ML20087A998
| ML20087A998 | |
| Person / Time | |
|---|---|
| Site: | Cooper  |
| Issue date: | 03/01/1984 |
| From: | Lobner P SCIENCE APPLICATIONS INTERNATIONAL CORP. (FORMERLY |
| To: | |
| Shared Package | |
| ML20087A940 | List: |
| References | |
| 53-8500000-27, TAC-51232, NUDOCS 8403080306 | |
| Download: ML20087A998 (30) | |
Text
AGREEMENT NO. 83A-C5 1-323-05-766-XX NEBRASKA PUBLIC POWER DISTRICT Plant Management Information System Cooper Nuclear Station SPDS IMPLEMENTATION PLAN DOCUMENT NO. 503-8500000-27 3.,__,....
.,.__,.e_._
--~m.
-. - _ - - _. am e
, p g-
- y f
Whof-ww..
j
$,',(([b...
~
I
- /
yzg]
].
^%q,___.
-: -rrr '~~
.g.
g h,
~N g
%q kin.
~
l l
1 i
SCIENCE APPLICATIONS,INC.
E 2109 W. Clinton Avenue, Suite 800, Huntsville, AL 35805 e (205) 533-5900 8403080306 840301 PDR ADOCK 05000298 F9 IPJoT6
AGREEMENT NO. 83A-C5 1-323-05-766 XX NEBRASKA PUBLIC POWER DISTRICT Plant Management Information System Cooper Nuclear Station SPDS IMPLEMENTATION PLAN DOCUMENT NO. 503-8500000-27 MARCH 1,1984 Technical Review Author Peter Lobner Date Technical Reviewer Date
- !#/ M4 Documentation manager dh Date fff Configuration Manager Date e
Date Q. A. Manager Principal Investigator
((
Date 2/ M 2, 2 Division Manager Date 8
SCIENCE APPLICATIONS, INC.
da 2109 W. Clinton Avenue, Suite 800,Huntsville, AL 35805 * (205) 533-5900
NEBRASKA PUBLIC POWER DISTRICT COOPER NUCLEAR STATION SAFETT PARAMETER DISPLAY SYSTEM IMPLEMEMTATION PLAN SAI-8d/1045&CW Rev. O March 1, 1984 Prepared by:
Science Applications, Inc.
for I
Nebraska Public Power District
.=
SAI-84/1045 &CW Rev. 0 - 3/1/84 Table of Contents Section PAGE
1.0 INTRODUCTION
1-1 2.0 SPDS FUNCTIONAL DESCRIPTION 2-1 2.1 PLANT MANAGEMNT INFOINATION SYSTEM 2-1 2.2 SAFETY PARAMETER DISPLAY SYSTEM 2-3 2.3 INTERFACES WITH EMERGENCY RESPONSE FACILITIES 2-4 2.4 INTERFACES WI'ni EMERGENCY OPERATING PROCEDURES.
2-5 3.0 SPDS IMPLEMENTATION STEPS 3-1 3-1 3.1 SPDS PARAMETER IDENTIFICATION 3.2 HUMAN FACTORS REVIEW.
3-3 3.3 REVIEW OF BASE SPDS DISPLAYS 3-3 3.4 DEVEIDPMENT OF REFINED SPDS DISPLAYS 3-4 3.4.1 Display Layout and Graphics 3-4
-3.4.2 Safety Assesment.
3-4 3.4.3 Display Requirements Verification 3-4 3-4 3.5' FINAL REVIEW OF DISPLAYS.
'3.6 SYSTEM DESIGN VERIFICATION.
3-5 3.6.1 Requirements Verification 3-5 3.6.2 Design Verification 3-5 3.7 PUNCTIONAL VALIDATION AND TESTING 3-5 3.8 INSTALLATION AND FIELD VERIFICATION 3-6 3.9 INTEGRATED TRAINING 3-6 4.0 SPDS SAFETY ASSESSMENT 4-1 l
4.1 SPDS SAFETY ANALYSIS.
4-1 4.2 10 CFR 50.59 EVALUATION 4-1 5.0 SPDS VERIFICATION AND VALIDATION 5-1 6.0 NRC STAFF REVIEW OF SPDS 6-1
'6.1 REVIEW OF SUIMITTAL PACKAGE 6-1 6.2 SPDS DESIGN VALIDATION REVIEW 6-1 l
i
-e-=
e c.
mg w,*:w
- -=<w wwr em y-
w-
SAI-84/1045&cW 3ev. 0 - 3/1/84 Table of Contents (continued)
Section Page 7.0 SPDS IMPLEMENTATION SCHEDULE.
