ML20064N233
| ML20064N233 | |
| Person / Time | |
|---|---|
| Site: | Clinch River |
| Issue date: | 02/15/1983 |
| From: | Longenecker J ENERGY, DEPT. OF, CLINCH RIVER BREEDER REACTOR PLANT |
| To: | Grace J Office of Nuclear Reactor Regulation |
| References | |
| HQ:S:83:216, NUDOCS 8302160153 | |
| Download: ML20064N233 (95) | |
Text
-- _ _ _ _ _ _ _ _ _ _ _ _ _ . . _ . _ . _ _ _ _ _ _ _ _ - _ _ _ - _ _ _ _ _ _ _ _ _ _ _ _
.- W -
Department of Energy Washington, D.C. 20545 Docket No. 50-537 HQ:S:83:216 FEB 15 BB3 Dr. J. Nelson Grace, Director CRBR Program Office Office of Nuclear Reactor Regulation U.S. Nuclear Regulatory Commission Washington, D.C. 20555
Dear Dr. Grace:
ADDITIONAL INFORMATION ON THE CLINCH RIVER BREEDER REACTOR PLANT (CRBRP)
INSTRUMENTATION AND CONTROLS Enclosed is additional infonnation on CRBRP instrumentation (Preliminary Safety Analysis Report (PSAR) Chapter 7) that was discussed in a February 1 telecon with the Nuclear Regulatory Commission.(NRC) staff reviewer. Also enclosed are revised responses to NRC Questions CS421.15,19, and 46. The enclosed PSAR pages will be included in the next amendment to the PSAR.
Any questions regarding the enclosed infonnation may be addressed to Mr. R. Rosecky (FTS 626-6149) or Mr. A. Meller (FTS 626-6355) of the Project Office Oak Ridge staff.
Sincerely, J n R. Longeneck Acting Director, ffice of Breeder Demonstration Projects Office of Nuclear Energy Enclosures cc: Service List Standard Distrib; tion Licensing Distribution unsanss%
A I
. _ . _ . . - . _ ____.- . - . _. = - - . . _.
- t
, Enclosure 1 NRC CONCERN: Containment Monitoring Instrumentation is required to be manually connected to Class lE power for operation.
RESOLUTION: This concern arises from misinterpretation of wording in CRBRP-3 which discusses manual initiation of TMBDB equipment. Section 2.2.13 of CRBRP-3 is being modified (attached) to clearly indicate that containment monitoring instrumentation will be on a Class lE bus and is continuously energized.
Additional information about manual initiation of TMBDB equipment is provided for informational purposes. - __
t, The containment monitoring system is part of the TMBDB equipment described in CRBRP-3. The rationale for manual initiation of TMBDB equip-ment is provided below:
CRBRP-3 Par. 2.1.2.12 states:
" Operator action to initiate TMBDB systems operation is required only for events beyond the design base. However, mis-operation of TMBDB systems, . . . could defeat Engineered Safety Features (ESFs) required to mitigate design basis accidents."
In order to preclude defeating ESFs coupled with 4
1 4
, _ , . - -.,y 0w - - , yflr- , ,.y 7 , -, s-- .,e,- - , , , -- ,-. , ___,-e m w-e e-..m.e_, .~..v. _ _ - ~ .-.- ,.r_ .Q, . - . . _ - _ . , , Q-e+.-m- w. v.., -
the fact that TMBDB festures are not required for the first 24 to 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br /> of the event, only manual initiation (see Operator Action Sequence),
is required and provided, and all controls are under administrative control to prevent inadvertent actuation.
NOTE: Figure 9.6-5 of the PSAR is. included as background information and will not be included in CRBRP-3.
i i
1
.? <--
~
.. ._ . . - r - :- . - w - -
>- . ._u.:, - e.-s -- . . . - --
CRBRP-3 VOL. 2, REY. I
~~
Provisions for off-site monitoring are described in the TVA Radiological
. Emergency Plan, as discussed in Section 13.3.11 of the PSAR. -
2.2.12.2.2 High-Range Containment Area Radiation Three High-Range Containment Area Radiation Monitors are provided to indicate the radiation levels within containment to assist in determinhng actions to protect the pubifc. These monitors have a seven decade range to 107 R/Hr gama. The detectors are located approximately 120 degrees apart around the Reactor Contairunent Building periphery in the annulus space, to take advantage of the relatively benign environment. The monitors are classified as Safety Class lE and powered from three independent divisions
' ~
of power. All three monitors have continuous display in the Control Room and one channel is recordec. )
2.2.13 Electrical Power System The electrical power requirements for motors, controls, and instruments will O be distributed as part of the Class lE electric power system using the appropriate standards of cuality assurance, structural support, and physical separation. -
These 1;;;; ill, h;- .e., te ,cc,~te .T.e... ell., e....seta; t; the 1: ;,; er
- -.r;; fr
- .; th: ::ntr:1 r;; ;fter r;;;.' ; :th:r h ::: th kh :r: n:t P
- eeemt4 ;? t r ' ; ~"" ;;;dithn:. T e LnSer/
2.2.14 .. Containment Structures As a result of the structural analysis of the containment building, a few changes in the design have been made to provide increased thermal margins.
These include:
2-34
- , - - - ,.n., . . - - . - - , - , ., - _,,_.,,._, , -
.' . ,.l.. . ..sn- .. - -.:..,-a. -- . . a: . . . . c. -- - . a.> = --- - . .. . . . - . .
INSERT TMBDB instrumentation is connected to Class lE electrical power and is energized during both normal and emergency plant operation.
Other electrical loads for TMBDB features are connected to lE electrical power supplies, however, remain de-energized. When the equipment is required to operate during the TMBDB event, it will be remote manually energized from the Control Room.
t
i
~
lit:T OF TMBDB EQUIPMENT CONNECTED TO lE POWER SUPPLY l,
4 l
EQUIPMENT TITLE !
LQUIPMENT TITLE 6
Containment Cleanup Scrubber Exhaust Annulus Cooling Fan Damper 1B
{;
Fan 175B Annulus Cooling Fan Damper 1C j Containment Cleanup Scrubber Exhaust l Fan 175A Annulus cooling Fan Damper ID <
l I
Containment Cleanup' Scrubber Exhaust Annulus Cooling Fan Damper lE j Fan Disch Valve 109A ;
Annulus Cooling Fan Damper IF j Containment Cleanup Scrubber Exhaust r Fan Disch Valve 109B Annulus Cooling Exhaust Damper 90A ,
d Containment Cleanup Scrubber Exhaust Annulus Cooling Exhaust Damper 90B Fan Bypass Valve 108A }{
Annulus Cooling Exhaust Damper 90C ;
Containment Cleanup Scrubber Exhaust Fan Bypass Valve 108B , Annulus Cooling Exhaust Damper 90D Annulus Cooling Fan 174A Containment Purge Valve 19A Annulus Cooling Fan 174B Containment Purge Valve 19B i
j Annulus Cooling Fan 174C Containment Purge Valve 19C 4
Annulus Cooling Fan 174D Containment Purge Valve 19D Annulus Cooling Fan 174E Containment Vent Valve 106A
^
Annulus Cooling Fan 174F Containment Vent Valve 106E Annulus Cooling Fan Damper,lA Containment Vent Valve 106C I
i i
LIST OF TMBDB EQUIPMENT MANUALLY ENERGIZED FROM lE POWER SUPPLY -
e I
a ;
I
! EQUIPMENT TITLE Containment Vent Valve 106D ,
l Containment Vent Flow Control Valve 107A l Containment Vent Flow Control Valve 107B Containment Cleanup Water Supply Pump A Containment Cleanup Water Supply Pump B i
i All the above equipment is Class lE and Seismic Category I.
1 i
t e
. , .,., ,.,.,.,o , . , .
- 8 I a t=&
91 !'
M! Pp j . i !';p.!!;P i4' h it!S I-
! I!.l 1;r i'13 f, . 0l " j ".: v
$lI via ' 1 -
i' i,t, {pt
'i'1 g ag ;!! ! : 1
!l ! i 1. . J' ill ps* -8 iri jr; *. y ; s,1 3,!:it
.;25 gi s i p
,g dr uvE hie:<
-If ali and I e i si !!i ali a:n;r di!! pi i l 9 n.: _
- ~
$, ~E.'8, II f .
e?
Ijf#' 8 ! ~
- , l
l1-*ses e.:, _.t!- I h.!
II, I- t i) E G; l
.y
. #'Nif % -
3 E
K .1.
S 1
e g,
r
_ g.q. ;.
, _ _3 4 f .f
_- --~
i
' T T
. e- ,l
.g gi
.- ; x T' f f f r !'P:
. ,p .
[ Ea M;s M f.h.ej
@M2@Mn@
, , A@ .', s3= l 4
. o g g =. - g
! i U . @ya. $. $ @} @ @ # Md,e g
e v i er
@ g S @gi i I
= , ya.., r_e.,a,,
g-e , 1=_,_ ,, 3 ,
3< 1,3_p., y3,i! = ,.ey11.egl!_ql!:,,
- a. -s .,.Ei!.,2.!!._.
3i "3 i ' " l ' t ! "E, l "3 1 : .- e'
~
e
~
=
t 5
t i
i i rr .
gi I @g-] 33-i ,
_ILt -
,l 3 i, ,i 8 ,
,- c '_,
@s-r_':: i
=__,4 p--
2Pc. 7 Pe :: 'pI > _-
tg__CO i@i i i i.*
+ :- _ a v_-
.b
.. e _
3.__- -
_g i @E-
_m i
i M '! a,! G ! =F_,= ::~,:::!$ .
".' il a7 ~m- _"7 .l , Lgr.;
- 1. .g
- in a iC c- _ a#.<> _ __
u
% ,p'_g .9, .. -.
M.
($
~'
- .[_p. 4 *-. 3, . e 4 "- g Is tg ;ilEI T
lg~h;!I ie
@3-!M'
@( ......!!$!Ij-~ jj!! '
T l
- g_ , -
@35#
gg E y I:
Es* -
- Njw:ss$[*'*..gg-@E**h"l -3 l 9< ,'4
, u q- -@g;-i g_rG. ,1 V l
Ig: h F.
, g- 4(s,- -i%23 @
4 4
KM o
,j 5
@3- .
=
j ,l
@- # . .^ r :p@er
. e@e w ,
_!vs I i M
h Dn .. Ow e
@r- IDi k ./, u rfi"O%
. .- e _- M ,be '*
- s. @a. g .
-i,IDI k .. sk! ' -l 7 9 U 'l'1- ^h " = 3: 551
- 1 @A : 1 - k,. "I
- PN D3 .-[ll . I
- T4 i _.!
I E b 2~f -
4, nn $ I @+n4w. e !o
- 2. m ,
h _=,~. . _, r=@@ %@@ !
4..6{J i 0 T @qR,_Q -
Ji's , j i im .
g e
h l
l
- ....:.:~.._. ~ ..:. =~ ~ a = -- --
CRBRP-3 Vol.2, Rev.0 - - - -
2.3 OPERATOR ACTION SEQUENCE The operator action sequence following an HCDA would be as follows:
- 1. Shcrtly af ter the HCDA the various core and primary heat transport system instrumentation would indicate that some unidentified event has occurred, either because of readings outside the normal band or indications of failure of the instrumentation. The event might not be identifiable because the core and PHTS instrumentation is not designed to withstand an HCDA.
- 2. Immediately after the unidentified event, only actions such as those associated with design basis accidents would be taken in the short term. For instance, containment would isolate and the annulus filtration system would be activated when the radiation monitors sense an abnormal radiological release to containment. The operator would not perform any actions specifically related to TMBDB features.
- 3. In accordance with PSAR Section 13.3.3,:...J and the Tennessee Department of Public Health would be notified of the accident.
- 4. If materials are released to the reactor cavity following an HCDA, these releases would be expected to be monitored by radiation,
, temperature and pressure sensors in the reactor cavity in the short term. However, no operator actions with respect to TMBDB features are required or expected as a result of this infonnatica.
- 5. The operator would only act on information from the containment TMBDB instrumentation that indicates an increase in containment atmosphere pressure and temperature and the presence of hydrogen in the atmosphere that would challenge containment integrity. For design base events (not an HCDA), containment would not be challenged and the operator would not take any action to initiate operation of the TMBDB features.
O 2-38
, . _- r. ./.y = .- : -. . - . -- -= ~.%b_w ::- - - -: .:-
=:---- -
2 "- si a .d-- -
CRBRP-3 .. ,
Vol.2, Rev.0
~
~'
- 6. No operator actior.3 that would violate containment integrity (such as Q venting) or degrade the operation of Engineered Safety Features would !
be required or expected during the first 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />.
- 7. Beyond 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />, the operator would initiate operation of TMBD8 features as required to maintain long term structural integrity of the containment. Detailed technical specifications and administrative -
controls will be included in the information provided ifor the operating license review. Tbc following are typical of actions that would be .
taken by the operator:
- l A. The annulus cooling system would be activated when the containment steelshelltemperaturereachesaprescribedvalue(r40bto i
5000 F). At this time the annulus filtration system (design base system) would be deactivated.
- 6. The operator would vent containment through the TMBDB venting system when the pressure reaches a prescribed value (.rl5 to 20 (4 '
psig), or the hydrogen concentration reaches a prescribed value t
(such that the concentration does not exceed 6% either before or after venting). Immediately preceding the containment venting, the cleanup system would be activated. (The TMSDB containment cleanup system is separate from the design base annulus filtration system). To accomplish these actions the TMBDB, features would be manually energized from the 1E power supply system.
C. When it is decided to vent the RCB, the Containment Vent isolation valves would be opened so that the pressure in the RCB can decrease to the atmospheric pressure.
D. After the RCB has been depressurized, the. Containment Cleanup System Exhaust blowers would be turned on and the purge is'olation valves opened. The cleanup system exhaust blower would produce a suction to pull purge air through the containment.
d t
[
2-39
- , - _ . : v. - :_a - 2. -v------ -. - - - - --- -
CR8RP-3 Vol.2, Rev.0 E. When the gases released from concrete and the reactions in containment cease, the venting, purging, and cleanup systems operation could be terminated.
F. When the containment steel shell temperature falls below'2000F, the operation of the annulus cooling system could be terminated.
The results of analyses in Section 3 indicate that activation of TMBDB features by operator action would not be required for about 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br /> (although permitted after 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />) following an HCDA. Because of the long time available before operator action would be required, the acticas are not sensitive te variations in the scenario, such as reactor vessel penetration times ranging from 100 to 10,000 seconds.
