ML20070R313
| ML20070R313 | |
| Person / Time | |
|---|---|
| Site: | Seabrook  |
| Issue date: | 01/25/1983 |
| From: | Devincentis J PUBLIC SERVICE CO. OF NEW HAMPSHIRE, YANKEE ATOMIC ELECTRIC CO. |
| To: | Knighton G Office of Nuclear Reactor Regulation |
| References | |
| SBN-431, NUDOCS 8301270412 | |
| Download: ML20070R313 (121) | |
Text
{{#Wiki_filter:Il e i SEASROOM STATION i Enginsedng OfReen 1671 Worcesser Rood Framinehom. Massachusetts 01701 Pubuc W of h We (617) - s72 - 3100 January 25, 1983 SBN-431 T.F. B7.1.2 United States Nuclear Regulatory Commission Washington, D. C. 20555 Attention: Mr. George W. Knighton, Chief Licensing Branch No. 3 Division of Licensing
References:
(a) Construction Permits CPPR-135 and CPPR-136, Docket Nos. 50-443 and 50-444 (b) PSW Letter, dated April 1, 1982, " Meeting Notes; Instrumentation and Controls Systems Branch (ICSB)," J. DeVincentis to R. Stevens (c) PSNH Letter, dated June 10, 1982, " Meeting Notes; Instrumentation and Control Systems Branch (ICSB)," J. DeVincentis to F. J. Miraglia (d) PSNH Letter, dated August 10, 1982, " Meeting Notes; Instrumentation and Contro1 Systems Branch (ICSB)," J. DeVincentis to F. J. Miraglia (e) PSNH Letter, dated October 14, 1982, " Meeting Notes; Instrumentation and Control Systems Branch (ICSB)," J. DeVincentis to J. Kerrigan (f) PSNH Letter, dated November 24,1982, " Meeting Notes; Instrumentation and Control Systems Branch (ICSB)," J. DeVincentis to G. W. Knighton I
Subject:
Open Item Responses: (SRP 7.3.2, 7.4.2, 7.5.2, 7.7.2; Instrumentation and Control Systems Branch)
Dear Sir:
l We have enclosed responses to the several t the remaining open items in the Instrumentation and Control Systems Branch rev iew. The enclosed responses are in the form of revisions to previously submitted meeting notes [see References (b)-(f)]. New or revised information is highlighted by a bar in j the right margin. The open items which are addressed in this submittal are as follows: t SRP SECTION COMMENTS Q 7.3.2 e O Solid State Protection System Relay Contacts; RAI 420.81 \\ 7.4.2 Systems Required for Safe Shutdown and (b Remote Shutdown; RAI 420.38 and 420.39 D $6 8301270412 830125 9 PDR ADOCK 05000443 i A PDR 1000 Elm St., P.O. Box 330, Manche _'ar, NH 03105. Telephone (603)669-4000. TWX 7102207595 t
?; p United States Nuclear Regulatory Commission January 25, 1983 Attention: Mr. George W. Knighton Page 2 SRP SECTION COMMENTS 7.5.2 Radiation Data Management System Isolation Devices; RAI 420.12 7.7.2 Information Notice 79-22, Control Systems Failure; RAI 420.62 and 410.63 The enclosed revised information will be included into the FSAR in OL Application Amendment 49. Very truly yours, YANKEE ATOMIC ELECTRIC COMPANY J. DeVincentis Project Manager ALL/fsf cc: Atomic Safety and Licensing Board Service List 1 m,
m ._._._.........._.4.... ASLB SERVICE-LIST Philip Ahrens, Esquire Assistant Attorney General Department of the Attorney General Augusta, ME 04333 Representative Beverly Hollingworth Coastal Chamber of Commerce 209 Winnacunnet Road Hampton, NH 03842 William S. Jordan, III, Esquire Harmon & Weiss 1725 I Street, N.W. Suite 506 Washington, DC 20006 E. Tupper Kinder, Esquire Assistant Attorney Genera ~. Of fice of the Attorney General 208 State House Annex Concord, NH 03301 Robert A. Backus, Esquire 116 Lowell Street P.O. Box 516 Manchester, NH 03105 Edward J. McDermott, Esquire Sanders and McDermott Professional Association 408 Lafayette Road Hampton, NH 03842 Jo Ann Shotwell, Esquire Assistant Attorney General Environmental Protection dureau Department of the Attorney General j One Ashburton Place, 19th Floor Boston, MA 02108 l .-w-w
420.5 As called for in Section 7.1 of the Standard Review Plan, provide (7.1) .information as to how your design conforms with the following TMI Action Plan Items as described in NUREG-0737: ^ (a) II.D.3 - Relief and safety _ valve position indication, (b) II.E.1.2 - Auxiliary feedwater system automatic initiation-4 flow indication, j (c) II.E.4.2 - Conta*.nment isolation dependability (positions 4, 5 ana 7), I (d) II.F.1 - Accident monitoring instrumentation (positions 4, 5 and 6), (e) II.F.3 - Instrumentation for monitoring accident conditions (Regulatory Guide 1.97, Revision 2), (f, II.K.3 - Final recommendations .9 - PID controller .12 - Anticipatory reactor-trip. i
RESPONSE
(a) II.D.3 The single acoustic device to monitor all safety 3/23 valves is not redundant but is safety grade. Limit switches! 1/83 for each PORV are not redundant but position indication is safety grade. Position indication system is seismically and environmentally qualified. There will be control room alara for acoustical device and for either PORV not closed. There 3 is backup temperature indication downstream of'each safety valve and one temperature indication for both PORVs, all are alarmed in the control room. The FSAR will be revised. l ~ (b) II.E.1.2 Auxiliary feedwater system automatic initiation is safety grade. Flow indication meets Item 2a and b'of II.E.1.2-5, NUREG-073 7. (f[f3 (c) & (d) II.E.4.2 and II.F.1 will be handled by containment systems branch. (e) II.F.3 will be covered by Regulatory Guide 1.97,' Response 420.51. (f) II.K.3.9 and.12, provided response in letter SBN-212,. dated 2/12/82. Reviewed by staff and found ~ acceptable. ADDITIONAL
RESPONSE
(a) NUREG-0737, Item II.D.3, Clarification was made that the final 5/12 design of the safety and relief valve position indication is not complete. The project documents and the FSAR will be revised. The block valves, position indication and their manual controls will be Class lE. (b) NUREG-0737, Item II.E.1.2, will be addressed in the overall discussions of the emergency feedwater system. 9' J
FSAR Figure 7.2-1, Sheet 15 and Page 7.3-23, will be corrected to indicate that both A & B train actuate the turbine driven emergency feedwater pump. ADDITIONAL
RESPONSE
(a) FSAR 5.2.2.8 will be revised to provido the information on 9/14 relief and safety valve position required by NUREG-0737 1/83 II.D.3. A handout of the draft FSAR revision is included in the meeting minutes. (b) The information required by NUREG 0737 II.E.1.2 is provided in the following FSaR sections that are keyed to the 0737 l tj/g3 positions and clarifications: Part I Position (1) 6.8.1 h, 6.8.5 [ //y3 (2) 6.8.1 a, 7.3.2.2 (3) 6.8.4, 7.3.2.2 (4) 8.3 (5) 5.8.1 h (6) 8.3 (7) 6.8.1 h Clarification The automatic initiation signals and circuits are safety ~ I!TI grade and comply with the salient paragraphs of IEEE 279-1971 listed in action Item II.E.1.2 of NUREG-0737. Part II Position (1) 6.8.5 (2) 6.8.5, Table 7.5-1 Clarification (1) Not applicable (2) (a) 6,8.5, Table 7.5-1 g/gj (b) (1) 6.8.5, 7.5.3.3 (a) (ii) 6.8.5, 7.5.3.3 (g) (iii) 7.5.3.3 (j), (k) (iv) 17.2.2.2, Appendix 3H (v) 7.5.3.3 (a) This instrumentation will be covered in the Control Room design review and the operator training program..
Note that 6.8 is being revised to include this and other information on EFW changes, a copy of the draf t revisf on is attached as part of the response to RAI 420.36. FSAR Figure 7.2-1, Sheet 15,-and p. 7.3-23 will be revised to show that both A & d trains actuate the turbine driven pump. A copy of the FSAR cackups are attached. HANDOUT: Revised FSAR 5.2.2.8 for RAI 420.5 (a). 9/14 11/82 5.2.2.8 Process Instrumentation Instrumentation la provided in the control room to give the open/ closed status of the pressurizer safety and Power Operated Relief (PORV) Valves. Each PORV is monitored by limit switches that operate red and green indicating lights on the main control-board. The safety valves are monitored by an acoustic monitor that senses the acoustic emissions associated with flow in the discharge line that is common to the three safety valves. All instrumentation will be environmentally and seismically qualified, will be powered from a vital instrument bus, and will actuate VAS alarms. The indication will not be redundant, therefore, backup indication and alarms are provided by temperature indication on the discharge of each safety valve and the common discharge from the PORVs and by primary relief tank j temperature, pressure, and level. I The primary and backup instrumentation will be integrated into the i emergency procedures and operator training. The human factors analysis will be performed as part of the control room design l review. STATUS: Confirmatory pending ICSB review. 9/14 420.6 Provide an overview of the plant electrical distribution system, (7.1) with emphasis on vital buses and separation divisions,= as background for addressing various Chapter 7 concerns.
RESPONSE
Discussed at meeting, no further response required. 3/23 STATUS: Closed. 5/12 420.7 Describe features of the Seabrook environment control system which (7.1) insure that instrumentation sensing and sampling lines for systems important to safety are protected from freezing during extremely cold weather. Discuss the use of environmental monitoring and alarm systems to prevent loss of, or damage to systems important to safety upon failure of the environmental control system. Discuss electrical independence of the environmental control i system circuits. i '
.m I i
RESPONSE
Written response reviewed by the NRC and attached to meeting - 3/23 rotes. We reviewed the freeze protection'for the refueling water storage tank (RWST) af ter 'the meeting. It was determined that the instruments and sensing lines are in the building that encloses the RWST and is maintained above 320F by the heated PRST. Additional freeze protection'is not l required. ' EAI 440.104 is related. This item is under review by the staff. ADDITINAL
RESPONSE
-Fluid systems are protected-from freeting by being 1) located in 5/12 nn area with a heating system;. 2) located in an enclosure with a 7/15 heated tank; or 3) provided by heat tracing. The majority of the safety-related piping is located in areas that are provided with heating systems. Low ambient temperature is alarmed in the control room. The alarms are not safety-grade. The alarm is electrically independent of the heating system. The areas are accessed periodically as part of the operators inspections. The operator will be instructed to notice abnormal ambient temperatures that could result from failure of the heating system. The tenk farm enclosure is maintained above 'the freezing temperature by the heat lost.from the heated RWST. Low ambient, RWST, and spray additive tank temperatures are alarmed in the control room to warn of abnormal conditions in the tank farm enclosure. Safety-related piping that is not in heated areas or that require the maintenance of temperatures higher than the design ambient temperatures is provided with dual heat tracing circuits and Icv temperature alarms. The alarm and heat tracing circuits are electrically independent, therefore, failure of the heatiny circuit will not result in loss i of the low temperature alarm. Lv,a of power to the low temperature alarm and heat tracing circuits will be alarmed in the control room. I HANDOUT: To ensure ' hat instruments, including sensing and sampling lines, 3/23 are protect 2d from freezing during cold weather, electrical heat tracing is provided. Heat tracing on safety-related piping is. j protected by redundant, non-safety-related, heat ' tracing. ' On the l boron injection line only, the primary heat tracing circuit is train A associated. The backup heat tracing circuit is train B associated. This backup circuit is normally de-energized. On the i remaining lines, the redundant heat tracing circuit is energized-from the same train as the primary circuit. Integrity of each circuit is continuously monitored. Low and high i temperature alarms are available at the heat tracing system control cabinet. ' Additionally, failures as detailed below are indicated at the heat tracing control cabinets that are located in l the general vicinity of the systems being heat traced: .~,.. _ _, _ _ _ _
a) Loss of voltage, ( b) Ground fault trip for each heating element circuit, c) Overload trip of branch circuit breakers, Trouble alarms are provided in the main control room. f STATUS: Closed. 9/14 420.8 Provide and describe the following for NSSS and BOP safety-related (7.1) setpoints: (a) Provide a reference for the methodology used. Discuss any differences between the referenced methodology and the methodology used for Seabrook, (b) Verify that environmental error allowances are based on the highest value determined in qualification testing, (c) Document the environmental error allowance that is used for each reactor trip and engineered safeguards setpoint, (d) Identify any time limits on environmental qualification of instruments used for trip, post-accident monitoring or engineered safety features actuation. Where instrue.ent.s are qualified for only a limited time, specify the time and basis for the limited time.
RESPONSE
Seabrook uses the same methodology as W used for DC Cook, North 3/23 Ar.ca and Sumner, there are no differences. DC Cook and North Anna were submitted and approved. This is applicable for both NSSS and BOP safety-related setpoints. WCAP 8587 and 8687 describe the determination of environmental error allowances. ADDITIONAL
RESPONSE
The use of the Westinghouse statistical methodology was accepted 9/14 by the NRC for Virgil C. Sumner (NUREG 0717 Supplement No. 4). The determination of the Seabrook setpoints will be consistent with the method used for Sumner. STATUS: Confirmatory pending review of formal documentation. 9/14 420.9 There is an inconsistency between the discussions in FSAR (7.1.2.5) Section 1.8 and FSAR Section 7.1.2.5 pertaining to the compliance with Reguitaory Guide 1.22. FSAR Section 1.8 states that the main reactor coolant pump breakers are not tested at full power. FSAR Section 7.1.2.5 does not include these breakers in the list of equipment which cannot be tested at full power. Please provide a discussion as to whether the operation of the reactor coolant pump { breakers 10 required for plant safety. If not, then please.
Justify. Also, please correct the inconsistency described above and, as a minimum, provide a discussion per the recommendations of Regulatory Position D.4 of Regulatory Guide 1.22.
RESPONSE
Revised 1.8 provided to staff and attached to meeting notes, 3/23 reactor does not trip on opening of reactor coolant ;, ump breakers. STATUS: Closed. 9/14 420.10 Using detailed plant design drawings (schematics), discuss the (1.8) Seabrook design pertaining to bypassed and inoperable status (7.1.2.6) indication. As a minimum, provide information to describe: (7.5) 1. Compliance with the recommendations of Regulatory Guide 1.47, 2. The design philosophy used in the selection of equipment / systems to be monitored, 3. How the design of the bypass and inoperable status indication systems comply with Positions B1 through B6 of ICSB Branch Technical Position No. 21, and 4. The list of system automatic and manual bypasses within the BOP and NSSS scope of supply as it pertains to the reco::anendations of Regulatory Guide 1.47. The design philosophy should describe, as a minimum, the criteria to be employed in the display of inter-relationships and dependencies on equipment / systems and should insure that bypassing or deliberately induced inoperability of any auxiliary or support system will automatically indicate all safety systems affected.
RESPONSE
Handout given to staf f. Overview of systems covered and 3/23 description of operation given including automatic and manual modes, and interaction between systems. Handout as amended during meeting will be attached to the meeting minutes. ( System description of computer and video alarm system (VAS) presented during meeting and will be followed up by written l description to staff as response to RAI 420.49. A meeting will be held with the staff in Washington at a later date to review all l aspects of plant computer operation. Staff presented concern that some guarantee must be considered as i to percent of time computer will be operating and that plant will not continue to operate for any length of time, without appropriate corrective action, when and if computer should be out i of service. A possible solution would be to refer operating and j repair times to safety review committee although it is agreed that the computer is not a safety-related system. Staff asked for l additional information concerning level of validation and verification of sof tware. i l - -. - -.
RANDOi!T: 1. Systems are designed t i meet the recommendations of 3/23 Regulatory Guide 1.47. 1/83 2. Design philosophy is discussed in FSAR Section 7.1.2.6. The selection of equipment is given in Item 4. 4 3. System design meets the recommendation of ICSB-21 as follows: B1 - Refer to FSAR Section 7.1.2.6(a). B2 - System design meets the requirements. Refer to logic diagrams listed in FSAR Section 7.1.2.6(f). ~ B3 . Erroneous bypassed / inoperable alarm indications could be 3 provided by any of the following: - dirty relay contacts - dirty limit switch contacts. B4 - The bypass indication system does not perform functions essential to safety. (Refer to FSAR Section 7.1.2.6) - A system design is supplemented by administrative procedures. The operator will not rely solely on the indication system. B5 - The indication system does not perform any safety-related functions and has no effect on plant safety systems. The indication system is located at the MCB separately for each train on system level basis. B6 - All bypass indicators and plant video annunciator systems are capable of being-tested during norma 1' system operation. 4. The list of the equipments for which bypass / inoperable alarms and indication are provided. A1 - Service Water System (SW) Service Equipaent Logic Diagram Schematic Service Water Pumps SW-P-41A/41B M-503968 M-301107 Sh. AG3,AR3 -41C/41D M-503969 M-301107 Sh. AG4,AR4' Cooling Tower Pumps SW-P-110A M-503966 M-301107 Sh. AU2 -110B M-503967 M-301107 Sh. AU6 Cooling Tower Fans SW-FN-51A M-503951 M-301107 Sh. AV4 -51B M-503452 M-301107 Sh. AW4 Cooling Tower / Service M-503973 M-310951 EH9/EHO Water Bypass /Inop. Note: There are separate lights for the service water pump and the cooling tower subsystems. I r..
A2 - Primary Component Cooling Water System (CC) Service Equipment Logic Diagram Schematic Primary Cooling Water Pumps CC-P-11A M-503270 M-310895 Sh. A58/A78 11B/11C/11D A59,A79 PCCW Bypass Inop. M-503277 M-310951 EH9/EHO A3 - Containment Building Spray (CSB) Service Equipment Logic Diagram Schematic Containment Spray Pumps CBS-P-9A/9B M-503257 M-310900 Sh. A61, A81 Containment Sump Iso. Viv. CBS-V8/V14 M-503252 M-310900 Sh. B84,D40 Cont. Spray Add. Iso. Vlv. CBS-V39/V44 M-503259 M-310900 Sh. 4b Cont. Spray Nozzle Iso. Viv. CBS-V13/V19 M-503259 M-310900 Sh. 4b Service Equipment Logic Diagram Schematic Primary Comp. Cooling Water to Containment RX CC-V131/V260 M-503259 M-310895 Sh. 4a Primary Comp. Cooling Water M-503259 A4 - Residual Heat Removal (RH) Service Equipment Logic Diagram Schematic RH Cold Leg Inj. Iso. Viv. RH-V14/26 M-503768/503769 M-310887 Sh. B57,B65 RH Hot Leg Inj. Iso. Viv. RH-V32/70 M-503768/503769 M-310887 Sh. B58,D90 Chg. Pump Suc. Iso. V1v. RU-V35 M-503768/503763 M-310887 Sh. B59,B66 SI Pump Suc. Iso. Viv. RH-36 M-503768/503763 M-310887 Cont. Sump Iso. Viv. CBS-V8/V14 M-503252 M-310900 Sh. B84,D40 Prim. Comp. Cooling Water to HX CC-V133/V258 M-503768 M-310895 Sh. 4A Residual Ht. Removal Pumps RH-P-8A/8B M-503761 M-310877 Sh. A57,A77 A5 - Safety Injection Systee: (SI) Service Equipment Logic Diagram Schematic SI Pumps SI-P-6A/6h M-503900 'M-310890 Sh. A56/A76 Cont. Sump Iso. Valve CBS-V8/V14 M-503918 SI Cold Leg Iso. Valve SI-V114 M-503918 M-310890 Sh. B49 SI-P-CA-6B to Hot Legs Isolation Valve SI-V102/V77 f SI-P-6A/6B to RWST / Isolation Valve SI-V89/V90/V93 M-503918 M-310990 Sh. B41/B42/ B43 SI-Pump Cross Connect SI-V111/V112 M-503918 M-310890 Sh. B47/B48 Prim. Comp. Cooling Wtr. M-503918 M-310895 Sh. EH9/3 EA. -
A6 - Chemical and Volume Control System (CS) Service Equipment Logic Diagram Schematic Charging Pump CS-P-2A/2B M-503372,M-503330 M-310891 Sh. A62,A82 Prim. Comp. Cooling Wtr. M-503372 A7 Feedwater (FWi Service Equipment Logic Diagram Schematic. Emer. Feedwater Pump FW-P-37B M-503586 M-310844 Sh. 380 Emer. FW Pump 37A/37B FW-V71/73 M-503599 M-310844 Sh. 4 Discharge and Bypass Vivs. FW-V65/67 M-503599 M-310844 Sh. 4 A8 - Diese? Generator Service Equipment Logic Diagram Schematic DG Control Power Lost M-503495 M-310102 DG Breaker Control Power Lost M-503495 M-310102 EPS Control Power Lost M-503495 M-310102-Protection Relays not Reset M-503495 M-310102 DG - Barring Devices Engaged M-503495 M-310102 Starting Air Pressure Lo-Lo M-503495 M-310102 Control Switch Pull to Lock M-503495 M-310102 Selector Switch Maintenance M-503495 M-310102 B - Interrelationship Between Auxiliary Systems and Safety Systems Auxiliary systems such as service water system (SW), primary component cooling water system (CC), and diesel generator system (DG) are dependent on the operation of other auxiliary systems or are required for the operation of other auxiliary or safety systems. The VAS will automatically indicate the dependent auxiliary and safety systems that are made inoperable by an inoperable auxiliary system. Initiation of the Emergency Power Inoperable indication will automatically initiate all the l indicators for the same train on the bypass and inoperable l status panel. Initiation of an indicator on the bypass and-l inoperable status panel is performed manually, automatically t /g 3 j l for the diesel generator, and will automatically initiate I indication of dependent auxiliary and safety systems on the bypass and inoperable status panel. Reference logic drawings: M-503277 M-503973 M-503259 - M-503768 M-503918 - M-503372 l l i l l l l
F ADDITIONAL
RESPONSE
The handout will be revised to indicate that alarms and indicators 5/12 are provided. The indication on the bypass'and inoperable status panel is on the system level for each train. All automatic. initiation is through the VAS. Indication on the status panel is manually initiated in response to the VAS alarm or when the system is bypassed or made inoperable with devices not monitored by the VAS. The VAS and the status pana' have logic that will automatically indicare all systems made inoperable when a support system is inoperable. Typographical errors on A7 and A8 will be corrected. This items remains open pending the review of the VAS. Af ter the meeting, a note to clarify the service water indicators was added to Al of the 3/23 handout. A8 was deleted as the Diesel 2 Generator. status monitoring lights and alarms are not considered part of the bypass and inoperable status monitoring system, since the events monitored occur less than once per year. FSAR 7.1.2.6 copy attached, will be revised. ADDITIONAL
RESPONSE
Item A8, diesel generator, will be returned to the list as data 7/15 for other diesels indicate that they may require maintenance outages more than once per year. The functions that are licted all initiate a VAS common alarm which indicates that a train is inoperable, TRN EMERG POWER INOPERABLE. Diesel generator status is indicated on the diesel gene?ator status light panel on Section HF of the MCB, ~ not on the bypass and inoperable status light panel on Section CF of the MCB. These status monitoring lights along with specific and common VAC alarms provide continuous status of the diesel generators. We will add the bypass / inoperable status monitoring system pushbuttons to the computer inputs that initiate the VAS bypass / inoperable alarms. This will ensure that the same information on system status is available at the monitoring system or through the VAS. A snamary of the current status of the VAS 1 bypass / inoperable alarms will be available on demand to ensure that operator is aware of the status of.redendant systems when a r system is bypassed /made inoperable. A system level VAS alarm will be initiated if the redundant trains are bypassed /made inoperable. ADDITIONAL 1
RESPONSE
The 3,23 handout, Part B, is revised to include the Diesel 9/14 Generator in the discussion of the interrelationship of the auxiliary systems. Logic diagrams will be changed. STATUS: Confirmatory pending review of formal documentation. 9/14 I i
420.11 Summarize the status of those instrumentation and control items (7.1) discussed in the Safety Evaluation Report (and supplements) issued for the construction permit which required resolution during the operating license review.
RESPONSE
There are no unresolved items relating to Chapter 7 of the SAR 3/23 identified in the construction permit SER (Supplements 1 to 4). STATUS: Closed. 5/12 420.12 Various instrumentation and control system circuits in the plant (7.1.2.2) (including the reactor protection system, engineered safety features actuation system, instrument power supply distribution System) rely on certain devices to pravide electrical isolation capability in order to maintain the independence between redundant safety circuits and between safety circuits and non-safety circuits. 1. Identify the type of isolation devices which are used as boundaries to isolate non-safety grade circuits from the safety grade circuits or to isolate redundant safety grade circuits. 2. Describe the acceptance criteria and tests performed for each isolation device which is identified in response to Part 1 above. This information should address results of analyses or tests performed to demonstrate proper isolation and should assure that the design does not compromise the required protective system function.
