A) Initiated 19 ADS Logic (B) Ir :itiated 20 GDCS Logic (A) hitiated i 21 GDCS Logic (B) initiated i
22 GDCS Pools Level Low 23 Control Rod Not Int erted To/Beyond MSBWP 24 Fire Protection Systt'm Trouble ,
25 RPV Water Level s TA F 26 Main Steam Line Flova High f 27 HPNSS Trouble 28 RWCU Trouble >
l 29 SLC Trouble f 30 ARI Actuated l Emergency Operetton Information and Cor trols - Amentiment 1 DRAFT 1SF-15
I
- 5A5113 Rev A SBWR Standard Safety Analysis Report O.
T_able 18F-3 Inven_ tory of Alarms Bas.e.d_Upon the SBWR EPGs andSRA Requiredfixed-Position-Alarms (Continued) ,
No. Fixed Position Alartps l
31 ATWS Initiated 32 Rod Withdrawal Block 33 Drywell Average Temperature High 34 Suppression Pool Water Level High/ Low 35 CAMS H2 /02 Level Highs 36 Suppression Pool Bulk Average Temperature High 37 Suppression Pool Water Level High/ Low 38 CAMS H2 /02 Level High 39 CAMS (A) System Abnormal ,
40 CAMS (B) System Abnormal 41 Process Radiation Monitoring System Trouble 42 Controlled Area Differential Pressure Low 43 Area Temperature High '
44 RBHVAC Exaust Radiation High 45 Controlled Areas Area Radiation High 46 Controlled Area Floor Drain Sump Level High >
47 Reactor Building Control Room Envelope HVAC Trouble 48 Stack Radioactivity High 49 Reactor Component Cooling Water Activity High 50 Turbine Building Ventilation System Trouble 51 Radiation Monitors High (Common Alarm) i 1
52 RPV Water Level 9 53 Main Turbine Trio 54 Mpjn_f22ngIA10L_TIin i 5.5 Leak Detection Iggjalign i O'
18F-16 Emergency operatic <n information and Controls - Amendment 1 DRAf~i
25 15113 & :
SBWR Standard Satery Analysis Report Iable18.F-3 !
Inventory of Alarms Based Upon the SBWR EPGs and-PRA Required # visional- !
VDU-Alarms (Continued)
N o. Divisional-VDU Q1httAlarms :
1 RWCU SLC Initiation isolation Bypassed !
2 RWCU RPV Water Level 2 Isolation Bypassed 3 RWCU Main Steam Line Tunnel Temperature High Isolation Bypassed 4 RPS Div.1 Trip inhibited 5 RPS Div. 2 Trip inhibited j 6 RPS Div. 3 Trip inhibited 7 RPS Div. 4 Trip Inhibited t
8 Wetwell Pressure Low ,
9 Controlled Area HVACisolated 10 Div.1 Controlled Area HVAC Drywell Pressure isolation Bypassed 11 Div. 2 Controlled Area HVAC Drywell Pressure isolation Bypassed 12 Div. 3 Controlled Area HVAC Drywell Pressure isolation Bypassed 13 Div. 4 Controlled Area HVAC Drywell Pressure Isolation Bypassed 14 Div.1 Controlled Area HVAC RPV Water Level isolation Bypassed j 15 Div. 2 Controlled Area HVAC RPV Water Level isolation Bypassed ;
i 16 Div. 3 Controlled Area HVAC RPV Water Level isolation Bypassed ;
17 Div. 4 Controlled Area HVAC RPV Water Level isolation Bypassed !
18 Turbine Building MSL Tunnel Temperature High ,
19 Div.1 MSIV & Main Steam Drain isolation Logic Bypassed 20 Div. 2 MSIV & Main Steam Drain isolation Logic Bypassed j 21 Div. 3 MSIV & Main Steam Drain isolation Logic Bypassed l 22 Div. 4 MSIV & Main Steam Drain isolation Logic Bypassed 23 Containment Water Level 04 1
i l
l Emergency Operation Informerson and Controls- Amendment 1 DRAFT 18F-17
- 5AS: 13 Rev. A SBWR _ _ _
Standard Safety Analysis Report 9 ,
4 f
i f
1 A
I e ,
t t
i 1 !
9 l
't O
i TSF- 78 Emergency Operation Information and Controls - Amendment 1 DRAFT
,