V l
l 1
l l
l 2-40
Enclosuro 2 NRC CONCERN: The non-lE classification of certain Recirculating Gas Subsystems needs clarification.
RESPONSE: Revised Section 9.16. Paragraph 9.16.3 is attached clarifying non-safety classification and use of non-lE power. Recirculating Gas Subsystems PA, PB, PC, CR, CT, RC, EC, ET and FH.are non-lE and their operation is not i
- required for safe shutdown of the plant.
() -
t
9'.16.2.9 EVS Loon 3 - Subsvstem EC The subsysten EC consists of one 100% cooler and one 100% f an, is shown In r'
Figure 9.16-6 and cools the third EVS Na Loop cell which uses natural
(-
convection to circulate the EVS sodium.
Separate cooling subsystems are provided to ensure that any accident in any one of the three EVS sodium cooling Iceps will be confined to that to;p only.
9.16.2.10 Ex-Vescal Storace Tank (EVST) Cavltv - Subsystem ET The subsystem ET consists of one 100% cooler and one 100% fan, is sh;wn in Figure 9.16-7 and cools tha EVST cavity and M e EVST support iedge.
The supply and return gas piping is embedded in shielding concrete blocks along the West well and below the floor of the EVST cell. The main supply gas is discharged in the center of the cell below the guard vessel.
This stream .in passing through several holes along the side of the guard vessel support skirt cools it to keep the temperature at the guard vessel support embednents within the allowable limits. Additionally,.two supply gas branches supply gas below the entire circumference of the EVST vessel support ledge. The return gas is :ollected over the EVST vessel support ledge area as well as at high points within the cavity. The return gas is drawn by a fan through the cooler and supplled back to EYST.
. The cooling function at the subsystem ET is non-safety related and hence piping is designed to the requirements of ANSI B31.1. However, a portion of the piping which may be below the sodium pool level in case of a sodlun leak, is designed to the requirement of ASE Section li t, Class 3 to prevent Na/ concrete r9 action.
9.16.2.11 Fuel HandiIna CalI (FHC) - Subsvstem FH The subsystem FH consists of two 100% coolers and two 100% fans, is shown in Figure 9.16-7 and cools the FHC cell, spent fuel and the cell equipment. The RGCS subsystem terminates at the FHC manifolds. Recirculation and distribution of cooled argon gas is addressed in Section 9.1.3.2.
A separnte subsystem is used because the recirculated gas is argon and the coolant is Dowtherm J. This subsystem has redundant coolers. The two Dowtherm J loops serving the two coolers are, in turn, cooled by the two emergency chilled water supplles. The redundancy in the cooling system is provided f or plant personnel safety and plant availability reasons.
9.16.3 Safetv Evaluation The non-safety related subsystems are classified as Safety Class "None" and are designated in Table 9.16-1 as having no safety classification. Loss of cooling to the area served by these subsystems due to loss of normal electrical power will not result in loss of capability to bring the plant to safe shutdown condition.
Hence, these subsystems are supplied with normal electric power.
g 9.16-6 Amend. 74 ,
Dec. 1982
Enclosure 3 . . _
NRC CONCERN: Provide additional information about SSPLS including a listing of equipment controlled by SSPLS _
RESOLUTION: A revised response to question 421.15 is attached.
A list of equipment controlled by SSPLS is provided for informational purposes.
1
~
(
ouestion es421.15 identify and document where microprocessors, multiplexers, or computer systems may be used in or interf ace with safety-related systems.
Resoonse Many microprocessors, multiplexers, and computers are used in CRBRP systemsg however, in general, they are used in non-Class 1E applications. Whenever a microprocessor, multiplexer or computer acqu!res a Class 1E signal, + hat signal is isolated by a quellflod Class 1E Isolator before being utilized by a non-Class IE system.
Th,e' two systems which use microprocessors, multiplexers or computers for' Class 1E appIIcations are the Solid State Programmable Logic System (SSPLS) and the RaClation Monittring System. Information about these systems is provided bel ow. The Plant Data Handling and Display System (PDH&DS) is the largest cceputer system used in the plant. Information about this system is also provided below.
The Radiation Monitoring System has Remote Processor Stations which are, microporcessor based, radiation monitoring electronic and communication assemblies. PSAR Paragraph 11.4.2.1 describes the Remote Process Stations.
The microprocessor receives raw count rate and process system data, and manipulates the data into the desired form. Data exchange and monitor control g .
Is via channel dedicated multiplexed signal paths. Non-Class IE equipment cannot i
exercise control over a Class IE radiation monitor. Any data extracted from the Class IE monitors for use in. non-Class 1E equipment is via Class 1E grade butfers. . .
The Solid State Programmable Logic System controls and actuates Safety-Related, Class 1E equipment. It contains the control logic, signal conditioners, Isolation devices, and auxiliary circuits. The SSPLS can potentially use microprocessor based circuitry. PSAR Paragraph 8.3.1.1.2 F6ggr describes the SSPLS. ,
I The CRBRP Plant Data Handling and Display System (PDH&DS) is a non-saf ety-related microprocessor based system that interf aces with safety-related systems and non-saf ety-rela 1 )d systems as well for the purpose of retrieving data for operator Informatt x The system provides for information display and data handling, inoperable status monitoring of safety systems and emergency response f actiIty data display. In alI cases, Ciass 1E grade buf fers are used for isolation between the PDH&DS and safety-related systems.
I l
The PDH&DS is described in PSAR paragraph 7.8 l
(
l QCS421.15-1 Amend. 69 July 1982
.g _
INSERT 1 The solid state programmable logic system (SSPLS) can potentially use microprocessor based circuitry for control
- of safety-related equipment. Multiplexers and computers are not used in SSPLS.
The SSPLS will be utilized to control categories of equipment from the control room and remote shutdown panels such as: Circuit breakers and contactors for motors, chillers, solenoid valves, etc.
The SSPLS will receive manual inputs from the control pushbuttons and inputs from the field and other equipment ,
for control of each device. The SSPLS will perform tha necessary logic operations and interlocking functions and provide final outputs to each piec'e of equipment to be controlled. It contains control logic, signal conditioners, Class lE to non-Class lE isolation devices, power supplies and auxiliary circuits. The SSPLS equipment will be qualified to IEEE Standards 279-1971, 323-1974, 344-1975 and 383-1974 as required for all Class 1E equipment. The SSPLS is comprised of three (3) separate and functionally redundant safety-related divisions such that the failure of one division will not affect any component or equipment of the other two divisions. Equipment of different safety divisions are located in separate cells of the plant. Each of the three safety divisions has the capability to safely shutdown the plant. In addition, each functional circuit has been provided with dedicated components such that a circuit or component failure will only affect the operation of a single equipment. This will be achieved whether discrete logic components or microprocessors are used in the design of the SSPLS system.
Microprocessors, if used, will be tested and qualified to meet all requirements applicable to Class 1E equipment as described above. In addition, the microprocessor based circuitry will be dedicated to control only one device so that failure of the microprocessor will not affect the j failure of any other controlled component.
When microprocessor based systems are used, they will meet the following requirements:
Modules using microprocessors shall be capable of being tested on a discrete basis.
- SSPLS cards shall not use multiplexing.
Each microprocessor shall be furnished with continuous self-diagnostic capability to interrogate its function.
O
- . - , - , _ - , . . - , - . _ . _ , , _ ,r_..,. __. ._ , _ __y -
SSPLS will be designed for maximum reliability and availability. SSPLS availability for each device channel shall be 99.99554. In determining device channel availability, a device channel ' failure.is defined as the inability of the SSPLS to initiate equipment actuation signals and associated status '
indication signals in response to any input command.
A description of the transfer of SSRLS controls is given below.
j . -
Each SSPLS cabinet shall be provided with one Master Transfer Switch (MTS) and Individual Transfer Switches (ITS) for each individual equipment to be centrolled.
The Master Transfer Switch will permit the transfer of control of all the associated equipment from control Room to the local control panels and vice versa. .
The Individual Transfer Switch will permit the transfer
! of control of individual equipment from the Control Room
- j .
to the local control panel and vice versa.
InordertocontrolindividualequYpmentfromaremote location, both MTS and ITS must be in the remote position.
Similarly, in order to control individual equipment from a local station, ITS must be in local position.
Irrespective of the type of hardware used (discrete compo-nents or microprocessor), the channel information is pro-cessed to the end actuator and each piece of the process is testable on a periodic basis to demonstrate integrity. This includes any manual actuation functions supplied by the system to insure compliance with IEEE 279. If microproces-sor based circuitry is used, the sof tware used to implement the microprocessor logic will also be testable. The soft-ware used will be subjected to verification and validation and will meet the requirements of IEEE 730-1981 (Standards for Sof tware Quality Assurance Plans) . The features l provided for periodic testing can also be used to operate t
the equipment manually.
l Also, in the unlikely event of a random failure of the SSPLS control circuitry for any device controlled by one SSPLS safety division, the ability to initiate the redundant device in the other SSPLS safety divisions will not be affected.
d
Attachment 1
., 4 J' Question CS421.15.
Prga 1 of 16 LIST OF SOLID STATE ,
PROGRAMMABLE LOGIC SYSTEM CIRCUITS SAFETY SYSTEM DESCRIPTION . VOLTAGE DIVISION Power Dist. System Bus 3A Undervoltage Monitoring. 4.16 KV 1 Off-Site. Voltage Mon.
Aux. Transf. Inc. Bkr.
Res.Transf,Inc. Bkr.
Diesel Gen. Dd-A Control Diesel Gen. DG-A Bkr.
Diesel Gen. DG-A Sequencer USS 27A FDR USS 28A FDR
- USS 32A FDR
' P USS 33A FDR Bus 3B Undervoltage Monitoring 2 Off-site Voltage Hon.
Aux. Transf.Inc. Bkr.
Res.Transf,Inc. Bkr.
Diesel Gen. DG-B Control Diesel Gen. DG-B Bkr
. Diesel Gen. DG-B Sequencer USS 27B FDR USS 28B FDR ,
USS 32B FDR _, ,
l if USS 33B FDR '
1 ..-
1 USS 27A Undervoltage Monitoring. 480 V 1 .
Main Bkr.
MCC 42A FDR .,
l' ,U MCC 60A FDR 1 f 1 r
/
. .J___.... ..u......-.. .. ._ :' : ., , . . . _ - . _ aka
- Page 2 of 16 SAFETY
~
SYSTEM DESCRIPTION VOLTAGE DIVISION
~
Pcwer Dist. System USS 28A Undervoltage Monitoring 480 V l Main Bkr.
MCC 40A FDR 4 MCC 50A FDR MCC 52A FDR -
USS 32A Undervoltage Monitorlag .
Main Bkr.
3 MCC 41A FDR V MCC 58A FDR USS 33A Undervoltage Monitoring Main Bkr.
V MCC 51A FDR USS 27B Undervoltage Monitoring 2
. Main Bkr.
MCC 42B FDR Y MCC 60B FDR USS 28B Undervoltage Monitoring Main Bkr.
MCC 40B FDR MCC 50B FDR MCC 52B FDR USS 32B Undervoltage Monitoring Main Bkr.
MCC 41B FDR Y MCC 58B FDR USS 33B Undervoltage Monitoring Main Bkr.
V Y MCC SlB FDR V V O _ _ _ _ _ _ _ . _ _ _ _ _ . _ _
, , Pcga 3 of 16
- SAFETY ~
SYSTEM DESCRIPTION VOLTAGE DIVISION Emergency Chilled- Emerg. Chillor lA 4.16 KV 1 Water System Emerg, ChilIer 1B V 2 Emerg. Chiller Wtr. Pump 2B 4 80 V 2 Emerg. Chiller Wtr. Pump.2A 1 Chilled. Water Dowtherm J Pump 6A . 3 Chilled Water D~wtherm J Pump 6B ;'I 3 ISMS CAB 91AAB019 -
2 ISMS CAB 91AAB019 ,
1,
~~
A0V 141AR 120 V 2 A0V 141AD 2
. A0V 141EB 2' A0V 141BD
- 2 s
AOV 13 & 23A 1 A0V 19A & 22A 1 A0V 13B E 23B 2 A0V 1SB, 19B & 22B 2 A0V 304 A 1 4 4 '
A0V 304B ,V 2
=
e l
- pag 3 4 of 16 SAFETY SYSTEM _ _ _ . _ _ DESCRIPTION VOI/fAGE DIVISION HVAC System RSB UCA137 Fan K137 480 V 2 .
RSB Filter Unit A184A Fan KISSA 1 ,
RSB Filter Unit A184B Fan Kl85A 2 RSB Filter Unit A104A Fan K104A 1 RSB UCA104B Fan K104B 2 .
RSB UCA133 Fan K133 , 1
~
RSB UCA134 Fan K134 2 RSB UCA145 Fan K145 2 -
RSB UCA132 Fan K132 2-RSB Unit Cir. A139A Fan K139A
- 1 RSB Unit Cir. A139B Pan K139B 2 RSB Unit-Cir. A142A Fan K142A . 1 RSB Unit Cir. . A142B Fan K142B 2 RSB Unit Clr. A143 Fan K143 1 RSB Unit Clr. A146 Fan K146 1 RSB Unit Clr.~A138 Fan K138 U ,
1
'RSB Filt. Unit A184A Isin. Dampers 120 V. 1 RSB Filt. Unit A184B Isin. Dampers 2 RSB AHU A184A A0D032A, 33A, 262A 1 RS3 AHU A184A A0D263, 264, 265A 1 RSB AHU A184B A0D32B,. 33B, 262B 2 RSB AHU'A184B A0D263B, 264B,'265B 2 RSB AHU A184A MOD 186A & 203A 1 RSB Filter Unit A184A MOD 197A & 1 l MOD 200A RSB Filter Unit A184A & B 1 FMDl96A & MOD 269A RSB Filter Unit A184B 2 FMD196B & MOD 269B RSB Filter Unit A184B 2 Y MOD 186D & MOD 203B P e
e G
- ,.-,..--r-- ..,-,----,m 4,-- <-.. . . .,,,--.-. - - - -- ----,,,_,,---r,y 7, , - . w----------.m-- ,,* , - . , , - -- - - - - - , - - * -
Page 5 of 16 ,
' ~
SAFETY SYSTEM DESCRIPTION VOLTAGE DIVISION RSB Filter Unit A184B 120
_ .RSB Filter Unit A184B q p _2 FMD 196 B & MOD 269B ECT H&V' Unit Supply Fan K100A 4Il0 V ,
1 ECT H&V Unit Supply Fan K100B V 2 ECT H&V Unit A100A TMD002AA & 002AB' 120 V- 1 ECT H&V Unit A100B TMD002DA&OO2BB U . 2 CB ACU A412 Supply Fan K412 -
4h0V 2- -
l CB ACU A410A Supply Fan K410A 1 CB ACU A410B Supply Fan K410B 2 CB ACU A411 Supply Fan K411 1 CB ACU A411 Supply Fan K452 . . 1 l
~
CB Filter Unit A471A Supply Fan K441A 1 CB Filter Unit A471B Supply Fan K441B 2 l
CB Control Rm Return Air Fan K451A 1 ,
CB ACU A412 Return Fan K453 2 CB Battery Rm. Exh. Fan K461 2 CB Battery Rm. Exh. Fan K462 '1 CB Control Rm. Return Air Fan K451B 2 CB Battery Rm. Exh. Fan K464 2 CB Battery Rm. Exh. Fan K463 V 1 CB ACU A410B MOD 057B E077B 1*10 V 2 CB ACU A410A MOD 057A &O77A. 1 CB Filter, Unit .'.471B Damper MOD 167B 2 CB Filter Unit A471A Damper MOD 167A 1 Y CB Intake Isin. V A0V 122A y 1
^
l
. . . Paga 6 of 16
~
SAFETY i SYSTEM-- - - -- - - - - - -
DESCRIPTION - -
VOLTAGE DIVISION--!