RESPONSE
1. BOP uses the same type W 7300 system, with the same 3/23 qualifications, as is used by NSSS (NSSS equipment for Seabrook is identical to that for SNUPPS). 2. Radiation data management system will require submittal of further documentation of isolation devices used. 3. Power supply distribution isolation is covered under RAI 430.40A. ADDITIONAL (
RESPONSE
The current status of the RDMS isolators was discussed. Further ~ 9/14 discussion is deferred pending overall resolution of train separation criteria. STATUS: Open pending documentation of testing to be performed to show that 9/14 the isaiator will perform the required isolation function. The maximum credibla fault voltage and current should be justified. l l , l
ADDITIONAL
RESPONSE
The design of the RDNS supplied 'by the General Atomic Company is 11/82 consistent with,the criteria for physical independence of l 1/83-electrical systems established in " Attachment C" of AEC letter dated December 14, 1973'(see FSAR Appendix 8A) and in Regulatory Guide 1.75, Revision 2. In addition, the independence of. Class lE equipment and circuits follows lEEE Standard 384-1981, Section 7, regarding specific electrical isolation criteria. All Class 1E equipment is supplied with power from the appropriate Class 1E power source train. Communications within the RDMS System between the various microcomputer based monitors takes place via redundant semiduplex-lines, transmitting and receiving low level digitally coded signals. All of these monitors are provided with semiconductor-based optical isolators that isolate all communication lines from the internal circuitry of the monitors. a Further, all Class lE monitors are provided with state-of-the-art. 4 fault isolation devices. Each communication line is provided with overcurrent and overvoltage protection. Overcurrent protection is provided by incorporating a low current fuse in each line just before it entere the optical isolator circuitry which is part of each monitor. Tne overvoltage protection is provided by the use of a Transzorb device between the two communication lines and from gj each communication line to ground (see Figures 1, 2, and 3). /F3 j The Transzorbs are semiconductor-based devices incorporating a zener diode and Silicon Controlled Rectifier (SCR) units. When I the input voltage exceeds 28 volts, the zener diode will conduct g/83 all voltage above 28 volts, charging the capacitor. When the capacitor voltage reaches 2 volts (SCR trigger voltage) the SCR conducts and shorts the fault voltage to ground or between the lines, whichevsr is the case. If the power in the fault voltage is of a significant nature, it will cause the fuse to blow, which l will result in complete circuit isolation. i The qualification plan for the fuse /Transzorb combination used as i an isolation device consists of the following two steps: 1) A Maximum Credible Fault Voltage test has been performed (copy of Test Report 0357-9018, dated 6/15/81, is attached) to prove that the components, when exposed to the maximum i credible voltage, will protect the RM-80 such that the safety-related functions will not be affected. f[g3 The following is a summary of the test procedure and results j which confirm that the isolator performs the required l isolation function l The testing was accomplished by applying fault voltages at communication of a radiation monitor port A (and subsequently port B) of +140 volta de, -140VDC and 140 volts ac. These fault voltages envelope the maximum credible fault voltages, 6 -- - - - + - -,w +g, ---w--mr-y ~ -,--ea , - - - - ~ -
W - surge or continuous, at Seabrook. Fault voltages were applied between each conductor and ground as well as between conductors. In each case, port'B continued to function properly thereby proving proper operation of radiation monitor and that the isolator protects the lE functions _from f aults on the non-lE circuits. Port B was similarly tested.- Port A continued to function properly indicating proper operation of the monitor and [/ f3 isolation from the faulted input. 2) A study to prove that the Transzorb and fuse have no age-related failures over the 40-year life of the plant. The results of the study are: 1 a. The.Transzorb is a solid-state device with an activation l energy of 1 ev. The manufacturer on a periodic basis samples test units to 150-2000C for 50 hours. By extrapolation on an Arrhenius curve using the activation energy and the test temperature and test time, the life of the device is several orders of magnitude greater than 40 years at normal operating I conditions (400C). Therefore, the Transzorb has no j significant age-related failures. b. A fuse is nothing more than a piece of wire which has no l age-related failures which would cause it not to blow upon high current through it. There are no insulation materials l in the device which would degrade with age. I i ADDITIONAL l
RESPONSE
Qualified isolation devices that meet the requirements of 1/83 IEEE-279 are provided at the interface between protection and l control systems.. Faults in the control systems will not prevent I the protection system from performing its safety' function. Non-lE cables and circuits in seismic and non-seismic areas are associated.with one Class 1E train, are never routed in raceways containing Class lE or associated cables of another train or channel and are physically separated the same as the Class 1E circuit with which they are associated. (See RAI 430.149.) The Seabrook design complies with requirements of FSAR Appendix 8A, IEEE 384-1974 and Regulatory Guide 1.75 Rev. 2. Electrical interaction (crosstalk) between the Class lE and non-lE calbles in the same routing group is minimized by the use of shielded cables, grounding, separation by voltage level and dedicated raceways for circuits that are noise sensitive (nuclear instrumentation) or are noise sources (control rod drives).- (See FSAR 8.3.1.4 and RAI 430.149.). _.
420.13 The discussion in Section 7.1.2.2 states that Westinghouse tests (7.1.2.2) on the Series 7300 PCS system covered in WCAP-8892 are considered (7.5.3J3) applicable to Seabrook. As a result of these tests, Westinghouse (7.7.2.1) has stated that the isolator output cables will be allowed to be routed with cables carrying voltages not exceeding 580 volts ac or 250 volts dc. The discussion of isolation devices in Section 7.5.3.3 of the FSAR, however, considered the maximum credible fault accidents of 118 volts ac or 140 volts de only. Also, the statement in Section 7.7.2.1 implies that the isolation devices were tested with 118 volts ac and 140 volts de only. In order to ? clarify the apparent inconsistency, provide the following: (a) Specify the type of isolation devices used for Seabrook process instrumentation system. If they are not the same as the Series 7300 PCS tested by Westinghouse, specify the fault voltages for which they are rated and provide the supporting test results. (b) Provide information requested in (a) above for the isolation devices of the nuclear instrumentation system. As implied in WCAP-8892, the tests on Series 7300 PCS did not include the nuclear instrumentation system. (c) Describe what steps are taken to insure that the maximum credible fault voltages which could be postulated in Seabrook, as a result of BOP cable routing design, will not exceed those for which the isolation devices are qualified.
RESPONSE
The isolation devices used are as described in 420.12. 3/23 Isolation device design is identical and has been qualified the same as for SNUPPS. The routing of cables leaving the cabinets is consistent with the interface criteria in WCAP 8892A. STATUS: Closed. 5/12 420.14 The FSAR information provided describing the separation criteria (7.1.2.2; for instrument cabinets and the main control board is insufficient. Please discuss the separation criteria as it pertains to the dePign Criteria of IEEE Standard 384-1977, Sections 5.6 and 5.7. Detailed drawings should be used to aid in verifying compliance with the separation criteria. I r l
RESPONSE
Handout submitted to staff. Overview of main control board was ( 3/23 presented using drawings and pictures. FSAR Sections 7.1.2.2 and i 1.8 will be revised to be applicable to both balance of plant and NSSS control panels. The design criteria of IEEE Standard l 384-1977, Sections 5.6 and 5.7 for the main control board and I instrument cabinets has been met. STATUS: Closed. l 9/14 l L l I.
HANDOUT: 1. Instruuent Cabinets 3/23 Section 5.7 of IEEE-384-1977 is met by having independent cabinets for redundant Class 1E instruments, exampics of this separation may be found on instrument cabinets MM-CP-152A'and MM-CP-1528, both located in the main control room, control building Elevation 75'-0". 2. Main Control Board (MCB) Sections 5.6.1 through 5.6.6 of IEEE-384-1977 are met as follows, and as described'in UE&C Specification 9763-006-170-1, Revision 5: (a) Section 5.6.1 - The main control board, seismically qualified by analysis and testing per UE&C Specifications 9763-006-170-1 Revision 5, and 9763-SD-170-1, Revision 0, is located in the main control room of the Seabrook station control building (Elevation 75'-0") which is a Seismic Category I structure. (b) Sections 5.6.2 through 5.6.6 - MCB Zone "B" (front contains the low pressure safety injection; rear contains miscellaneous systems like steam generator blowdown, heat removal, spent fuel)~ will be used to describe compliance with above referenced sections of IEEE-384-1977. UE&C drawings 9763-F-510102 Revision 6, 9763-F-510115 Revision 4 and 9763-F-510116 Revision 4 could be used to ascertain the compliance with the. i standard. b.1 Internal Separation (5.6.2) - the front section of 3 l Zone B is divided into Class 1E train "A" (and it's associated non-Class 1E circuits train "AA") on the left-hand side, separated from the Class 1E train "B" (and it's associated non-Class 1E l circuits train _ "BA") by a -full size top-to-botton l steel' barrier. However, due to procesa requirements there are instruments of the opposite l train, "B", on the train "A" side; they are l separated by a steel enclosure fully surrounding i the instrument or open at the rear after a depth 6" deeper than'the instrument itself. The' rear section of Zone B is all' Class 1E train ( "A" or it's associated non-Class 1E circuit train l "AA". Again, as in the front section due to process requirements, there are instruments of the [ opposite train which are separated by a steel enclosure in the same fashion as in the front section. Refer to next Item, b.2, for wiring separation. ! l l -.
I b.2 Internal Wiring Identification (5.6.3) - All wiring within each section is identified by different jacket colors, as follows: i Class 1E train "A" - red Class 1E train "B" - white Non-Class 1E train "AA" - black with red stripe Non Class 1E train "BA" - black with white stripe i Each wire / cable insulation is qualified to be flame retardant per either IPCEA-S-19-81 (NEMA WC3) paragraph 6.13.2 or.UL-44 Section 85 or IEEE Standard-383 Section 2.5. In addition, all wiring I within each section is run in covered wireways formed from solid or punched sheet steel. Minimum wire bundles were allowed where it was physically impossible to install wireways or whers it would-have been hazardous to the operator / maintenance persoanel. Class ld and Non-Class 1E wiring of the same train - are run in the same wireway. The wireways were further identified with red "A" or white "B" to depict the train assignment of the wire being run within the particular wireway. 1 b.3 Common Terminations (5.6.4) - No common terminations were allowed in the MCB. b.4 Non-Class 1E Wiring (5.6.5) - Class 1E and Non-Class 1E associatt) circuits wiring of the same train are run togethar in the same metallic wireway but are separated by specific identifying jacket colors as described above (b.2). b.5 Cable Entrance (5.6.6) - Field cables to be terminated on the MCB terminal blocks are routed in train assigned raceways through the cable spreading room which is located directly under:the main control room (refer to UE&C Drawing 9763-F-500091, Revision 6).- The raceways run all-the way up to the floor slots of the same assigned train located in the floor right underneath the MCB. (The floor slots location and train assignment are shown.on UE&C Drawings 9763-F-500100 Revision 6, 9763-F-10134.7 Revision 5 and 9763-F-310432 Revision 8). 420.15 Identify all plant safety-related' systems, or portions thereof, (7.1) for which the design is incomplete at this time.
RESPONSE
The des.tgn of all safety-related systems has been completed. The 3/23 design details associated with procurement and installation are on going in accordance with the project schedule. 7
STATUS: Closed (design modifications are being covered under the other 5/12 RAIs). 420.16 Identify where microprocessors, multiplexers, or computer systems (7.1) are used in or interface with safety-related systems.
RESPONSE
NSSS does not uso microprocessors, multiplexers or computers in or 3/23 to interface with safety-related syctems (multiplexors are used for information transmission). The radiation data management uses microprocessors and computers. Detailed descriptions on how the system works will be submitted later. ADDITIONAL
RESPONSE
The RDMS is functionally identical to the systems installed at 5/12 Byron-Braidwood, St. Lucie 2, Waterford 3, SNUPPS and Comanche Peak. NRC will review handout presanted, copy attached. More information is needed on the 1E microprocessor sof tware and design features. The Class lE monitors are identified in FSAR Tables 12.3-13, 12.3-14 and 12.3-15. They are described in Section 12.3.4. ADDITIONAL
RESPONSE
Software design control and testing was discussed. The controls 9/14 will be documented. Information on the testing will be provided. STATUS: Open. 9/14 ADDITIONAL
RESPONSE
A description of the Radiation Data Management System (RDMS) and 11/82 Its major functional components has been previously submitted to the NRC. Verification of monitor software performance is accomplished via functional testing of the performance as demonstrated in the vendors' acceptance test procedure (a typical test procedure is UE&C Foreign Princ #72797). In addition, verification of the. monitor response to radiation sources is accomplished via an acceptance test and transfer calibratian procedure (UE&C Foreign Print #72761). Documentation and tracking of software versions for the RM-80 microcomputer is accomplished via a multistep method which is detailed below:.
Sof tware Documentation Procedure 1. System Requirements and Design Basis The System Data Base Document and Block Diagram reflect the customer's specification requirements. These drawings define the functional sof tware task. Changes to these drawings are controlled via engineering change orders. 2. RM-80 Software Design Basis The Software Design Task is defined by the Software Design I Basis Document. It is developed by an iterative process that includes coding, checkout, reviews, and debugging. It is the design specification for the sof tware. Changes to this r document are controlled by Engineering Change Orders (ECO). 3. Testing of RM-80 Software Af ter the design related debugging, reviewing and testing steps are finished, a generic software test is performed according to an approved test procedure. Changes to the test procedure are ECO controlled. 4. Final Design Review A Final Design Review is held. Minutes of this design review and all other reviews are maintained in the corresponding software design file. 5. Software Release A RM-80 Software Checklist is completed to insure all the proper steps have been followed. 6. Software Documentation 2 The software is controlled by the GA software librarian who assures conformance to the documentation control specified in the GA Quality Assurance Manual. I 420.17 The FSAR information which discusses conformance to Regulatory (7.1) Guide 1.118 and IEEE-338 is insufficient. Further discussion is (7.2) required. As a minimum, provide the following information: (7.3) (1.8) 1. Confirm that the Technical Specifications will provide detailed requirements for the operator which insure that blocking of a selected protection function actuator circuit is returned to normal operation af ter testing. t 2. Discuss response time testing of BOP and NSSS protection systems using the design criteria described in Position C.12 or Regulatory Guide 1.118 and Section 6.3.4 of IEEE 338. Confirm that the response time testing will be provided in the Technical Specifications. I { [ ' l {
3. The FSAR states that, Temporary jumper wires, tcdoorary test instrumentation, the removal of fuses and other equipment not hard-wired into the protection system will be used where applicable". Identify where procedures require auch operation. Provide further discussion to describe how the Seabrook test procedures for the protection systems conform to Regulatory Guide 1.118 (Revision 1) Position C.14 guidelines. Identify and justify any exceptions. 4. Confirm that the Technical Specifications will include the RPS and ESPAS response times for reactor trip functions. 5. Confirm that the Technical Specifications will include response time testing of all protection system components, from the sensor to operation of the final actuation device. 6. Provide an example and description of a typical response time test.
RESPONSE
Handout was distributed and found acceptable with changes 3/23 discussed during meeting. The revised handout is included in the meeting minutes. STATUS: Confirmatory pending correction of an editorial error to show 9/14 that the correct revision is Revision 2, dated June 1978. ADDITIONAL
RESPONSE
The comparison to Regulatory Guide 1.118 has been changed back to 11/82 Revision 1, see the 3/23 Handout, to be consistent with the commitment to IEEE 338-1975 made in the PSAR. ADDITIONAL The 1E electric power and safety system design and testing will
RESPONSE
also conform to the guidance of Regulatory Guide 1.118 (Rev. 2, 1/83 6/78) and the requirements of IEEE 338-1977. Attached is a revised FSAR 1.8 that discusses Regulatory Guide 1.118 (Rev.1, 11/77 and Rev. 2, 6/78). HANDOUT: 1. Technical Specification Tables 3.3-1 reactor trip system, 3/23 3.3-3 engineered safety features actuation, and 3.3-5 reactor trip /ESF actuation system interlocks, provide the operator with the minimum operable channel criteria and the appropriate action statement. 2. BOP and NSSS protection system time response tests will be conducted in accordance with Regulatory Guide 1.118 Revision 1, IEEE-358-1975, ISA dS67-06, and draf t Regulatory Guide Task IC 121-5, January, 1982, with the following exceptions and positions: (a) Task IC 121-5 Regulatory Position Cl states that the term " nuclear safety-related instrument channels in nuclear power plants" should be understood to mean instrument channels in protection systems. _
(b) Response time testing will be performed only on thoce channels having a limiting response time established and credited in the safety analysis. (c) The revised discussion of Regulatory Guide 1.118 in FSAR Section 1.8 (copy attached). Response time testing is specified in Tables 3.3-2 and 3.3-4. 3. It is not anticipated that any Seabrook test procedures performed on protection systems will require the use of temporary jumpers, lif ted wires or pulled fuses. All procedures will, in fact, utilize the hard-wired test points within the system and therefore, comply with Regulatory Guide 1.118, Revision 1, Position C14 If during plant operation, conditions or test requirements show that deviation from this guide is the only practical method of obtaining the desired test results, then all affected testing will be performed and documented under the control of a special test procedure. We will inform ICSB, prior to licensing, of any temporary modifications identified during preparation of the surveillance procedures. 4 4. Response times are specified in Tables 3.3-2 and 3.3-4. 1 5. Compliance with Regulatory Guide 1.118, Revision 1, l IEEE-338-1975, and ISA dS67-06 ensures that the complete i channel is tested with the exception noted on Table 3.3~2 of Seabrook Technical Specifications. 6. Response time tests have not yet been prepared. Test methods to be employed are outlined belows o Pressure Sensors i The process variable will be substituted by a hydraulic ramp, I the ramp rate to be selected based on the transient for which I the sensor is required to respond. l In the event that the sensor is required to respond to more than one transient, the ramp rates will be selected to l represent the fastest and slowest transients. Temperature Sensort Will be tested in place using the loop current step response l (LCSR) method. See NUREG-0809. Impulse Lines i Tests will be conducted during the startup testing phase to catablish the relationship between response time and impulse line flow, subsequent tests will be litt.ted to flow testing..
Electronic Channel The signal conditioning and logic section of~the instrument channel will be tested by inputting a step change at the input cf the process racks, and measuring the time required until the final device in the channel actuates. 420.18 It is stated in FSAR Section 7.1.2.11 that, "A periodic (7.1.2.11) verification test program for sensors within the Westinghouse i scope for determining any deterioration of installed sensor's response time, is being sought". NUREG-0809, " Review of Resistance Temperature Detector Time Response Characteristics", and draft Standard ISA-dS67.06, " Response Time Testing of Nuclear Safety-Related Instrument Channels in Nuclear Power Plants", are documents which propose acceptable methods for response time testing nuclear safety-related instrument channels. Please provide further discussion on this matter to unequi scally indicate the test methods to be used for Seabrook.
RESPONSE
See our Responea to 420.17 for a discussion of the peoposed 3/23 response time testing program. The referenced portion of 7.1.2.11 will be deleted (see attached copy). STATUS: Closed. 9/14 I l 4?0.19 FSAL Section 7.1.1 does not provide sufficient information to (7.1.1.1) distinguish between those systems designed and built by the i nuclear steam systaa supplier and those designed or built by others. Please provide more detailed information.
RESPONSE
Draft revisien of FSAR 7.1.1 provided to staff and found 3/23 acceptabit and is attached to the meeting notes. STATUS: Llosed. 9/14 420.20 Section 7.1.2.7 of the FSAR discusses conformance to Regulatory (7.1.2.7) Guide 1.53 and IEEE Standard 379-1972. The information provided addresses only Westinghouse provided equipment and associated topical reports. Provide a conformance discussion that addresses j the BOP portions of the plant safety systems and auxiliary systems required for support of safety systems.
RESPONSE
FSAR has been revised to cover single failure criteria for BOD and 3/23 NSSS and is attached to the meeting minutes. ADDITIONAL
RESPONSE
The change to FSAR 7.1.2.7 was reworded. Copy is attached. 5/12 STATUS: Closed. 9/14 i I m e, r. p. y =
420.21 The information in Secti.an 7.2.1.1.b.6, " Reactor Trip on Turbine .(7.2.1.1) Trip", is insufficient. Please provide further design bases discussion on this subject per BTP ICSB 26 requirements. As a minimum you should: 1. Using detailed drawings, describe the routing and separation + for this trip circuitry from the sensor in the turbine building to the final actuation in the reactor trip system (RTS). 2. Discuss how the routing within the non-seismic Category I turbine building is such that the effects of credible faults or failures in this area on tLase circuits will not challenge the reactor trip system and thus degrade the RTS perfora_nce. This should include a discussion of isolatioc devices. 3. Describe the power supply arrangement for the reactor trip on turbine trip circuitry. y [ 4. Provide discussion on your proposal to use permissive P-9 (50% power). 5. Discuss the testing planned for the reactor trip on turbine trip circuitry. Identify any other sensors or circuits used to provide input signals to the protection system or perform a function required for safety which are located or routed through non-saismically qualified structures. This should include sensors or circuits providing input for reactor trip, emergency safeguards equipment such as auxiliary feedwater system and safety grade interlocks. Verification should be provided to show that such sensors and i circuits meet IEEE-279 and are seiczically and environmentally qualified. Identify the testing or analyses performed which insures that failures of non-seismic structures,- mountings, etc. will not cause failures which could interfere with the operation of any other portion of the protection system.
RESPONSE
Add to the SNUPPS Jesponse to " Reactor Trip on Turbine Trip" that 3/23 circuits and sensors used in a non-seismic structure are Class lE and are run in separate conduits meeting Regulatory Guide 1.75 with the exception of seismic qualification. Hydraulic pressure and limit avitchea on the turbine stop valves are two examples. the response will be attached to the meeting minutes. Permissive P-9 has an adjustable setpoint between 10 - 50%. Reactor trip on turbine trip circuitry is testable at pcuer. The turbine impulse chamber pressure transmitters are Clase lE and routed as Class lE, with the seismic exception. ~,.. _ _ -
There are no other safety grade sensors routed through non-seismic areas. The only safety-related outputs.in non-seismic areas are d signals to close the feedwater control valves, close the condenser dump valves and trip the turbine generator. These cireitits are designed as described above. ADDITIONAL
RESPONSE
The handout was discussed and revised. 5/12 Each turbine stop valve is monitored by two independent switches. SfATUS: Closed. ICSB will follow PSB review of separation per Regulatory 7/15 Guide 1.75. HANDOUT: Revised SNUPPS Submittal 3/23 9/14 Evaluations indicate that the functional performance of the protection system would not be degraded by credible electrical faults such as opens and shorts in the circuits associated with reactor trip or the generation of the P-7 interlock. The contacts of redundant sensors on the steam stop valves and the trip fluid pressure system are connected through the grounded side of the ac supply circuits in the solid state protection system. A ground fault would therefore produce no fatlt current. Loss of signal caused by open circuits would produce either a partial or a full reactor trip. Faults on the first stage turbine pressure circuits would result in upscale, conservative, output for open circuits and a sustained current; limited by circuit resistance, far short circuits. Multiple f ailures imposed oa these redundant circuits could potentially disable the P-13 interlock. In this event, the nuclear instrumentation power range signals would provide the P-7 safety interlock. Refer to Functional Diagram, Sheet 4 of Figure 7.2-1. SSPS input circuits and sensors in non-seismic structures are Class 1E. The electrical and physical independence of the connecting cabling conforms to Regulatory Guide 1.75. STATUS: Closed. 9/14 420.22 FSAR Section 7.2.1.1.b.8 states that, "The manual trip consists of (7.2.1.1) two switches r:th two nutputs on each switch. One output is used to actuate the train A reactor trip breaker, the other output actuates the train B reactor trip breaker " Please describe how this design satisfies the single failure criterion and separation requirements for redundant trains. REF'ONSE: Manual trip design is identical to SNUPPS, Watts Bar, 3/23 Byron-Braidwood. Drawing was reviewed and found acceptable. STATUS: Closed. 5/12 i 4 -. -. - - - -
_ =_ _ 420.23 Describe how the effects of high temperatures in reference legs of 1 (7.2) steam generator and pressuriser water level measuring instruments subsequent to high energy breaks are evaluated and compensated for in determining setpoints.. Identify and describe any modifications planned or taken in response to IEB 79-21. Also, describe the level measurement errors due to environmental temperature effects on other level instruments using reference legs.
RESPONSE
The steam generator level transmitter reference legs will be 3/23 insulated to prevent excessive heating under accident conditions. Setpoints will include errors for high energy line breaks with the insulation. 3 For the pressurizer level, we will review SNUPPS report and determine applicability to Seabrook. REVISED
RESPONSE
SNUPPS did not insulate reference legs in contLinment. We are 5/12 evaluating their approach for application to Seabrook and will advise the NRC on our final corrective action. STATUS: Open. Evaluation of transient heating of steam generator 9/14 reference leg continues. A complete response will be submitted to the NRC. I 420.24 State whether all of the systems discussed in Sections 7.2, 7.3, (7.2) 7.4 and 7.6 of the FSAR conform to the recommendations of ) (7.3) Regulatory Cuide 1.62 concerning manual initiation. Identify (7.4) any exceptions and discuss how they do not conform to the (7.6) recommendations. Provide justification for nonconformance areas.
RESPONSE
Systems discussed in Sections 7.2, 7.3, 7.4 and 7.6 of the FSAR 3/23 conform to the recommendations of Regulatory Guide 1,62 concerning 4 manual initiation. There are no exceptions taken. STATUS: Closed. 5/12 l 420.25 The information provided in Section 7.2.2.2.c.10.(b) on testing (7.2.2.2) of the power range channels of the nuclear instrumentation system, covers only the testing of the high neutron flux trips. Testing of the high neutron flux rate trips is not included. Provide a l-i description of how the flux rate circuitry is tested periodically to verf fy ita performance capability.
RESPONSE
The power range nuclear instrumentation system and all associated 3/23 bistables inclading the rate trips are testable at power. STATUS: Closed. 5/12
420.26 Identify where instrument sensors or transmitters supplying U.2) Information to more than one protection channel are located in a (7.3) common instrument line or connected to a common instrumen. tap. The intent of this item is to verify that a single failure in a common instrument line or tap (such as break or blockage) cannot defeat required protection system redundancy.