. 7-1 List of Figures Figure Page 2-1 Plant Management Information System Functions
. 2-2 2-2 Proposed PMIS ConfiBuration
. 2-6 3-1 Emergency Response Improvement Program..
. 3-2 7-1 SPDS Implementation Schedule................
7-2 ii
- - - - - - - -_- - - - -. - _ - - - - - - ~ _ _ _ _ _ _. _ __
SAI-84/1045 &CI Rcv. 0 - 3/1/84
1.0 INTRODUCTION
As a result of the TMI-2 event, several plant modifications were recommended or required to improve reactor safety. One such modification is the Safety Parameter Display System (SPDS), which, as described in NUREG 0737 Supplement 1, is intended to provide the control room operators with information related to the reactor safety status during transient and emer-gency conditions.
The purpose of this reactor safety status information is to improve the probability of successfully recovering from unusual tran-sients and emergency events.
The Nebraska Public Power District '(NPPD) has committed to install an SPDS at Cooper Nuclear Station (CNS) to satisfy the Nuclear Regulatory Commission requirements on emergency response capability prescribed in Sup-plement 1 to NUREG 0737. Concurrently, NPPD is finding additional great need for placing plant management functions on a computer, computerizing engineering applications and replacing the GE/ PAC 4020 plant process compu-ter.
Consequently, the NPPD management has decided to install a new inte-grated computer system through a total Plant Management Information System (PMIS) at CNS to satisfy the District's needs as well as the NRC require-ments. The SPDS is an integral part of PMIS. The PMIS implementation is intended to satisfy regulatory requirements for SPDS and related informa-tion needs for emergency response f acilities (ERFs), as well as providing computer capability to perform other balance of plant, NSSS and piant man-agement functions.
This document describes the NPPD plan for implementation of the SPDS for Cooper Nuclear Station.
It is provided in partial fulfillment of the documentation and NRC review requirements of Section 4.2 of Supplement 1 to NUREG-0737.
It also serves as an integrated description of the major steps proposed for SPDS implementation, including design and development, testing, training, installation, and appropriate safety analysis and review of CNS technical specifications for required changes or unreviewed safety questions.
A written SPDS safety analysis describing the basis on which selected parameters are sufficient to assess plant safety status is provided separately, fulfilling the remainder of Section 4.2 requirements. Also provided separately is an SPDS verification and validation pl an.
Although 1-1
.,.w g
SAI-84/1045&CW 9ev. 0 - 3/1/34 the implementation plan provided here identifies and describes the major SPDS implementation steps, a separate mechanism is appropriate to assure that the functional characteristics and performance of the SPDS provide correct and accurate information related to plant safety status. To provide that assurance, a verification and validation (V&V) program will be applied at each inplementation step where required.
The implementation plan described in the following pages addresses the major steps and systematic approach involved in the SPDS implementation for CNS.
Sections of the plan cover the functional description of the SPDS, the major implemer.tation steps, safety assessment activities, and interfaces l
with V&V activities.
A proposed plan for NRC pre-implementation review is l
also provided.
An overall SPDS implementation schedule is provided to summarize the implementation plan.
I 1-2
SAI-84/1045&CW Rev. 0 - 3/1/84 2.0 SPDS FUNCTIONAL DESCRIPTION The Safety Parameter Display System facilitates the assessment of nuclear power plant safety status by providing a set of pre-determined color graphic displays, which will be maintained in near re;1-time to yield rele-vant, timely and accurate reactor safety information.
To accomplish this function, the PMIS and SPDS provide support information as discussed below.
2.1 PLANT MANAGEMENT INFORMATION SYSTEM NPPD is in the process of developing the PMIS for Cooper Nuclear Station using the latest computer technology.
Successful implementation of the following objectives will accomplish the NRC and District requirements related to SPDS.
Satisfy the Nuclear Regulatory Commission requirements of Supple-o ment 1 to !"' REG-0737 " Requirements for Emergency Response Capabil-ity" as it relates to SPDS and ERFs.
Replace the existing GE/ PAC 4020 plant process computer which i; o
reaching obsolesence, Provide computer capability to perform other balance of plant and o
plant management functions.
o Provide a system compatible with NPPD's long-range goal of an overall computer network.