1 5 CB Exh. Isin V A0V064A 120 V 1 CB Intake Is'in V A0V123A 1 CB Intake Isin V A0V122B 2 CB Exh Isin V A0V064B' 2 ,,
CB Intake Isin V A0 123B 2 CB Intake Isin V MOV047A ~
. 1
~
l CBIntake Isin V MOV104A -
1 CB Intake Isin.V MOV047B ,
2 ,
CB Intake Isin V MOV104B . 2 CB Filter Unit A471A MOD 076A -
1 CB Filter Unit A471B MOD 076B~ 2- -
I' CB Filter Unit A410B MOD 075BA & BB 2
.CB ACU A410A MOD 075AA & AB 1 CB ACU A4'10B PMD056BA & BB 2 CB ACU A410A PMD056AA & AB 1 CB Fans K465 & K467 AOD169- 2
. CB Fans K465 & K467 A0D168 1 CB Filter Unit A471A FMD072A 1 CB Filter Unit A471B FMD072B :M 2
~
RCB Annulus CLG Fan K174A 4 8'O .V 1-RCB Annulus CLG Fan K174C 1 RCB Annulus CLG Fan K174E- 1 RCB Annulus CLG Fan K174B 2 RCB Annulus CLG Fan K174D 2 RCB Annulus CLG Fan K174F 2 RCB Scrubber EXH Fan K175A 1 i RCB Scrubber EXH Fan K175B 2 RCB Annulus Filter Fan 173A 1 RCB Annulus Filter Fan K173B 2 RCB Annulus Fan K172A < 1 RCB Annulus Fan K172B 2
'I
. RCB Unit Cooler A021 Supply Fan K021 U 1 e
O m
Page 7 of 16 SAFETY SYSTEM DESCRIPTION VOLTAGE DIVISION RCB Unit Cooler A022 Supply Fan.K022 480 2
,- RCB Unit Cooler A023 Supply Fan K023 1 RCB Scrubber Exh Fan K175A 1 RCB Annulus CLG Fan K174A 1 RCB Annulus CLG Fan K174C 1 y RCB Annulus CLG Fan K174E 1 BCB Annulus CLG Fan K174F 2 RCB Scrubber Exh 7an K175B 2
. RCB Annulus CLG Fan K174B -
2 -
RCB Annulus CLG Fan K174D' 2 9 RCB Exh Fan A175A FMD027A 1 F 1
- * * * * * * * * * * * ~
- 5 ,
- e l ,
l '..
e O
e 1
- , - - - , , , w , . - - - , - - - . - - - - , . , , - - - . , , , . . - - - - - - - - - - - , . - - , , , - - - , -, . . , , , , , , . - , . , - . . _ . , , . , _ _ _ - . _ _
- . Ptga Scf 16
-i SAFETY SYSTEM DESCRIPTION VOLTAGE , DIVISION
-u RCB Annulus Filter A182A AOD017A 130 1
. RCB Annulus. Filter A182A AOD018A 120 1 RCB Arnulus Filter A182B AOD017B 120 '2
. RCB Annulus Filte.r A182B AOD,018B 120 2 RCB Containment Purge Valves 4 80 1 -
[.
- NOV019A, 19C , ,
RCB Containment Purge Valves ,
2 ,
MOV019B & 19D ,
1 RCB Containment Vent Valve MOV106A .
2
. RCB Containment Vent Valve EOV106B 1 /
RCB Containment Vent Valve MOV106C 2
~
RCB Containment Vent Valve MOV106D U 1 RCB Containment Vent Valve FMV107A 120 ~2 RCB Containment Vent Valve FMV107B 120 2 '
RCB Annulus Fan A172B MOD 015B & PMD 138B 480 1 RCB Annulus Fan A172A MOD 015A & PMD 138A , i RCB Annulus Fan A172A FMD014A &. MOD 016A 2 . -
l RCB Annulus Fan A173B FMD014B & MOD 016B 1 l
RCB CLG Fan A174A, C, F, MOD 001A, 001C, 001E RCB CLG Annulus CLG Sys MOD 090A, 090C 1
~
RCB Annulus CLG Sys MOD 090B & 090D 2 RCB CLG Fan A174B, D, F MOD 001B, 001D & 2 001F .
RCE EXH FAN A175A MOV108A, 109A l-RCB EXH FAN A175B MOV108B & 109B V 2 -
RCB EXH FAN A175B,FMD027B 120 -
2-DGB Room A Emer Sply Fan K341 480 1 .
DGB Room A Emer Sply Fan K341B l-l DGB Room B Em.ar Sply Fan K342A 2 N DGB Room D Emer Sply Fan K342B V 2 I
s .
e n-., - - - - .
-v.-.--,_, , - . - , - , , . . . , , - , ,,,_-,_---- - ._.., -._- . . . _ . . , , , _ , , _ ,,,.,. . ,.w- - , - , -- -,. - - - - _ . -
, Pcga *9 of 16 SAFETY
_ SYSTEM _ _
DESCRIPTION VOLTAGE DIVISION DGB Sply Fan v K341A&B MOD 002A & 002B 4 fl0 1 DGB Sply Fan 1041A&B TMD001A & TMD001C ' 1 DGB Sply Fan K341A&B TMD001B & TMD001D 2 DGB Sply Fan K342A&B TMD008A & 008C 2 l- DGB Sply Fan K342A&B TMD008B & 008D 2'
, DGB Sply Fan K342A&B MOD 010A & MOD 010B 2 SGB UC A221A Fan K221A 1 SGB UC A221B Fan K221B ~
2 SGB UC A222A Fan K222A 1 .
SGB UC A222B Fan K222B. -
2 SGB UC A223A Fan K223A -
1 SGB UC A223B Fan K223B 2 SGB AHU A204 Supply Fan K244A 2 .
. SGB ABU A204 Supply Fan K244B -
. 2-SGB AHU' A201 Exhaust Fan K261A .1.
SGB AHU A201 Exhaust Fan K261B 1 SGB AHU A202 Exhaust Fan K262A 2 .
SGB AHU A202 Exhaust Fan K262B 2 SGB AHU A203 Exhaust Fan K263A 1
~
"'" ~~
SGB AHU A203 Exhaust Fan i6i63B 1, ,
SGB AHU A204 Supply Fan K264A 2 SGB AHU A204 Supply Fan K264B 2-SGB AHU A206 Supply Fan K249A 1 SGB AHU A206 Supply Fan K249B 'l SGB AHU A206 Exhaust Fan K?67A 1 i ~SGB AHU A206 Exhaust Fan K267B 1 SGB UC A237A Fan K237A
l
Page 10 cf 16
.. =
l SAFETY SYSTEM _ _
DESCRIPTION _ . _ . VOL'TAGE DIVISION. b o F"B AHU A203 MOD 47A, 56A & 56B 120 1 I SGB Loop 1 Supply Fan K241A 480 1 SGB Loop 1 Supply Fan K241B 'l SGB Loop 2 Supply Fan K242A 2 SGB Loop 3 Supply Fan K243A 1 l SGB Loop 3 Supply Fan K243B JP 1 SGB ABU A206 Damper Control 120 1
. SGB AHU A204 Damper Control 2 SGB AHU A206 TMD196B,C,D & E 1 ,
SGB AHU A204 MOD 095A & 095B 2 SGB AHU'A206 TMD196B,C,D & E 1 ,
SGB AHU A206 MOD 200A&B y 1 SGB Loop 2 Supply Fan K242B 480 2 SGB AHU A204 MOD 072A, 082A & 082B 120 2 SGB AHU A206 MOD 196A, SOV092A&B 1 SGB AHU A204 MOD 072A, 082A, 082B 2
. SGB ABU A204 TMD110, SOV071A&B 2 SGB AHU A203 MOD 047A, 056A & 056B 1 SGB AHU A202 Damper Control 2 SGB AHU A203 Damper Control 1 SGB AHU A203 SOV164A&B, TMD175 1 SGB AHU A202 Damper TMD174 2 SGB AHU A206 MOD 198A&B 1 ,
SGB Exhaust Fan A263A&B, MOD 058A&B 1 SGB AHU A203 TMD047B,C,D & E 1 SGB AHU A201 Damper Control .. 1P 1 -
SGB Loop 1 Supply Fan K241A 1 l -40 SGB Loop 1 Supply Fan K241B 1 l
SGB Locp 2 Supply Fan K242A 2 Y SGB Loop 2 Supply Fan K242B 1r 2 l
5 1 .
. = .
- [..X. -
Page 11 of 16 SAFETY SYSTEM DESCRIPTION -
VOLTAGE DIVISION SGB Loop 3' Supply Fan K243A 480 1 SGB Loop 3 Supply Fan K2438 ,
480 1 .
~
. SGB AHU A206 TMD238 -
.' 120' 1
SGB AHU A201 TMD173, SOV159A&B l '
(. SGB AHU A203 TMD047B,C,D & E 1' SGB Exhaust Fan A262A&B, MOD 036A&B 2
^
SGB AHU A202 TMD025B,C,D & E 2 SGB Exhaust Fan A261A&B, MOD 012A&B ,
1 ,'
SGB AHU A201 TMD001B,C,D & E -
- 1 SGB Supply Fan K241A&B, MOD 01,0A, 010B & 1A 1 SGB; Supply Fan A242A&B, MOD 033A&B, 025A ,
-2 SGB AHU A203 TMD047B,C,D & E -
1 Y SGB AHU A204 TMD072B,C,D & E ,
f 2 8 -
9 a
, , peg 3 12 of 16 4 -
SAFETY SYSTEM . DESCRIPTION VOLTAGE DIVISION Fire Pump 4A 480 1 Fire Protection Fire Pump 4B 2 System' MOV121A 1
. MOV121B .
2
- MOV141 2
- . NOV269 l' -
. MOV207 1 MOV362 .
1
~
'I MOV303 ,
2 e
e a
9 e
E e
e l
---,,--,------,,._--,,-.....-?-- - - - _ . , - - - - . - - . . - - - , , , , . . . . , - . , . _ , , - , , , . - -
- - - . ~ , , - - - - - - . - - - . .
~ -
. Page 13 of 16 _
SAFETY SYSTEM .. _
DESCRIPTION _ - VOLTAGE . DIVISION R; circulating EVST Loop 1 ISLN V 23ECNV040 & 410 120 1 es Cooling System Na Mkup Pp & Pipeways Isin V NV001'A&B 1 Na Mkup Pp & Vessels Isin V 2 '
, 23ECNV353 & 354 Na Mkup Pp & Pipeways Isin V 1.'
23ECNV400 & 401 -
EVST Loop 2 Isin V 23ECNV403 qp 2
EVST Loop 1 Fan K001 480 1
~ ' ' '
EVST Loop 2 Fan K001 - -
4 B0 2 Na Mkup Pp & Pipeways Fan K001 -
1 Na Mkup Pp.& Vessels Fan K001 q , 2 EVST Loop 2 Isin V NV001A & B 110 2 Na Mkup Pp & Vessels Isin V 2 NV001A&B EVST Loop 1 Isin V NV001A&B 1 Na Mkup Pp/Pipeways Na Leak Detector I 1
~
e e
e
.e*
G G
l_ - _ _ _ _ .-----..--- -,-- , , . - . . - - .
- - , - . , . - - - - - . , - - - - - - - - - - - - - , - - - - - - - - - - - - - - - - - ~ - * ~
~', Pcge 14'cf 16 SAFETY SYSTEM ,
DESCRIPTION VOLTAGE DIVISION Reactor Heat PHTS Pony Motor 201A 480 1 Transpon IHTS Pony Motor 201A 1 System IHTS Pony Motor 201B .
2 l
l, ,
PETS Pony Motor 201B 2
. IHTS BRG Fan 112A 1 PHTS BRG Fan ll2A 1 ' .,
IETS BRG Fan ll2B . 2 :
PHTS BRG Fan 112B 2 IHTS BRG Fan 112C - 3 PETS BRG Fan 112C ,
3 IHTS Pony Motor 201C 3 Y PHTS Pony Motor 201C y 3 e
6 0
l l
4 s
v- = - -,- --___ , , _ _ - - _ - _.-__,,-w,,,-_, _ , , _ , ,,, ,.n,,,n,.. ,_,,_,, _ _ . , , . , , , , _ . . . _ , , , , . , . , , . _ . . . . - _ . , , _ .__
Pega 15 of 16 i;
_i.
j.
t SAFETY SYSTEM- - - - -
DESCRIPTION --
VOLTACDIVISION l'
Plant Service Emerg PlantSyCE Clg Twr Fan K002A 480 1 Water System Emerg PlantSVCEic1g Twr Fan K002B 2 Emerg PlantSVCE Clg Twr' Fan K002C 1 Emerg PlantSVCE C1g Twr Fan K002D '2 Emerg PlantSVCE Clg Twr Fan K002E 1 Emerg PlantSVCE Clg Twr Fan K002F 2 Emerg.. Plant SVCE Wtr Pump K001A . . .1 - ,
Emerg Plant SVCE Wtr Pump K001B . 2 Emerg Plant SVCE Mk Up Pitmp K002A 1 V Emerg Plant SVCE Mk Up Pump K002B U 2
.=
e e O
, ,. . - - - - , - _ - - - ~ .. - _ . ,,,,,_-,,y m- ,, _ _ _ , ,-_,-,_ , , , , , , , , , , , , . . _ . , , ,
Page 16 of 16 .,_
a SAFEW SYSTEM DESCRIPTION VOLTAGE DIVISICli Aux Liquid Aux Liquid Metal Panel 2A Fdr 480 1 Metal System
(
a
- Aux Liquid Metal Panel 2B For ,
- 2 i J, e 4
4 A, 9
O
. , 2 e
e
. 3 .