RESPONSE
Identical to SNUPPS except we do not share taps for pressurizer 3/23 pressure. There are no shared caps for redundant BOP safety instruments. STATUS: Closed. 5/12 420.27 If safety aquipment does not remain in its emergency mode upon (7.3) reset of an engineered safeguards actuation signal, system modification, design change or other corrective action should be planned to assure that protective action of the affected equipment is not compromised once the associated actuation signal is reset. This issue is addressed by I&E Bulletin 80-06. Please provide a discussion addressing the concerns of the above bulletin. This discussion should assure that you have reviewed the Seabrook design per each of the I&E Bulletin 80-06 concerns. Results of your review should be given.
RESPONSE
We have reviewed the electrical schematics for engineered safety 3/23 feature (ESF) reset controls. In the Seabrook design, all systems serving safety-related functions remain in the emergency mode upon removal of the actuating signal and/or manual resetting of ESF actuation signals. The required testing (per 80-06) will be performed as part of the start-up test program described in Chapter 14. STATUS: Closed. 5/12 l 42r.28 The description of the emergency safety feature systems which is (7.3.1.1) provided in the FSAR Section 7.3.1.1 is incomplete in that it does I not provide all of the information which is requested in Section i 7.3.1 of the standard format for those safety-related systems, interfaces and components which are supplied by the applicant and f mate with the systems which are within the Westinghouse scope of l supply. Provide all of the descriptive and design basis I information which is requested in the standard format for these systems. In addition, provide the results of an analysis, as is l requested in Section 7.3.2 of the standard format, which demonstrates how the requirements of the general design c-iteria and IEEE Standard 279-1971 are satisfied and the extent to which l the recommendations of the applicable Regulatory Guide are l satisfied. Identify and justify any exceptions. I
RESPONSE
Tables supplied in response to 420.32 and the additional 3/23 information to be supplied when answering 420.29 will satisfy the requirements of this question. i
ADDITIONAL
RESPONSE
See'420.29. 5/12 STATUS: Closed. 7/15 420.29 Confirm that the FMEA referenced in FSAR Section 7.3.2.1: (1) is (7.3.2.1) applicable to all engineered safety features equipment within the BOP and NSSS scope of supply, and (2) is applicable to design changes subsequent to the design analyzed in the referenced WCAP. 4
RESPONSE
Discussion of this item was deferred
- .o the next meeting.
3/23 ADDITIONAL 4
RESPONSE
The Seabrook design complies with the interface criteria in (28&29) Appendix B of WCAP 8584, Revision 1. The FMEA in WCAP 8584 is 5/12 applicable to all BOP and NSSS safety features equipment at Seabrook including design changes made to the systems analyzed in WCAP 8584. STATUS: Closed. 7/15 420.30 Section 7.3.2.2 of the FSAR indicates that conformance to (7.3) Regulatory Guide 1.22 is discussed in Section 7.1.2.8. However,_ Section 7.1.2.8 addresses Regulatory Guide 1.63. Correct this discrepancy.
RESPONSE
The reference to Section 7.1.2.8 will be changed in Amendment 45 l 3/23 to Section 7.1.2.5 where Regulatory Guide 1.22 is addressed. l l STATUS: Closed. 9/14 420.31 Using detailed drawings, discuss the automatic and manual operation (7.3.2.2) of the containment spray system including control of the chenical j additive system. Discuss how testing of the containment spray l system conforms to the recommendations of Regulatory Guide 1.22 and the requirements of BTB ICSB 22. Include in your discussion l the tests to be performed for the final actuation devices. l l
RESPONSE
Draft of response submitted to staff..0verview of containment l 3/23 spray system was presented using drawings. System description and l operation were reviewed. Staff questioned redundancy of I temperature system. Tank temperature is monitored by a tempe*ature indicating switch that actuates a VAS alarm and by an l independent temperature indicating controller that controls auxiliary steam to the tank. Fluid systems are totally separable into trains "A" and "B". The electrical systems are also completely separable into trains "A" and "B" as per the piping rystems. Provisions are available for on-line testing of CBS j system as described in FSAR 7.3.2.2. I l
The assignment of components to slave relays for on-line testing is indicated in the ESF table in the respoa:e to 420.32. ADDITIONAL
RESPONSE
The response was clarified to specify that the spray additive 5/12 tank is the tank being discussed. This item is considared closed. STATUS: Closed. 5/12 420.32 Please provide a table (s) listing the components actuated by the (7.3) engineered safety features actuation system. As a minimum, the table should include: 1. Action required, 2. Component description, 3. Identification number, 4. Actuation signal and channel.
RESPONSE
Tables supplied at the meeting are attached. 3/23 STATUS: Closed. 5/12 420.33 Section 7.3.2.2.e.12 discusses testing during shutdown. Describe (7.3.2.2) provisions for insuring that the " isolation valves" discussed here are returned to their normal operating positions after test.
RESPONSE
Administrative controls to ensure that equipment and systems are 3/23 restored to normal after testing will be addressed in equipment l control procedures that follow the guidance of ANS 18.7, 1976. The system inoperative status monitoring panel will be manually actuated when a system is made inoperative. STATUS: Closed. j 5/12 1 420.34 Portions of paragraph 7.3.1.2.f, appear not to apply to ESFAS (7.3) response times. In particular, the discussion on reactor trip l breakers, latching mechanisms, etc., should be replaced by a i discussion of ESF equipment time responses. The applicant should i provide a revised discussion for ESFAS (a) defining specific l beginning and end points for which the quoted times apply, and (b) { relating these times to the total delay for all equipment and to l the accident analysis requirements. L
RESPONSE
FSAR 7.3.1.2.f will be revised as indicated on the attached markup. 3/23 i { i ! l { m-
STATUS: Closed. 9/14 420.35 Using detailed drawings, describe the ventilation systems used to (7.2 & 7.4) support engineered safety features areas including areas containing systems required for safety shutdown.. Discuss the design bases for these systems including redundancy, testability, etc.
RESPONSE
Overview given at meeting on HVAC system for control room. 3/23 Equipment for system is redundant and safety grade. The HVAC instrumentation and control required for safety-related equipment is Class IE and trains "A" and "B" oriented. Radiation detectors for intake air are redundant and safety related. Other systems in the control building are redundant and safety related. Control of safety-related HVAC systems are operated from the control room and those systems required for remote safe shutdown also have local control. The control room outside air intake lines are shared between Units 1 and 2. Each unit has its own controls and isolation valves. STATUS: Cloaed. 5/12 420.36 Using detailed system schematics, describe how the Seabrook (7.3.2.3) auxiliary feedwater system meets the requirements of NUREC-0737, TMI Action Plan Item II.E.1.2 (See question 420.01). Be sure to include the following information in the discussion: a) the effects of all switch positions on system optration. b) the effects of single power supply failures including the effect of a power supply failute on auxiliary feedwater control af ter automrtic initiation circuits have been reset in a post-accident eequence. c) any bypasses within the system including the means by which it is instred that the bypasses are removed. d) initiation and annunciation of any interlocks or automatic isolations that could degrade system capability. i e) the safety classification and design criteria for any air systems required by the auxiliary feedwater system. This I should include the design bases for the capacity of air reservoirs required for system operation. i f) design features provided to terminate auxiliary feedwater flow to a steam generator affected by either a steam line or feed lino break. g) system features associated with shutdown from outside the control room. l l r
5
RESPONSE
Overview of emergency feedwater syste.m was presented to staff 3/23 using drawings for description of system operation. Emergency feedwater system was discussed with staff and it is considered an open item. Significant concerns identified: a) Lack of safety grade air aystem. b) Single f ailure in pneumatic control valve. c) Loss of one train of power while operating from remote safe shutdown panel. d) On-off control of the EFW control valves. ADDITIONAL
RESPONSE
The concerns expressed in this RAl and in the letter, dated 9/14 April 22,1982 (Items A - Y), were discussed in eeetings with ICSB, ASB, RSB, YAEC, PSNH, and UE&C on June 23 and 24 and July 14 and 15, 1982. Our letter SBN-300, dated July 27, 1982, provided response to your April 22 letter. Our letter SBN-321, dated September 7,1982, described the chana,es that are being made to the emergency feedwater system. A draft copy of the revision to FSAR Section 6.8 reflecting these changes is attached. ADDITIONAL
RESPONSE
A revised FSAR, p 6.8-5, is attached that clarifies the train assignment of the normal flow contro? valve. 1/ S3 J STATUS: Confirmatory pending ASB review of recirc line acdificativu and 9/14 ICSB review of the formal documentation. 420.37 Using detailed system schematics, describe the sequence for (7.3) periodic testing of the: a) main steam line isolation valves b) main feedwater control valves c) main feedwater isolation valves d) auxiliary feedwater system e) steam generator relief valves f) pressurizer PORV The discussion should include features used to insure the availability of the safety function during test and measures 'taken to insure that equipment cannot be'left in a bypassed condition after test completion. s.
4
RESPONSE
Periodic testing was discussed using detailed drawings. 3/23 Significant discussion items are: i a) To be presented at next meeting. b) Standard Westinghouse testing system used. c) When testing main feedwater control and main feedwater isolatioi valves using train "A", the system for train "B" remains completely operable. t l d) During testing of emergency feedwater pumps the discharge valve is closed and recirculation valve opened. The system inoperable indication is in accordance with Regulatory Guide 1.47. During testing, the capability exists to test the entire i ESFAS as including actuation of the EFW ' pump. l ( e) Discussed with no comments. f) Discussed with no comments. ADDITIONAL
RESPONSE
The MSIV logic has been redesigned so that periedic testing can be 9/14 performed during normal power operation as el series of overlapping tests. Since the MSIVs cannot be fully closed at power, the actuation logic is blocked by a signal from the solid state protection system (SSPS) test cabinet when the test relay is energized. Operation of the slave relay and the test switch actuates the isolation logic. Proper operation of the logic is indicated at the logic gate that has been blocked. I After the SSPS is returned to normal, the MSIV is exercised by partial stroke closure at a reduced speed. The exercise signal overlaps the actuation test to verify the operability of the complete logic. The restoration of the flow restrictor after the exercise test is monitored, i STATUS: Confirmatory pending review of formal documentation. 9/14 420.38 The information supplied in FSAR Section 7.4.1 does not adequately (7.4.1) describe the systems required for safe shutdown as required by Section 7.4.1 of the standard format. Therefore, provide all tue descriptive and design basis information which is requested by Section 7.4.1 of the standard format. Also, provide the results of an analysis, as requestgd by Section 7.4.2 of the standard format, which demonstrates how the requirements of the general design criteria and IEEE Std. 279-1971 are satisfied and the extent to which the recommendations of the applicable regulatory guides are satisfied. Identify and justify any exceptions. -
. ~ .~ ._= i
RESPONSE
Staff to review handouts presented at this neeting and come back 3/23 with any further questfons. Update list for 420.39 and submit with minutes. YAEC given writto 1 position on safe meutdown, to be forwarded formally. Rewritten FSAR 7.4 la attsched. ADDITIONAL
RESPONSE
The analog instruments associated with the remote shutdown panel 5/12 are Non-1E and are inoependent of the control room instruments. The controls at the ren,te shutdown locations have the same qualification as the controls at the main control board. REVISED
RESPONSE
The design of the controls at the remote shutdown locationc have 9/14 undergone considerable revision to comply with the requirements of 1/83 Appendix R and to be consistent with the changes required for safety grade cold shutdown from the control room. I Since the asme safety grade equipment will be used for remote shutdown withoat a fire, all the associated controls at the remote shutdown locat.ons are safety grade and meet the e,plicable / requirements of IEEE 279-1971, 323-1974, and 344-1975. '/ 83 The instrumentation at the remote locations (with the exception of the wide range nuc1 car instrumentation) are separate loops that are completely independent of the instrument loops that provide indication in the control room. Since the remote shutdown locations are not required to have the controls and indication necessary to control the plant during accidents, the instrumentation at the remoto shutdown locations do not meet all the requirements for safety grade equipment. We have determined that the electronics and indicators at the remote shutdown panels (CP-108 A & B) and the field wiring do meet the requirements of IEEE 344-1975. The transmitters and indicators are mechanically similar to transmitters and indicators that are qualified to 344-1975. We are obt-ining the necessary documentation to certify i that the transmitters and indicators will be operable following a seismic event. W? will be able to certify that the instruments at the remote shutdown panels will be available following all postulated natural pheno ena and, therefore, will meet the design basis of the remote shutdown equipment. This documentation will be available for audit prior to fuel loading. The design for the safety grade wide-range nuclear instrumentation has the electronics mounted se:h that they would not be af fected. by a fire in the control room cable spreading room. The indication that will be provided at the remote shutdown location will be safety grade. We are reviewing a conflict between our Appendix R response (de energization of the SSPS) and the ICSB guidance to meet Apper. dix K (do not disable ESF actuation prior to cooldown). We will provide our position on this item. _ - _ _ _
The draf t revision to FSAR 7.4 submitted with the March 23,1982, meeting minutes is being revised to reflect the latest design of the remote shutdown equipment and will address the positions in your April 21, 1982 letter, item-by-item. ADDITIONAL A revised FSAR Section 7.4 (draft) is' attached.
RESPONSE
1/83 STATUS: Compliance with the Appendix K guidelines remains open, the 9/14 remainder is confirmatory. 420.39 The information supplied for remote shutdown from outside the control room is insufficient. Therefore, provide further discussion to describe the capability of achieving hot or cold shutdown from outside the control room. As a minimum, provide the following information: a. Provide a table listing the controls and display instrumentation required for hot and cold shutdown from outside the control room. Identify the safety classification and train assignments for the safety-related equipment. b. Design basis for selection of instrumentation and control . equipment on the hot shutdown panel. c. Location of transfer switches and remote control station (include layout drawings, etc.). d. Design criteria for the remote control station equipment including transfer switches. ei Description of distinct control features to both restrict and to assure access, when necessary, to the displays and controls located outside the control room. f. Discuss the testing to be performed during plant operation to verify the capability of maintaining the plant in a safe shutdown condition from outside the control room, g. Description of isolation, separation and transfer / override p rovisions. This should include the design basis for preventing electrical interaction between the control room l and remote shutdown equipment. L h. Description of any communication systems required to coordinate operator actions, including redundancy and separation. I 1. Description of control room annunciation of remote control or overridden status of devices under local control. J. Means for ensuring that cold shutdown can be accomplished. I l t l
k. Explain the footnote in FSAR Section 7.4.le4 which states that, " Instrumentation and controls for thase systems may require some modification in order that their functions may be performed f rom outside the control room". Discuss.the modifications required on the instrumentation and controls of the pressurizer pressure control including opening control for pressurizer relief valves, heaters and spray and the nuclear instrumentation that are necessary to shutdown the plant from outside the control room. Also discuss the means of defeating the safety injection signal trip circuit and closing the accumulator isolation valves when achieving cold dhutdown.
RESPONSE
See 420.38. 3/23 ADDITIONAL
RESPONSE
We will investigate the absence of pressurizer level indication in 5/12 the table that was provided iu response to Item a. Response to Item g should refer to 7.4.1.1 and 7.4.1.J.a.5 vice 7.4.11. See 420.36. HANDOUT: a) Table is attached. 3/23 5/12 b) See response to Item 440.13 (attached). 1/83 c) Selector switches are at the same location as the controls. lQ/93 d) Controls are the same safety classification as T.he controls in the control room. Instrumentation is not safety-related. e) The controls are located in areas that are controlled by the security system. The selector switches are key-locked. //f3 f) Verification of the capability of maintaining the plant in a safe shutdown condition from outsida control room will be in accordance with commitment in Chapter 14, Table 14.2-5, Item 33. Reactor coolant pumps will not be tripped for this test. Verification of natural circulation will be in accordance with commitment in Chapter 14, Table 14.2-5, Item 22. g) Isolation is discussed in revised FSARs 7.4.3, 7.4.4, and l /j(g3 7.4.5.f (see RAI 120.38). h) See response to 430.67 (attached). 1) Any switch that is in the local position is alarmed by the VAS. j) See Items a and b. -
k) The footnote has been deleted. See rewritten 7.4 submitted in 420.38. - ADDITIONAL
RESPONSE
a) A revised table will be attached to the meeting minutes. 9/14 1/83 b) Ites-by-lten compliance with RSB BTP 5-1 will be documented in our response to RAI 440.133. d) See 420.38 for the design of instrumentation. i e) The remote shutdown locations are the vital switchgear rooms on elevation 21' 6", two levels directly below the control l /I/f3 room on elevation 75. Access is through the stairwell on the south side of the control building or through stairwells in the turbine building. Access to all levels of the control building is controlled by 1 the station security system. The operators' key cards will allow access to all levels of the control building. Administratively controlled keys are also available to assure l p/f3 access should the security system be inoperable. 1) VAS will be reviewed under 420.49. STATUS: Confirmatory, closely related to 420.38. 9/15 ADDITIONAL a) A revised remote shutdown equipment table is attached. P3SPONSE 1/83 } 420.40 Concerning safe shutdown from outside the control room, discuss the likelihood that the auxiliary feedwater system will be automatically initiated on low-low steam generator level following a manual reactor trip and describe the capability of resetting the initiating logic from outside the control room. Describe the method of controlling auxiliary feedwater from outside the control room.
RESPONSE
Even though the emergency f eedwater system may be automatically 3/23 initiated as the main control room is evacuated, the emergency feedwater syntis can be controlled from the remote safe shutdown panel without resetting the actuation logic. Additional information required by staff is furnished in the response to 420.38 and 420.39. STATUS: Closed. 1 { 9/14 420.41 Subsection 7.4.2 states that, "The results of the analysis which (7.4.2) determined the ' applicability to the Nuclear Steam Supply System safe shutdown systems of the NRC General Design Criteria, IEEE l Standard 279-1971, applicable NRC Regulatory Guides and other
- 1
industry standards are presented in Table 7.1-1". This statement does not address the balance of plant (BOP) safe shutdown systems. Also, sufficient information giving results of the analysis performed for safe shutdown systems cannot be found from Table 7.1-1. Therefore, provide the results and a detailed discussion of how the BOP and NSSS systems required for safe shutdown meet GDCs 13,19, 34, 35, and 38; IEEE Standard 279 requirements; Regulatory Guides 1.22, 1.47, 1.53, 1.68, and 1.75. Be sure that you include a discussion of how the remote shutdown station complies with the above design criteria.
RESPONSE
Closely related to Items 38 and 39. Staff will review to see if 3/23 more response is required. ADDITIONAL
RESPONSE
Table 7.1-1 will be revised to includu the GDCs, Standards, and 9/14 Regulatory Guides listed as being appitcable to Section 7.4. A 3 l draf t revision of Table 7.1-1 is attached. STATUS: Confirmatory. 9/14 420.42 FSAR Section 7.4.2 states that, "It is shown by these analyses, (7.4.2) that safety is not adversely aftacted by these incidents, with the associated assumptions being that the instrumentation and controls indicated in Subsections 7.4.1.1 and 7.4.1.2 are available to control and/or monitor shutdown". Please provide a discussion pertaining to the phrase " associated assumptions". Your discussion should address loss of off-site power associated with plant lead rejection or turbine trip.
RESPONSE
Covered in the response to 420.38. 3/23 ADDITIONAL
RESPONSE
The phrase "casociated assumptions" will be deleted. Loss of 9/14 off-site power will be addressed in the revised 7.4 (see 420.38). STATUS: Confirmatory. 9/14 l 420.43 Please discuss how a single failure within the station service (7.4.2) water system and/or the primary component cooling water system affects safe shutdown. r
RESPONSE
Each of the independent and redundant flow trains of the station 3/23 service water system and the primary component cooling water system is capable of performing their safety functions necessary to effect a safe shutdown assuming a single failure. See Sections 9.2.1, 9.2.2 and 9.2.5 for f urther details. STATUS: Closed. 5/12,
420.44 Using detailed electrical schematics and logic diagrams, discuss (9.2.5.5) the tower actuatio^ (TA) signal which is generated to isolate the normal servic.7 water system and initiate the cooling tower system. Be sure to include in your discussion the possibilities of inadvertent switchover (loss of off-s!te power, etc.) and the - affects this would have.
RESPONSE
The tower actuation circuit is being revised. The revised 3/23 drawings will ne submitted for review. ADDITIONAL
RESPONSE
The TA actuation logic is being revised to correct deficiencies in 9/14 the logic and to provide the design features described in 420.73. Latch relays are now used that require a signal to actuate and another signal to reset. Loss of of f-site power or loss of power to the TA circuit will not cause inadvertent actuation. The redundant cooling tower train will provide the service water function if one cooling tower train does not actuate. FSAR 9.2.5.5 will be revised, marked-up copy is attached. STATUS: Confirmatory pending review of formal documentation. 9/14 ADDITIONAL
RESPONSE
The TA circuit is operable without off-site power since it is 1/83 fed from the emergency power supplies. 420.45 FSAR Section 7.4.2 states that, " Loss of plant air systems will not (7.4.2) inhibit ability to reach safe shutdown from outside the control room". Using detailed drawings, please provide further discussion on this matter. Clearly indicate any function required to reach safe shutdown f rom outside the control room which is dependent on air and the means by which the air is provided.
RESPONSE
Instrument air system is redundant, piping is safety grade and 3/23 seismically supported but appropriate safety grade compressor has not been located. Critical to define how long system can operate f rom accumulator tanks. Staff questioned atmosph3ric relief valve j as to safety classification - valve itself is safety grade but control system is not. This item is still open. REVISED
RESPONSE
Instrument air is no longer required for safe shut. fawn as the 9/14 emergency feedwater control valves and the atmosphocic dump valves no longer have pneumatic operators and the RHR system can be operated without the use of instrument air. STATUS: Confirmatory. 9/14 420.46 Describe the procedures to borate the primary coolant from outside (7.4) the control room when the main control room is inaccessible. How much time is there to do this?
RESPONSE
Handout given to NRC. Staff questioned if MOV's and controls 3/23 mentioned are safety grade. Items a+e safety grade. If problem exists during review, it w'11 be covered under overall discussion l of shutdown. " Adequate time" mentioned in response is minimum of four hours. STATUS: This issue was discussed at the June 23 and 24, 1982, meeting, l 9/14 and is closed. ] 4 HANDOUT: Boration of the primary coolant will require an alignment of the 3/23 suction of charging pumps from the refueling water storage tank ) (RWST) to the boric acid storage tank (BAST). This will be required once the plant starts its cooldown. The gravity feed j from the BAST to the suction of the charging pumps contains manual isolation valves located in the primary auxiliary building. The RWST suction valves contain motor-operated valves (MOV) that can j be controlled from the motor control center in the Switchgear l Rooms. If need be, the MOV's can be operated locally. There is .) adequate time for an operator to follow the procedure since the j plant is in a safe hot shutdown condition. 420.47 Using detailed drawings (schematics, P& ids'), describe the (7.4) automatic and manual operation and control of the atmospheric relief valves. Describe how the design complies with the requirements of IEEE-279 (i.e., testability, single failure, redundancy, indication of operability, direct valve position, j indication in control roca, etc.).
RESPONSE
Operation of these valves from a remote location is not considered 3/23 a safety-related function; therefore, they are not designed to meet IEEE-279. Overview of operation given at meeting. Item l still under review by staff and considered open. 1 1 REVISED l
RESPONSE
The operatora for the atmospheric dump valves are being changed to 9/14 scfety grade operators that will comply with the requirements of 4 j 1/83 IEEE 323-1974 and 344-1975. Safety grade mant:41 control will be provided and will override the non-1E automatic controls. The preliminary design was discussed (i.e., applicable portions of g l IEEE 279-1971). 1 STATUS: Confirmatory pending review of formal documentation. 9/14 l 420.48 Using detailed electrical schematics aci piping diagrams, please (7.4.2) discuss the automatic and manual operation and cont il of the (7.3) station service water system and the component cooling water system. Be sure to discuss interlocks, automatic swf tchover, j testability, single failure, channel independence, indication of l operability, isolatica functions, etc. i
RESPONSE
Reviewed syctes design and operation from drawings and 7 3/23 schematics. Staff will review isolation of non-seismic portion of j service water system during earthquake without another accident. 1 l l ! 1
.. _= ~ _. ADDITIONAL
RESPONSE
Low service water pump discharge pressure (could be the result of 5/12 tunnel blockage due to an esrthquake) will result in tower actuation (TA). The TA signal will isolate the non-seismic L portion of the SW system. 4 ADDITIONAL
RESPONSE
An analysis was performed that shows that a complete failure of 9/14 the non-seismic SW piping will reduce SW pump discharge pressure below the tower actuation setpoint. The non-seismic SW piping is isolated on tower actuation, safety injection and loss of off-site power (see revised 9.2.5.5 in response to 420.44). r STATUS: Open pending ICSB review with ASI.. 9/14 ADDITIONAL l
RESPONSE
As was discussed in tha 9/14 meeting, we have performed an analysis 11/82 that shows that a complete failure of the safety service water r piping will result in a tower actuation that will isolate the non-safety piping and restore flow to the safety users. It was also pointed out that the non-safety piping is isolated by a safety injection signal or a loss of off-site power. Since the isolation is performed for worst case break conditions and for the critical condition II, III and IV events the remaining concern relates to the effect of reduced flow to the safety users for failures of the non-safety piping smaller than the complete failure. Reduced service water flow to the safety users, component cooling heat exchangers and the diesel generators, could affect the - l temperature of the component cooling water or the diesel generator cooling water. The degree of the effect is determined by the I, amount the flow is reduced, the service water temperature and the heat load on the systems being cooled. l A low service water pump discharge pressure alarm is provided at 1 35 psig (tower actuation is at 30 psig). High temperature alarms are provide' at the discharge of the component cooling heat exchaager and on the companents being cooled by component cooling water to alert the operator to the problem with heat removal caused by a reduction in SW flow. A similar but more rapid i occurrence would be a mechanical f ailure of a component cooling l water pump that results in the loss of all cooling water flag. The operator action in all cases of reduced heat removal would be to verify component and service water flows / pressures and taken action necessary to restore flow. One of the primary means to I restore or increase service water flow would be to start the i erandby service water pump if available. If this action proved l inadequate, the next step would be to isolate the non-safety piping. The diesel generator scenario is similar. f ^, I
420.49 The information supplied in FSAR Section 7.5 concentrates on the (7.5) post accident monitoring ~ instrumentation and does not provide surticient information to describe safety related display. instrumentation needed for all operating conditions. Therefore,_ please expand the FSAR to provide as a minimum additional information on the following: 1. ESF Systems Monitoring 2. ESF Support Systems Monitoring 3. Reactor Protective System Monitoring 4 Rod Position Indication System 5. Plant Process Display Instrumentation 6. Control Boards and Annunciators 7. Bypass and Inoperable Status Indication 8. Control Room Habitability Instrumentation 9. Residual Heat Removal Instrumentation Please use drawings as necessary during your discussion.