In accordance with the established objectives, Figure 2-1 shows:
- 1) the various functions that will be performed by the PMIS, 2) the source of the function, and 3) the requiring agency. The pie segments show approximate proportions of the PMIS computer CPU usage for various groups of functions.
The PMIS is to be an integrated computer system comprised of a modular intelligent multiplexed front end data acquisition subsystem, redundant preprocessors, and modern, high-speed, real-time, multi-user, multi-tasking central processors coupled with operator-interactive sof tware and color-graphic display equipment.
The PMIS is to incorporate all functions of the existing GE/ PAC 4020 plant process computer as well as a Safety Parameter Display System (SPDS), ability to characterize and predict t adiological plumes, the functions of the transient recording and analysis system and 2-1
g w w>
U c>
S g,
C
-O 2
(
O gyg Ab t
$f G
4
% o"e N
Bm s
2 9
r~
o q
f 4*N t
i 2lffit,s ::- At
.e:::: a
/
- ms "35" mosi. mis Ninu. t%.1a 12 6*
01.iuisiniaI s'sNSHd S'53" 4
E e
m no81 WOV NO
%,,Lla, O
E b
no'""'bg$s
,,$A g
ms 9
$**,+/'
- s/gee n
e s,
/
g e
8 ss 9
4-A O
e O
+ k dh A
O
+
M I
S vee w,
a w#
5$
G f'
Q H
0
^
SAI-84/1045&CW Rev. 0 - 3/1/84 additional plant management systems. The PMIS will provide improvements in the ability of the plant operators and support staff to determine the status of the plant, avoid abnormal events, and react promptly to recover from adverse conditions. Human-factored CRT displays will assist the operator in assessing the plant status and will guide him in the response to plant transients. Appropriate sample rates and on-line long-term data storage and retrieval capabilities are provided to support post-transient analysis and core performance calculations. The new system will also provide memory and computing power to support current and future applications such as periodic technical specification requirements, degraded core analysis, trend analysis of plant systems, off-site dose assessment model and updated Appendix I, spectrum analyzer report generating, reactor engineering analysis programs, STRUDL pipe stress analysis program, and other plant-specific computing needs.
2.2 SAFETY PARAMETER DISPLAY SYSTEM The SPDS displays will utilize the three level hierarchical system that has been recommended by the General Electric BWR Owners Group in the latest revision of the "BWR Graphics Display System Dynamic Screening Prog-ram" report ALO-1003 as the starting point for these displays.
Based on the architecture, operating features and reliability characteristics of PMIS, the SPDS displays will provide credible plant safety status information to the plant operators, which is a key element in the success of any safety monitor. The three levels of displays will provide the operator with the appropriate hierarchy of detail, while continuously providing indication of key plant safety functions.
The Level 1 display provides an overview of the plant safety status during normal and abnormal conditions.
The overview is provided by five " safety function indicators" located along the bottom of the screen related to one of the following plant safety functions:
o Reactivity Control o
Core Cooling o
Reactor Cooling System Integrity o
Containment Integrity o
Radioactivity Control 2-3
SAI-84/1045&CW Rsv. 0 - 3/1/84 Color coding of the indicator is used to illustrate whether key variables associated with a safety function are in a normal or more urgent state.
This display additionally provides bar charts, real-time values and rate / trend information on average power range monitor flux, reactor vessel pressure, reactor vessel wide range level and drywell pressure.
Additional details and sample display layouts are provided in the separate SPDS Safety Analysis.
The Level 2 displays consist of bar charts and time plots, as well as. the safety function indicators on the Level 1 displays. The Level 2 dis-plays provide detailed information regarding the status of the five plant safety functions.
Five bar charts are provided, one for each safety func-
' tion. The bar charts are very similar in format to the Level 1 displays.
Each bar chart display is complimented with a related time plot display of the associated parameters.
The Level 3 displays are primarily intended to support the use of the BWR Emergency Procedure Guidelines.
These displays consist of reactor pressure vessel mimics with water level bar graph information, X-Y parameter plots and operating limit curves. The base Level 3 displays will include the Level 3 displays from the BWR Owner's Group generic displays, which were developed from a review of the early revisions of the General Electric-generated generic emergency procedure guidelines (EPG). The five safety function indicators are included in all Level 3 displays also. The import-I ance of the Level 3 displays is in their usefulness to implementing the plant-specific symptom-oriented emergency operating procedures.