E e
- e
~
~
. g e
(
(
t
(
e e
~
i .
Attachment 2 l t 4 Questicn CS421.15 ,
Page 1 of 2 LIST OF ACROtWMS AUX - Auxiliary ,
.__. _AOV . .
.A.ir Operated Valve ,
AOD - Air Operated Damper ACU - Air' Conditioning Unit .
~
i AdU - Air Handling Unit
\
- BRG - Bearing ..,
CB - Control Building CLG - Cooling.
DGB - Diesel Generator Building ..
EVST - Ex-Vessel Storage Tank ECT - Emergency Cooling Tower .
FDR - Feeder ._.
FMD - Flow Control Motor Operated Damper -
EXH - Exhaust INC - Incoming ,
ISMS - Inoperable Status Monitoring System ISLN - Isolation .
IHTS - Intermediate Heat Transport System .
MCC - Motor Control Center
~
- MOD - Motor Operated Damper - -- - --- - - -
l' MG - Motor Generator MOV - Motor Operated Valve -
MK UP - Make Up Na - Sodium.
. PHTS - Primary Heat Transport System i .
l'
Page 2 of 2 .,_,
~
List of Acronyms, Continued PP"- Pump RES - Reserve' .
RSB - Reactor , Service Building
- RCB - Reactor Containment Buiiding RM - Room -
SGB - Steam, Generator' Building -
SOV - Solenoid Operated Valve SVCE - Service TMD - Temperature Control Motor Operated Damper TWR - Tower ,
UC'- Unit Cooler USS - Unit Sub-Station . .
WTR - Water -
e e
. 8 m
Enclocure 4 NRC CONCERN: The staff requires the applicant.to. provide _ _ . _ __
a-definitive statement that the single event that causes multiple control system failures (failure' or malfunction of shared power sources, or common sensors), concurrent with a protection .
channel in test, and any additional single
,- random failure within the protection system ,
will not result in consequences more severe than' those acceptable on CRBR for anticipated -
l operational occurrences.
RESOLUTION: The response to question 421.19, which addresses multiple control system failures, has been
- reviewed and it has been determined that the statement requested in the concern can be .
made. The revised response to 421.19 is attached.
i 1
6 f
i I
l
.. i ,
g -
. Questlan C1421.19 - .
, - A number of concerns have been expressed regarding the edequacy of' safety -
l' systems in mitigation of the kinds of control system failures that could -
- i actually occur at nuciear plants, as opposed to those analyzed in PSNt Chapter j.
.. 15 safety analyses. Although h Chapter li analyses are based on ,
conservative assumptions regarding f ailures of single control systems, - -
- i systematic revlees have not been reported to demonstrate that multiple control '
- j- , system fatIures beyondAho Chapter 15 analyses could. not occur because of - 7-2 single ev,ents. Among, the types of events that could initiate such multiple - * - . .
failures;, .tlie most significant are In our_ judgement those resulting from f ailur(.cr malfunction of power supplies or sensors common to two or more' "
control systems. *
- To provide assurance that the design basis event analyses adequately bound , .
multiple' control system N fa!!ures you are requested to provide the following -
Information:
~ *
- 1) Identify those control systems whose f ailure e malfun..tlo'n,could seriously impact plant safety. -
- 2) Indicate which, If any, of the control systems identified in (1) receive .
- power from common power socrees. The power sources considered should.
. Include all power sources whose f ailure or malfunction could lead to.
.g f ailure or malfunction of "more than one ciontrol system and should extend
- ! , to the ef fects of , cascading power losses due to the f allu-o of higher '
,.- level distribution panels and load centers. -
- 3) Indicate which, if,any, of the control systems identified in (1) receive input signals from common sensors, common hydraulic headers, or common '
. Impulse lines. -
The PSAR should verify that the design criteria for the control systems will
- be such that simultaneous malfunctions of control systems which could result
, from failure of a power source, sensce, or sensor Impulse line supplying power .
or signals to more than one control system will be bounded by the analysis of anticipated operational occurrences In Chapter 15 of the Final Safety Analysis Report.
.*se- **
- "'**** - **= 9 e - e. .e e
4 =
s -
e
,,, , . - - - - . - - - , , - - . , _ - , - - - - . - -,, - , , . - , , - . , , , ,,,,c,, ,,,-,--.,-,,,_,-,e---,-,--aww---. v,- ,--or--,-r- - - - ------v - "' '
..= . - - - - - - - - - - - - - - -. -- - - - - - -
l . . . .. .. . . . - - . . . - -
. . e' '
s .
Response , gc.4. H ,
The de n criteria for the Plant Protection System requiresthat control '
syst nctions do not as a consequence compromise the capability of
'lant p ystems to maintain the plant in a safe condition. Accordingly..the' Plant Protection System has been-designed to provide continuing protection
,. in the event of control system failures and malfunctions. The Plant Pro-taction System is designed as a safety related system and includes redundant
. instrument channels. qualified to safety grade requirements. Where control .
actions are accomplished by. plant control systems, functions important to '
safety are monitored through the Plant Protection System. Thus, the Plant i Protection System through its redundant sensory channels will sense and . i respond appropriately to the conseqt.sntial effects of control system failures or malfunctions. This includes failures or malfunctions within one control system that directly affect .the functioning of other control systems, e.g., .
loss of a power supply common to several control systems, or shared sensor inputs. ,
Evaluation of the application of these design criteria applied to CRBRP Plant Protection System and Plant Control System involves analysis of postulated events which could propagate the effects of failures or. malfunctions through more than one control system. Events which are considered to cause or result in such propagation are: ,
- 1) Loss of a single instrument ,
- 2) Break of a single instrument line -
- 3) Loss of power supply for all systems provided from a common power source (e.g..' a single inverter supplying several systems).
CRBRP control systems which may affect functions important to safety are: '
A Supervisory Control -
B Reactor Control C PHTS and IHTS Sodium Flow Control D) PHTS'and IHTS Pump Speed Control
- l. . E) Steam Drum Level Control F) Turbine Control G) Bypass Valve Control ,
Analysis of such events have been conducted for the control systems above.
These analyses show that for postulated events. considered in 1) thru 3) above the plant is maintained in a safe condition and no conditions result which Insert h are worse than those addressed in the PSAR Chapter 15, Accident Analyses.
l The analyses assume initial conditions to be'anywh'ere within the full operat-1 ing power range of the plant (i.e., 0-100",), where applicable.
The results of the analyses indicate that, for any of the postulated events can'sidered in 1) thru 3) above, the accident analyses in Chapter 15 of the PSAR are bounding.
'4 f)CS421.19-2
-=b
Insert
" Control system failures (including malfunctions of shared pov:er sources t or comnan sensors), which cause plant transients requiring reactor shutdown !
system action, will be terminated by the shutdown system within the CRBR I limits for anticipated operational occurrences. This includes the ,
condition of a protection channel in test and any additional singic random failure within the reactor shutdown system."
l f .
l l
5 b
___.a..-__._.- . __
Loss of An'y Sinal'e Instrument g
f- QC3 Ali.li-Median select cintuits are used by most of the control :ystems itemized above to provide the median (or middle) eof three sensors as the control feedback signal. For systems using median select circuits the failure of one sensor will t result in loss of control. The analysis in this section.
however, goes yond a sensor failure for these systems and considers a failure in t controller circuitry such that the feedback siinal fails high or low. a e 1 Loss of Any Controller Feedback Signal, is an eval-untion of the effect on the control systems and the plant caused by loss of l! the feedback signal either high or low. For control action in the unsafe direction, the bounding PSAR accident is listed. Where no control action
. occurs or where control action is in a safe direction, no bounding accident is given. This table clearly shows that for the feedback signal failing
.i high or low, events in Chapter 15 of the PSAR are bounding. Control systems that don't use median select circuits are discussed below.
The turbine EHC speed control as well as primary and intermediate pump speed control systems use auctioneering circuits rather than a median select circuit. The circuits are designed such that one sensor failure will not affect control. Two failures are required for loss of the control function.
Even though one sensor failure has no effect, this analysis considers failure of the feedback sign (1 high or low. Plant effects and bounding events are given in Table QCS421.19-1.
The turbine EHC flow control and bypass valve position control systems do not --
use median select circuits but rather single sensors for the feedback signal.
For these systems the failure of one sensor will result in a plant disturbance.
- Plant effects and the bounding event for failure of the feedback signal high or low is provided in Table QCS421.19-1.
pecs4ti.it- -
The analysis in Table'1 also covers the case of a sensor failure while test-ing a redundant PPS channel. Control systems that use buffered PPS signals all have median select circuits. For the worst case, the median select circuit would choose one of the failed input signals as the controller feed-back. The resulting transient is the same as that in Table 1 where the feed-back signal downstream of the median select is assumed to be failed high or low. -
locs41t.is-m QCS421.19-3
. , , , - - , ,--,.--,y. , , , - - - . , , , , . . , . , , . , . - . . , - - . - - - . ..n, , ,,, - - - , -
Comon Sensors Used By Control Systems Thiere are two cases where comon sensors are used by control systems. .The Supervisory Control and Bypass Valve Pressure Control systems both use pressure sensors in the main steam header. Each system has its own median
.. . select circuit, and the two systems are not in operation at the same time, therefom, failure of a comon sensor will not result in loss of control.~
The second case involve's the Supervisory and Steam Drum Level Control systems.
Both systems use superheater steam flow sensors and a common median select I
circuit in each loop. Since median select circuits are used in each loop, the failure of a single sensor will not result in loss of control in either .
l control system. In the event the median select circuit fails low, the MSSS power is reduced by the supervisory controller and feedwater in the affected
! loop is reduced by the drun . level controller. A reactor scram and SGAHRS l initiation results due to low drum level. ibt bounding event is Loss of Normal Feedwater (PSAR Section 15.3.1.6). In the event the median select fails high, NSSS power is increased but limited to'100f, power by a reactor control limiter and feedwater increases until a high drum level condition results in isolation of the main feedwater and a reactor trip. The Chapter 15 bounding event is not applicable for this case. .
Break of Any Single Instrument Line-The break of an instrument line comon to more than one control system fs .
not applicable to CRBRP. he am .ay b. um 1. Au. n.u.a an e *, == h.
and the common point is at the transmitter or median select output. These a=*8 ar ea
, two cases were addressed in the previous section.
l
' Loss of Power to a Protection Separation Group l ~
This section analyzes the effects on the control systems caused by the 1oss of an inverter powering a protection channel. If the bus to protection channel A, B or.C fails 1cd, then the affected PPS channel will trip and the following PPS buffered signals used by the control systems will drop to zero: Channel A B or C corresponding to the failed bus for reactor flux, primary sodium flow, intemediate sodium flow, steam drum level, superheater steam flow and feedwater flew. Since median select circuits are used to provide the median of the three buffered PPS signals as the controller feed-
_back signal, there will be no loss of control and no effect on the plant.
Chapter 15 accident analysis is not applicable. -
The following describes the effects in the event power is lost to a redun-dant protection channel while a PPS channel is under test:
- 1) If an inverter fails with power lost to the PPS logic, the da-d =aar *st is 4ci wi p1 4occur.
< % i nt satisfying the 2/3{ogic, %and a reactor scram
- 2) If a bus fails such that power is lost to a sensor or transmitter i _
but not to the PPS logic, the controller feedback signal in the ,
worst case will .be low as a result of two input signals t..a. (ou A w -
- e. .r C.h .a .- a A A .a 64 r.u...
QCS421.19-4 e,----w--, ,- ,r-~, , . ..-e- ----,,-,,,--+--,----n- _ - - - - - - , - - - - , , - , - - - - . - - - - - r,-,,- -.- , - - , - - - . - - . . . , , . , - . , , -, -n--n-- ----
l l Loss of Power to Control Systems This section examines the effects on the control systems caused by loss of a bus powering these systems. Most of the control systems are supplied by primary and alternate sources of peer and have~ redundant power supplies in the cab bets. The alternate power source will supply power in the event of a failure of the primary source. Thus, total loss of power requires failure of both power sources and is unlikely. For these control systems, loss of one supply will not result in loss of the control function and the Chapter 15 accident analysis, therefore, is not applicable. Control systems that are powered from one source are discussed below.
For the primary rod controller, there is some circuitry that is not powered from redundant supplies. In the event Non-1E UPS system A bus fails low.
all rod position displays will be lost and rod movement in group or single modes will be inhibited. No plant disturbance results since primary rods an.
p -.- d 4 -. n a a 4 n a s e ..a c. c w . c m . Plant operation will pro-ceed in accordance with technical specification limits.
For the primary and intennediate speed control systems, loss of either Non-Class IE 13.8 KV 480 VAC or 120 VAC buses feeding the pump drive equipment will lead to a pump trip followed by a reactor ' scram. The bounding event is Spurious Primary Pump Trip (PSAR 15.3.1.2). .
Besides the loss of power to control systems from the loss of a power dis- - -
tribution bus, there is a chance of having an electrical fault on one of the control. system circuit cards. The control systems are designed so that each l '
card is used in only one control system. A circuit card failure cannot l directly impact more than one control system. A failure on a control card would cause the controller to generate either an "off" or a "fulmln" output, l depending on the type of failure. This result would be similar'to having the feedback signal fail high or low. Therefore, the failure of or loss of power in any control system circuit card would be bounded by the loss of Any Con-troller Feedback signal analysis described in Table QCS421.19-1.3 r g u .,*w .n, Conclusions a C.u "
The preceding sections have shown that failures of individual sensors, loss of controller feedback signals,' breaks in instrument lines and loss of power to protection channels and control systems all result in events which are bounded by Chapter 15 of the PSAR or result in events with no control or plant impact. Therefore, the PSAR Chapter 15 Accident Analysis adequately bounds.the consequences of these fundamental failures.