RESPONSE
All except Item 6 will be covered in response to Regulatory Guide 3/23 1.97. Summary of VAS and annunciator system will be provided. ADDITIGNAL
RESPONSE
Letter SBN-268, dated 5/4/82, forwarded additional information on 5/12 the main plant computer system and the VAS. The annunciators are sesadard lightboxes that respond to digital inputs. Power is supplied f rom inverters and the de system. Audible alarms and controls are shared with the VAS. The alarm sequence is i Operator Alarm Ringback Condition-Action Visual: Audible Audible l Off Off Off 1. Norms 1 Fast On Off 2. Off Normal Flarh 3. Off Normal Silence Fast Off Off Flash 4. Off Normal Acknowledge Steady Off Off 5. Normal Slow Off On Flash (momentary) i r _
6. Normal Reset Off Off Off The annunciator alarms are a subset of the VAS alarms and were selected to provide essential alarms if the VAS is inoperable. The alarm points are shown on Drawings 9763-C-509109 through 509114. Some VAS inputs are obtained from relays in the. annunciator that duplicate the input to the annunciator. Failure of the VAS will not affect the annunciator. FSAR 1.5 will be revised in our response to Regulatory Guide 1.37, Revision 2. STATUS: SBN-268 was discussed on 6/21/82 by NRC/PSNH/YAEC. Information 7/15 was requested on sof tware QA and security; control of alara priority (criteria and method for assigning priorities); management functions; and the use as a Regulatory Guide 1.47. monitor (see RAI 420.10). ADDITIONAL RESPONS8: VAS Software QA and Security 9/14 1. The testing of the video alarm system (VAS) is being conducted as part of the startup test program in two phases. Phase 1 will be run after installation of the computer equipment at the plant site and will validate the functional operation of the VAS system. Tests will be run using projected worst case conditions derived from simulator data. Phase 2 will verify operation of individual computer inputs as plant systems are checked out. 2. Changes to the sof tware af ter the Phase 1 testing has been completed will be controlled by procedure. This peceeduce, under control of the Station Plant Manager, will ensure that changes to the tested software are authorized and adequately l tested before they are implemented. The change control procedure will require operator authorization to make the change, documentation of the change, retest of the affected j system, and integration into the procedures and operator l training as applicable. 3. The following operator change functions are under keylock and i administrative procedure control: l f delete / restore a point from alars.ing i delete / restore a 3roup of points f rom alarming l delete / restore a point from scan i modify a point's alarm limits modify a point's engineering value 4. Procedures will be available for review three months prior to fuel loading: i l ;
VAS Alarm Priority The Operations Group is in the process of reviewing the VAS alarms for priority, alarm nessage, point identification and destination. Their comments will be incorporated in the project documents. The following priority guidelines are being used: Priority One - Immediate operator. response required to: A. Prevent plant shutdown. B. Minimize the consequences of a shutdown. Priority Two - Occurrence of alarm indicates a degradation of a major plant system that could result in plant shutdown, power reduction, or reduced availability of a safety system. Priority Three - Occurrence of alare indicates degradation of a system component or are informational items describing a change of state. STATUS: The VAS software response will be reviewed by the NRC and 9/14 discussed during a conference call to be scheduled later. FSAR 7.5, 7.2.2.2 (13) and (20) are being revised to provide the additional information requested. ADDITIONAL VAS
RESPONSE
A telephone conversation was held on 9/27 with representatives of 11/82 the NRC (R. Stevens, J. Joyce, J. Rosenth.1), PSNH (G. Gelineau, D. Johnson), and YAEC (W. Fadden, R. Marie). The additional response, dated 9/14, was discussed in detail. Significant items of discussion were: 1. The VAS sof tware was produced prior to implementation of formalized quality control procedures for production of software. THe VAS software requirements (functional description) were reviewed extensively by PSNH operations and YAEC (a summary of the development of the VAS software up to the installation of the computer at Seabrook is attached). Computer startup and preparations for Phase I and II testing is in progress. 2. The software change control procedure will be implemented prior to the start of the Phase II testing. 3. All procedures associated with sof tware change control or testing will have an independent review performed. 4. Limited alarm suppression is employed, mainly associated with the status of specific equipment or supression of redundant alarms (see CBS logie diagrams M-503257 and M-503260). 5. The NRC expressed concern that system unreliability be identified and appropriate corrective action taken. -
RESPONSE
The Seabrook computer will be maintained by the Computer 11/82 Engineering Department that has expended considerable money and .1/83 effort to establish the in-house resources required to provide prompt repair of the computer. As the computer provides many aids to the operating staff, its performance is highly visible to station management. Any evidence of unacceptable availability of the VAS function will be promptly identified and reviewed by the /[g] Station Operation Review Committee. The availability goal of the VAS function is 99%. 6. The main computer and the CPU at the remote 1ccations, are provided with full capability backups that will tsetonatically assume all functions on f ailure of the operating computer or C PU. Only data that changes state and returns to its original state during the Icas than 5 second transfer time will be lost. 7. Redundant I/O equipment is not available. Critical paraments i are monitored by different IRTUs so that critical data will not be lost. 8. CRT functions can be manually transferred without loss of data to other CRTs on the MCB. FSAR: j Attached are draft copies of revised FSAR Sections 7.2.2.2.c(13) and 7.5 that provide the additional information requested. 1 ADDITIONAL The Seabrook Post-Accident Monitoring instrumentation complies
RESPONSE
with the guidance of Regulatory
- Guide 1.97 (Rev. 1, 8/77) with the 1/83 exceptions discussed in FSAR 1.8.
A revised FSAR 1.8 is attached. 420.50 If reactor controls and vital instruments derive power from common (7.5) electrical distribution systems, the failure of such electrical distribution systems may result in an event requiring operator action concurrent with failure of important instrumsatation upon which these operator actions should be based. IE Bulletin 79-27 addresses several concerns related to the above subject. You are requested to provide information and a discussion based on each IE Bulletin 79-27 concern. Also, you are to: I 1. Confirm that all a.c. Gnd d.c. instrument buses that could ( affect the ability to achieve a cold shutdown condition were l reviewed. Identify these. buses. l 2. Confirm that all instrumentation and controls required by emergency shutdown procedures were considered in the review. Identify these instruments and controls at the system level of detail. 3. Confirm that clear, simple, unambiguous annunciation of loss of power is provided in the control room for each bus addressed in item 1 above. Identify any exceptions. l l ' l f
.- =- 4. Confirm that the effect of loss of power to each load on each j bus identified in item 1 above, including ability to reach cold shutdown, was considered in the review. 5. Confirm that the re-review of IE Circular No. 79-02 which is J required by Action Item 3 of Bulletin 79-27 was extended to include both Class 1E and Non-Class 1E inverter supplied instrument or control buses. Identify these buses or confirm that they are included in the listing required by Item 1 above.
RESPONSE
Refer to the attached response to IE Bulletin 79-27 and two 3/23 attached responses to IE Circular 79-02. 9/14 1. All 1E and non-1E ac and de instrument buses were reviewed. 1 Refer to the listing of buses reviewed in the a.tached response to Bulletin 79-27. 2. Redundant instrumentation and controls required for safe shutdown are available at the control room and the remote j shutdown location. Loss of an entire power train will not prevent the ability to accomplish cold shutdown with the 3 control and indication powered by the other train. 3. Annunciation of loss of power is provided in the main control room through Seabrook video alarm system. The wording of all alarms is subject to review by the station operating staff to insure clarity. 4. See Item 2. 5. Refer to the two attached responses to Circular 79-02. The buses are listed in the response to Bulletin 79-27. ADDITIONAL
RESPONSE
Item 1 was revised. We will clarify the reviews performed for 5/12 Items 2 and 4. All required instrumentation and controls will be identified. Our emergency procedures will contain the items requested by I&E Bulletin 79-27, Items 2.a 2.b and 2.c. We will provide additional information on our inverters as requested by IEC Circular 79-02 (time-delay, modifications). ADDITIONAL
RESPONSE
Item 1 was revised. The NRC clarified the additional information 7/15 requested in Items 2 and 4. A handout on inverters was reviewed and is included in the meeting minutes.
~. RANDOUT: Time Delay Circuits on Inverters 7/15 1. Class lE 7.5 kVA inverters (I-1A, -1B, -1C, -lD, -lE and -1F). There are no time delays on the voltage sensing circuits on the Class 1E inverters. High de voltage at the output of the-rectifier section will result in tripping the ac input only. Power will continue to be supplied f rom the 125 V de. battery. 2. Non-Class 1E 60 kVA inverters (1-2A and I-28). There are no time delays on the voltage sensing circuit', on these inverters. High or low de voltage at the rectifier section output and high or low ac voltage at the inverter section output will trip the inverter off and force an automatic transfer to the backup ac supply through the solid state transfer switch. 3. Non-Class 1E 25 kVA inverter (1-4). There are no time delays on the voltage sensing circuits on 4 this <averter. High or lov de voltage at the inverter section input will trip the inverter input breaker and force an automatic transfer to the backup ac supply through the solid state transfer switch. No modifications to the lE and non-lE inverter were found necessary as a result of the re-review of IE Circular 79-02. STATUS: Closed. 9/14 420.51 Table 7.1-1 indicates that conformance to R.G.1.97 is discussed 4 (7.5) in Section 7.5.3.2. However, Section 7.5.3.2 is a section of definitions only. We find partial discussion on conformance in Section 7.5.3.1. Correct Table 7.1-1. Also, FSAR Section 1.8 states that Regulatory Guide 1.97, Revision 2, is presently being reviewed and the extent of compliance will be addressed at a later date. Discuss the plans and schedule for complying with R.G. 1.97, Revision 2. ~
RESPONSE
Applicant is working on response to Regulatory Guide 1.97, 3/23 Revision 2. Schedule will be supplied at a later date. i STATUS: We have continued to review Seabrook for compliance with Regulatory. 9/14 Guide 1.97, Rev. 2. We are following the applicable discussions within the NRC, particularly those of the CRGR in relation to SECY 82-111. Will not be an open item on the SER. 420.52 Provide a discussion (using detailed drawings) on the residual (7.6.2) heat removal (RHR) system as it pertains to Branch Technical 1 Position ICSB 3 and RSB 5-1 requirements. Specifically address the following as a minimum: 4 ' 44-
r e 1. Testing of the RHR isolation valves as required by branch 4 position E of BTP RSB 5-1. 2.- Capability of operating the RHR from the control room with either on-site or only off-site power available as required by Position A.3 of KIP RSB 5-1. This should' include a discussion of how the RHR system can perform its function -assuming a single failure. i 3. Describe any operator action required outside the control room af ter a single f ailure has occurred and justify. In addition, identify all other points of interface betweon the Reactor Coolant System (RCS) and other systems whose design pressure is less than that of the RCS. For each such interface, discuss the degree of conformance to the requirements of Branch-Technical Position ICSB No. 3. Also, discuss how the associated interlock cire. try conforms to the requirements of IEEE Standard. 279. The discussion should include illustrations from applicable-drawings.
RESPONSE
The RHR isolation valves can be tested while on RHR by operating 3/23 only one RHR pump, removing power from one valve associated with the operating pump,_ simulating high pressure in the isolation channel for the valve that has power removed 'and verifying that the associated valve in the non-operating loop closes. The system is restored, the sequence repeated for the other isolation channel, cooling shifted to the other loop and the test sequence-repeated. 2 NRC will review reply to RAI 440.23 and 440.24 that address power sources. There is no other system interfacing with the reactor coolant system (RCS) whose design pressure is less than that of the RCS, STATUS: The RSB has conce?ca with the response to RAI 440.23.. They are 9/14 continuing their review. Additional information will be provided on the design of the RHR suction valve-controls and indication _'and time available to restore RHR flow following inadvertent closure RHR suction valves. Information will include alarms for switch position, need for temporary modification, alarm to icdicate valve closure, analysis to consider worst case conditions for all modes, and operator action required. FSAR 5.4.7.2 will be revised. ADDITIONAL
RESPONSE
We will add alarms that will actuate if either suction valve for an 11/82 operating RHR pump is not fully open or if the flow through the 1/83 RHR pump is below the minimum required for pump protection. 4 If the suction valves close due to a power failure in the logic circuit (circuit is designed to fail to the' isolation condition to ensure protection of the low pressure piping), the valves can be reopened at the remote shutdown location. This operation can be performed expeditiously, less than 10 minutes, since selection of j _. -
local control with the keylocked selector switch will isolate the automatic controls, interlocks and remote controls. Local control switches are provided. Temporary curcuit modifications are not required. Selection of local control is alarmed in the Control Room. The opposite train valve will provide automatic isolation on high pressure if a valve is opened using local control. FSAR 5.4.7.2 discusses the effects of temporary loss of RHR flow if the RCS is intact and filled such that the SGs are still available for decay heat removal. An analysis ~of the time available to restore shutdown cooling when the RCS is. vented was performed using the-follow
- ag assumptions.
1. Decay heat load was calculated per ANS 5.1 with a 20% margin based on 102% rated thermal power. rp 2. Forty eight hour delay from sbytdown for cooldown and lowering of vessel level. 3. Vessel' level at center of nozzles. 4. Only water in vessel was considered. 5. Initial temperature of 1400F, maximum for mode six. 6. No losses'to ambient. More than 12 minutes is available before the bulk coolant reaches saturation temperature. If bulk boiling does oct ur it will take a total of more than 50 minutes to uncover the core. This tice can' be extended by adding coolant to the RCS with the operable charging pump. 420.53 FSAR Section 7.6.4, Accumulator Motor-Gperated Valves, states that, (7.b.4) "During plant operation, these valves are normally open, and the motor control center supplying power to the operators is de-ene rgized". Describe how power is removed and how the system complies to ?ositions B.2, B.3 and B.4 of BTP ICSB 18 (PSB). Also, identify any other such areas of design and state your-conformance to the p;sitions of BTP ICSB-18.
RESPONSE
Covered in response to 423.59. 3/23 STATUS: Closed. 5/12 420.54 FSAR Section 7.3.1.1 states that, "The transfer from the injection (7.3.1.1) to the recirculation phase is initiated automatically and completed .(7.6.5) manually by operator action f rom the main control board". I Describe automatic and manual desi n features permitting h l switchover from injection to recirculation mode for emergency core cooling including protection logic, component bypasses and overrides, parameters monitored and controlled and test :
capabilities. ' Discuss design features whf h insure that a single failure will neither cause premature switchover nor prevent switchover when required. Discuss the reset of Safety Injection - actuation prior to automatic switchover from injection to . recirculation and the potential for-defeat of_the automatic switchover 2 unction. Confirm whether the low-low level refueling water storage tank alarms which determine the time at which the containment spray is switched to recirculation mode are safety grade.
RESPONSE
Will be discussed later. 3/23
RESPONSE
The step-by-step automatic and manual switchover operations are 5/12 described in detail in FSAR Section 6.3.2.8 and Table 6.3-7. ' The ECCS/ Containment Spray Recirculation Signal is generated for each train by a combination of the safety injection signal'and low-low
- evel in the RWST. The level signal uses 2 out of 4 logic to prevent premature switchover and to enaure.witchover is accomplished. Each ESF train uses completely redundent equipment for recirculation to ensure that the safety functions are accomplished. The operator is provided with safety grade indicators for RWST and containment sump level, and mantal controls for all the valves required for recirculation so that recirculation can be accomplished without any automatic action.
Non-safety grade but independent-low-low level ala as are 4 available from the VAS and the annunciator to ale. t the operator j of the need for recirculation. The safety injection signal sets latching relay K740 that requires separate action to reset af ter the safety injection signal has been reset. This ensures automatic recirculation on low-low level' in the RWST even if the safety injection signal is. reset before the low-low le'.el is reached. Lights will'be provided on MCB AF and BF to indicate when K740 is latched to ensure that it is reset af ter periodic testing. The light has a lamp test feature. Its-operation is.lso ver fied as part of the periodic testing. ADDi2IONAL
RESPONSE
The independence of the non-safety grade RWST low-low level alarms - 7/15 was discussed. Details will be provided later. Level setpoints are provided in Figure 6.3-6 (Amendment 45). l-ADDITIONAL l
RESPONSE
The four transmitters tt.at provide the low-low level recirculation 9/14 signal will provide an annunciator alarm when any two of the four lk 2 1/83 low-low level bistables have tripped. A wide range level transmitter'will provide an analog input to the station computer. The station computer will generate a VAS low-low level alarm at the same setpoint as the annunciator alarm. STATUS: Confirmatory pending review of formal documentation. 3/14
420.55 FSAR Section 5.2.5.8 states that calibration and functional testing (5.2.5.8) of the leakage detection systems will be performed prior to initial-(7.6) plant startup. Please provide justification since Position C.8 of. Regulatory Guide 1.45 states that, " leakage detection systems should be equipped with provisions to readily permit testing ~for operability and calibration during plant operation". RESPONSE:- The electronics can be tested with plant at power..There are 3/23 readouts that can be checked during plant operation. Radiation sensors can be tested at power because they have check source in them. Level sensors will be channel calibrated in accordance with Technical Specifications. STATUS: Closed. 5/12 420.56 As shown on Drawing 9763-M-310882 SH-B54a, two circuit breakers in (7.6) series are employed in the power and control circuits for the t i residual heat removal inlet isolation valves. Tripping of either i breaker will remove power from the position indicating lights and' valve position indication will be lost. ' Discuss how this arrangement complies with Branch Technical Position ICSB No. 3 which calls for suitable valve position indication to the control room.
RESPONSE
Handout submitted to staff. Valve position indicator lights will 3/23 be powered from different source so that true valve position will always be indicated when power is removed from valve motor by racking out breaker. This applies to RHR interface valves. STATUS: Confirmatory pending review of formal documentation. 9/14 HANDOUT: Two circuit breakers in series are employed in the circuits of 3/23 motor-operated valves inside containment. This is part of the containment penetration protection provided in response to Regulatory Guide 1.63. Refer to FSAR Section 8.3.1.1.c.7a. I Valve position indication is provided on both RCS-RHR interface-valves which are in series. As with any circuit, when power is removed because of a fault, indication will also be lost. We believe that our revised design meets the intent of ICSB 3 position B4. In addition to the normal valve position indication lights, the ^ valve full closed position is also monitored by the station computer to alarm whenever the valve is not fully closed and the reactor coolant system is above the pressure rating of the RHR system. 420.57 Section 7.6.2.1 indicates that the interlock circuits of the (7.6) residual heat removal isolation valves, RC-V22 and RC-V87, have a transmitter that is diverse from the transmitter associated with valves RC-V23 and RC-V88. Discuss the method (s) used.to achieve this diversity. ; -._.2 ~=
RESPONSE
Different manufacturers for pressurg transm12ters are used to 3/23 achieve the diversity. -STATUS: Closed. 5/12 420.58 Discuss conformance of the accumulator motor-ope' rated valves to (7.6) the recommendations of Branch Technical Positions ICSB No. 4.
RESPONSE
Handout submitted to staff. Change response to indicate valve 3/23 position is monitored through video alarm system (VAS). Details-of VAS will be in the response to 420.49. Staff will review adequacy of alarm. STATUS: Closed. 9/14 HANDOUT: The design of the accumulator motor-operated valves conforms to 3/23 the recommendations of ICSB No. 4. Refer to FSAR Section 7.6.4 for a response to Branch Technical Positions B1 and B2. Branch Technical Position B3: Valve position is monitored and alarmed by the video alarm system. Branch Technical Position 34: The automatic safety injection signal bypasses all main control' board switch functions which may have closed the. SI accumulator valve. The safety injection signal will not automatically return power to the de-energized motor control center. 420._5,9 Section 7.6.9 of the FSAR lists the motor-operated valves which (7.6) will be protected from spurious actuation by removal of motor and control power by de-energizing their motor control centers (MCC 522 and MCC 622). The FSAR also states that control of the breakers supplying power to these MCCs is provided in the main control room. Provide the following information: (a) The control the the MCC breaker from the Main Control Board for a typical Safety Injection System accumulator isolation r I valve is not shown on schematic diagram 9763-M-310890 Sh. B35a. Identify the drawing where this is shown. (b) The residual heat removal inlet isolation valves are not i included in the list of valves protected against spurious l operation. State whether protection against spurious action I of these isolation valves is planned and if so, provide information on how it is accomplished. If not, then justify. I i l l l
4 L-.
RESPONSE
(a) Refer to FSAE Section 8.3.1. Alarm is provided in-the 3/23: control room when the breaker is' closed. i-1/83 i (b) Reply given in response:to RAI 440.23:and will be reviewed by .the staff. ADDITIONAL
RESPONSE
We will explain the operation of valves-35,'36, 89, 90 and 93 and 5/12 the ef fects of failure of valve 93 or its position switches, t STATUS: The valve interlocks were discu: sed during the meeting held 9/14 June 23, 1982. Additional information on interlock testing is required. ADDITIONAL
RESPONSE
A telephone conversation was held on 11/10/82 with representatives 11/82 of the NRC (R. Stevens), PSNH (R. LaRhette), and YAEC (W. Fadden) to discuss the operatton and testing of the interlocks. associated with ECCS recirculation. Significant items of discussion were: 4 - .i 1. The pump recirculation line isolation valves (SI-V89, 90,' 93) are provided to prevent RWST contamination and subsequent release to the environment. The valves are arranged so that the line will be isolated assuming any single failure. i Failure to isolate will not affect the performance of the ECCS for cooling the core. 2. The RHR recirculation valves (RH-V35 and 36) are provided so l that either RHR pump can supply both safety injection and both centrifugal charging pumps. No single failure of the SI pump recirculation valves (SI-V89, 90, 93) or the associated i interlocks, will prevent the operation of either RHR recirculation valve. 3. These valves and the associated interlocks will be periodically tested. The test schedule and procedures will be atailable for review three months before fuel loading. ADDITIONAL All motor-operated valves that have power removed to prevent
RESPONSE
spurious operation are provided with redundant valve position 1/83 indication (VPI). The redundant VPI uses a different power supply so that it is operable when the power is removed from the valve motor. 420.60 The following apparent errors have been noted in the schematic (7.6) diagrams. { (a) Drawing M-310980, Sh. B35d, Rev. 0 Contacts 5-5C on LOCAL REMOTE SWITCH SS-2403 appear incorrectly developed. An X indicating contacts closed should appear under the REMOTE column for contact 5 to allow remoto closing of the accumulator valves. != i 4
1 (b) Drawing 9763-M-310900, Sh. B52a, Rev.1 : Motor starter 42 open coil is mislabeled 42/C instead of.42/0. 1 1
RESPONSE
We agree with your observation of drawing errors on the two 1 3/23 schematic sheets mentioned and this will be corrected in the next revision of these drawings. STATUS: Closed. 5/12 420.61 FSAR Section 7.6.6 discusses interlocks for RCS pressure control (7.6.6) during low temperature operation. Using detailed schematics, discuss how this interlock system complies'with Positions B.2, B.3, B.4 and B.7 of BTP RSB 5-2. Be sure to discuss the degree of' redundancy in the logic for the low temperature interlock for the-RCS pressure control. Also, include a discussion on block valve control.
RESPONSE
Reply for the low temperature operation of tne RC pressure 3/22 control will be under RAI 440.11. The block valves and manual controls are Class 1E, train oriented, with controls being on the main control board. REVISED
RESPONSE
Design of the cold overpressure interlocks will be changed to 5/12 make them single failure proof. ADDITIONAL
RESPONSE
The single failure problem with the cold overpressure interlocks 9/14 was related to the use of one auctioneer card in each circuit to arm the other circuit and actuate the same circuit. Redundaut auctioneer cards will be added to each circuit so that the arming and actuating signals will be independent, therefore, no single failure will prevent operation of both relief valves. FSAR I Figures 7.6-4 will be revised. STATUS: Confirmatory pending review of formal documentation, 9/14 420.62 If control systems are exposed to-the environment resulting from (7.7) the rupture of reactor coolant lines, steam lines or feedwater lines, the control systems may malfunction in a manner which would .ause consequences to be more severe than assumed in safety 1 analyses. I&E Information Notice 79-22 discusses certain 4 non-safety grade or control equipment, which if subjected to the adverse environment of a high energy line break, could impact the safety analyses and the adequacy of the protection functions performed by the safety grade systems. The staff is concerned that a similar' potential may exist at light water facilities now under construction. You are, therefore, i requested to perform a review per the ICE Information Notice 79-22 concern to determine what, if any, design changes or operator -
actiona would be eccessary te assure that high energy line breaks w'll not cause control system failures to complicate. the event beyond the FSAR analysis. Provide the results of your~ review including all identified problems and the manner in which you have resolved them. The specific " scenarios" discussed in the above referenced Information Notice are to be considered as examples of the kinds of interactions which might occur. Your review should include those scenarios, where applicable, but should not necessarily be limited to them.