Input data needed for SPDS displays can be identified by a de-tailed analysis of information needs associated with plant safety functions and emergency procedure guidelines. An SPDS Safety Analysis, which is provided separately, has been performed to identify and justify the selec-tion of parameters.
1 2.3 INTERFACES WIDI !!MERGl!NCY RESPONSE FACILITIES
~
The SPDS will be capable of providing displays of FMnt parameters in the Control Room, Technical Support Center (TSC) and the cn-site and off-2-4
SAI-84/1045 &CW Rav. 0 - 3/1/84 site Emergency Operating Facilities (EOFs), as illustrated in Figure 2-2.
Interactive access to real time and historical plant status information will be available from the system at the Control Room, TSC and EOFs during all conditions of plant operation. The CRTs will be able to simultaneously display the SPDS displays in the Control Room and TSC.
2.4 INTERFACES WITH EMERGENCY OPERATING PROCEDURES The Level 3 displays will be utilized for implementing plant-specific symptom-oriented emergency operating procedures.
The system will also allow for incorporating dynamic data within procedure text displays and the highlighting of portions of the text based upon dynamic data values.
The EDP displays are operating procedure assistance displays related to the following:
o Reactor Pressure Vessel Control o
Primary Containment Control o
Secondary Containment Control o
Radioactive Release Control These provide a quick indication of the reactor state in relation to the various emergency procedure guideline limits, as well as allowing observa-tion of trends of reactor parameters in relation to these limits.
I 2-5
SAI-84/1045&CW Rav. 0 - 3/1/84
- i !!
31 4 T, I, T.
I!!
5 2
.c I l
I Es !.
Es,;3 i.j l
- 123-g*
a g.i a:
_I I
I
_I
_i
-=
5 m
1:
'Is I:ll il s
1 i
i i
i g
n 1-e i
s 2
.3+
3
=
ri l_
ir.
2' 5
r 4
in i
i i
a lr i
l l
. o 4
n-n--
!i l
u"J u._'_J OuU 5,i
.i 5'
i ii i
_'. i is
.j) 2 i
l I
lI.
I i
I 5
3 1
~
I LL
~ !l
!+
~
i I
i'i i
s 1
ii e.
I I:
L53J si i
1 I
1 m
=
a a
=
g=
I 11 is l
l
\\
\\
\\
p g
l IIy p
23 3fs:
I 1:.g *i:n t I
.gi
.1
.I o
Figure 2-2.
Proposed PMIS Configuration 2-6
SAI-84/1045&CW Rev. 0 - 3/1/84
.f I;
l MODEM MODEM DS IDT MODEM TOCRT P
SAIDT 2
IDT MULTIPLEXER MODEM 310 CRT DS OUNT MODEMS VERSATE0 IN COMPUTER PRINTER /
ROOM T
PLOTTER GINEERiyG MODEM I
NSSS ALARM a
LA 100 MODEM BOP ALARM 2
LA-100 MODEM PRINTER NSSS REPORT C
LA-100 MODEM PRINTER SPECIAL LOG T
.LA 100 PRINTEF CONTROL ROOM Figure 2-2.
Proposed PMIS Configuration (continued) 2-7
Rev. 0 - 3/1/84 SAI-84/10456C;q
_q l
I T 2310 i
CRT MODEM l
l VERSATEC SAIDT PRINTER /
l l
MULTIPLEXER PLOTTER I
Q l
l MODEM I
I I
I I
VODEM l
l l
DEC LA100 l
MATRIX l
PRINTER MODEM
--~~--~--~~~~~----
AOUNT MODEMS N COMPUTER 400M CN'S ENGINEERING l
l C VT220 2
CRT MODEM l
l m
i C VT220 A
CRT l
l l
MODEM l
I C VT220 m
CRT l
l VODEM L _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _J CHEMISTRY / HEALTH PHYSICS
~]
I C VT220 l
m MODEM _.
l l
1 l
l C VT220 l
m CRT 3
MODEM l
t u__________________
Figure 2-2.
Proposed FMIS Configuration (continued) 2-8
SAI-84/1045&Cf Rev 0 - 3/1/84
____________________3 I
I l
T2310 t
/ COLOR SAIOT GR APHlCS MULTIPLEXER TERMINAL l
MODEM TO RACK MOUNT SHORT.