\
QCS421.19-5 A O
l . 1 I -
,' 1, l ,
1 Table QCS421.19-1. Loss of Any Controller Feedback Signal !
l l - Assumed -
l Feedback Failure - Bounding j Signal System Direction Effect Event
~
- Rzactor Flux Reactor Control to Control rods are withdrawn Bounding event is Malopera- -
if flux control in auto tion of Reactor Plant Con-until high flux or flux-to- trollers (PSARSection ,
flow deviation rod blocks 15.2.2.3). -
i stop rod motion.
l Not appilcable.
Hi Control rods are inserted if flux control in. auto.
Ccre Exit Temperature Reactor Control Lo Control rods are withdrawn Bounding event is Malopera ,
if core exit temperature tion of Reactor Plant Con-control in auto untti high trollers (PSARSection . .
o flux or flux-to-flow devia- 15.2.2'.3). I' G tion rod blocks stop rod '
O motion.
." i G . Hi Control rods are inserted if Not applicable.
in core exit temperature con-trol in auto. ,
i Turbine Inlet Temper- Turbine Inlet to Control rods are withdrawn Bounding event is Malopera- '
ature Temperature if turbine inlet tempera- tion of Reactor Plant Con-Control ture control in auto until trollers (PSAR Section 15.2.2.3).
high flux or flux-to-flow deviation rod blocks stop rod motion.
Hi Control rods are inserted Not applicable.
If turbine inlet tempera- ,i ture control in auto.
~
e
, l'
.i 1
I i: i
, . i 4
Table QCS421.19-1 (Continued) j Assumed .
Feedback Failure Bounding Effect Event
- Signal System Direction-Turbine Inlet Pressure Turbine Inlet Lo Intermediate pump speed in Not applicable i
, Pressure Control . all loops increases if tur-bine inlet pressure control .
l J in auto. .,
~
Hi Intermediate pump speed in ' Bounding event is Loss of !
l all loops decreases if tur- Off-Site Electrical Power bine inlet pressure control (PSARSection15.3.1.1). ,
! in auto. ,
! Superheater Steam Flow Unit Load Control to Setpoints to all NSSS con- Not aplicable. , l (Load Programmer) trol systems will decrease i to 40% of design.
i a
l l U Hi Setpoints to all NSSS con- Bounding event is Malopera-g - trol systems will increase' tion of Reactor Plant Con- !'
to 100% of design. trollers (PSAR Section 4 . 15.2.2.3).
Primary Sodium Flow Primary Sodiuc to Primary pump speed increases Not applicable. l
, Flow Control if primary flow control in .
auto mode. ,
i Hi Primary pump speed decreases If flow controller output if primary flow ~ control in change is greater than 101 . -
3 auto mode. pump speed does not change due to speed control mode transfer to manual (open loop). If flow controller output change is less than 101 pump speed decreases over time. Hence, bounding event
- is Spurious Primary Pump Trip (PSr.R15.3.1.2).
p .
i .
. p Table QCS421.19-1 (Continued)
- Assumed ,
1 Feedback Failure
- Bound'ing . .
Signal System Direction Effect Event
- l intermediate Sodium Intennediate Flow Lo Intermediate pump speed Not applicable. ,
Flos Control increases if intermediate '
flow control in auto mode.
Hi Intermediate pump speed If flow controller output i decreases in affected loop change is greater than 10%.
. if intennediate flow con- pump speed does not change t trol in auto mode. Pressure due to speed control mode control increases pianp speed transfer to manual (open 1 in other loops. loop). If flow controller . ,
output change is less than ..
~
! g 10% pump speed decreases ,
u over time. Hence, bounding 2'
event is Loss of Off-Site ElectricalPower(PSAR ,
{ Section 15.3.1.1).
Frimary Speed Primary Speed ' Lo Speed control automatically Not appilcable. .
Control transfers,to open loop control. No plant distur-bance.
Hi Same as above. Not appilcable. , ;
Intennediate Speed Intermediate Speed to Speed control automatically Not applicable. I Control transfers to open loop con-trol. No plant disturbance. ,
Hi Same as above. Not applicable..
G
. l'
- z. .-
l Table QCS421.19-1 (Continued)
\ -
t .
Assumed Feedback Failure, Bounding j
Signal System Direction Effect . Effect ,
Steam Drum Level Steam Drum level Lo III Main feedwater flow increases Not applicable.
Control if steam drum level control
- is in auto. Increase in feed-water flow results id a high drum level and isolation of feedwater. Reactor trips upon -
isolation of main feedwater.
R Hl(2) Main feedwater flow decreases Bounding event is Loss of .. .
E if steam drum level control in Normal Feedwater (PSAR .
U auto. Reactor scram and SGAHRS Section15.3.1.6).
L initiation result due to low
?, - drum level.
Flow Reference Trim Turbine EHC Speed ,
to , Turbine steam flow decreases Not appilcable.
Control as control valves close. NSSS follows steam flow if in super-visory control mode.
Hi Turbine steam flow increases as Bounding event is Turbine all control valves open. NSSS Trip (PSARSection15.3.1.5).
follows steam flow up to 100%
power (high flux limiter in
. reactor control) if in super-
.visory control mode. At 100%
power, mismatch condition re- -
' suits in cooldown of the NSSS
- fo11 owed by a turbine trip on low pressure. ,
(1)Same effect for feedwater flow f'edback e falling low or superheater steam flow feedback falling high. '
(2)Same effect for feedwater flow feedback falling high or superheater steam flow feedback falling low.
i .- i Table QC5421.19-1 (Continued)
Assumed ,
Feedback Failure Bounding Signal System Directiod Effect Event ,
I' Valve Position Turbine EHC Flow to Turbine steam flow initially Not appitcable.
Control increases as effected control *
- valve opens. Increase in -
flow is minimized by other 3 control valves closing to compensate. Disturbance on -
NSSS is small and bounded by normal plant transients. ,
Hi Turbine steam flow initially Not applicable.
- decreases as affected control a o valve closes. Decrease in O flow is minimized by the other 2 3 control valves opening to compensate. , At 100% power.
G -
flow decrease continues due to
' limited compensation (valves
- o fullyopen). NSSS follows steam flow if in supervisory
( - control mode.
Valve Position Bypass Valve Lo Steam flow increases and Bounding event is Turbine Control pressure decreases as affect- Trip (PSARSection15.3.1.5).
' ed valve opens. If in load error mode, turbine trips on low pressure. If in pressure mode, other valves close to compensate; Possible turbine -
trip.
. Hi Steam flow decreases and Not applicable.
pressure increases as affect-ed valve closes. If in load error mode, NSSS follows steam flow reduction. If in presure mode, other valves open to compensate.
, l'
- ~
Table QCS421.19-1 (Continued) .
Assumed Feedback Failure Bounding Signal System Direction Effect Event ,
^
Pressure Bypass Valve to Valves close increasing tur- Bounding event is Failure Control bine inlet pressure and de- of Steam Bypass System ".
i creasing steam flow. (PSAR Section 15.3.2.4).
Hi Valves open decreasing tur- ' Bounding event is Turbine i bine inlet pressure and in- ' Trip (PSAR Section 15.3.1.5). i creasing steam flow with .
possible turbine trip on low 3 pressure.
iR w
~~ .
t.
l l
wv.-
ENCLOSURE 5 ._
The applicant is required to provide
\
NRC CONCERN:
justification (s) for the design criteria used l when the physical separation does not meet R.G.1.75 for the same divisions of the Primary and Secondary RSS and for the same division of DBRS and SGABRS.
RESOLUTION: Resolution of this issue is presented in two parts. The first part sets forth our I. . _- reasoning for why it is acceptable to locate .;
~
in the~same hazard area Primary and Secondary equipment of the same division; why it is acceptable to route Primary and Secondary cable 'trg the same hazard area; and why it is I
acceptable to route SGAHR's and DHRS cable of ,
the same division in.the same hazard area.
,(There is no SGAHR's and DBRS equipment located in the same hazard area, except for ,
the control room).
The second part of our response describes our criteria for equipment and cable separation, provides rationale why this criteria is acceptable and then describes where PPS, SGAHR's and DHRS equipment is located. In examining Table 1, Part 2, which shows equipment location, every item referenced by
e --__ -____- _.,-- _ Y -- e- , - , - , , - - , , , , , . - - , - - , . , . - - . - - -- --. - ---n , , - -
note 1 meets R.G. 1.75 separation requirements completely. Equipment referenced by notes 2 and 3 meet R.G. 1.75 requirements within its own system; however, for the RSS, Primary and Secondary equipment / cable of the same division may be located / routed in the same hazard area.
.. To the extent practicable, five or more feet of physical separation is maintained between
- Primary and secondary conduit when routed through the same hazard area. Note 3 provides'
, -- the basis for why this is acceptable. Note 4 2
indicates that SGABR's and DERS equipment is -
located in separate areas,.however, there is a limited amount of DBRS cable that is routed with SGAHR's cable of the same division. When this occurs, it is only for a distance of approximately 75 feet.
PART 1: Adeanacy of CRBRP Equipment Location and Cable !
separation l Part 1 addresses how CRBRP equipment location and cable separation criteria for the Reactor Shutdown
- T. System comply with the requirements of GDC 24 for
^ ~
_ . ;. . independency and. redundancy.
......2.
'~
. ' R. . ,. - -- . . , , -
Part 1 also shows how DERS equipment location and
~
_ .-[ cable separation comply with GDC 35. -
- 8- "
b 9
4~-_ ,, :*.
- a w
9 i
-, , ,w---,---- --w,--w. <a-----, ----e---
. - = . _ - _
i l
Criterion 24 - Reactivity Control Svatem _ _ _ _ _ _
Redundancy and Canabilitv _
l l
l "Two independent reactivity control systems of different design principles shall be provided. One system shall
- be capable of independently and reliably sensing and responding to off normal conditions to assure that under'
. conditions of normal operation, including anticipated operational occurrences, and with appropriate margin for malfunctions such as a-stuck rod, specified acceptable fuel design limits are not exceeded. The other system shall be capable of independently and reliably sensing and responding to off-normal conditions to assure that under conditions of normal operation, including anticipated operational occurrences, and with appropriate margin for malfunctions such as a stuck rod, the capability to cool the core is maintained. Each
! system shall have safficient worth, assuming failure of any single active component, to shut down the reactor from any operating condition to zero power and maintain suberiticality at the hot shutdown temperature of the l
.m--- , me ,,,,--,---,,m,,..,e-.--..,.
,.,--,-n- - - . ,.~-.,,_-.n-,,.,, -,s-r- , - , , - - - . - - - ----e----- , --
r ._ . ....._ _
coolant, with allowance for the maximum reactivity ... ____ ..
associated with any anticipated operational occurrence . -_ _ i or postulated accident. One of the systems shall be capable of holding the reactor core subcritical for any coolant temperature lower than the Hot Shutdown
~
temperature."
.. m . .: .
~
For.the concern of RSS cable routing and equipment
, location, sufficient cable and equipment separation has to be provided to assure Ebat the two shutdown systems *
, ,,._ ,- are independent. Application of Regulatory Guide 1.75 is one way to provide assurance that the shutdown systems have a sufficient degree of independency. For CRBRP, Regulatory Guide 1.75 has been used for separation between redundant divisions within an individual shutdown system. For separation between Primary and Secondary, Reactor Shutdown Systems) CRBRP considers that sufficient independency is provided if it can be demonstrated that concurrent failure of equipment
- located in areas subjected to a common accident environment does not prevent the safety functions from being performed. The following discussion shows that with concurrent failure of equipment located in a single hazard area the system function can be performed,
The design of the CRBRP RSS, as described in Chapter 7, has three divisions for each RSS - Primary and Secondary. Each individual RSS is designed to the i
single failure criteria. Analyses have been performed i
which demonstrate that each individual shutdown system can shut down the plant within acceptable design limits
,t~ ',' - without assistance from the other shutdown system.
- Because of the above, CRBRP equipment location and cable routing criteria allow equipment and cable of the same *
.. - primary and secondary division to be located in the same j hazard area since failure or destruction of cable and l equipment in one hazard area which contains nna division of primary and secondary equipment / cable will not affect the operation of primary and secondary equipment / cable of the other 1xn divisions. Since each RSS shutdown system is designed to the single failure criteria, each shutdown system will be capable of individually safely l
l shutting down the plant with tun divisions of equipment and cable available and thus their safety function will be performed.
In cases where primary and secondary equipment of the same division exist in a single area:
I n
4 i
o All protection system equipment located in the area is qualified for the limiting environmental conditions in which it would be expected to operate, or -
w
^
.._~_._.. o . Backup trip funct' ions for both the RSS systems are
~~
provided in separate areas. Each backup function would not be subjer.ted to the accident environment before the backup trip performed its reactor shutdown'
,4: function in the event of failure of the first-out trip. -- .
Table 1 provides examples of the design features related l to those cases where primary and secondary system equipment may be subject to a common accident environment.
l It is concluded that this interpretation of independence fully meets the intent of Regulatory Guide 1.75 for a plant with two protection systems and that the j separation of equipment supports GDC 24 which requires two independent reactivity control systems.
, - - - - - . . - ,.-----m- - , - - , - - - - - . ,,-w--, . , - - -,-err-----,,---- ..------------a- - - -
o .
- Criterion 35 - Reactor Residual Heat Ertraction Svatam "A reactor residual heat extraction system shall be provided to reliably transfer residual heat from the reactor coolant system to ultimate heat sinks under all plant shutdown conditions following normal operation,
._ _ including anticipated operational occurrences and
. postulated accident conditions. A passive boundary
- shall normally separate reactor coolant from the working fluids of the reactor residual heat extraction system.
l ;_ _ Any fluid in the residual heat extraction system that is separated from the reactor coolant by a single passive barrier shall not be chemically reactive with the reactor coolant.
Suitaole redundancy, independence and diversity in systems, components and features, and suitable interconnections, leak detection, and isolation l
capabilities shall be provided to assure titat for onsite l _ electrical power systems operation (assuming dffsite 1
power is not available) and for offsite electrical power system operation (assuming onsite power is not i
l av ailable) the system safety function can be .
l l accomplished, assuming a single feature, with at least l
1
. . l l
two flow paths remaining available for residual heat -
removal."
l Por the SGAHRS/DHRS cable routing concern, the analysis
(
of the following thr'ee limiting scenarios which bound design basis failures shows the adequacy of DER
,_ . _ - . separation.- _.<- ;
- 1) A PHTS Na leak as. an initiating event, followed by loss of one division of IE power, with off-site ou- ..