RESPONSE
We will identify key control systems that effect plant safe rf and 3/23 analyze for effects of high energy line break. Review will be completed and formal response to I&E Information Notice 79-22 submitted. STATUS: We have received the memo from Check to Tedesco that provides '420.62 & additionel guidance. Our review is in progress and the required .63) reports will be submitted later. 9/14
RESPONSE
Since questions 420.62 and 63 deal with the same control systems 1/83 and require similar analysis, we have combined the answers. The evaluation required to answer Question 420.62 and 63 consists of postulating failures which affect the major control systems and determining what the resulting event will be. The following are events which were considered; a. Loss of any instrument (due to a high energy line break), b. Loss of power to all systems powered by a single power supply, I c. Break of an instrument sensing line providing input to multiple sensors. The analysis was conducted for the following five major control systems: 1. Rod control 2. Steam dump 3. Pressurizer pressure 4. Pressurizer level 5. Feedwater For this analysis, all operational modes were considered..
4 Loss of Any Single ~ Instrument . Table 1, Sensor Failure Analysis, -is a sensor by sensor evaluation of all sensors, which provide' input to a control loop of the above system and could be affected by a High Energy Line Break (HELB). This table ~does not. include equipment which is located in areas- .that are not affected by a HELB, nor does it include Class lE' - equipment which is qualified ~to operate in its harsh environment. The table provides the particular sensor by Tag number, sensor - t function, failure both high and low, effect of the failure, and bounding event. Loss of Common Power Supplies The five major control systems are powered either f rom a protection set, control group, or Balance of Plant (BOP) Process Control System. The four (4) protection cabinets and the Control Groups 1 and 3 are powered from redundant 120 volt vital instrument buses. Control Groups 2 and 4 are powered from a common 120 volt vital instrument bus. The two BOP Process Control Systems are powered from a. common 120 volt bus. The following table provides the control cabinet and inverter power supply by tag number: Tag i UPS f cpl UPS 1-1-1A CP2 UPS 1-1-1B CP3 UPS 1-1-lC CP4 UPS 1-1-lD CP5 UPS 1-1-1t. CP6 UPS 1-1-1E CP7 UPS 1-1-lC CP8 UPS 1-1-lE CP153 UPS 1-4 cpl 75 UPS 1-4 Table 2 considers loss of power to protection sets and control groups. The table indicates the system, signal affected, itemized effect, and bounding event for each protective set and control g roup. It should be noted that Control Groups 2 and 4 are analyzed separately in this table. This was done to account for the fact that they are powered f rom separate feeders. 'It can be seen from reviewing the table that the effect would be the same if Control Groups 2 and 4 were lost at the same time. Table 3 considers loss of power to BOP process control equipment feed f rom a common power supply. This table also indicates the system, signal affected, itemized effects, and bounding event. 4. .~,-,_..c c.
Loss of Common Sensors There are no common sensors, impulse lines or hydraulic headers that provide signals to two or more control aystems se Seabrook Station. Summary Our review of the five major control systems' clearly shows that the loss of any single sensor or powt-r supply will result in events that are bounded by the FSAR analyses. In addition, we have considered multiple failures of sensor or power supplies and have determined that in all cases the resulting event will be bounded by the FSAR analysis. I e I t 1 l
=, 1 TABLE 1 i SENSOR FAILURE ANALYSIS e SENSOR FAILURE TAG NO. FUNCTION HI/LO EFFECT -BOUNDING EVENT FW-FT-4065 Controls minimum Feed Pump LO Computer alarm and flow indication indicate No event if both i Recire. Valve 4065 and low flow for one feed pump. Minimus Feed Pump Pumps running. If' provides signal for flow Recire. Valve goes full open. above 30% power and indication on MB and only one pump computer alarm. running, SG 1evel will decrease, bounding event loss of normal feedwater. See FSAR Section - 15.2.7. i Hi Flow indicator on MCB indicates high flow for No event. (If at. one feed pump. Minimum Feed Pump Recirc. high flow, pump 3 Valve goes full closed. This will have no continues to operate, affect if actual pump flow is above minimum if at low flow, pump flow requirements. If the as inal flow is below is tripped; the minimum flow requirement, a iow flow alarm will remaining pump or-alert the operator. the startup feed pump would be sufficient to provide required flow.) 4 FW-FT-4064 Same as for FT 4064 (FT-4064 is used in conjunction with pump 32A and FT-4065 is used'In conjunction with pump 32B.) 4 e m m
TABLE 1 SENSOR FAILURE ANALYSIS 1 SENSOR FAILURE TAG NO. FUNCTION HI/LO EFFECT BOUNDING EVENT FW-PSL-4310 Switches provide LO/H1 The failure of any one switch has no effect No event. -4311 NPSH pump trip since they form a 2-out-of-3 logic. -4312 signal to Feed Pump 32A. 4 FW-PSL-4320 These switches preform the No event. -4321 same function for Pump 328 -4322 as-PSL 4310, 4311 and 4312 preform for Pump 32A. FW-PT-508 Feedwater header pressure LO Feed pump speed increases if pump is in auto. No event if pump is provides input to process Flew control valves close to maintain SG in manual. No event controller for feed Pump level if in auto. if pusep and flow ~ speed control.. control-valves fn auto. If flow' control valves are in < manual,:SG level wi11 increase.. Bounding event is excessive. feedwater flow. See FSAR Section. 15.1.2 .Hi . Feed pump speed decreases if'in auto. No event if pump in manual, if in auto, there would be a decrease in SG 1evel. _ Bounding event loss of normal feedwater. See FSAR Section 15.2.7. J ar d
TABLE 1 SENSOR FAILURE ANALYSIS SENSOR FAILURE TAG NO FUNCTION -HI/LO EFFECT BOUNDING EVENT MS-PT-507 Steam generator header LO Feed pump speed decreases if in auto. No event if in pressure provides input to manual. If in au o,. c feed pump speed control. SG 1evel decreases over time. Bounding event loss of normal feedwater. See FSAR Section 15.2.7. Hi Feed pump speed increases if in auto. No event if in mar.ua l. If pump and-level control valves are in auto, valve-will throttle down. 8 There is no event. If pumps in auto and valves in manual, SG 1evel will increase over time. Bounding event is excessive feedwater flow. See FSAR 15.1.2.- .NI-NE-41P Power range Flux auto rod LO No control action. Controlled from high No event. 42P cmitrol Actioneer Circuit. 43P 44P Hi If in auto rods drive in, reactor power Inadvertant opening will decrease, resulting in temperature -of a pressurizer. . pressure decrease. safety or relief valve. See FSAR Section 15.6.1 l l i
TABLE 2 LOSS OF POF;"1 TO CONTROL GROUP 1 (CP-5) P 4 CONTROL SYSTEM SIGNAL AFFECTED AFFECTED ITEMIZED EFFECT BOUNDING EVENT Steam Dump Trip Open Cond No control setion. No event. to Cond
- Dump, Steam dump to condenser Auto Modulation Blecked. Atmospheric dump of Cond valves and steam generator Dump Valves safety valves still MS-PV 3009,10, available.
11,12,19,14,15, 16,17,18,19 and 20 Rod Control Neutron Flux No control action. No event. FW Control Auto control of FW-FCV 510 closes causing. Loss of normal feedwatu. FW-FCV 510, Loss of FW TO SG 1 i & Steam Flow Feedpcap speed may !y Reftrence from decrease. During power Loop.1 to Pump operation this muld Speed Control cause a plant trip on low SG 1evel.. Pressurizer Low-Level Cutoff No control action, auto No event. Level for Pressurizer functions blocked. Heaters and Letdown Isolation I Pressurizer 1: eater Control, Variable heat &r and For loss of power.to CP-5 Pressure Pressurizer spray off. RCS cold over during power operation, the -Spray. Valves pressurization loss of auto bounding event is loss of RC-PCV 455 A&B control for.RC-PCV-456A. normal feedwater, FSAR and PORV During power operation Section 15.2.7 During'all RC-PCV-456A plant will trip on low SG other modes of. operation, level. During all other the bounding event will be modes of. operation, plant either-inadvertent opening will trip on'high or low of pressurizer safety or pressurizer pressure.- relief valve, see FSAR Section 15.6.1, or RCS overpressure, see FSAR i Saction 15.2.2
TABLE 2-LOSS OF POWER TO CONTROL GROUP 2'(CP-6) i CONTROL SYSTEM SIGNAL AFFECTED AFFECTED ITEMIZED EFFECT BOUNDING EVENT Steam Dump Turbine Pressure Steam Dump to'Cond' Blocked No event. to Cond Loss of Load Atmospheric dump and steam Interlock generator safety valves still available. Rod Control Turbine impulse Auto / manual rod withdrawal No event. pressure (PT 505), blocked. Remote Dispatching Neutron Flux-Defeated. FW Control Auto control of FW-FCV 520 closes causing Loss of normal feedwater. FW-FCV 520, loss of FW in SG 2. See FSAR Section 15.2.7 Steam Flow Feedpump speed may Reference from decrease. During power Loop 2 to operation, this would cause Feedpump Speed a plant trip on low SG 1evel. j Controller I8 ^ Pressurizer Auto control of Pressurizer Heaters-For loss of power to CP-6 Level Pressurizer off, Letdown isolated, during power operation, the
- Heaters, charging pump speed bounding event will be loss Letdown isolation decreases.
of feedwater, FSAR Section and charging During normal operation 15.2.7. During all other pump speed. plant trips on low SG modes of operation, bounding level. During other modes event will be inadvertent of operation plant trips opening of. pressurizer on low pressurizer pressure. safety or relief valve, see FSAR Section 15.6.1 or RCS overpressure FSAR Section 5.2.2. Pressurizer RC - PCV-456B No control action. No event. Pressure High pressure PORV remains closed. signal
TABLE-2 LOSS OF POWER TO CONTROL GROUP 3-(CP-7) ,s CONTROL SYSTEM SIGNAL AFFECTED AFFECTED ITEMIZED EFFECT BOUNDING EVENT Steam Dump None No event. To Cond Rod Control Neutron Flux No control action. No event. FW Control Auto control of FW-FCV 530 closes causing Loss of normal feedwater, FW-FCV-530, loss of FW in SG 3. see FSAR Section 15.2.7. Steam flow Feed pursp speed may Reference from decrease. During power Loop 3 to operation this will cause Feedpump a plant trip on low SG 1evel. Controller i f Pressurizer Flow control Loss of normal charging During normal operation Level Valve CS-FCV-121 flow and loss of seal bounding event will be injection. Thermal barrier loss of feedwater, FSAR cooling is available.- 15.2.7. During all During normal operation, other modes of operation, plant will trip on low SG bounding event will be. level. During all other inadvertcat opening of modes of-operation, plant pressurizer safety or will trip on low relief valve, see FSAR pressurizer pressure. Section 15.6.1. Pressurizer Prz Pressure PORV Block Valve RC-V122 No event. Pressure Interlock to . opens. PORV RC-PCV-456A RC-PCV 456A and _ remains closed. PORV Block Valve RC-V/22 Control'
TABLE 2 l' LOSS OF POWER TO CONTROL GROUP 4'(CP-8) i i CONTROL SYSTEM SIGNAL AFFECTED AFFECTED ITEMIZED EFFECT ~ BOUNDING EVENT Steam Dump Steam Heater Steam dump to cond. No event, to Cond Pressure blocked. Atmospheric dump. MS-PT-507, and steam generator safety T Auctioneered, valves still available.. T Referenced i Rod Control Stop Turbine lic control action. No' event. LoadinF, defeat remote dispatching, Rod speed demand and direction control I FW Control .Feedpump FW pump in auto mode, Loss of normal feedwater.. FW Pump Speed Speed Controller pump speed decreases. See FSAR Section 15.2.7 Control
- Signal, During power operation Steam Generator this will cause a plant Header pressure,
. trip on low SG' level. Feedwater Manifold Pressure Pressurizer Auctioneered T Charging flow control During power operation, Level Avg. valve CS-FCV-121 goes. bounding event is loss of closed. Charging pump feedwater. During all spe d decreases. DurIng other me,les of-operation, . power operation plant will bounding event is trip.on low SG 1evel, inadvertent opening of a During all other wodes pressurizer safety or relief of opccation plant will-valve, see FSAR Section trip on low 15.6.1. pressurizer. Pressure Pressurizer Interlock ~to PORV Block valve. No event. Pressure open PORV RC-V124 opens. RC-PCV-456B, PORV RC-PCV-456B remains Open Signal to closed. PORV Block Valve RC-V124
TABLE 2 LOSS OF POWER TO PROTECTION SET I (CP-1) CONTROL SYSTEM SIGNAL i AFFECTED AFFECTED ITEMIZED EFFECT BOUNDING EVENT Steam Dump None No effect. No event. Rod Control Power Range Rods drive in, power Inadherent opening of a Flux decreases, auto rod pressurizer safety or relief Turbine Pressure withdrawal blocked, valve. See FSAR (MS-PT-505) turbine loading and Section.15.6.1 TAVG (TE 411A&B) remote dispatching stopped. This will c 1se a plant trip on low pressurizer pressure FW Control S. G. Level If signal used for control. Excessive feedwater flow. (FW-LT-551 & 554) Feedwater Control Valve See FSAR Section 15.1.2 FW-FCV 510 will go full e open. During power l$ operation, plant will trip on high SG level. Pressurizer Prz. Level If affected signal used Level RC-LT-459 for control, charging pump speed increases, charging flow control valve During power operation CS-FCV-121 goes full open, bounding event is letdown isolated and excessive feedwater flow. heaters blocked. During all other modes of operation, bounding event Prescurizer Pressure If channel is selected will be' either RCS Pressure (PT 455) for control the back overpressure, see up heaters will come on and FSAR Section-5.2.2 or spray will be blocked. increase in reactor coolant inventory, During power operation. see FSAR Section 15.5.2 plant will trip on low SG level. During all other modes of operation plant will trip. either on high pressurizer j pressure or level. 1
J,. TABLE 2 s LOSS OF POWER TO PROTECTION SET II (CP-2). i t CONTROL SYSTEM SIGNAL AFFECTED AFFECTED ITEMIZED EFFECT BOUNDING EVENT Steam Dump. Turbine Impulse Steau dump demanded No event. Pressure (PT 506) but blocked. Rod Control Power range Flux, No control action. No event. TAVG FW Control S. G. Le"el If signal used for control'. Excessive feedwater flow, (FW-LT-552 & 553) FW Control Valve FW-FCV520- see FSAR Section 15.1.2 will go full open. During power operation, plant will trip on high SG 1evel. Pressurizer Prz. Level If affected signal used During power operation, Level (RC-LT-460) for control, letdown is bounding event will be isolated, heaters blocked. excessive feedwater flow,. 5 During power operation, see FSAR Section 15.2.1. Y . plant will trip on high SG During all other modes of level. During all other operation, the boundlag. modes of operation, plant event will increase in will trip on high reactor coolant Inventory,. pressurizer level. see FSAR Section 1.5.2. Pressurizer Prz. Pres:ure No control action No event. Pressure (RC-PT-436) .PORV, RC-PCV-456B, ? blocked. J f 4 j a +-
TABLE 2 LOSS OF POWER TO PROTECTION SET III_(CP-3) CONTROL SYSTEM SIGNAL AFFECTED AFFECTED ITEMIZED EFFECT BOUNDING EVENT Steam Dump None No effect.. No event. Rod Control Power Rsage No control action No event. FW Control None No effect No event. Pressurizer Prz. Level If affected signal used Level (RC-LT-461) for control, charging - pump speed increases, charging flow control valve CS-FCV-121 goes full open, lettown Bounding event vill isolated and heaters either increase in reactor blocked. coolant inventory, see g Pressurizer Prz. Pressure If channel is selected. FSAR Section 15.5.2, or RCS overpressure, see I (RC-PT-457) _ for control the. backup FSAR Section 5.2. heaters will come on and-
- ray will be blocked.
p The plant.will trip in either high pressurizer level or pressure. l l
4' TABLE 2 LOSS OF POWER TO PROTECTION SET IV (CP-4) CONTROL SYSTEM SIGNAL AFFECTED AFFECTED ITEMIZED EFFECT-BOUNDING EVENT Steam Dump None No effect. No event. Rod Control . Power Range Flux No control action. No event. l FW Control None No effect. W event. Pressurizer None No effect. No event. Level Pressurizer Pressurizer If.affected. signal No event. Pressure Pressure used for control (RC-PT-558) PORV, RC-PCV 456 A & B blocked. i I 1 b s
TABLE 3 LOSS OF POWER TO PROCESS CONTROL GROUP (CP-153,175) Power supply UPS-1-4 SENSOR FUNCTION EFFECT BOUNDING EVENT FW-FT-4064 Control of minimum Feed. Pump Recirc Valves If the feed pumps are FW-FT-4065 Feed Pump Recire Valves go full open. operating above 30 percent 4064 and 4065 capacity, SG 1evel will decrease over time causing plant trip. Bounding event i will be loss of normal-feedwater, see FSAR Section 15.2.7. 1 Power Supply PP 122A FW-PSL-4310,11,12 Switches NPSH pump No event. y provide NPSH Trip Blocked. trip of Feed Pump i Power Supply PP 122B FW-PSL-4320,21,22 Switches provide NPSH Pump No event. NPSH trip of Feed Pump Trip Blocked. l ? 'l
420.63 If two or more control systems receive power or sensor information (7.7) from common power sources or common sensors (including common headers or impulse lines), failures of these power sources or sensors or rupture / plugging of a common header or impulse line could result in transients or accidents more severe than considered in plant safety analyses. A number of concerns have been expressed regarding the adequacy of safety systems in mitigation of the kinds of control system failures that could actually occur at nuclear plants, as opposed to those analyzed in FSAR Chapter 15 safety analyses. Although the Chapter 15 analyses are based on conservative assumptions regarding failures of single control systems, systematic reviews have not been reported to demonstrate that multiple control system failures beyond the Chapter 15 analyses could not occur because of single events. Among the types of events that could initiate such multiple failures, the most significant are, in our judgment, those resulting from failure or malfun?. tion of power supplies or sensors common to two or more control systems. To provide essurance that the design basis event analyses adequately bound multiple control system failures, you are requested to provide the following information: (1) Identify those control systems whose failure or malfunction could seriously impact plant safety. (2) Indicate which, if any, of the control systems identified in (1) receive power from common power sources. The power sources considered should include all power sources whose failure or malfunction could lead to failure or malfunction of more than one control system and should extend to the effects of cascading power losses due to the failure of higher level distribution panels and load centers. 4 (3) Indicate which, if any, of the control systems identified in Item 1 receive input signsis.from common sensors. The sensors considered should include, but should not necessarily be limited to, common hydraulic headers or impulse lines feeding pressure, temperature, level or other signals to two or more control systems. (4) Provide justification that any simultaneous malfunctions of the control systems identified in (2) and (3) resulting from 4 l failures or malf..netions of the applicable common power l source or sensor are bounded by the analyses in Chapter 15 i and would not require action or response beyond the capability of operators or safety systems.
RESPONSE
We will submit formal response similar to that subsitted on other 3/23 Westinghouse plants. STATUS: See 420.62. 9/14 ; . w
420.64 RFSAR' Section 7.7.1 discusses steam generator water level control. (7.7.1) Discuss, using. detailed drawings, the operatf on of this control cynten.- Irelude inforaation on what consequences (i.e., overfilling the steam generator and causing water flow into the - steam piping, etc.) might~ result from a steam generator level control channel failure. Be sure to discuss the high-high ' steam - generator level-logic used for main feedwater isolation.
RESPONSE
High-high steam generator level trip vill be' changed to two out of 3/23 four logic. L ADDITIONAL
RESPONSE
S/G level is not programmed as a funct. ion of power level. - 420.67 5/12 from the draf t memo dated 3/22/82 is now 420.70. t STATUS: Confirmatory pending review of formal documentation, j 9/14 420.65 Recent review of a plant (Waterford) revealed a situation where - (7.2) heaters are to be used to control temperature and humidity within (7.3) insulated cabinets housing electrical transmitters that provide input signals to the reactor protection system.. These cabinet heaters were found to be unqualified and a concern was raised since possible failure of the heaters could potentially_ degrade the transmitters, etc. Please address the above designias it pertains to Seabroot. If cabinet heaters are used, then describe as a minimum the design criteria used for the heaters.
RESPONSE
Class -lE electronic transmitters are not mounted in an insulated 3/23 cabinet with heaters for temperature and humidity control. The 1 j subject design, therefore, does not pertain to Seabrook. STATUS: Closed. t 5/12 Note: The NRC memo dated March 22, 1982, on the.SSPS slave relay contacts is now 420.81. 420.66 It is not clear from the drawings provided nnd the description-of (7.2) the turbine trip circuits and mechanisms that the equipment used-to trip the turbine following a reactor trip meets the criteria applicable to equipment performing a safety function. I lt is the staff position that the circuits and equipment used to trip the turbine following a reactor trip should meet the criteria applicable to a safety function with the exception of the fact that the circuits may be routed through non-seismic qualified structures and the turbine itself is noe seismically quallfied. Please provide further discussion on how the Seabrook design meets the staff position. i ~RL3PONSE: We will comply with the attached Westinghouse Interface Criteria 5/12 for Implementation of Turbine Trip on Reactor Trip.. We are discussing the design changes required with General Electric Co., j the turbine supplier. ADDITIONAL l-
RESPONSE
We will provide redundant, safety grade circuits and solenoids-l 9/14 powered from the lE inverters, that are energized to trip the 1/83 turbine. These circuits meet the requirements of IEEE 279-1971-except that the portion in non-seismic areas is not Seismic Category 1. (See RAI 420.21 and 420.29). l [f), STATUS: Confirmatory pending review of formal documentation. 9/14 420.67 The reactor coolatt system hot' and cold leg resistance temperature (7.2) detectors (RTD) used for reactor protection are located in reactor j coolant bypass loops. A bypass loop from upstream of the steam generator to downstream of the steam generator is used for the hot leg resistance temperature detector and a bypass loop from downstream of the reactor coolant pump to upstream of the pumps is used for the cold leg resistance temperature detector..The I magnitude of the flow affects the overall time. response of the. temperature signals provided for reactor protection.- i l It is the staff's position that the magnitude of.the RTD bypass. loop flow be verified to be within required -limits at each ' refueling period and that this requirement be included into the plant technical specifications. Please provide discussion on how the Seabrook design complies with the staff's position. If there are any exceptions please describe and provide justification.
RESPONSE
Westinghouse letter SNP-4340, attached, evaluates the potential 5/12 for reduced flow in the RTD Bypass System due to corrosion product deposition. Based on their analysis, we do_ not consider flow reduction due to crud to be a problem. I l We will verify the bypass flow rates during the preonerational j testing program. The low flow alarm in the combined return line will be set at a value to indicate unacceptable flow degradation in either the cold or hot leg bypass manifolds. This response is the same as was made to Catawba. Tais item is open pending NRC review. STATUS: The NRC reiterated the position that the bypass flow be 7/15 reverified each refueling. Technical Specification revision is required. ADDITIONAL l-
RESPONSE
Preoperational verification of bypass flow will be by test 9/14 procedure that follows the guidance of NAH/NCH-SU-2.1.9, Resistance Temperature Detector Bypass loop Flow Verification. Surveillance procedures.that verify the bypass loop flow will be available 90 days before fuel loading. The surveillance p,rocedure will be performed every refueling. -Any required Technical Specification will be generated as part of procedures outlined in NUREG 0452, Revision 4. STATUS: Closed. 9/14 420.68 Operation o either of two cinurl rea tor trip switches r (7.2) de-energizes the reactor trip breaker undervoltage coils and, at the same time, energizes the breaker shunt coils for the breakers associated with both protection logic trains. It is the staff's position that the plant technical specifications include a requirement to periodically, independently verify the operability of the undervoltage and shunt trip functions. Please describe how the Seabrook design complies with our position. If there are any exceptions please identify with sufficient justification.
RESPONSE
We defer response pending generic resolution of this item by 5/12 Westinghouse and the NRC (Ref. NS-EPR-2588, dated 4/29/82). l ADDITIONAL
RESPONSE
A Westinghouse - NRC meeting to discuss this item is scheduled for - i 1/83 January 26. We support the Westinghouse posi. tion on the proposed testing. We will implement any changes that are agreed upon in-the generic Westinghouse - NRC discussions. 420.69 Several safety system channels make use of lead,. lag or rate signal (7.2) compensation to provioe signal time responses consistent with assumptions in the Chapter 15 analyses. The time constants for these signal compensations are adjustable setpoints within the analog portion of the safety system. The staff position is that the time constant setpoint be incorporated into the plant technical specifications. Please provide a discussion on this matter.
RESPONSE
The time constants are in Tables 2.2-1 and 2.2-2 of the Technical 5/12 Specification. Attached is a revised Table 2.2-2 vith editorial corrections and inclusion of the time constants that clarify Item. 4.E. STATUS: Closed. 9/14 420.70 The present Seabrook design shows that three steam generator level (7.2) channels are to be used in a two-out-of-th_ee logic for isolation (7.3) of feedwater on high steam generator level and that one of the three level channels is used for control. This design for actuation of feedwater isolation does not' meet Paragraph 4.7 of IEEE-279 on " Control and Protection System Interaction". For example, the failure of the level channel used for control in the low direction could defeat the redundancy requirements (i.e., a single failure of one of the remaining channels defeats the. two-out-of-three requirements). Therefore it is the staff's position that the system be modified (i.e., addition of a fourth-protection channel) to meet the redundancy requirements or provida i
an analysis justifying that isolation of feedwater on high-high steam generator level is not required for safety. Please provide a discussion based on the above staf f requirements. . RESPONSE: This was addressed in the March 23-25 meetings as Item 420.67. 5/12 Commitment was made to change _the S/G high level trip to 2 out of 4 (see 420.64). STATUS: Confirmatory pending review of formal documentation. 9/14 420.71 FSAR Figure 7.2-1, Sheet 2 shows a reactor trip initiated by a (7.2) General Warning Alarm from the Solid State Protection System. The information presented in the FSAR does not sufficiently describe this trip signal. Therefore, please provide additional information to describe and justify this reactor trip.