)
%I
{.
l HAUL MODEMS IN COMPUTER g
MODEM ROOM l
l OEC LA100 VERSATEC MATRIX PRINTER /
I l
J Jl MODEM PRINTER LO m R t___________________
l F----
OP,. SITE EOP *
-7 I
I l
[4 ll T 2310 COLCR SAIOT GRAPHICS MULTIPLEXER l
MOOEM TERMINAL TO LONG.
l HAUL MOOEMS I IN COMPUTER
- I MOOEM I
ROOM l
8 l
OEC LA100 VERSATEC l
(I MATRIX PRINTER /
l PRINTER PLOTTER MOOEM J
Jl lu____________________I SA417574 1/31/84
- Except for the modems, these devices will be moved from the on-site EOF as necessary.
Figure 2-2.
Proposed PMIS Configuration (continued) 2-9
SAI-84/104 5&CW Rev. 0 - 3/1/84 3.0 SPDS IMPLEMENTATION STEPS The NPPD goal is to complete the implementation of SPDS and other SPDS related activities approximately at the same time so that a final evaluation of SPDS can be performed by a detailed walk through of the emergency operating procedures (BOPS), including any supplementary work that is required as a result of control room design review. Thus, for successful
. implementation of SPDS, the SPDS-related activitica identified in Figure 3-1 must be coordinated with the design, development and installation of SPDS, so -that an integrated training program and final evaluation of all improve-ments (SPDS, EOPs, and ERFs) can be performed. Since SPDS is an integral part of PMIS, implementation steps related to PMIS design, development, procurement, testing and installation also involve SPDb. However, implemen-tation steps more particularly related to S:US can be identified, and they include the following:-
o SPDS Parameter Identification o
Human Factors Review o.
Review of. Base SPDS Displays Development of Refined SPDS Displays
.o o
Final Review of Displays o
System Design verification o
Functional Validation and Testing o
Installation and Field Verification o_
' Integrated Training These steps and the related implementation activities that will assure that
- the SPDS will function as intended are described in more detail in the l
following sections.
i 3.1 SPDS PARAMETER IDENTIFICATION
- The initial step in the implementation of SPDS is the identifica-
- tion of display parameters. The value of SPDS as an aid to control room operators during an emergency is highly dependent on the selection of the parameters. The value of the SPDS can then be enhanced by the manner in h
which the parameters are displayed, by integration with the EOP's, and by 3-1
NaREO$
y=#.
O 5<T ST ll E
l lEV O
RP l
i l
E S
{
i A.
ot t
r I
F S
t' l
t t0 l
I Y
T C
C N
A EG E
R V
E I
l i
T t
C f
E R
0 R
C O
0l G
U i i l
N I
I I
l TCi T
T H
N l
C A
l O
Hl T
E T
A I
S l
H 1
O T
A Eo N
R N
R T
I l
E R
E S
E11 i
D Y.
G I1 S
C E
D I.
i l
t TKI p 't D l 'l l
A S
{t I
il AI l
i l
S EI i
H uA l
A V
Al l
SW S
I l
R A
A G
l K
R RP S
E lA S
T DD h
D T
l A
HE E
r N
I T
C I
S I
't I
G N
I C
N l l I
t fA A
Tl R R
HCCN T
C AE0A S
/
~,
I
!PpL H
H F
PSrF D
C TIS I
I N C 'P T
S A. P O E
C E
l A
D PSE
/
F S
H L
A E
G A
C i
N l
V S
I o G S
N t
O E
I i
S Cf M
S A
E HPFJ S
R t
N NAOB A
l I.
C i
I l
I S
E E
D D
l4 El I
l D
U u
G C
D L
S C
T R
I E
I>>
E R
G t
T E
O ir I
N HSt CF l
R E
iHo SO JI C
BCC TE YCE 7
Ns 9
Fi t
CO R
1 S
RT P
D D
ES O
R G
P l E l L E
C R
S EI 3s ye.
ae )d*"k wo a
Ucnf $S yn3NB wI t
1 l
I i
s SAI-84/1045&CN Rev. 0 - 3/1/84 operator training.
Hence, the design and ef fective utilization of an SPDS is driven by parameter selection and displays.
Ge approach for parameter selection begins with a review of BWR Owners Group Emergency Procedure Guidelines (EPGs), Rev. 3, to identify plant parameters required by the BOPS. Concurrently, preliminary input from the experience on other projects, will be used to finalize SPDS parameter identification and define preliminary displays.
As described in NUREG-0737 Supplement 1, the identified parameters will then be reviewed to relate to plant safety functions to ensure that the SPDS functional requirements are met.