Power. unavailable, and'
!' 2) Failure of one division of IE power, followed by loss of second division of IE power, with off-site
~ power unavailable,1
- 3) Failure of one division of IE power, with loss of I off-site power followed by a steam leak disabling one steam generator loop.
l For the first scenario, the initiating event removes one l
1 This is not a credible event since it presupposes losing l
two divisions of lE power, however it is being used as a ilmiting event for this analysis.
Heat Transport System Path and the DBRS from consideration. The loss of lE power removes forced circulation from a second Heat Transport System path and from one-half the active components in the DHRS; however, the DHRS has already been disabled by the initiating event. :
, _ Decay heat removal continues with one Beat Transport
. . - . System path on pony motor operation and one Heat
- Transport System path on natural circulation. Transfer l of the heat to the ultimate heat sink is provided by
.- vent valves, with feedwater makeup by one motor-driven AFW pump and the turbine-driven AFW pump, in the two Heat Transport System Loops. The requirements of Criterion 35 are satisfied since one Heat Transport System-path with pony motor flow is capable of removing all heat from the time of shutdown and the two available Heat Transport paths, one on flow and one on natural circulation flow, meet the two flow path requirement.
This is not a credible event since only large PHTS leaks will disable DHRS and large leaks are not in the design l base. It is being used as a limiting event to-l conservatively illustrate the adequacy of the design.
{ . .
l For the second scenario, the initiating event removes power from one Heat Transport System path and one-half
- the DERS. The single active failure likewise removes power from the second Heat Transport System path and one-half the DBRS. Decay heat removal continues with one Heat Transport System path on pony motor flow and
-. . _ _ _ _ . two Heat Transport System paths on Natural Circulation.
As explained above for scenario one, the requirement of Criterion 35 are satisfied.
2- .
For the third scenario, a stsam line rupture is the ;
i l[~ postulated initiating event followed by loss of one -
electrical division, with off-site power unavailable.
For this scenario, the initiating event removes one Beat Transport System Path, due to loss of the ability to transfer heat through one path of the Steam Generator System to the Ultimate Beat Sink. The loss of one electrical division removes forced circulation from a second Heat Transport System' Path and removes one train of active components in the DBRS. Decay heat removal continues with one Heat Transport System path on pony motor operaticn and one Beat Transport System path on natural circulation. Additionally, the DERS is available as a backup with the capability to remove all
l -g-l reactor residual heat.
Transfer of the heat to the ultimate heat sink is provided by vent valves, with feedwater makeup by one 1
motor-driven AFW pump and the. turbine-driven AFW pump, l
in the two Heat Transport System Loops. The -
requirements of Criterion 35 are satisfied since one Heat Transport System path with pony motor flow is '
capable of removing all reactor residual heat. Two available Heat Transport paths, one on pony motor flow
,,._ and one on natural circulation flow meet the two flow path requirement. DERS is also available as a third flow path. .
In summary, the three scenarios explained above conservatively illustrate how the top level requirements provides in CRBRP Principal Design Criterion 35 for the Residual Heat Removal Systems are satisfied even though a failure in one division of lE power (e.g., cable fire affecting DHRS and SGHRS cables routed in the same cable tray) can affect both SGABRS and DBRS.
SCARRE and DHRS Senaration -
.--,,--,-~-----r--.- -. -.,e - - - . , - . , . . - - ,, , - - . , - - - , , , - - - - . - - _ , - - - - - - - - - - - _ . - - - - _ - - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . .
As shown in Table 1, (Part 2), equipment associated with DERS and SGAHRS are not located within the same hazard area. DHRS backup panels 81EPB003A (Division 1, lE) and 81EPB003B (Division 2, lE) are both located in Cell 311 to enhance operability of local control for EVST Processing.
DHRS backup panels 81FPB0028 (Division 1,
. l_. .. 1E) and 81 PPB 002B (Division 2, lE) are both located in
~ ~ ~
4 ! Cell 105V to enhance operability for local control of Primary Sodium Processing. The safety related cooling functions of both panels may be performed from the '
sc- control room. Therefore, since the local panels can be _
~
electrically isolated and the safety function performed from the control room, location of the panels is judged
~
to be adequate.
l l
l i
- - _ _ _ , . , - . - - ,, ...-.-. --.,r--,----w-- , , , . -.w - - + - - - - , - - - - - - - - - - - - - - -
.i .
{ .-
EBLE 1 i 1 -
j DESIGN FEATURES WHICH ALLON LOCATION OF PRINA1.2 AND SECONDARY 1
PPS EQUIPMENT IN AREAS WITH A COMMON ACCIDENT ENVIRONMENT i
i
~
SECONDARY EQUIPMENT LIMITING" ACCIDENT ~ RESOLUTION AREA PRIMARY EQUIPMENT Reactor 3 Ion Chambers 3 Fission Chambers Sodium Leak or All flus sensors located in Cavity Loss of Cooling separate thimbles.
{ (Dusted cell All flus sensors qualified '
no om2ustH2es) 3 sets of Permanent '
i Nagnet flovseter to withstand environment l' electrodes ~
following specified hasards.
\
Failure mode of flowmeter electrodes would result in l . safe failure. ,
l
! Steam 3 Steam Venturi 3 Steam Drum Level Steam Pipe Primary system has INE transmitters rupture or outlet temperature backup l Generator flowmeter dp Cells
- tubes sodium leak trip in a separate cell.
(3 separate cells) 3 feed flowmeter
- . secondary System has evapora-dp tubes ,
tor outlet temperature backup tri in a cell PPS signal condi- PPS Signal Condi= separated a blow out panel tioning for 1 tioning for 1 from the s.G. cell.
channel channel i
- Note that a failure of all equipment acaociated with stead / feed and steam drum level trips in one steam generator cell would still allow operation of both protection gystems through the action of the channels located in the other two cells (based on 2 ex 3 operation).
e e
4 e m'
\'
7
. ~ , ,
! TABLE 1 (Continued)
- I i
AREA PRIMARY EQUIPMENT SECONDARY EQUIPMENT LIMITING ACCIDENT RESOLUTION 4
- Instrument I vessel inlet 1 primary flow Storage tank Na Reactor is shut down and PPS
! Mazzanines pressure signal meter signal fire incontainment not needed for Na fire.
conditioning conditioning panel during shutdown ,
maintenance.
(3 separatt 1 Reactor Na Conventional fire Also, fire within one strue-
' structures level signal in area. ture would not be related to within conditioning any accident requiring prot-containment. each action system action.
structure contains 1 IHX Outlet temperature Physical separation of one division of signal condition-equipment) ing instrument areas will allow ppg operation by channels in other 2 structures.
i i
)
9 .
f l
9 t
e +4
PART 2: Equinment Location and cable seoaration criteria Part 2 defines the CRBRP equipment location and cable separation criteria used for the RSS, SGAHRS and DBRJ. It provides details about the actual equipment location and the basis for equipment location. The information is provided in DRAFT form since the design is not finalized. '
I
^
. o
~
4 et RSS. SCAMRM AND DNRM SE Reactor Shutdown Svatam The following criteria shall be followed for the
. . _ separation of RSS equipment-and cables.
- 2 53.- - -
-t - -
o All RSS cables shall be run in conduitis or enclosed raceways with cables of-redundant g ,
channels run in separate conduits or entlosed raceways.. - -
l .
~ 9 . .
- o. Primary and Secondary.RSS cables shall be run in separate conduits or enclosed raceways, o Wiring (cables) for redundant channels shall be brought through separate containment electrical penetrations. Separate penetrations shall be used for Primary and Secondary RSS cables.
o A minimum separation of 5 feet shan be maintained between conduits or enclor2d racet.ays of Primary and Secondary RSS of the same channel l
t h (Division), except in some areas of the HAA - -- _ _
where geometry prohibits 5 feet of separation or in other areas where panel locations prohibit 5 feet of separation.
DHRS and SGABRS 4
The following criteria shall be followed for the
- separation of DHRS and SGABRS equipment and cable.
. =
o SGAHR's and DHRS equipment shall be located in different hazard areas except for the equipment in the control room.
o Redundant cable within SGAHRS and within DERS shall be routed in accordance wi % Reg. Guide 1.75.
o SGABRS and DHRS cable of the same division may be routed together, but this will be limited.
I e
s -v a-<,-*.y g-w w - e w- r, e--w,----,c---,--v-et-- - - - - --- , e- m-----r-,---r-- - - , - -- ----v- -
r-- -
-- - -- -- e- -,-- - . . - - - - +-- -
RSS, SGAHRS, and DHRS Equipment Location '
and Cable Separation Design ,
The attached TABLE 1 provides a listing of najor equipment asso-ciated with the RSS, SGAHRS and DERS systems. The TABLE also contains their location, safety class and physical separation.
. It should be acted that the equipment located in the Main Control Room meet the separation requirements of IEEE 384-1974 and Regulatory Guide 1.75. SGAHRS and DERS equipment i
located in the Reactor Containment Building (RCB) are con-l tained in different cells as such, they are in separate hazard zones and, therefore, meet the separation requirements of IEEE 384-1974 and Regulatory Guide 1.75. Additionally, no SGARRS equipment are located in the Reactor Service Building (RSB) and si:nilarly, no DERS equipment are located ii the Steam Generator Building (SGB) . Therefore, as far as the equipment of SGAHRS and DERS systaa are concerned, they meet the separation requirements of IEEE 384-1974 and -
The majority of the cables and raceway associated with the DERS system are run in the RSB, similarly, the majority of
- the cables and raceways of the SGARRS system are run in
~
the SGB. The cables of the DERS and SGAHRS system, which run from-the Main control Room, may share common raceway for a short run in the vicinity of tlie Main Control Room.
After a short distance into the SGB, (approximately 75 feet) , the cables of SGAHRS and DERS systems are separated and run in different raceways.
The cables of the primary and secondary RSS systems are run in separate conduits. These conduits will be installed such that they are as far anart as practical.
It should be noted that cables, raceways and equipment of safety channels A, B and C (Division 1, 2 and 3) of RSS, SGAHRS and DERS systems are separated from each other as per IEEE 384-1974 and Regulatory Guide 1.75.
SUMMARY
- 1. RSS, SGAHRS and DERS equipment, cables and raceways of channels A, B and C (Divisions 1, 2 and 3) are separated from each other as per IEEE 384-1974 and Regulatory Guide 1. 75.
~-
- 2. SGAERS and DERS equipment of the same safety channel /
division are separated from each other as per IEEE 384-1974 and Regulatory Guide 1.75.
- 3. Cables and raceway of primary and secondary RSS will be physically separated to the maximum extent practical.
- 4. The cables of the same safety channel / division of the SGAHES and DERS systems are generally in separate plant areas and share common raceway for a very short distance (approximately 75 feet),
t
- e
- m. -ee 4 -
I
+4
=
0 l
l l
l
- -- ,- e, -
g-,,, --- . - . . , _ , ,. , ,,, , , _ _ ._ _.~
l
~
ORAFT , TABLE 1
=
CHANNEL / LOCATION SYSTEM EOUIPMENT DIVISION BLDrs.
EL. CELL RB1 ARKS 1 PRIMARY 56PRB111BP B/2 RCB ~ 824' 163 Note 2 & 3 RSS Panel, I&C Loop 2 PRI PPS 56PRBillAP A/1 RCB 824 162 Panel. I&C Loop 1 PRI PPS 56PRB111CP C/3 Panel. I&C Loop 3 RCS 824 164 7 -
PRI PPS 99PSB001A Af a CR 816 431 Note 1 Cabinet PRI BUFF, CH. A -
99PSB001B A/1 CR 816 431 Cabinet, PRI TERM, CH. A 99PSB001C A/l CR 816 431 Cabinet PRI --
COMP, CH. A q
99PSB003A A,B,C CR 81 6 Note 5 431 Cabinet, PRI ISOL 1 99PSB0038 Logic 1 CR 816 431 Note 6 Cabinet, PRI LOGIC 1 99PSB001D B/2 CR 816 431 Note 1 Cabinet, PRI BUFF CH. B 99PSB001E B/2 CR 816 431 Cabinet, PRI TERM, CH. B l 99PSB001F B/2 CR 816 431 Y Cabinet, PRI COMP CH. B CR -
Main Centrol Room EEB - Electrical Equipment Building
- l RCB - Reactor Containment Building SGB - Steam Generator Building RSB - Reactor Service Building
a g 4
~
DRAFT 1
~
CHANNEL / LOCATION SYSTEM EOUIPMENT_ DIVISION BLDG. EL. CELL REMARKS PRIMARY 56SGB0988 B/2 SGB 806 242 Notes 2 & 3 RSS Rsck, Primary .
PPS, CH. B 56SGB0998 B/2 SGB 806 242 Rack, Primary PPS, CH. B 56SGB097C C/3 SG8 806 243 Rack, Primary PPS, CH. C
_. 56SGB098C C/3 SGB 806 243 Rack, Primary PPS , CH. C -
56SGB099C C/3 SGB 806 243 Rack, Primary PPS, CH. C
-~
56INBillAP A/1 SGB 733 207
- Panel IE Loop 1 PRI PPS 56INBillBP B/2 SGB 733 208 Panel, I&C Loop 2 PRI PPS 56INBillCP C/3 SGB 733 209 Panel I&C Loop 3 DRI PPS 12 NIB 003A A/l EEB 794 521 13.8KV PT & Relay t CAB Primary 12?;IB00~ 5 B/2 EEB 794 524 13.8KV P7 & Relay CAB Primary 12 NIB 003C C/3 EEB 765 532 Y 13.8KV PT & Relay CAB Primary l
l l
l l-i
(
e g 8 DRAFT :
CHANNEL / incATinN
.. SYSTEM __ .- . EQUIPMENT DIVISION BLDG. -QT,- CELL -REMARKS PRIMARY 99PSB003C A,B,C, CR 81 6 431 Note 5 RSS Cabinet, PRI ISOL 2 99PSB003D Logic 2 CR 816 431 Note 6 Cabinet, PRI LOGIC 2
~
99PSB001G C/3 CR 816 431 Note 1 Cabinet, PRI BUFF CH. Ct 99PSB00lH C/3 CR 81 6 431 Cabinet, PRI .
TERM, CH. C 59PSB00lJ C/3 CR 816 431 Cabinet, PRI COMP, CH. C Ow q_.