RESPONSE
Th' Seabrook SSPS is functionally similar to that discussed at 5/12 Catawba. FSAR Section 7.2.2.2 will be revised per attached markup as was done at Catawba. STATUS: Cloe 9/14 420.72 Using detailed drawings (schematics, P&ID's), describe the (7.3) automatic and manual operation and control of the main steam and feedwater isolation valves.. Describe as a minimum how the design complies with the requirements of IEEE-279 (i.e., single failure, redundancy indication of operability, direct valve position. indication in the control room, automatic actuation, etc.).
RESPONSE
(a) Discussions on circuit modifications to the MISV. controls 5/12 continue. Response is deferred pending resolution (see 420.37a). (b) The MFWIV's were discussed with 420.37. STATUS: Closed (items called out above were discussed with those of 9/14 420.37). 420.73 Instrumentation for process measurements used for safety functions (7.3) such as reactor trip or emergency core cooling typically are (7.4) provided with the following: a) An indicator in the control-room to provide the operator information on the process variable being monitored which can i also be used for periodic surveillance checks of the instrument transmitter. b) _An alarm to indicate to the operator that a specific cafety function has been actuated. c) Indicator lights or other means to inform the operator which specific instrument channel has actuated the safety function.
.d) Rod positions, pump flows, or valve positions to verify that the actuated safety equipment has taken the action required - for the safety function.. e) Design features to allow test of the inst.rument channel and actuated equipment without interfering with normal plant operations. During recent reviews, it has been found that one or more of the features above was not provided.for certain instrumentation used to initiate safety functions. Examples include instrumentation used to isolate essential service water to the air compressors, l instrumentation used to isolate the non-safety-related portion of the component cooling water system, and instrumentation used to isolate the spray additive tank on low-low level. The staff position is that instrumentation provided to perform safety functions such as isolating non-seismic portions of systems, closing valves when tank levels reach low level setpoints, and similar functions should be provided with alarms and indicators commensurate with the importance of the safety function and should be testable without interfering with normal plant operations. The applicants should provide the staff with a list of all instrument channels which perform a safety function where one or more of the features listed in a through e of the l concern above are not currently provided. For each of these I instrument channels, the applicants should indicate which of the features a through e are not currently provided. The staff position on these instrument channels is further that the ] applicants should: a) Provide an alarm to 15/t( ste that the safety function has been actuated if such an clarm is not in the current design. b) If not in the current design, provide means to inform the operator which speci*ic channel has actuated the safety function. l c) If not in the current design, provide indication that the actuated safety equipment has taken the action required for. the safety function. d) If not in the current design, provide the capability for l i testing each safety function without interfering with normal plant operations and without lifting instrument leads or using jury riga. The capability for testing should include the transmitter where indicators are not provided to perferm operability checks of the transmitters. I The staf f will provide requirements in the plant technical i specifications for testing these safety functions. Please provide discussion on how the Seabrook design meets the above stated staff i position. If there are any exceptions please describe and provide justification. i _ ~., _ _. _..,
RESPONSE
A preliminary list was provided. We are evaluating the missing 5/12 features and will respond at the next meeting. STATUS: Our review concinues. A complete report will be submitted at a. 9/14 later date. ADDITIONAL
RESPONSE
Safety function instrumentation at Seabrook can be divided into 11/82 two general clessifications; actuation instrumentation and control 1/83 instrum2ntation. Actuation instrumentation performs functions that are considered protective functions (i.e., reactor trip and engineered safety features actuation) or are necessary to provide essential auxiliary functions (cooling tower actuation, isolett.on of the non-safety component cooling water piping). This instrumentation is designed to meet the requirements of IEEE 279 and typically has the following features: a) Dedicated indicator in the Control Room, b) Alarm on actuation of a specific safety function. c) Indicator lights on the MCB, VAS alarm, channel indication at the instrument cabinets to alert the operator to a channel in the trip condition and to identify the specific channel, this indication is not applicable to functions that only have one sensing instrument. d) Indication to monitor the performance of the actuated equipment. e) Capability to perform the surveillance tests specified in the Technical Specifications (see Section 7.2.2.2(c)). These tests can be performed without interferring with normal plant //g"3 operation or the use of jury rigs or lif ted leads. The design conforms with the guidance of Regulatory Guide 1.22 and 1.118. Control instrumentation performs functiona associated with the control of auxiliary supporting features in response to changes in a measured variable (start of cooling fans to maintain revironmental conditions, operation of valves to meet minimum flow conditions for a pump). These control functions only affect the operation of one of the redundant safety trains, the other train is available to perform *.he safety function if one train fails. This instrumentation is not designed to meet the requirements of IEEE 279 and typically has the following features: f) Control Room or local indication to monitor the controlled variable. g) Independent alarm in the Control Room if the controlled variable exceeds the expected control band. h) Capability to perform periodic calibration and functional tests. These tests can be performed without interferring /[f) with normal plant operation or the use of jury rigs or lif ted leads. We have reviewed the safety fonction instrumentation at Seabrook to verify the availability of the typical features discussed previously. Table 420.73-1 lists all the instrumentation that does not have all of the applicable features listed, the missing feature is specified with corrective action planned to provide the feature or justification why tne feature is not required. i 1 i w, , ~ r, n .-r,+-g- ,e-- .e m, e ,-n<
l TABLE 420.73-1 Safety Function Instrumeatation Design Features Cooling tower actuation signal (TA).
- 1) Safety Function c) No alarm if one pressure channel has tripped.
Missing Features I Ws c) An alarm will be provided if any pressure channel Remarks is tripped, the specific channel vill be indicated at the instrument cabinet. ! I/#3
- 2) Cafety Function Isniation of non-safety component cooling water piping on low level in the head tank.
c) No alarm if only one level channel has tripped. Missing Fertures e) The containment isolation vr'.ves (CC-Y57, 121, l 6 E3 122, 168, 175, 176, 256, 257) are not tested during power,peration. c) An alarm will be provided if any level channel is Remarks tripped, the specific channel will be indicated at the instrument cabinet. e) The actuation of these valves would cause a l'oss l 6 f3 of cooling to the reactor coolant pumps, the actuation signal is blocked and continuity testing will be performed as discussed in FSAR 7.3.2.2.e..
TABLE 420.73-1 (continued) Safety Function Instrumentation Design Features RWST lo-lo level recirculation actuation.
- 3) Safety Function a
Indication from level transmitters'(CBS-LT-930, Missing Features j 931, 932, 933) is not availe51e. c) Two out of four channels tripped is alarmed. a) Level indicators will be provided to permit Remarks channel comparison. c) Alarm is considered adequate since there are I channel tripped indicators at the instrument cabinet and the function will not actuate unless there is a coincident safety injection signal.
- 4) Safety Function
- Emergency feedwater high flow isolation. s) Indication di not pr( ided for the backup Missing Features instrumentation (i.e., B Train instruments for S/G A&C, A Train instruments for S/G B&D). a) Provisions are available for periodic channel Remarks calibration without interferring with normal plant operations. This includes checking the i full span of the instrumentation. l Only the transmitter zero can be checked during the periodic channel checks as EFW flow to the steam ganerators is not established during tho non-refueling surveillances. The zero for the backup instrumentation can be checked at the instrument cabinets.
- 5) Safety Function
- RHR pump low flow recirculation valve control. Missing Features - g) An independent low flow alarm is'not /ailable, i l Remarks - g) An independent low flow alarm will be provided. l
- 6) Safety Function High temperature start of cooling fans for the emergency feedwater purp house, service water pump house and cooling tower switchgear area.
f) Local indication is not provided. Missing Features l f) Local temperature indication will be provided. l Remarks l l i
ADDITIONAL Based on discussions with the NRC we have reviewed our position on
RESPONSE
testing of the tower actuation signal. The Seabrook design permits 1/83-testing of all actuated equipment in judiciously selected load groups. 420.74 On November 7,1979, Westinghouse notified the Commission of a (7.3) potential undetectable failare which could exist in the engineered r.afeguards P-4 interlocks. Test procedures were developed to detect failures which might occur. The procedures require the use of voltage measurements at the terminal blocks of the reactor trip breaker cabinets. In order to ministie the possibility of accidental shorting or grounding of safety system circuite.durir.g testing, suitable test jacks should be provided to facilitate testing of the P-4 interlocks. Provide a discussion on how the above issue will be resolved for Seabrook.
RESPONSE
In SBN-120, dated May 15, 1980, we committed to the tests described 5/12 in NS-TMA-2204. ADDITIONAL
RESPONSE
We will provide suitable circuits for testing the P-4 interlock. 7/15 Detal?.s will be provided later. l h)D!TIONAL
RESPONSE
Test switches and meters will be permanently installed to perform 9/14 the tests outlined in SBN-120. STATUS: Closed. 9/14 i 420.75 On May 21, 1981, Westinghouse notified the Commission of a (7.3) potentially adverse control and protection system lateraction-(9.3.4) whereby a single random failure in the Volume Control Tank level (6.3) control system could lead to a loss of redundancy in the high head safety injection system for certain Westinghouse plants. Please determine whether this generic problem exists on Seabrook and, if 4 so, how the problem is to be resolved.
RESPONSE
The generic problem is applicable to Seabrook. We are evaluating 5/12 Westinghouse recommendations for procedural changes. ADDITIONAL i
RESPONSE
In SBli-164, dated June 18, 1981, we committed to reviewing the 9/14 plant procedures to ensure that the operators would be properly alerted and would take app opriate action. The procedures will be available for review 3 months prior to fuel loading. An analysis performed by Westinghouse (see NAH-1935, dated April 23, 1982, copy attached) indicates that there is in excess of ten minutes from the VCT low level alarm until the VCT is empty. STATUS: Open pending hRC review. 9/14 i
._ ~ ~ - ADDITIONAL The alarms listed on Table 1 of NS-TMA-2451, dated May 21, 1981 RESPONSES: and attachment of NAH-1935, dated April 23, 1982, are provided 1/83 by the Video Alarm System. 420.76 Discuss the likelihood that emergency core cooling will be (7.4) automatically initiated following a manual reactor trip initiated during a temporary evacuation of the control room. For example, is 1 possible for the reactor coolant afstem to be cooled to the point that the pressurizer empties during the time interval between manual reactor trip and the time an operator can take control of auxiliary feedwater outside the control room? Analyses and operating experience from plants similar to Seabrook should be presented during the discussion. Based upon the likelihood of i emergency core cooling actuation following a manus 1 reactor trip, chould the cenability fct resetting the equipacat be provided outside the control roon?
RESPONSE
Westinghouse has analyzed the transient resulting from 9/14 evacuation of the control room using the following assumptions: 11/82 1. The reactor, turbine, MSIVs, and RCPs vere tripped, in this order, prior to leaving the control room, no' other operator action was taken. 2. The trip was from various power levels from 0 to 100% power with no decay heat (50% power was the most limiting). 0 3. EFW temperature was 40 F. 4. Both EFW pumps operate at the time of reactor trip and provide 1440 GPM. The analysis shows that low main steam pressure safety injection will not occur until more than 568 seconds after the reactor trip. This will provide sufficient time for the operator to throttle EFW flow to stop the cooldown. It should be noted that Assumptions 2 and 4 are extremely conservative. A more detailed analysis using realistic decay heat loads expected during a power ascension and delay in actuation of EFW (actuation on the initial shrink after a trip is not expected) will show considerably more time is available to throttle EFW. If safety injection is actuated, the operator has the capability of terminating flow by stopping the charging and RHR pumps from CP 108 A & B and by tripping the SI pumps at the switchgear. These pumps can be restarted from outside the control room without temporary modifications if necessary. Automatic start of the SI l pumps is not defeated by local trip of the breaker. STATUS: Open pending NRC review with RAI 420.38, 9/14 4, 4 _m e r.
420.77 The I'SAR states that the pressurizer auxiliary spray valve is used (7.4) during cooldown when the reactor coolant pumps are not operating (5.4.10.3) and FSAR Section 7.4 lists the auxiliary spray as a system required for safe shutdown. FSAR Figure 9.3-13 shows thic system as a single path with a single diaphragm operated valve. A single failure could conceivably: 1) Prevent the use of auxiliary spray for cooldown, 2) Cause inadvertent actuation, or 3) Prevent isolation of the system. Using detailed fluid and schematic drawings, please provide further discussion describing the operation of the auxiliary spray system.
RESPONSE
The safety grade power operated relief valves will be used to 9/14 depressurize the RCS during safe shutdown; therefore, the auxiliary spray valvec have been deleted from FSAR 7.4. See the draft revision provided for RAI 420.38. STATUS: Confirmatory pending review of formal documentation. b l4 420.78 Provide a discussion on the termination of possible inadvertent (7.4) boron dilution. Will automatic equipment be used for termination?
RESPONSE
The revised criteria for the boron dilution accident promulgated 5/12 by NUREG-0800 are under review. ADDITIONAL RESPOVSE: We will meet the operator response times specified in NUREG 0800 9/14 following receipt of a flux increase alarm from the safety grade wide range neutron monitor. STATUS: Closed pendinP ICSB discussions with RSB. 9/15 420.79 Descrit-the design features used in the rod control system which (7.7.1.2) 1) Limit reactivity insertion rates resulting from single failures within the system. 2) Limit incorrect seg:ancing or positioning of control rods. The discussion should cover the assumptions for determining the maximut control rod withdrawal speed used in the analyses of reactivity tasertion transients. I
RESPONSE
Section 7.7.1.2.2 of the FSAR will be revised per attached markup 5/12 to describe features that limit teactivity insertions, maximum rod speeds and incorrect sequencing resulting from single failures within the system. This evaluation is identical to that made for the GNUPPS review. The SNUPPS and Seabrook rod control systems are functionally identical. [ o
STATUS: Closed. 9/14 420.80 The FSAR (Section 5.2.2.8) information describing direct position indication of relief and safety valves is insufficient to allow the staff to complete its review. Therefore, please provide additional information on how the Seabrook design complies with' L. each specific requirement of NUREG-0737, TMI Item II.D.3.
RESPONSE
The FSAR will be revised when the details of the valve position 5/12 indication system are known (see 420.05 response). STATUS: Confirmatory (see 420.05(a)). 9/14 480.81 During the Seabrook drawing review it was discovered that j safeguards actuation circuits have parallel relay contacts to handle specific load requirements. The slave relays used for the output of the solid state protection system (SSPS) have apparently j been qualified by Westinghouse for une in circuits drawing a i maximum current of 4.4 amps. It is our understanding that the Seabrook 5 Ky and 15 Ky systems expose the SSPS slave relay contacts to a magnitude of 5.2 amps upon safeguards actuation. The applicant has decided to use parallel contacts to carry the current, relying on simultaneous closure (and opening) of the safeguards contacts upon protection signal actuation. This design concept is unacceptable to the staff. We have concluded that. paralleling contacts may not solve the concern with the current ratings of the Westinghouse slave relay contacts since. closure (or opening) of the SSPS slave relay contacts at the exact same time cannot be assured. One set of contacts will, in most instances, function before its redundaat counterpart thus allowing the full 5.2 amps to that set of contacts. Also, it appears that. the present test methods do not allow for checking operation of 4 each individual set of contacts when paralleled. It is the staff's position that the relays used in the protection system should be qualified for the maximum expected current. The applicant is requested to modify the Seabrook design.to comply with the above staf f position.
RESPONSE
We will perform an independent test to verify the contact current 5/12 carrying capabilities of the SSPS diave relays. The test will-be performed on single contacts controlling actual switchgear - components. Upon completion of the tests, the NRC will be notified on the disposition of the issue regarding the use of these relays. The NRC expressed concern that the testing meet similar i requirements as were utilized during the W testing. Departures should be 3astified. 1 ' 1 -~ ,nn- ..n .a ne ,,..,.a c., we
1 l l ADDITIONAL l
RESPONSE
An independent test was performed to. verify the contact current 1/83 carrying capabilities of the SSPS slave relay. Three relays were removed from the Seabrock SSPS cabinet for use in the test. They will be replaced with new relays. The test was performed using a single set of contacts controlling the close coil and lockout coil f rom the Gould Model 5HK 350 5 kV breaker used in the Seabrook : design. This load is the maximum load that any of the SSPS slave relay contacts energize; approximately 5.5 amps at 137.5 V de (maximum de system voltage). Each relay was cycled 1000 times;. twice the number of operations expected during the lifetime of the plant. A cycle consisted of energizing the load by closing the SSPS slave relay contact for 70 to 80 millisaconds (average closing time for Model SHK 350 breaker). After the 70 to 80 millisecond time, an auxiliary relay interrupted the current flow. The auxiliary relay interrupted the current flow. The auxiliary relay simulated the function of the breaker auxiliary "b" contact which interrupts the closing circuit once the breaker has closed. Two sketches, showing the test-setup, are attacned. i Each of the three relays tested passed the 1000 operation test. Measurements of contact resistance made before and during the test showed that there was less than a 5% increase from the pre-test contact resistance values. Inspection of the contacts upon completion of the test revealed no visible contact wear. ? Based on the results of the SSPS slave relay test, the Seabrook design will be modified to a single contact scheme as was used.for the test. A test report will be available by 2/1/83. t i i
APPLICAT10M -{ ftEVISIONS ~" UN DESCMTION CATC - Am0VE0_ NEXY A0$Y USED ON V; _ x. p _a, ~ l e ) t ..,.= 4 e 4,u,e.,as,w www.* ue 4-W w
- gars w er.w en.t %
.4 .r..r ...-.,>, ~.<es. .- T. E S T P E R F O R M A N C E % ff COPY -- (DATE) (INSPECTOR) l AEv. sTArus m Ev. l l l l l _ l l l l OF 5HEETS SHEET l net. EASE 9-'# er /)* ~.;* CENERAL ATCM!C COMPANY l DRAWN s au we u f 0"ECM#,/, c/m //s A, TITLE f TEST PLAN -Q UE[$N,
- ,p,g,jg
,ffff RM-80 CD)SCIICATIONS PORT b FAUI.T VOLTAGE WITHSTA:D y E" *"EE%)/. a.s ts.,a t 4 2 />, ' U E 3.'.GN A C73VI T T J
- 5..* I C;.CE 10ENT, NO.
G #c. t.0. 7[ f.3 $oc. 3ceg.v.No. e.. a w,,.,- A 32334 o257-So 8 i l .. i.c APF0 sq,4w -/T-E/ ~ t.EVELlQ SCAL l MEY. / l$HEET l 0F a 0:AwlNG l F0nw cAio24Aal >e0 *d - _t946. - N0 81W15 M00&35 IW9 JZ 8 t l E8. 8 t *oQff, i
.' ? t 920.)] f2 .h TRE0RY (Refer to Tig. 1) s The 140 voit sisuisted fasilt voltages are applie4,to, thh RM-80 componi-cation terminals 'at' test block TEL, terminals 1~, 2 and' gro,und. The fuses (F1 through f4) and voltage suppressors VS1 through VS4 provide protection for port A. The voltage suppressors provide voltage clamping to protect.,the EM-80 communication port input semiconductors until the fuses open. Because both active communication ports of the RM-80 have a conson isolated 24 vott power supply, port a terminals (Is4 pium 13 thauugh 10) must also be fuse-protected in-the final installation. This will maintain continuous functional operation of one of the two RM-80 ports on application of the fault voltage. EQUIPMEtiT R50UIRED
- Digital voltmeter, 3 1/2 digic Variac, 0-140 Y ac at 2 'A minimum ovcput Isolation Transformer, 1:1, 500 VA DC Power Supply,140 7 de at 1 A minimum, ' floating output Voltage suppressor, General Semiccaducter Industries Type P6KE22C, 4 e,ach Fuse, 1/2 A, 250 V, Bussman type ACC, as required h
a O co nggjg1 wing g bo g s A ag?{ f as=+& e..,-W, % g g. Operating RM-11 System TEST PROCED_URE_ 1. FORT A VOLTAGE WITRSTAND TEST 1.1. Connect equipment as shown in Fig. 1. 1.2. Verify that the RM-80s are working properly by running a communi-cation error rate test using the RM-11 (see Section 3). 1.3. Subject RM-80 active communication ports to simulated fault voltages, shown in Table 1. 1.4. Repeat the communication error rate test in'~section 3. 1.5. A communication port failure resulting from open fuses vill show up as an ine ease in error race. Record the results for each fault voltage applicacica. ff':..' l AT Drawing No. 0357-9015 Issue / Psge 2 .S.0 0
- d S?26 - HQ1]y15 )t005GW3S IW9 8Esit E8. 81'AON.
.,9 ../ f)$ /3 1.6. Replace blom fuses after recording the results of each fault 1 . voltage app?icatio.n before proceeding with-~the next step. 'l!' -s TABt2 1 ,s-Test Block Terminals (Fort A) Fault condition Port B Status TB1 Fin I tw ground +140 V de Pass / Fail T31 Fin 1 to ground. -140 Y de Pass / Fail Tai Pin 2 to ground +l40 Y de Pass 7 Fail T31 Pin 2 to ground -140 V de Pass./ 1411 TB1 Fin 1 to Fin 2 +140 7 de Pass s/ Fail TB1 Pin 1 to Fin 2 -14G V de Pass w" Fall TB1 Fin 1 to ground 0 to 140 VAc* Pass / Fail TE1 Pin.2 to ground 0 to 140 VAC* Pass - Fail TB1 Fin 1 to Fin 2 0 to 140 VAC* Pass / Fail
- Slowly increase voltage fro- 0 'V to 140 V. ras in no less than 10 seconds, then returu voltage to 0 v.
2. PORT B VOLTAGT, WITR5TAND TEST O.L. Connect test block T'51 to T54-17, 18, 15 and 16 instead of h T54-11,12,* 14 and 13, respectively shown in Fig.1. 2 2. Verify that the M-80s are working properly by running a :casuni- ..lm.. wc, --.. v ma c,4$1on.erecr.,xate tasta,using c,he.RK-11*(ses.Jection=3 bema. e
- 23. Subject M-80 active communicatson ports to si:nulated fault volerges, shown in Table 2.
2.4. Rapest the connunication error rate test in Section 3. 2.5. A communication poet failure resulting from open fuses will show up as an increase in error rate. Record the results for each fault voltage application. 2.6. Replace blown fuses after recording the results of each fault voltage application before proceeding with the next step. d Drawing No. 0357-9018 Issue / Page 3 900*d 1946 - H0!1W15 N0050835 Aus 62:ll Z8. 81*n0H
~- d' S q)d /A t o. TA31E 2 / ~ Fort A Status Fault Condition I g' Test Block Terminals (Fort B)_ Pass V Fail ~ +140 V de ./vFas's7ta11 TE1 Fin 1 to ground -140 V,de ~ -Fiss T Fail 7 Tk1 Fin 1 to':;roded +140 V dc Fass [e Fail ] TB1 Fin 1 to ground -140 V de Fass Fail TEL Fin 2 to ground +140 V dc Fass v' Fati " TB1 Fin i to Fin 2 -140 Y de Fass7 Fail' TB1 Fin 1 to Fin 2 0 to 140 VAC* Fe.v (Tail TB1 Fin 1 to ground 0 to 140 VAc* Pass g Fail' TB1 Fin 2 to ground 0 to 140 YAC* TB1 Fin 1 to Fin 2 0 seconds,
- 5 lowly increase voltage from 0 to 140 V ras in no less than 1 then return voltage to 0 volt.
COMMUNICATIONS ERROR TAIT TE3T 3. 11 Select the first channel of the monitor under tes f the p id dispisy according to the directions at the bottes o 3.1. display. Do Call up the RM-80 diagnostic display from the RM-11 keyb ding to the direc-this by selecting the channel und o test accor 3 2. following tions at the bottom of the display, than key in the g: 1,IT, STOP LOG, set.ECT. Modify the update interval to f see according to,the directio at ghe bottom of the RM-11 diagnostic display. Da 3.3. 15:isTat the*bottoe s..,o 4 'N" ame-+.. # % "#M~- w.%.m.... p.w Zero monitor statistics according to the diY 7: 3.4. of the RM-11 diagnostic display. Wait 4 min and noch the number of CRC 16 errors, framins err A.ind B character errors, and overrun errors received in colun 3.5. t on the BM-11 display. l RM-80 polls, note test failure sad halt the test. Drawing No. 0357-9018 Issue / Fage 4 i l _t926 - N011815 x0038W35 1W9 et* 209 j
. i.. " qg, g /h C CotCENTS _ bl_=m e.seair s hs at fatos As he.7t'.s'b. ~ N U ES3.f /,In2 mna Aa, err m_- /. 4 - 1e,Oielsd d/xt.il.sfr A_ N_,V_ n,$ e cs u n a s te + $s u porl. FNs Ls r ;s elbias.0sm Hs la sr T'$1 foll$4 A.61snenrsed _ t*1re.u ll r3pr}ss M > 4 bre. bfb. 6 su Test Operator d d N Date
- 8/
/ 'f c..u,w, +. A. s..m.e,e m,*s. : r I e ( [ l i l Drawing No. 0357-9018 Issue / Page 5 e
= 3 l TSE h 7 Rtw-fl f I C O W untc4.Yl' orts ,eI / rnrearsch p;
- :+
YO2 2 O'h 5 'l ~~2.4I!{O B OA A t> 's ~ I t? !**T /^31'" ? !2 ) z !?; f s, .n T B l 2. Ino. 9- ~
- 1 R M - BO I
p z. R,m-- s o i 5 TB+ yay TB+ ysy O., +, I Po p,y B _fl._ (5 t l '7 i Ib,r B
- ~
Ig I IB 16 pg i ] Ac n vat. P O R Y .' C pn hii ] l i = ~ Podr G .__t__ T G l ' N
- T.gg
' G T D 8/- i* F '-t--M ' Y.l-II ssm e s.o.s Ys4 r aig. F3 n n E0AT A =-38 --4* ,4 l g I1-a to u. f. } 9,5 3 3 x r,, r=" i + gp ,,g !3 \\ 2 s y. \\Q s$ _l, 8 I vst{vs2 g l l 1 \\ y ' r r)i g 1
- s o7 y
vs35T ' t!.,6t* + r a u ' r v o t r a c,e o., T c G r* G L oc.M Q W-* {g W y' ~ '----+~--3 M M .c u 53
- LIAC*.