3.2 HUMAN FAC'IORS REVIEW As displays are defined in the preliminary stage, a human factors plan will be used to select parameters, data displays and functions, so that all the SPDS displays meet the selected BWR emergency procedure guidelines.
As such, a numan f actors review of all SPDS displays will be made and recommended changes will be implemented. The human factors review will consist of the followings o
User Definition of Needs and Information Requirements o
SPDS/ Control Room Interface Requirements o
SPDS Integration With Normal and Emergency Operating Procedures 4
o SPDS Man-Machine Interfaces o
Functional Validation o
Training Considerations The above approach of human factors engineering application ensures the optimum usage of SPDS by operating personnel.
Also, this will ensure that necessary human factors considerations are addressed in the display design.
3.3 REVIEW OF BASE SPDS DISPLAYS The initial review of SPDS displays is based on prior work by the
. BWR Owners' Group.
In addition, appropriate input from control room design review (CRDR) will be factored into the design of displays by reviewing selected SPDS parameters data displays and functions to ensure that these are acceptable and compatible with control room modifications and corrective 3-3 1
SAI-84/1045 &CW Rav. 0 - 3/1/ 8 4 actions. Through this review, appropriate requirements will be identified and implemented in the design and development of SPDS displays.
3.4 DEVEIOPMENT OF REFINED SPDS DISPLAYS The dynamic screening method for developing SPDS displays provides a high level of assurance that display changes resulting from subsequent plant-specific requirements will be of an iterative nature involving display refinements, rather than major alterations, even though provisions for major changes are provided. Since the development of displays is iterative, it is broken down into three components.
The three stage review described below provides the necessary input to complete a preliminary review of SPDS dis-plays.
3.4.1 Display Layout and Graphics This review stage deals with the visual presentation of the neces-sary data for reactor safety status information.
Appropriate coordination with ~ plant personnel to address plant specific concerns and inputs will be done,to finalize display layout and graphics. Also, input from CRDR and proposed c'ontrol room' modifications will be considered.
3.4.2 Safety Assessment To ensure that the displays will adequately address the parameters I
needed to determine reactor safety status, safety assessment of SPDS instal-lation and displays will be performed. This is discussed in.Section 4.0.
3.4.3 Display Requirements Verification This review stage deals with the evaluation of the identified i
signals available to the SPDS with the applicable requirements.
This will be performed to determine that the system functions to meet the intent of
(
requ ire ment s.
The display parameter verification will be accomplished through detailed requirements evaluation as discussed in the V&V plan (See Section 5.0).
i 3.5
. FINAL REVIEW OF DISPLAYS As the design of SPDS begins to finalize, including information l
l from BWR Owners' Group EPGs, plant-specific EOPs and safety assessments, i
3-4 i
-.n..
Rav. 0 - 3/1/84 SAI-84/1045 &CW SPDS displays will be updated and finalized. This final design step will have taken into consideration the final results of CRDR, EOPs, ERFs and design changes as a result of verification that the function of control room operators in ernergencies can be accomplished. If the final plant-specific EOPs do not become available to finalize the SPDS displays, SPDS displays A critical may be revised at a later date to more closely support the EDPs.
design review will be conducted to ensure that all relevant design inputs have been addressed and resolved.
3.6 SYSTEM DESIGN VERIFICATION During the review of base SPDS displays, appropriate regulatory, design, testing, training, and installation requirements will have been identified. These requirements will provide the basis for SPDS design verification requirements. These will be addressed in two stages as discus-sed below.
3.6.1 Requirements Verification To ensure that the SPDS conforms to applicable regulatory and design documents, system requirements verification will be performed. This will address identification of system requirements, evaluation of system requirements to determine that the SPDS functions meet the intent of re-quirements, and include a verification report to document compliance of SPDS with applicable requirements.
3.6.2 Design Verification The design verification stage provides assurance that the system design complies with each system requirement. The details of the design verification are discussed in the V&V plan.
(See Section 5.0).
3.7 FUNCTIONAL VALIDATION AND TESTING The functional validation provides assurance that the final system complies with the system requirements and that the completed system correct-ly performs its intended function. The major milestones of this implementa-tion step include the following:
3-5
-SAI-84/1045 &CW Rav. 0 - 3/1/84 4
o SPDS. Validation Test Plan o
SPDS Validation Test Report The testing of SPDS displays will be done to demonstrate accepta-ble operation of implemented functions.