, 99PSB003E A,B,C CR 816 431 Note 5 Cabinet, PRI ISOL 3 99PSB003F Logic 3 CR 816 431 Note 6 Cabinet, PRI LOGIC 3 i
l 56SGB097A A/l SGB 806 241 Notes 2 & 3 Rack, Primary PPS, CH. A l 56SGB098A A/l SGB 806 241 Rack, Primary PPS, CH. A 56SGB099A A/l SGB 806 241 Rack, Primary PPS, CH. A 56SGB0978 B/2 SGB 806 242 y Rack, Primary PPS, CH. B f
a
Page 4 --
m i CHANNEL / LOCATION SYSTEM EOUIPMENT DIVISION BLDG. EL. CELL _ __RE54 ARKS __
SECONDARY 99PSB002G C/3 CR 816 431 Note 1 RSS Cabinet, SEC BUFF, CH. C l 99PSB002H C/3 CR 816 431 l Cabinet, SEC l TERM, CH. C 99PSB002J C/3 CR 813 431 Cabinet, SEC COMP, CH. C 99PSB004C C/3 CR 816 431 Cabinet, SEC SOL. , DR. C i 56SGB094A A/1 SGB B06 241 Notes 2 & 3 Rack, Secondary l PPS CH. A '
1 -
!" 56SGB095A A/1. SGB
~
806 241 Rack, Secondary PPS CH. A 56SGB096A A/l SGB 806 241 Rack Secondary PPS CH. A 56SGB0948 B/2 SGB 806 242 Rack, Secondary l PPS CH. B l
l 56SGB0958 B/2 SGB B06 242 Rack, Secondary -
PPS CH. B 56SGB0963 B/2 SGB 806 242 Rack, Secondary i PPS CH. B 56SGB094C C/3 SGB 806 243 Y Rack, Secondary i
h
. - - . - - O
. k
- _ LOCATION -
' . l? .*.
CHANNEL / .
siSTEM DIVISION EQUIPMEN_T BLOG. EL. CELL REMARKS
~
P.-ir.,ary RSS 95AAB003A A/1 Enclosure, P.R.
RCB 802 151 - Note 1 .. ~' .
, June.. Box, Ch. A 95AAB003B . . . . .-
,, B/2 RCB 802 151 -
Enclosure, P.R. .
June. Box, Ch. B -
95AABG03C C/3 RCB B02 1 51 *.'.*,
Enclosure, P.R. -
Junc. Box, Ch. C -
l-92AAB062A l
Termination Reactor A/1 RCB 802 1 51 '..
Level Sensor Ch. A -
9'2AAB'0023 B/2 RCB 802 1 51 Termination Reactor -
Level sensor Ch. B ,
92AAB002C C/3
. RCB 802' 151 Termination Reactor Level Sensor Ch. C .
Secondary 95AAB006A A/l RCB 802 151 RSS Enclosure. W.R.
Preamp. Ch. A 95AAB0058 B/2 RCB 802 151 Enclosure. W.R.
Preamp. Ch. B 95AAB005C C/3 RCB 602 151 l Enclosure, W.R. y l .
Preatrp. Ch. C - ~
l
Pace 5
~
DRAFT CHANNEL / LOCATION
--SYSTEM EQUIPMENT DIVISION El.0G. EL. CELL REMARKS SECONDARY 56SGB095C C/3 SGB B06 243 Notes 2 & 3 RSS Rack, Secondary PPS CH. C 56SGB096C C/3 SGB 806 243 Rack, Secondary .
733 207 Panel ISC Loco 1 .
SEC PPS .
56INB111BS B/2 SGB 733 218 Panel I&C Loop 2 SEC PPS 56INBillCS C/3 SGB 733 209 Panel I&C Loco 3 SEC PPS 12 NIB 004A A/l EEB 794 521 13.8KV PT & Relay CAB Secondary l' 2NIB 004B 8/2 EEB 794 524 13.8KV PT & Relay CAB Secondary l
12 NIB 004C C/3 EEB 765 532 y 13.8KV PT & Relay CAB Secondary t
~
~ -
Page 6 -
DRAFT -
CHANNEL / LOCATION SYSTEM EQUIPMENT DIVISION
_ _ _ _ BLCG. EL. CELL REMARKS SECONDARY 56PRBillBS B/2 RCB 824 163 Notes 2 & 3 RSS Panel, I&C Loop 2 SEC PPS 56PRBillAS A/l RCS - 824 162
, Panel, I&C Loop 1 l SEC PPS 56PRBillCS C/3 RCB 824 164 Panel I&C Loop 3 SEC PPS 99PSB005A A/1 CR 816 431 Note'l Cabinet. SEC BUFF, CH. A 99PSB0028 A/l CR 816 431 l Cabinet, SEC .
! TERM, CH. A -
~~
99PSB002C A/l CR 816 431 Cabinet, SEC COMP, CH. A 99PSB004A A/l CR 816 431 Cabinet, SEC SOL DR. A 99PSB002D B/2 CR 816 431 Cabinet, SEC BUFF, CH. B 99PSB002E B/2 CR 816 431 Cabinet, SEC TERM, CH. B 99PSB002F B/2 CR 816 43; Cabinet, SEC COMP, CH. B 99PSBO')43 B/2 CR 816 431 Cabinet, SEC SOL, DR. B l
1 DRAFT
=
CHANNEL / LOCATION SYSTEM EQUIPMENT DIVISION A.__
BLDG. CELL REMARKS SGAHRS 52ACH001A A/l SGB 862 281 Notes 3 & 4 Condenser, PRO Air Cooled -
52ACH001B 8/2 SGB 862 282 Condenser, PRO Air Cooled 52ACH001C C/3 SGB 862 283 Condenser, PRO Air Cooled 52AFKC01A A/l SGB 733 204A Drive, Motor, AFV -
Pump 52AFK0018 B/2 SGB 733 204B i
I Drive, Motor, AFW Pump 56HR8110A A/1 SGB 836 272A Panel, SGAHRS I&C Loop 1 56HRB110B B/2 SGB 836 272B Panel, SGAHRS I&C '
Loop 2 56HRB110C C/3 SGB 836 272C Danel, SGAHRS I&C 1
Loop 3 l
l 56HRB010A C/3 SGB 733 202A SGAHRS ST TURBINE t
GOVERNOR CONT l
O i
. . - - - .__ _ _ -- _ m __
Page 8 CHANNEL / LOCATION
- ~ ~ ~ SYSTEM EOUIPMENT DIVISION BLDG. CELL
- h. -- . REMARKS ---
SGAHRS 56 INK 201A A/l SGB 806 244 Notes 3 & 4 Motor, IHTS Pony Mtr DR 56 INK 201B B/2 SGB 806 245 Motor, IHTS Pony Mtr DR 56 INK 201C C/3 SGB 806 246 Motor, IHTS Pony Mtr DR
- i. .
DRAFT .
1.~ .
56PRK201A A/l RCB 795 161C PHTS Pony Motor DR 56PRK201B B/2 RCB 795 1610
- PHTS Pony Motor DR 56PRK201C C/3 RCS 795 161E PHTS Pony Motor DR 5SSGB001A A/1 SGB 836 272A Panel, OSIS I&C Loop 1
, 56SGB001B B/2 SGB 836 272B panel, OSIS I&C Loop 2 56SGB001C C/3 SGB 836 "
272C Panel, OSIS I&C Loop 3
'~'
DRAFT .
W CHANNEL / LOCATION
-SYSTEM ---- _ ..
EOUIPMENT DIVISION BLDG. Q. CELL REMARKS SGAHRS 56SGB003 A/1 SGB 836 272A Notes 3 & 4 Panel SWRPRS 18C Loop 1 56SGB0028 8/2 SGB 836 2728 Panel SWRPRS ISC Looo 2 56SGB002C C/3 SGB 836 272C Panel SWRPRS I3C Loop 3 56SGB100A A/l CB 816 431 -
SGS/SGAHRS Logic PNL DIV 1 l 56SGB1008 B/2 CB 816 431
. SGS/SGAHRS Logic PNL DIV 2 56SGB100C C/3 CB 816 431 Y, SGS/SGAHRS Logic PNL DIV 3 i
O
'~'
DRAFT
~
CHANNEL / LOCATION SYSTEM EQUIPMENT DIVISION BLDG. EL. CELL REMARKS DHRS S1AAB018A A/1 CB 816 431 -- - Notes 3 & 4
~~- Panel, Control Room
.81 AA80188 B/2 CB 816 431 Panel, Control Room l
l 81EPB003A A/1 RSB 842 311 Panel, EVS Processing 81EPB0038 ~ B/2 RSB 842 311 Panel. EVS Processing 81EPE004A A/1 RSB 765 352A Cabinet, EVST Pumo "
Control
~
81EPE0048 B/2 RSB 765 353A
~~
Cabinet EVST Pump Control 81EPE005A A/1 RSB 765 352A
- Cabinet VAR XFRM EVST Pump 81EPE0058 - 8/2 RSB 765 353A Cabinet VAR XFRM EVST Pump l 81EPE006A A/1 RSB 765 352A Cabinet, Capacitor EVST Pump 81EPE006B B/2 RSB 765 353A l Cabinet, Capacitor EVST Pump 81EPH002A A/1 RSB 765 352A Heat Exchr EVST Air Blast 81EPH0028 B/2 RSB 765 353A Heat Exchr EVST Air Blast
.. - . . . _ _ _ - = . .-. _ _ _ . .
Page 11 DRAFT :
~ '~
CHANNEL / -LOCATION -
~ SYSTEM ~~ ~ EQUIPfiENT DIVISION BLDG. L. CELL REMARKS DHRS 81EPP002A A/l RSB 779 360 Notes 3 & 4 Pump, NA EM EVST 81EPP0028 B/2 RSB 779 357 Pump, NA EM EVST 81 PPB 002A A/l RCB 794 105V Panel, PRI NA Process ,
81 PPB 002B B/2 RCB 794 105V Panel, PRI HA Process 81PPE001A A/l RCB 733 105F ,
Cabinet, Makeup Pump Power 81PPE001B B/2 RCB 733 105A Cabinet, Makeup Pump Power, 81PPE002A A/l RCB 733 105F Cabinet, Makeup Pump CA?
81PPE002B B/2 RCB 733 105A Cabinet, Makeup Pump CAP 81PPE003A A/l RCB 733 105F Cabinet, VAR XFRM Drive 81PPE003B B/2 RCB 733 105A l Cabinet, VAR XFRM Jrive 81PPP001A A/l RCB 733 103 Pump PRI NA Makeup 81PPP0018 B/2 RCB 733 104 i Pumo PRI NA Makeup i
. Pcge 12 NOTES:
_ 1. Meets guidelines of Regulatory Guide 1.75 with regards to
{~ _ equipment and cable separation between Channels A, B and C (Division 1, 2 and 3) and also between Primary and secondary RSS of the same. channel / division.
2.
RSS equipment and cables of Channels A, B and C (Division 1, 2 and 3) are separated from each other as per IEEE 384-1974 and Regulatory Guide 1.75.
- 3. Based on the following justification, it is considered that separation between Primary and Secondary RSS equipment and cables and between SGAHRS & DHRS equipment cables of the same safety channel (Division) is not required. -
The fire hazard analysis (ES-26NS-10-004) has determined the following:
a.
The sources of fire in cells other than Non-Hazardous cells, where Primary and Secondary RSS equinment and cables are located, mainly consist of the following:
cable insulation electrical panelboards and equipment cable termination and installation material including cable ties lubricating oils -
b.
The bulk of the heat sources are determined to be those associated with the cable insulation. The cables used are fire retardant and are qualified in accordance with IEEE 383. The lubricating oils are contained within the bearings or lubrication system of eculpment and constitute a very small portion of the total combustibles. An extensive fire detection system is provided in these areas.
Additionally, line type heat detectors are provided in cable trays containing safety related cables. As such, the fire hazard from cable insulation and othav materials minimi, located in thaea calla is considered i
- 4. The ecuipment associated with SGAHR3 r. ::ERS syste.ms are located in separate hazard areas.
__A
O Page 12a __
~
NOTES: (Continued)
- 5. Physical barriers are provided within cabinets to separate redundant channels into three areas. Material and cabling are flame retardant within the cabinet and there is no power source contained within the ._
cabinet.
- 6. Logic trains 1, 2 and 3 are redundant to each other.
O G
e i
t .
I
~ Enclesuro 6 I NRC CONCERN: The staff requested the applicant to provide additional information about safety classifi-cation of SWRPS electrical equipment.
Resolution: This concern was addressed by revising sections of PSAR chapteri3 and 7 as shown attached. _ _ _
&_
.4 i ef
-e i
( TABLE 3.2-3 (Continued) .
Cold Trap Temperature Switches
. Pump Temp. Switch Fan Motor .
Cables ., .
Nuclear Island General Purpose Maintenance Equipment System Containment isolation Valve Operators .
Cables -
Steam Generator Auxillary Heat Removat System ,.
Auxiliary Feedwater Pump Mote s Auxiliary Feedwater Flow Meter
- Protected Air Cooled Cendenser Condensate Flow Meter Auxillary Feedwater Valve Operators ,
Vent Control Valve Operators i
Water Storage Tank Fili Valve Operator i .
AFW Turbine Meam . Supply Valve Operator AFW Turbine Pressure Control Valve Operator Cables Steam Generator System Feedwater Valve Operators .
Superheater Outlet Valve Operators .
Steam Drum Drain Valve Operators 61 Cables -
Sodium-WaterReactionPressureReliefSystemInstrumentationanddontrols 3.2-11b Amend. 61 Sept. 1981
~
l TABLE 7.1-1 SAFETY-RELATED INSTRUENTATION AND CONTRQ. SYSTEMS
- f e, Reactor Shutdown Svstsens includes all RSS sensors, signal ' conditioning calculation units, comparators, buffers, 2/3 logic, scran actuators, sera breakers, control rods, back I contacts on scram breakers, HTS shutdown logic, coolant pump breakers, and j mechanical mounting hardware (equtpment racks).
containment Isolrtlen System -
l l
includes radiation monitoring son' sors, signal conditioning, comparators, 2/3 logic, containment isolation valve actuators and valves. .
Decav Hant Rs.er.aval System instrumentation and Control Svstem Includes initiating sensors, signal conditioning, calculation units, comparators, logic, auxillary feedwater pump actuators and controls' including .- .
- feedwater turbine pump, PACC DtX actustors and controls,' stema relief valve actuators and valves; sensors, signal conditioning, logic and actuators rolated to decay heat removal functions of DHRS including control of sodium and NaK pumps and air blast heat exchangers; and sensors, signal conditioning, logic and actuators related to removal of heat from the EVST.