'Ee h Y lloVac tt*TCs * ,f, .n.2, 4 ,---e. "Q ?. VS t - VS'l ARE GSI TYrs PL RE 2 2.C j2ev - vassac. s ,ay,,, ^ \\ g ** FI - F4 ARE %. A, 250V, SussukN TYPG AGC '?, ~ ~ j f3 f: s E.,1 [ TEST 66T-LJP /EF l .n.[y [ @ To D/ l ? l z en i
UtiNERAL ATOMIC COMPANY ELECTRoNrc SYSTEMS STANDARL 0357. Issue 9018 ~ / f 1
- " COG #
h,f y Description Manufacturer ModelIo.- Part No. serial No. nn 1;'; '~i". ' , f, o -'-l ~' .1 MM.fo
- / **
- @*s'i10
(/ HgLy [lr Q % f 1 /* A yA 9 7, q E A/n-te. o, . ui-w. '$-~
- vs + 'u m,
GA NA o m .c w g, c , u 4. G \\," i u
- .e S'
~ u er= 5l ~ m w w 8z 3-g r Date of Test _ g-2r prp Test Operator Signature ( d.,. I !._ M h *
- My l
j .r-QC Signature or Stamp __t / f .y i ete a- --C946 - N0!1W15 )e0088W35 IWS ct a t t Z8. 8 t 'n0W v- ,3. . ~,,. ...--. w.
i [*
- Cath 25 (9/79)
ELECTRotJTC SYSTEMS STAtlDARD GENERAL ATOMIC COMPANY t Page 8 (, TEST 'qUIF.M RECORD yo.t 2 i f Tor 0357-9018 Issue / t Calibration Date i Description Manufacturer Model Serial No. Last i Du.e l \\ 'D vm & Je /.o, A 4r AI9i L .5. If-ro l T-8T se. eu,. b 1 # ~El
- L,. m L ~.,,. y a c a, y.,c.t i, n
% -+, i M :, R-,aL.-r-NA u A. n uA. TsoL h._ T.L ~T r? i L N u.m m oA hA N4 P a s a I s,. P e-s &.A. w/A S28 a)A n/A Pover n., Rt.6 &.A ulx .r> 3 2/A Wl4 In}}ndid Pc6
- 4. A.
W/A ez,4 a/A .4 r~at*}noL+ Pc8 4,A N/A o2g 8lA n/4 l. o
- ..s t a a tIo u *-
u, wwi s Data of Test f.
- ) d.+.1r f E
/_ # b.- Test Operator Signature r Y h $ Ylsk_/ QC Signature or stamp Serial Numbers of Icess Tesced bie, / a g'. 4c Senel avnbres bhra l'en IJ. V. P.s ee L s is i v u 2 n o. __ in f 4. stat +in.. cal C PL) Pe.8 64 ss n/A _epu Pe 8 6.. A 84 8/A fist ) ( As) Nt) UsJ)' Vi. t/49 Sun, me t Leu. Gem: 2 8,_2 9, 3 0.I/ nlA R/A NfA 7: U:!s h A,2 Tot fus f Yaoss a a 1 818*d _ _..Jf 6 - No t ty L1 x10.uguat.lus tr i t t ze, e t,*poN
j acce 1 4/* 0./2 Y U 2 TB6 r r o%b.% n ovm. n..+ e- . T..
- w w.e..de. % S M h. S &
. *$ {3:.I.l'%[ onum rm e. we>.s l e I* e e aai.3 i ew <~ dc.:
- ps..,.%.,,...Q..
- a,'),1_-_..':,.
- w. ; f.1..../> I y*vsH by Gewd (4 tv.'. 0~
a .,3
- .Stf...m'.. i.::::4 4
- si.
.e4 '=. a u:.;f{6.':.,. :W
- ,^ {. v 4.. l/ *.**.,*;. :\\;._';,. f.."=.~h".,=.*
- t' p.f.
d ..y i 's f' '
- i I.'/g.'$., $.b,,* ii... 4.N..i.'h.,,. /.. '
'. Y $.".. '* @..'.*.f.?/.r:;,y.c,.,3.y;;;:.p. s.. n.,. y i;fl 0]', ..r. .TW-.., ' - 4 [$. .::t m.cy..r.1 I';:. .. D.... :. I'.F. q..E 1 '" a** s t . y.
- q.... c e..
-.c ' " ' / *. -
- b
'~ ?-
- t..
- 1.. A.:,.,.* 6.
Ib. - 3*
- '}.T %
e
- t" P..j, RC i
4 .'= . v..?... g "l W j.'.h. ' '": h.V ~- 5. (h.I: RC .2.
- 1 a.
2
- 2. w
.,v ...v,n e M:.
- :...., 3..
.st ..n. m.% yL:p. L.. , s.::.:. . e:v ,..:.c w m.a. m. ..u m.. &?..&... -...... .W.. *N$Ab?$..?hyEi?3:0k. S. $h'h.&__& '. 47.-:. .- ? d.C: :Y. ..?'i WW ..n.. .,.u....n. m. w.,.7
- ..,u.A m....,..
- .... 1..
- ~.. : r.a. :.m. g..... p..
- g..g
.m y..n.. n 3......x.,.. ~..: n.
- 4 dbms #@ @$M M ardM.N..,@MWN O
tg* ' ya M . &....v.pyq.. .: ::.e 94.gW :r 7.g p
- 3... ;.
P.._ i ps. ~l. M,... .,... e.. .c. .. ~.... a.... .,i.,... g~,.1, ..~... ...,w. c,.:.. ..,..... s 1 s .pA...,. ]r. <.4 .S s.....
- .......n,-:....
. c.
- .,; e-r
- o...l.p.
g.,, . S. ~.* .....g:::. :v<. ;. : ; n.9. ',.:....j;.y;.$ p' %.' # * ##'q...,.. v.;. "~W 7..ce
- y.
'f :... ' -. ~~-- .:.. n.- c.. ....h...
- a. -
1 . pc . ~*' g,"l; t t.. r $ eg."..'.g; u., ("*.. T., p,
- h.,.,4.ff;.s..
J,=., ;.,.eg.*,t.pp.y,...*{; agg,g g.{..g;,y,, s,. .7 'a ...,7
- 45
- J*.m..Td :..l. ;f..,
'. t,.. -.. r,3.., e, ~%.. u., g, s 4,.,. .. e t. t..dl,,g_es e o,-. .4
- e.,v=.***?.*l' t.,s.
s. .-.1 .i - yr.,5 '. r.. h k
- .. t'A'*.
- s.,. * * -
,,s.1:F J =
- .J,.F r
%"'sh; .,g ,,4 nap: . ? W. w.,. n'Mr.'s.e r :.:b.i. e.vi e:.i '., # :.,9,g..~.h ;%... ^ ...e.J; *.'T'.h. t 1 c
- n. d.,..,:,.g.f
, *a ys: r-
- T*,.A
?.'
- R*A b*W9fj;
?.:: *.$ %:n Yo/3.ts;'% TX.' h*, ** Bh?)
- e L..
g J.,,t i .k. ~..e d; ' .: i., ' '='^" V. x,,.. g.,l
- .j.K*.~.r':,'
[ ~, h h 's , g. 4 - ,g .,t. *p y i l'
- l;; s. ?===
3 .>Vi *. ' a ' . Z. ...x.... e. ....\\. n ~., ., [. > ' Jl*Cg, *. . ' ~, ,,pc 4.--- c. l-ep
- f. -
i .a ..:u. <..
- f..
e N <a ~..:.. _ ;n e, w..u.. J f.,. i ..7 m,.%. ......v r ..%. rr.. j ~. o..- ..----vu .m m ,.w.m.. i .---......e vf-.w.m i.- u-- .n.w r. -.n--- IP. l
- a. b,*t: ".......
~$ -.
- .1 *^'.:.G A- :N*
...y...-.. ,.7, i...,,..q .g.
- g..,
o. l. g, j. ,. d. 3.,. . M. E..,.., M.. l'.'Z.,[.: [@ g kk [.,d. f :*::,c. 4 .. a......,.. M:..p&.,,.,.,..J.,nc.x.r.e
- n. :. '.h.:.,
.,p, ...>. J.....u.s1.sA: e... , ~.. y .v g.. v..w.. .o. 6t n w:
- .... r....'
.w .........w ~ L M.,c. :.%.......Y... w. \\... 'T i W V. M~ #. i Wa. ++W. % %n *.n. k ' s. ..:-) .c .~ ' %); . e ") . L,Q.T i;;. x _ _. _ =
- w
. m _. m.
9 cy: S' I (! / puSL fugG riunsnur t2 ciewc mannroR unc rMfon ram. an unc ^ A m %E 5U$2 y,s.p-(ryd Sir FI A u!CE 3 Fo r'- O erhlL 1 or TkhU S E0% jsar/ W D i ) %#s?w'LA7 w/- l Fl& U R E 2. ( a g SILICON CONTROLLEb '~ 2inCR R GCToflER CN DI6b 6 IHLon/W4 LO Q y WLT&cg ' CA PR C o rc e ,m lI J Te an>> ;=5 e a I so, s,,,4 F I C, u R E 3 ,,.v_
,Y A /.- .[ Periodic Testing of Electric Power Re nula riry Cuide 1.118 ',/78)(/?/JF/j //[7) and Protection Systems C w. M Tie M electric power and safety system testing will comply with this
- r. gubtory gui.f c.
!!cu;;c.,- !3SS-3 33 - 19 7 5 scher ther IEEE-333-1977 "n u.44. L. ha a. DGY .u. W. ~ N I p. '. e 1 treatf1 "should" sQ ements IM-d-r.commendati s to be
- 1) #cd only tts disc t'on.
De tailed.pe r i tierrs m the segulatory positions are presented below: c444'6 MW'% ,j g j jffg g-p Regulatory Position C.2 he--NSSS--supplier-interpret-e " Protective Action Systems'f'4to mean the electric, instrumentation and controls portions of tftose protection systems and equipment actuated and controlled by the protection system. I "E Regulatory Position C.6 f.quipment performing control functions, but actuated from protection system sensore, is not part of the safety system and will not be tested for time response. (, f y Regulatory Position C.10 Testing, although not tied to accident conditions, will be tied to the range of the parameter that is varied. This range is determined by expected design basis event conditions and anticipated operational occurrences & thereforc chie sola yeaitice ir cencidered *;y the - NSShupplicr - te - be met. w Regulatory Position C.11 Status, annunciating, display, and monitoring functions, except for thoce related to the Post Accident Monitoring System (PAMS), are considered by-the-NSSS-supplier-to be control functions. Reasonability checks, i.e., comparison between or among similar such display functionr, will be made. Otherwise, the clarification note in Item 1 above, pertaining to Position C.6, is observed. C A Regulatory Positions C.12 and C.13 Response time cesting for control functions operated from protection system sensors will not be performed. Nuclear Instrumentation hystem detectors will not be tested for time response. (See Table 3.3-2 of the Technical Specifications). Thc "exce'"'A =" 4 -c r ~ - - L The 1E electric pover and safety systee design and testing vill also conform to the guideance of Regulatory Guide 1.118 (Rev. 2, 6/78) and
9.2d /7 p.2, nw the requirements & IEEE 338-1977 with the following clarifications: ) " Protective Action Systems" is defined to mean the electric, instrumentation and controls portiens of those protection systems and equipment actuated ar:d controlled by the protection system. Equipment performing control functions, but actuated from protection system sensors is not part, of the safety system and will not be tested for time response. Status, annunciating, display, and monitoring functions, execpt those g related to the Post Accident Monitoring Systems (PAMS) are considered to be 3 control functions. Reasonability checks, i e., comparison between or among l similar such display functions, will be made. 6
+ 92$. IS SB 1 & 2 FSAR valves in each breed line is provided with fully independent powe'r ' supplies, instrumentation, and controls to ensure that at least one of the vilver in each branch line can be closed when needed. All eight valver can be operated from the MCB. Four of the valves, one in each branch can also be ope.'ated trce a RSS panel and the remaining four valves, one in each branch, can be operated from a second RSS panely thus, complece redundancy is provided to control flow or to isolate any steam generatoi la the event of pipe breaks. A flow orifice and associated instrumentation are prefided in the common pump discharge recirculation path to the CST. This instrumentation is provided to permit periodic testing of the pumps to verify proper head-flow characteristics. t' &c humav asrax ssams da wsne p~ ou 7n's Mcd A*P' 7n's ESS A4"al 2m' 7Mr Tw m a s 7 A N rz w e' x W e gg WMLs Hobt&f/ HJa0 rw anae o tw ra anuawrw ssa 47stasVW46& /i'sA/af NJ//0 R'f Y#5 Yd[4 c. 1 gyy yyg p gg j,ca.c vdA & f/ M oTAd M 9 MN M
- y 9 9,492 lMD'dJ App B & M*1 sera B ww
- flV55 g,y,sc
- 3
- t
'N, i 6.8-6 Q = = = ~a c ~ ~ ~ ........L~--.:--~..==-.- --- ~ ~.
DeH=r %0 " 7.4 . SYSTEMS REQUIRED FOR SAFE SHUTDOWN The purpose of this section is to outline the capability for a safe shutdown. The functions necessary for initiation of safe shutdown are available from equipment that is associated with the major systems in both the primary and secondarv portions of the plant. systems. This equipment is normally aligned to serve a vat:1ety of operational functions, including startup and shutdown as well as protective functions. There are no identifiable safe shutdown systems, per se. However, prescribed procedures for securing and maintaining the plant in a safe condition can be instituted by appropriate alignment of selected systers. The discussion of these systems, together with the applicable codes, criteria and guidelines are found in other sections of the l l FSAR. In addition, the alignment of nautdown functions associated with the Engineered. Safety Features which are invoked under postulated limiting fault i situations is discusst:d in Chapter ti and Section 7.3. The functions discussed in this section are the minimum required to be aligned for maintaining safe shutdown of the reactor under non-accident conditions. These functions will permit the necessary operations that will: l a. Prevent the reactor from achieving criticality-in violation of the Technical Specifications, b. Provide an adequate heat sink such that design and safety limits are not i exceeded, and c. Provide a path to achieve the cold shutdown condition. 7.4.1 Capabilities Required for Safe Shutdown The list provided below identifies the capabilities required for achieving and maintaining a safe shutdown. The determination of systems required for safe j shutdown is based on providing these capabilities: ~a. Decay Heat Removal b. Reactor Coolant Inventory and Pressure Control c. Negative Reactivity Addition Control i d.- Elcetrical Power Supply 7.4-1 ~
1 .,20.' $ $ t. Plant Cooling i . f.. Process Monitoring g. HVAC h. Sampling 7.4.2 Safe Shutdown Control Locations The Main Control Room is the primary station for safe shutdown control of the - plant. In the extremely unlikely event that the Main Control Room becomes uninhabitable, the plant may be brought to and maintained in a hot shutdown condition using alterr~.te control provisions outside the Main Control Room and subsequently to cold shutdown.through the use of suitable procedures. Safe shutdown, remote from the Main Control Room, can be accomplished by taking control of the plant from the folicwing Remote Safe Shutdown (RSS) locations. These are the minimaa number of centralized locations from which hot or cold shutdown (including emergency diesel startup and control) can be accomplished on a unit basis: a. Remote Safe Shutdown Control Panels - CP-108A and B b. Diesel Generator Local Control Panels - CP-75A (DG-1A) and CP-76A (DG-1B) c. Electrical distribution equipment in Switchgear Room A and Switchgear Room B Consistent with the design basis criteria, the reactor, MSIVs, and R0Ps will be tripped from the Main Control Rooms for any safe shutdown. 7.4.3 Control Room Evacuation The Main Control Room is the primary station for safe shutdown control of the plant and is designed to be available at. all times. It is nevertheless postulated that Control Room evacuation may be required in the event that Control Room habitability is compromised or insufficient control and/or monitors are available due to a fire. 7.4-2
h0$ The two scenarios identified above, requiring Control Room evacuation, are addressed by separate procedures. This is necessary to assure an effective transition of control from the Main Control Room to the remote shutdown locations under substantially different operating conditions. In the case of Control Room evacuation not related to a fire, it is necessary to assure safe shutdown capability using redundant safety grade equipment with control and indication outside the Control Room. In the case of Control Room evacuation due to a fire, it is necessary to assure that one train of systems necessary to achieve and maintain hot and cold shutdown conditions is free of fire damage. 7.4.4 Igitial Operator Actions Safe shutdowr. will normally be accomplished from the Main Control Room utilizing' safe shutdown equipment. In the event that safe shutdown is conducted from outside the Main Control Room, Remote Safe Shutdown procedures will apply. Remote Safe Shutdown procedures will require that the reactor, the main steam isolation valves, and the reactor coolant pumps be tripped prior to Main Control Room evacuation, thus establishing a hot standby condition. It should be noted however, that the capability exists outside the Main Control Room to aceccplish these functions. In the time interval required for the operators to evacuate the Main Control Room and man the RSS locations, decay heat removal is accomplished automatically by the steam generator safety valves. No other function is required initially to maintain a decay heat sink for the reactor. Upon arrival at the RSS locations the operators will transfer control of safe shutdown equipment to the RSS locations by means of key-locked LOCAL-REM 0fE selector switches. Access to the keys required for operation of the RSS location controls is administrative 1y controlled and will be available when the Control Room is evacuated. Equipment that was operating prior to transfer to the RSS locations will -continue to operate during and after the transfer. 7.4-3
U$.3 f 7.4.5 Safe Shutdown Functions The following monitoring and control functions are provided for safe shutdown. These functions are provided in the Control Room and the RSS locations unless stated otherwise: a. Decay Heat Removal Secay heat transfer is made possible by natural circulation in the RCS. It will be monitored by Thot, Tcold, and RC3 pressure indication. RCS temperature is controlled by the steam generator Atmospheric Relief Valves (ARVs). Steam generator water inventory is controlled by operating the emergency feed pump (s) and associated emergency feedwater flow control valves for each steam generator. Long-term plant cooldown is provided by the RhR System which transfers decay heat from the RCS to the Primary Component Cooling Water (PCCW) System. b. Reactor Coolant Inventory and Pressure Control l Operation of portions of the Chemical and Volume Control System (CS) to compensate for RCS leakage and cooldown volume shrink is accomplished using a centrifugal charging pump and a borated water supply. The charging flow path will be through the Boron injection Tank (BIT) flow path. RCS inventory will be monitored through pressurizer level. The source of borated water for the charging flow will be from the Boric Acid Tanks (BAT) and/or the Refueling Water Storage Tank (RWST) with the Volume L Control Tank (VCT) isolated. The Pressurizer Power-Operated Relief Valves (PORVs) and two banks of pressurizer heaters are used for RCS pressure control. Following the initiation of plant cooldown and depressurization from the remote shutdown *.ocation for a remote shutdown without a fire, the Solid-State Protection System output cabinets are de-energized to prevent 7.4-4
[ 420.37 ~ i I
- safety injection. - These output cabinets can be re-energized at any time and will provide the safety function should it be required. Additionally,
- during.the cooldowd process, the Safety Injection Accumulators are l
isolated or their cover gas vented. r l- . c. Negative Reactivity Addition Control _ Operation of the boration portion of the CVCS to assure sufficient shutdown margin for a plant cooldown is accomplished by operating a single -centrifugal charging pump taking suction from one of the Boric Acid Tanks and the Refueling Water Storage Tank. d. Electrical Power Supply Emergency electric power system (EDE) controls and instruments which are required for Remote Safe Shutdown are provided at remote shutdown locations. 'The EDE System, which includes the diesel generators, emergency buses, inverters, batteries, and their associated equipment, is designed to provide electric power to equipment required for safe shutdown. Thr. diesel generator units start automatically following a loss of off-site ac power or on a Safety Injection (SI) signal. Manual control of diesel startup is provided locally at the diesel generators as well as in the Control Room. If the Control Room is not evacuated, the Emergency Power Sequencer (EPS) will automatically sequence the diesel loading, fo. lowing a loss _of off-site power. Those loads that do not have their control transferred to the RSS locations will be automatics.lly sequenced onto the diesel by the EPS. The loads that have been transf. red to the RSS locations will be tripped on e7dervoltage and will be manually loaded on the diesel generator. Manual-loading will be coordinated with the operator at the diesel generator to prevent overloading. 7.4-5
8 e. Plant Cooling System Operation of at least one Service Water /PCCU train is required to meintain equipment cooling and for subsequent RHR operation. Cooling tower actuation would automatically be initiated from low Service Water Pump discharge pressure for a seismic event of sufficient magnitude which collapses and blocks the intake tunnel. f.. Process Monitoring Observation of various vital plant parameters relied on to achieve and verify safe shutdown is available from redundant instrumentation in the Main Control Room and the RSS locations (see 7.4.7). g. HVAC Operation of the Ventilation / Cooling Systems for the Diesel-Generator Building, Primary Component Cooling Water Pump area, Emergency Feedwater Pump House, Service Water Pump House, Switchgear Rooms and Containment Enclosure Area is required to maintain the long-term habitability within these heat generating areas and keep temperature below equipment limitations. h. Sampling The boron content of the RCS uill be verified for the cooldown. The boron l content in the RHR System will also be verified prior to system initiation. Initially, control and monitoring of vital plant parameters for the above functions vill be performed by the minimum on-site operating crew. Hence, indications and centrols for all pumps, fans, and critical valves, which may be operated initially by a limited number of operators, have been consolidated into a minimal number of locations. 7.4-6
hY 7.4.6 Analycis Hot; standby is s' stable plant condicion, automatically reached following a plant trip. The hot 'standb; and hot shutdown condi'tions can be maintained . safely for an extended period of time. In the unlikely event that access to the Main Control Room is restricted, the plant can be safely kept at not r atandby, hot shutdown or brought to cold shutdown, by the use of the equipment ~ listed in Subsection 7.4.7. The required indicators and controls are provided in'tha Main Control Room and the RSS locations. This equipment, with the exception of the pressurizer heatets and the indication at the RSS locations, - is redundant and safety grade and meets cae applicable requirements of IEEE 279-1971, 323-1974 and 344-1975. Failure of a single component will not g prevent safe shutdown.from the Control Room or the RSS locations. The pressurizer heaters meet the requirements of NUREG-0737, Item II.E.3.1 and are provided with manual controls in the Main Control Room that override all . inter)ncks. [ Control provisions at the RSS locations consist of selector switches that isolate;the liain Control Room and transfer control to tF9 RSS locations, and control switches to perform the manual control functions (the MSIVs only hive selector switches that also close the MSIVs when local control is selected). Selecting local control initiates an alaam in the Main Control Room, turns off the MCB indicating lights and isolates all automatic functions, interlocks and Main Control Room controls that rely on Ma*n Control Room equipment or cables. The Main Control Room Instrumentation is Class IE. Instrumentation at the RSS locatu_ns is independent of the Main Control Room instrumentation. It is' activated continuously so that its availability can be monitored.;.The RSS instrumentatian will be available following all natural phenomena. 7.4-7