IMGM =
= Jther Safetv-Retnted Instrumentaffen and control .
, includes instrumentation and Controls for portions of the following functions to assure the plant is maintained in a safe shutdown conditions i ,
o Emergency ,Chii1ed Wator System '
o Emergency P1 ant Service Water System o Instrumentation necessary to assure plont is mainteined in safe shutdown status (See Table 7.5-4)
! o Heating, Ventilating, and Air Conditioning System o Recircut ating Gas Cooling System
- The Clinch River Breeder Reactor Plant (CRBRP) safety-related structures, sy=tems, and components are designed to remain functional in the event of a Saf e Shutdown Earthquake (SSE). iThese include, but are not limited to, those structures, systems and components which are necessary:
'I a. To assure the Integrity of the Reactor Coolant Boundary;
- b. To shutdown the reactor and maintain it in a safe shutdown condition;
. c. To prevent or mitigate the consequences of accidents which could result in potential off-site exposures comparabie to the gutdelIne exposures of 10CFR100.
NOTE: Class IE equipment loads are identified in Chapter 8. ,
C 7.1 -7 Amend. 74
.Dec.1982
, _ _ . _ , - , , , ,,.__,,--___.__,,___.,_-__._n,,,_,._,,,_,--n,,,_ . - - _ . _ ,,,.,, g,, _
,,,,...u.- ., - - . . , ,
~
__ h INSERT PAGE 7.1-7 Sodium-Water Reaction Pressure Relief System (SWRPRS)
The instrumentation, initiation and control logic which achieves adequate isolation and blow-down of the waterside of a superheater or evaporator in the event of a sodium / water reaction is Class lE. The instrumentation used to initiate the isolation and blow--down valves are the rupture disc pressure detectors located downstream of the rupture discs. The other pressure and temperature instrumentation distributed throughout .
the sodium / water reaction pressure relief subsystem is used for status indication and is not Class lE.
, , , , . -._ ._.._.-..,-,--.,-,,,,..n,. ,. . ,, - .,...a ,., ,-- . --. - - - . ._
I h
, 7.5.6.1.I' Function -
k
- The Sodium-Water reaction Pressure Reflef System (SWRPRS) Instrumentation and
- Control System detects the inception of a large or intermediate watsr to sodium leak in any of the steam generator modules (see Section 5.5.2.6).
A 1 For a large leak, three 1E pre;sure sensors (nine per loop) are provided l Immediately downstream from each pair of rupture disks in the superheater and '
evaporator's (two) reaction products vent line. The signals are transmitted to the PPS Secondary Shutdown System which Initiates a reactor trip and PHTS and lHTS sodium pump trip. Buffered signals ure transmitted to the SWRPRS trip logic which Isolates the affected loop. A group alarm is transmitted to the Plant Annunciation System (PAS).
For intermediate leaks, three pressure sensors are provided in the INTS sodium expansion tank equalization iIne to the sodium dump tank, downstream of the rupture disks. These signals are transmitted directly to the SWRPRS trip logic via a two-out-of-three coincidence logic which isolates the affected loop. Reactor trip and trip of the PHTS and IHTS sodium pumps is initiated
} via the PPS . Primary Shutdown System as a result of a high steam-to-feedwater l flow in the affacted loop.
- 7.5.6.1.2 SWRPRS Trin Ioale ,
'I There are three separate SWRPRS trip logics, one each loop. Thus, only the affected Ioop wIII be Isolated IsayIng the other two Ioops for shutdown haat-M SWRPRS instrumentation and control which is used to initiate and control the SWRPRS function is lE. Instrumentation which is used to monitor the status of SWRPRS serves no safety function and I
( accordingly is non-lE.
l l
l l
7.5-30a l
h nd. 65 feb. 1982 l
. e C)
~
4 t
40 59 7.5.6.1.3 Bypasses and Interlocks lq The control logic for the actuation of the Sodium-Water Reaction -
Pressure Relief System will be designed to insure reliability and freedom from spurious operation. A discussion of the bypasses and inter-lock functions will be provided as detail system design and analysis .'
progresses. nypasses and interlock functiohs which are required for operation' of the initiation and control logic will be Class IE.
7.5.6.1.4~ Sodium Dump jg No automatic action is associated with the removal of sodium from the affected loop. However, sodium dump valves are provided for draining
~ : odium to the sodium dump tank, and can be initiated by operator l40
.on. .
Drain valves are located in five piping runs between the IHTS sodium lg
, loop and the sodium dump tank. Each piping run contains a pair of drain valves arranged in series. Controls and indications for all V
these valves are located on the Main control Board.
7.5.6.1.5~ Monitoring Instrumentation
[
I 40 In addition to the instrumentation required for the initiating
. circuitry, the'following parameters are measured to: aid the plant 4
operator in assessing the performance of the Sodium-Water Pressure Relief System:
o Pressure in the gas space between each pair of rupture disks is monitored to detect leakage, or failure of the sodium side rupture disk. Spark plug leak detectors are also provided in the gas space to detect rupture disk failure.
e Thermocouple elements are provided for monitoring surface tenperatures of the reaction products separator tank, centrifugal separator, centrifugal. separator drain tank, and the hydrogen igniter.
29 C
7.5-32 Amend. 59 Dec. 1980
.--._..--.--..,_.--_.-,-,-,--_-,._.,-.,,-,,.,-,,.--,,,,.,..,,..n,. ,a,---
4 7.5.6.2 Design. Analysis Because of the large increase in pressure from the formation of reaction products during a large sodium-water reaction rupture disc operation is necessary to prevent excessive pressure su,rges in the Inter-mediate Heat Transport System and possib!e primary boundary rupture ~ at '
, the Intemediate Heat Exchanger. Reaction products vent line sensors are part of the Reactor Shutdown System and as such meet the requirements of the Plant Protection System (see Section 7.1.2 and 7.2.2). The initiation of .
',, isolation and dump of the water side of the steam generators, trip of the .
- recirculation pumps and inerting of the steam generators nomally follows
- after rupture disc operation in a large sodium-water reaction and is desfr- ,
+" able frora the operational standpoint of minimizing the time to recover from the incident. However, the initiation of these actions af ter. rupture c
disc operation is not necessary from a safety standpoint to assure protec-
< er - tion of the core or the safety of the public.
.All SWRPRS equipment associated with isolation or dump of.evapor-ator or superheater modules is designed to assure that no credible single
" event can disable more than one of the three redundant decay heat removal .
paths. All electronic equipment is designed to withstand the Safe Shut-down Earthquake. The mechanical equipment associated with the 3 staan .
r l generators is physically separated in 3 different staam generators bays.
Electrical and pneumatic supplies are arranged such that a single failure '
disables at most one decay heat removal path. Where practicable, the preferred failure position for equipment is in a direction to assure tha safe operation of the SGAHRS.
SWRPRS equipment whose failure could cause loss of decay heat removal capability of the SGAHRS is safety related. Tnis includes SWRPS initiation and control equipment which is used to initiato and blowdown the water side of the affected loop. Any credible single failure in the SWRPRS
.g can lead to the failure of at most one of the three . decay heat removal loops.
Since the three decay heat removal loops are redundant and independent, the SGAHRS will meet the single failure criterion and the adequacy of the decay heat removal system following a credible single failure in the SWRPRS is assured.
7.5-33a
_ . . _ , _ _ _ . _ , _ - - - - - _ _ _ _ _ _ , ,, .,, _y,,,,.-,,,-_,,_.,,,,,,-_,.-__%__-___,
Enclosure 7 -
NRC CONCERN: The staff requires additional information on position indication of safety relief valves.
RESOLUTION: The response to question'421.46, which addresses direct indication of valve position is revised as shown attached.
G e
4 l
l I
._ = - . . _ . .. - . _. .
. e i
' OUESTION CS421.46 !
As called for in Section 7.1 of the Standard Review Plan, provide i information as to how your design conforms with the following TMI Action Plan Items as described in NUREG-0737:
a) II.D.3 - Relief and safety valve position indication b) II.E.4.2 - Containment isolation dependability (positions 4, 5 and 7) c) II.K.3 - Final recommendations
.9 - PID controller i .12 - Anticipatory reactor trip It has been the case for light water reactors to provide an anticipatory reactor trip following a turbine trip directly from the turbine bypass and/or control valves. In the PSAR, Table 7.2-2 indicates that a turbine trip will cause a reactor trip upon a steam feedwater flow mismatch and/or steam drum level indication. Justify the lack of an anticipatory reactor trip initiated from turbine bypass or control valve closure.
Response
a) II.D.3 Direct Indication of Relief and Safety Valve Position Position .
" Reactor coolant system relief and safety valves shall be provided with a positive indication in the control room derived from a reliable valve position detection device or a reliable indication of flow in the discharge pipe."
CRBRP Design
! As stated in Appendix H of the PSAR, which addresses i'MI position II.D.3, the CRBRP, unlike prr.ssurized water reactors, has an unpressurized reactor coolant system and has no relief and safety valves in the reactor coolant loop. Thus, the potential for loss of coolant to the reactor through safety relief valves such as occurred at TMI does not ,
exist on the CRBRP plant. TMI II.D.3 deals with the inability to cool the reactor as a result of loss of coolant to the reactor through the safety relief valves. Therefore,
'neither the requirement nor the principle of the requirement have any application on CRBPR.
.__._-_,,,.,__,,.m_, , _ _ - , , , . --_._,_y_-o_, -- _. _ _ _ - ,_- ,-- .-
P g3 2 Safety relief valves and vent control valves are utilized in the steam side of the heat transport system for overpressure
^
protection and venting for SWRPRS and SGABRS operation. A failure to close when expected or leakage from one of these valves could result in loss of water inventory from that particular steam generation locp, which could lead to the loss of the heat removal capability of that loop. Should the leak be sufficient to prevent the affected loop from removing decay heat, there are two remaining loops which are capable of performing the required safety function of decay heat removal.
The SGS safety valves are pilot operated valves which will open when system pressure reaches their set points. In addition, the evaporator outlet and superher.ter outlet safety valves will open when actuated by an air-operated actuator.
Main control room indication of pilot stem position, not main valve stem position, is provided for these valves. To provide a backup to the pilot stem position indicators, an acoustic sensor has been added to the vent piping downstream of each SGS safety valve. These sensors will detect either a ,
stuck open valve or any steam leakage past the seat of a closed valve. These conditions will be alarmed and annunciated in the main-control room.
The SGAHRS steam drum and superheater vent control valves have electric / hydraulic operators and are provided with e Class lE direct stem position indicators in the main control _-
room. Acoustic sensors located on the vent piping downstream
- of the valves will detect any steam leakage past the seat of a closed valve, and the leakage will be alarmed and annunciated in the main control room.
In addition to the above mentioned valve position indication, the loss of water inventory at a rate sufficient to be of a safety concern can be detected and the loop isolated by Class lE instrumentation. These are, steam drum pressure, steam drum level and main feedwater flow or SGAHRS AFW flow.
O
, - - + - - - - , , -n,----- -,,y,--.--n, - , , - - - -
- - - , , . _ , , - ~ ~ ~ - - - - , - - ,--------a- - , - - - - ~ ,- - - - - - - ------r--
- ^ --~ -- '
=
pi' . .
~ *
. i L ,
I T* .
r -
t -
[' b) Item i l.E.4.2 Containment isolation System Dependability ~ ~ ~ -'
- i. .
Pos it ion (4 )
"The design of control systems for automatic containment isolation valves
- shall. be such that resetting the isolation signal will not result in the automatic reopening of containment isolation valves. Reopening of containment isolatton valves shalI. require deliberate operator action."
Clarification
"(4) Administrative provisions to close all isolation valves manually before resetting the isolation signals is not an acceptable method of meeting position 4.
(5) Ganged reopening of containment isolation valves is not acceptable.
Reopening of isolation valves must be perfcrmed on a valve-by-valve basis, or on a line-by-line basis, provided that electrical independence and other single-f allure criteria continue to be satisfied."
QCS421.46-2 Amend. 71
CRBRP Design: -l CIS valve closure is centrolled by Initlaring an isolation signal to the
~
CIS breaker undervoltage coll. Reset of the isolation signal to the CIS breaker undervoltage coil will not automatically reset the CIS valves.
Reset of the CIS valves requires the operator to manually close the CIS breaker. Individual valve control switches are provided, which will allow the operator to manually select all valves closed prior to closing the CIS breaker. This will allow each CIS valve to be Individually opened under administrative control. This meets the Intent of Position 4 and -
Clarifications 4 and 5.
Position (5)
"The containment setpoint pressure that initiates containment isolation for nonessenti'al penetrations must be reduced to the minimum compatible with normal operating conditions."
CRBRP Design: ,
Containment pressure is not used to initiate automatic containment .
Isolation. The CIS back pressure. valve setpoints are chosen to assure that, upon system f ailure, the containment isolation valves remain closed for the highest conteinment pressure. ,-
,- Position (7)
" Containment purge and vent isolation valves must close on a high radiation signal."
CRBRP Design:
CRBRP purge and vent lines will isolate on a high radiation signal. There are no sealed-closed purge isolation valves.
c) II.K.3 Final Recommendations
.9 Procortional Integral Derivative Controller Modifiention Position "The Westinghouse-recemmended modification to the proportional Integral derivative (PID) controller should be lopleyaented by af fected licensees."
CRERP Design:
This TMI action plan requirement was provided to preclude the spurious opening of pressurizer power operated relief valves (PORVs) in Westinghouse-designed PdRs. There are no PORVs on the CRSRD reactor
, coolant boundary; therefore, this action plan requirement is not applicable to CRBRP.
k QCS421.46-3 Amend. 71 c... .ne,
,___, ~. - _
- o
~
~
.12 Antlefnatorv Trin .
- Pos It f ort Licensees with Westinghouse-designed operating plants should confirm that their plants have an anticipatory reactor trip upon turbine trip. The licensee of any plant where this trip is not present should provida a concsptual design and evaluation for the installation of this trip."
CRBRP DesIgr:
An antIcipatery trip upon turbine trip Is not required because the Intermediate Aeat Transport System acts as a buf fer between the reactor and the Steam Generater System (SGS). This arrangement loosely couples the reactor and SGS such that events in the SGS (such as turbice trip) are not immediately reflected as changes in reactor paraneters. Response time of the Stean to Feedwater Mismatch is more than adequate to scram the reactor upon a turbine trip making the anticipatory trip from the bypass / control valves unnecessary.
.c
)
QCS421.46-4 Mend. 71 Sept. 1982
.- . .. . . .. ..