ll Lu 32 Portions of the Instrument Air Systet may be used fer the RHR air-operated valves necessary for safe Shutdown. Normal operation of the RHR System utilizes instrument air for the control of the RHR heat exchanger outlet and . bypass valvea. Should the instrumen* air system be unavailable, a backup, - . safety grade, manust.ly-operated air systen has been provided. Tiis system consists of high pressure air bottles and a manual c.ir loading station to allow control of these RHR valves. This manual air loading station will be located at the top of the RHR vaults. Startup and continued operation of the RHR System is not dependent upon the control of these valves. With the unavailability of both the above mentioned air systems, the RHR heat exchanger bypass valve will fail to the closed position and the RHR heat exchanger outlet valve will fail to the full-open position. This failure moae provides tull RHR flow through the RHR heet exchanger. Analysis of system startup and operat an under these conditioas has shown that an acceptable cooldown rate of less than 50 F/hr will - result. Therefore, plant operation et hot s~andby and cooldown to cold shutdown can be accomplished without the use of the Instrument Air System. Safe shutdown controls and indications include provisions for testing and calibration during refueling outage. Communications between the various control locations are provided to assist in coordinating action and monitoring of the plant parameters during the remote shutdown procedures. 1 The safety evaluation of the maintenance of a shutdown with these systems and associated instrumentation and controls has included consideration of the event consequences that might jeepardize safe shutdown conditions. The event consequences that are germane are those that would tend to degrade the capabilities for boration, adequate supply for emergency feedwater, and residual heat removal. 4 The.results of the analyses are presented in Chapter 15. Of these, the f311owing evants will produce the most severe consequences that are pertinent: a. Uncontrolled Boron Dilution (see Subsection 15.4.6). L 4 - 7.4-8 _, - ~
- ~ - _ ~ _ Md.1 c b. JLoss of Normal'Feedwater (see Subsection 15.2.7). c. Loss 'of External Electrical-Load and/or Turbine Trip (see Subsections ' 15.2.2 and 15,?. 3). = d.. Loss of Non-Encrgency AC Power to the Station Auxiliaries (Loss of -Off-Site Power) (see Subsection 15.2.6). "It-is shown-by these analyses,1that safety is not adversely affected by these ] events, assuming the equipment indicated in Subsection 7.4.7 is available in the Main Control Room to control and/or' monitor shutdown. These available . systems 'will allow maintenance of hot standby and cooldown to cold shutdt,wn even during the events listed above which would tend toward a return to . criticality or a loss of heat sink. In the unlikely event that the Main Control Room is uninhabitable, alternate control provisions are provided at the RSS locations. Safety is not adversely affected by event a., uacontrolled boron dilution (see Section 15 4.6). Events b., c., and d. do not have an adverse effect since the Remote Safe Shutdown equipment can be powered ' by emergency power and a plant trip initiated by Main Control Room evecuation will put the plant in a safe condition. : The station service water system is explained in Section 9.2.1. The safety evaluation is presented in Subsection 9.2.1.3. The Primary Component Cooling Water. System is explained in Section 9.2.2 and the safety evaluation is presented in Subsection 9.2.2.3, in detail. The results of the analysis wh'ich determined the applicability of tha NRC General Decign Criteria, IEEE Standard 279-1971, applicable NRC Regulatory LGuides, and other-industry standards, to the equipment required for safe shutdown, are presented in Table 7.1-1. 7.4-9 s ge
Yh~ 7.4.7 Equipment Required for Safe Shutdown The redundant equipment listed below e required to initially place and maintain-the plant in the hot standby condition and subseq.:ently achieve the cold shutdown condition. These functions can be accomplished from either the s Main Conttol Room or, in the 77ent that the Main Control Room is evacuated, duplicate controls and monitors are available at the RSS locations. The equipment required for shutdown with a fire is discussed in Seabrook Station Fire Protection of Safe Shutdown Capability (10CFR50, Appendix R). (1) Decay Heat Removal Remote Control Instrumentation Location Description Device Location MCB CP108A CP108B Emergency Feedwater Pump MS-V-127 CF-108A (FW-P-37A) MS-V-128 CP-108B Emergency Feedwater Pump FW-P-37B Bus E6 SG A EFW Control Valve FW-FV-4214A CP-108A SG A EFW Control Valve FW-FV-4234b CP-108B SG B EFW Control Valve FW-FV-4224A CP-108A SG B EFW Control Valve FW-FV-422 '4 B CP-108B SG C EFW Control Valve FW-FV-4234A CP-103A SG C EFW Control Valve FW-FV-4234B CP-108B SG D EFW Control Valve FW-FV-4244A CP-108A SG D EFW Control Valve FW-FV-4244B CP-108B SG A EFW Flow FW-FI-4214-5 X FW-FI-4214-2 X SG B EFW Flow FW-FI-4224-3 X FW-FI-4224-2 X SG C EFW Flow FW-FI-4234-I X FW-FI-4234-2 X SG D EFW Flow FW-FI-4244-5 X FW-FI-4244-2 X RC Loop 1 Hot Leg Temp. RC-TI-9406 X RC-TI-413-A X RC Loop 4 Hot Leg Temp. RC-TI-9407 X RC-TI-433-A X RC Loop 1 Cold Leg Temp. RC-TI-9410 X RC-TI-413-B X 7.4-10
g_ Q$0-]$ RC Loop 4 Cold' Leg Temp. RC-TI-9411 -X RC-TI-433-B X -RC Loop 1. Hot'and Cold. Leg Temp. Recorder RC-TR-9406 X RC-TR-413A X-RC Loop'4 Hot and Cold-Leg Teap. Recorder ~IC-TR-9407 X RC-TR-433-A X SG A Atmos. Relief Valve MS-PV-3001 CP-108A SG B Atmos. Relief Valve MS-PV-3002-CPA108B SG C Atmos. Relief. Valve MS-PV-3003 CP-108A SG~D Atmos. Relief Valve MS-PV-3004 CP-108B - MS Isol.. Valves MS-V-86,88, CP-108A 90,92 MS Isol. Valves-MS-V-86,88, CP-1088 90,92 lG A Wide-Range Level FW-LI-4310 X S FW-LI-551 X SG B Wide-Range Level. .FW-LI-4320 X FW-LI-552 X SG C Wide-Range Level 'FW-LI-4330 X FW-LI-553 X 99 D Wide-Range: Level FW-LI-4340 X FW-LI-554 X I SG A and C WR Level Rec. FW-LR-4310 X FW-LR-529 X SG'B and.D WR. Level Rec. -EJ-LR-4320-X FW-LR-539 X SG A Pressure MS-PI-3173 X MS-PI-3001 X SG'B Pressure MS-PI-3174 X MS-PI-3002 X . SG C Pressure .MS-PI-3178 X MS-PI-3003 X SG D Pressure' MS-PI-3179 X c MS-PI-3004 X SG Blowdown Isol. Valves ~SB-V-9,10, 125 V de 11,12 Distr. Panel 112A or B . if 1 7.4-11
%26.31 .(2). Reactor Coolant (RC) Inventory and Pressure Control Remote Control Inu:rumentation Location Description Device Location MCB CP108A CP108B Pressurizer Heaters ' Backup CP-108A Croup A-Pressurizer Heaters Backup-CP-108B Croup B ~ Charging Pump CS-P-2A Bus E5 Charging Pump - CS-P-2B Bus E5 Charging Flow Isol. CS-V-142 CP-108A Valve Charging Flow Isol. CS-V-143 CP-108B . Valve Charging Pump Suetion CS-LCV-112D CP-108B from RWST Charging Pump Suction CS-LCV-ll2E CP-108A from RWST Pressuriger Relief RC-PCV-456A CP-108A Valves (PORV) Pressurizer Relief RC-FCV-456B CP-108B Valves (PORV) PORV Block Valve RC-V-122 CP-108A PORV Block Valve RC-V-124 CP-108B Pressurizer Pressure RC-PI-7336 X RC-PI-456 X Pressurizer Pressure RC-PI-7335 X RC-PI-455 X Pressurizer Level RC-LI-7334 X RC-LI-459 X Pressurizer Level Rec. RC-LR-7334 X RC-LR-459 X Pressurizer Level RC-LI-7333 X RC-LI-460 X --Pressurizer Level Rec. RC-LR-7321 X RC-LR-459 X Boric Acid Tank Level CS-LI-7446 X (TK-4A) CS-LI-102 X Boric Acid Tank Le. vel CS-LI-7464 X (TK-4B) CS-LI-106 X High Pressure Injection CS-V-65 CP-108A High Pressure Injection CS-V-66 CJ-108B 7.4-12
h d. M _-High Pressure-Injection. SI-V-138 CP-100A-High Pressure Injection SI-V-139 CP-108B VCT Disch.'Isol.' Valve CS-LCV-112h CP-108A VCT Disch. Isol. Valve CS-LCV-112C CP-108B 'SI Accum. TK-9A Isol. SI-V-3 CP-108A SI'Accum. TK-9B'Isol. .SI-V-17 CP-108B SI Accum. TK-9C Isol. SI-V-32 CP-108A SI Accum. TK-9D Isol. SI-V-47 CP-108B SI Accum. TK-9A Ve6: Vivs. SI-V-2475,2476 CP-108B SI Accum. TK-9B Vent Vivs. SI-V-2482,2483 :CP-108A SI Accum. TK-9C Vent Vivs. SI-V-1477,2486 CP-1088 SI Accum. TK-9D Vent Vivs. SI-V-2495,2496 CP-108A Bua E52 Feeder Breaker AW9 CP-108A to MCC-E-522 Bus E62 Feeder Breaker AWO CP-108B to MCC-E-622 (3) Reactivity Monitoring and Control Remote Control Instrumentation Location Description Device
- ocation MCB CP103A CP108B Boric-Acid Trans. Pump CS-P -3A Swgr. Rm. A
-Boric Acid Trans. Pump CS-P-3B Swg. Rm. B BA to Chg. PP Isol. Valve CS-V-426 Swgr. Rm. B BA to Chg. PP 18o1. Valve *- CS-V-452 N/A Wide-Range (Excore) NI-NI-6690 Swgr. Rm. A X X Neutron Monitors NI-NI-6691 Swgr. Rm. B X X '*CS-V-452 is a mane'l valve which would be required to operate only in the event that QS-V-420 failed. -(4) Service Water (SW) Remote Control Instrumentation ' Location Description Device Location MCB CP108A CP108B Service Water Pump .SW-P-41A Bus E5 Service Water Pump SW-P-41B Bus E6 Service Water Pump SW-P-41C Bus E5 f~ Service Water Pump SW-P-41D Bus E6 7.4-13 f
~. b5 (5) Primary Component Cooling (PCCW) Remote Control Instrumentation Location Description Device Location MCB CP108A .CP108B PCCU Pump' CC-P-11A Bus E5 PCCW Pump CC-P-llB Bus E6 PCC'/' Pump CC-P-llc Bus ES .PCCW Pump CC-P-11D Bus E6 . Thermal Barrier Cooling CC-P-322A CP-108A Pump Thermal Barrier Cooling 'CC-P-322B CP-108B Pump (6) HVAC Remote Control Instrumentation Location Description Device Location MCB CP108A CP108B .Emerg. Switchgear Area CBA-FN-19,32 MCC E521,621 Supply Fans-Emerg. Switchgear Area CBA-FN-20.33 MCC E521,621 Return Fans Battery Room Exhaust CBA-FN-21A MCC E521 . Fan A Battery Room Exhaust . CB A-F N-21B MCC E621 Fan B DG Room Supply Fans DAH-FN-25A,B MCC E521,621 DG Room Exhaust Fans DAH-FN-26A,B MCC E521,621 Contn. Encl. Fans EAH-FN-5A,B CP-108A,B Contn. Encl. Fans EAH-FN-31A,B MCC E521,621 Emerg. Feedpump House EPA-FN-47A,B MCC E521,621 Fans-PAB PCC Pump Area PAH-FN-42A, B MCC E521,621 Supply Fans SW Pump House Area SWA-FN-40A,B CP-108A,B Supply Fans 0 7.4-14
93o.38 ( 7')' Residual Heat R' moval (RHR) (dN' e Remote Control' Instrumentation Location ~ Description Device Location MCB' CP103A CP108B -RH-P-8A . Bus E5'
- RHR Pump RHR Pump'-~
'RH-P-8B Bus E6 RHR System Valyst-RC-V-83 CP-108A RC-V-23 CP-108A RHR System Valves-RC-V-22 CP-108B RC-V-87 CP-108B _ 8) Sampli g : ( g. Remote Control Instrumentation Location Description. Device Location M_C B CP108A CP108B RCS Sampling (Loop.fi) RC-FV-2832 CP-106A RC-FV-2874 CP-108B RCS Sempling (Loop #3) RC-FV-2833 CP-108B RC-FV-2876 CP-10EA RHR Local Samples RH-V-8 N/A Valves RH-V-44 N/A l l l l l I t 7.4-15 ~...... -
[ Safety Classification-Train Control -Description Device Mechanical .51ectrical. ' Assignment . Location, Note 1 ' Emergency Feedwater Pump FW-P-37A MS-V-127 3 IE. AL CP-108Ai FW-P-37A MS-V-128 3 IE B. CP-108B.. .FW-P-375 3 IE B 4 kV Bus-E6 l SG A Emergency'Feedwater Control Valve FW-FV-4214-A. '3 IE A CP-108A B FW-FV-4224-B' 3 IE B CP-108B C FW-FV-4234-A-3 IE A CP-108A D FW-FV-4244-B 3 IE B CP-1088 . SG A Emergency Feedwater Control Valve FW-TV-4214-B 3 Ir B CP-108B B FW-FV-4224-A 3 IE A CP-108A-C FW-FV-4234-B 3 IE B. CP-108B D FW-FV-4244-A -3 IE A CP-108A SG A Luergency Fcedwater Flow FW-FI-4214-5 Non IE AA CP-108A B FW-FI-4224-5 Non IE BA CP-108B C FW-FI-4234-5 Non IE AA CP-IC8A D FW-F1-4244-5 Non IE BA-CP-108B l RC Loop 1 Hot Leg Temperature RC-TI-9406 .Non IE AA CP-108A 4 RC-TI-9407 Non IE BA CP-108B RC Loop 1 Cold Leg Temperature RC-TI-9410 Non IE AA CP-108A 4 RC-TI-9411-Non IE BA CP-108B RC Loop 1 Hot and Cold Leg Temperature RC-TR-9406 Non IE AA CP-108A Non IE BA CP-108B t 4 RC-TR-9407 SG A Atmos. Relief Valve MS-PV-3001 2 1E A CP-108A. B MS-PV-3002 2 1E 3 CP-108B C MS-PV-3003 2 IE A CP-108A D MS-PV-3004 -2 IE B CP-108B g' SG A Wide Range Level FW-LI-4310 Non IE AA CP-108A .N: B FW-LI-4320 Non IE BA CP-1088 N. C FW-LI-4330 Non IE AA CP-108A D FW-LI-4340 Non IE BA CP-108B
rm:- Safety Classification Train Control Descrip? ton Device Mechanical Electrical Assignment _ Locatior SG A and C WR Level Recorder FW-LR-4310 Non IE AA CP-108A B and D FW-LR-4320 Non IE BA LP-108B SG A Pressure MS-PI-3173 Non IE AA CP-108A B MS-PI-3174 Non IE BA CP-108B C MS-PI-3178 Non IE AA CP-108A D MS-PI-3179 Non IE BA CP-108B l l MS ISOL VLV Loop 1 MS-V-86 2 IE A&B FP-108A and B One swftch j l MS ISOL VLV Loop 2 MS-V-88 2 IE A&B CP-108A and B for all l MS ISOL VLV Loop 3 MS-V-90 2 IE A&B CP-108A and B valves on MS ISOL VLV Loop 4 MS-V-92 IE A&E CP-108A and B each RSS Panel SG Blowdown Isolation Valve SB-V-9 2 IE A&B PP-112B or PP-112A SB-V-10 2 IE A&B PP-112B or PP-112A SB-V-11 2 IE A&B PP-112B or PP-112A SB-V-12 2 IE A&B PP-112B or PP-112A Pressurizer Heaters Group A Non IE AA CP-108A Group B Non 1E BA CP-108B Charging Pump CS-P-2A 2 IE A 4 kV Bus E5 CS-P-2B 2 IE B 4 kV Bus U6 Charging Flow Isol. CS-V-142 2 IE A CP-108A CS-V-143 2 IE B CP-108B I Pressurizer Relief Valve RC-FCV-456A 1 1E A CP-108A l RC-PCV-456B 1 IE B CP-108B Pressurizer Relief Block Valve RC-V-122 1 IE A CP-103A RC-V-124 1 IE B CP-108B l \\N Pressurizer Pressure RC-PI-7336 Non IE AA CP-108A V y RC-PI-7335 Non IE BA CP-108B Pressurizer Level RC-LI-7334 Non IE AA CP-108A Q KC-LI-7333 Non IE BA CP-100B l i .4~ 3,L7 '.~,,[ ;{. Ll{ ',;; : ' N.f,.'t! Y i,4, g. l. ]*f,'lf ~. rl.kr.f f:'. I. I ...i g'/. N... $' Y - '., Y.'.. .' ?. s
~ Safety Classification' ' Train ' Control' Description Device Mechanical Electrical Assignment Location Prassurizer Level Recorder RC-LR-7334 Non IE' AA 'CP-108A RC-LR-7333 Non IE BA CP-108B Boric > Acid Tank CS-LI-7446. Non IE AA CP-108A CS-LI-7464. Non IE BA CP-108B. I Boric Acid Transfer Pumps CS-P-3A 3 IE A MCC-E512 CS-P-3B 3 IE B MCC-E612- .BA to Charging Pump CS-V-426 2 IE B i MCC-E612 - CS-V-452 3 Manual SI Accum. Tank 9A' Isolation Valve SI-V-3 1 1E A CP-108A 9B SI-V-17 1 IE B CE-108B 9C SI-V-32 1 1E A CP-108A 9D SI-V-47 1 IE B CP-108B SI Accum. Tank 9A Vent Valve SI-V-2475,.247o 2 IE B CP-108B-9B SI-V-2482, 2483 2 IE A CP-108A 9C SI-V-2477, 2486 2 IE B CP-108B 9D SI-V-2495, 2496 2 1E A CP-108A High Pressure Injection CS-V-65 2 IE A .CP-108A CS-V-66 2 IE B CP-108B SI-V-138-2 IE A CP-108A~ j SI-V-139 2 IE B CP-108B VCT Discharge Isolation Valve CS-LCV-112B 2 IE A CP-108A CS-LCV-112C ,2 IE B CP-108B Charging Pump Suction from RWST CS-LCV-112D 2 1E A CP-108A CS-LCV-112E 2 IE B CP-108B Bus E52 Feeder Breaker to MCC E522 AW9 IE 'A CP-108A Bus E62 Feeder Breaker to MCC E622 AWO IE D CP -108B Wide Range Neutron Monitors NI-NI-6690 1E A Later NI-NI-6691 IE B Later N
.g'. d ' Safety Classification Train. , Control-Description Device Mechanical Electrical Assignment Location i ..';) Service Water Pump SW-P-41A 7' 'IE
- A 4 kV Bus E5 Cubicle'7
= SW-P--41B .3 'IE ~B ~4 ki Bus E6 Cubicle'7 SW-P-41C. 3.l -1E A 4 kV Bus ES' Cubic)e 2 T SW-P-41D; 3 1E B 4 kV Bus E6 Cubicle '2 - ~ .PCCW Pump. CC-P-11A; 3 1E IA 4 kV Bus E5 Cubicle 12' CC-P 11B 3 .IE 'B 4 kV Bus-E6 Cubicle 13- .CC-P-11C 3 IE A 4 kV Bus E5 Cubicle 14' CC-P-11D 3 IE
- B 4 kV Bus E6: Cubicle 15 Thermal Barrier Cooling Pumps
- CC-P-322A 3 IE A-CP-108A CC-P-322B 3 IE B CP-108B~
- Emergency'Switchgear Area CBA-FN-19 3
IE A.. MCC ES21 Supply Fan CBA-FN-32' 3 IE B MCC E621 Energency Switchgear Area CBA-FN-20 3-IE A MCC E521 ~ Rsturn Fan CBA-FN-33 3 IE B MCC'E621 Battery Room A Exhaust Fan CBA-FN-21A 3 IE A MCC E521 B CBA-FN-21B 3 IE B MCC E621 Diesel Generator Room Supply Fan DAH-FN-25A 3 1E A MCC E521 DAH-FN-25B 3 IE B MCC E621 Diesel Generator Room Exhaust Fan DAH-FN-26A 3 -IE A MCC E521' PAH-FN-26B 3 IE B MCC E621 Containment Enclosure Cooling Fan EAH-FN-5A 3 1E A-CP-108A EAH-FM-5B -3 IE B CP-1088 Containment Loclosure Fan EAH-FN-31A 3 IE A MCC E512 .EAH-FN-31B 3 IE B MCC E612 Eaergency Feedpump House Fan . EPA-FN-47A 3 IE A MCC E512 1 %: +M EPA-FN-47B 3 IE B MCC E612 g PAB PCC Pump Area Supply Tan PAH-FN-42A: 3 IE A MCC E512 PAH-FN-42B 3 JE B MCC E612 N >N
Safety Classification Train Cont ol-Description Device Mechanical-Electrical Assignment' Location Service Water ~ Pump House. Supply Fan SM-FN-40A 3 IE A. CP-108A SWA-FN-40B '3 IE B CP-1085 Rzzidual Heat Removal Pumps RH-P-8A 2' IE A_ 4 kV Bus E5 Cubicle 10' R2 -P-8B 2 IE B 4 kV Bus E6 Cubicle 11 RHR Suction.lsolation Valve RC-V-87 1 lE B CP-1C8B RC-V-88 1 lE A-CP-108A RC-V-22 1 lE B Cbl08B RC-V-23 1 IE A CP-108A Diesel Generator A lE A DG-CP-75A B IE B DC-CP-76A RCS Sample Loop 1 RC-FV-2832 2 IE A CP-108A RC-FV-2874 2 IE B CP-108B Loop 3 RC-FV-2833 2 IE B CP-108B RC-FV-2876 2 1E A CP-108A RHR Local Sample Valve RH-V-8 '2 Manual Hand-Operated Valves RH-V-44 2 Note 1-Non IE Instrumentation is designed to operate following a seismic event. Note 2: Instrumentation is separate from and independent of the Control Room instrumentation. Note 3: Selection of the local (remote shutdown) position isolates all automatic functions, interlocks and remote (other than the remote shutdown location) controls that are dependent on Main Control Room equipment or cables. sh% s w h i e
SB 1 E 2 Amendment 44 h FSAR Fsbruary 1982 Design of Main Steam Isolation Valve // t" Pegulatory Guide 1.96 A (Rev. 1,-6/76) Leakage Control Systems for.Botling Water Reactor Nuclear-Power Plants This' regulatory guide is not applicable'to Seabrook Station. - Regulatory Guide 1.97 Instrumentation for Light-Water-Cooled g (Erra6. 7/oi) '
- / ;g[7 O2.. 2, 12/60)
Nuclear Power Plants to Assess Plant Con-f. ditions During and Following an-Accident / PSNH is.in the process of selecting the Post-Accident Monitoring (PAN) instrumentation vis-a-vis' the guidance of AN",I/ANS-4.5-1980, " criteria for Accident Monitoring Functions in Light Water Cocied Reactors," as endorsed by ' Regulatory Guide 1.97, Revision 2.
- 1. A ;;ri, ien of th:'Pt." inei. - ocation i
1-mi!1 5: ::ixitt:d by Agil, !an7_ 44 Regulatory Guide 1.98 - Assumptions Used for Evaluating the (Rev. O, 3/76) Potential Radiological Consequences of a-Radioactive Offgas System Failure in a boiler Water Reactor This regulatory' guide is not applicable to Seabrook Station. Regulatory Guide 1.99 Effects of Residual Elements on Predicted -(Rev. 1, 4/77) Radiation Demage to Reactor Vessel ' ge,. Materials G Although the reactor versel material meets the end-of-life reference criterion of-Regulatory Guide 1.99, Rev. I', the NSSS position is that the [. procedures set forth'in this regulatory guide-are over-conservative at the higher fluences', and the restriction of the end-of-life transition . temperature to'2000F is technically. unnecessary. Details relating to these [ :- objections were transmitted to the NRC via Reference (10). l Regulatory Guide 1.100 Seismic Qualification of Electric Equipment -(Rev. 1, 8/77) for Nuclear Power Plants i i The program for seismic qualificacit.: of NSSS c ifety-related electric equip-i l ment-is delineated in Reference (9). This program is currently'under review
- by the NRC.
BOP eMetric equipment has been seismically qualified in accordance with the f intent of the guidance provided in Regulatory Guide 1.100, Rev. 1. For further-discussion, refer to Section 3.10(B). p L ( c l.8-36
~ &v 4'20 VT p,w-The presently identified post-accident monitoring (PAM) instru-mentation complies with the guidance provided in Regulatory Guide 1.97 1Rev. I w!th exceptions as. discussed below: The' maximum range of the radiation 1cvel measurement 1.- inside containment is 107 R/HR vs. 108 R/HR recom-mended by the Reg. Guide. 2. The maximum range of the reactor coolant pressure measurement is 3000 psig vs. 3 times design pressure recommended by the Reg.. Guide, 3. The primary vent stack radiation monitor is single -channel vs. redundant channels recommended by the -Reg. Guide, For Items 1 & 3, the installed instrumentation complies with the requirements of NUREG 0737. Item II.F.1. For Item 2, the recommended range of.3 times design pressure is - unrealistic due to the design of-the reactor coolant system. Over-pressure protection is provided by power operated relief valves (PORV's) and code safety valves. The PORV's receive a signal to open at 2335 psig and the safety valves begin to open at 2485 psig, the system design pressure. The pressure measurement ranges up to 120% of design pressure (3000 psig) which is adequate based on system design. The design of the PAM instrumentation includes redundant channels for monitored variabics; both channels are indu.ated while one channel is recorded. The PAM instrument channels are-environmentally and seismically qualified and are fed from the emergency power supplies. A. complete description of the PAM instrumentation is.provided in sectior. 7.5. i S. 9 L.,
hb n. l l It!21ltt if w?.:' l ~!w ? .1 e 920.2/ l = -o a oo e a, f/ (- E s 2" 30'5 3h 1 rs %Z6 P 3 4,,, 2 .? O W T '$ G L' h 'N 3 pi + -e 3 a da2 1 e $,'M 1 = u a c. t'- 5 4 3 3 m a u 2 .Y $ sh e o, x. W Y y g ~ 2-g on i y I e 2 w 8 I O_ (* d _b_ ih e g-z r r f "p N fh <4 an I' U r .is ,T, s %"Q-- \\ ymj gg r,$ t de 'a s F J,
- T g dis
"$%3 ]O If g Id.=$[) ir. 3 " *;. 4 yGS:3y n.i r k W r af [ n 1 ? 5 d ] N N 1 Er E% M Twshomb JN hee.\\ % 4 5,v a 0--------____, & b h ;g L nov Aii o b,, 6 4 d Ch Nhm, l R$ A h l C
l l-12l21ffL 920 f/ \\\\ p 2 w 7) (. T S TMLT6tt O _l To TEST e --O I 1 g ewut p _ (10,5%11 !m
- e. ~f g sn A
l I $M: Ejpthtopod t hoTo t. Qg ' 2,l o o V, 6o ht 9 0 0 R?h g \\S o hP y Gi 4c Gsw Ea.non. SO N SIS A GE, Cb til s 900 MM, t 1[. = = ,g l e hav counm [ l-E, ~ ll0N ] i i TR tH g yt ^ o~ r
- p V
3 l Et i l was l-t MbR t R 9 l 9}}