This will be accomplished through planned testing and SPDS evaluation. To achieve this objective, appropriate integration tests and validation will be performed, as discussed in the V&V plan (see Section 5.0).
The testing of SPDS will be done at the design 1
1 assembly f actories prior to the delivery of SPDS components. This would provide the final validation that all the pieces work together to provide the desired reactor safety status information.
3.8' INSTALLATION AND FIELD VERIFICATION The SPDS displays will be installed in the control room and at the TSC.. During installation, field installation tests, acceptance tests and i
system availability tests will be performed to develop a installation veri-fication report. These tests will ensure that the input signals are proper--
ly connected and that the signal range is consistant with the design.
The system will be run for 1000 hours0.0116 days <br />0.278 hours <br />0.00165 weeks <br />3.805e-4 months <br /> to perform a warranty test as a part of
' the system acceptance test. Field verification is addressed in the Vsv plan.
'l 3-9 INTEGRATED ' TRAINING An integrated training program is proposed to address training of
- the control room operators on SPDS, Emergency. Operating Procedures,- emer-
- gency response capabilities and control room modifications as discussed
- below.
To' accomplish specific SPDS training, approprlate courses will be developed and delivered. for users as well as plant operators prior to opera-tion of the system.
An integrated training program will be formulated to include
- training sessions on EDPs, SPDS, ERF and control room modifications intro-l duced as a - result ' of the R.G.
1.97 assessment and control room design review. - The objectives of the integrated training program will be based on analysis of the operator's performance requirements in each of the areas
' addressed. The course lectures will be instructed by a specific objective 3-6 e
,, - ~,,, -,,, - -,.,, -, -,,, - -, -,.,.. - -, - - -, -..,,,
t SAI-84/1u45&CW Rev. 0 - 3/1/84 method. The training program utilizes examinations and quizzes as necessary to evaluate the performance of trainees. In addition, indivdual performance during drills will be evaluated and critiqued to determine if the training program is meeting the specified objectives. Provisions will exist for revising the training program based on the evaluation of operator per-formance during the critiqued drills and normal job activities following training.
I i
1 3-7
. ~ _, _ _
SAI-84/1045 &CW Rev. 0 - 3/1/84 4.0 SPDS SAFETY ASSESSMENT The SPDS is designed to provide reactor safety status to the control room ope rator s.
To achieve this, the SPDS will inter f ace with existing plant instrumentation loops for analog points, digital points and in some cases with monitoring devices. To ensure that the prcposed modifi-cation does not present safety problems, the implementation of the SPDS will be evaluated to determine whether the changes involve an unreviewed safety question or change of technical specifications. Additionally, an SPDS safety analysis will be per formed to demonstrate that the displays will provide desirable information to determine reactor safety status. These will be accomplished as discussed below.
4.1 SPDS SAFETY ANALYSIS A review to verify the identification of key functions and related parameters for rapid determination of overall safety status of the plant has been performed.
This review has been documented and is provided separately as the NPPD Cc.;Jr Nuclear Station SPDS Safety Analysis.
Key functional areas such as reactivity control, primary system integrity, primary and secondary system heat removal capability, radiation monitoring and control, and containment integrity were considered in the review. A spectrum of potential accidents was evaluated in support of the BWR Owners' Group EPGs; the EPGs thus serve as a primary technical basis for parameter selection for the CNS SPDS. The SPDS Safety Analysis describes how the EPGs and key plant safety functions have been addressed to identify and justify SPDS parameter selection.
For details of the analysis, see the separately provided docu-ment.
4.2 10 CFR 50.59 EVALUATION All interfaces to plant systems involving interaction between SPDS and the plant systems will be evaluated as plant modifications. Also, a review of safety impact and potential fire hazards for the installation of the SPDS equipment in the control room and associated interconnections will be performed.
A 10 CFR 50.59 evaluation of the proposed modification will be completed to ensure that the addition of SPDS in the control room does not increase the probability of occurrence or the consequences of an acci-4-1
. _. _. ~.
SAI-84/10'45 &cW Rev. 0 - 3/1/84
' dent ::r malfunction of equipment related to safety.
Should the 10 CFR 50.59 evaluation identify an unreviewed safety question or change in technical specifications, appropriate approvals from the NRC will be sought prior to the installation of the SPDS.
1 4
4 4
a-4 4
5 4-2 L
SAI-84/1045&CW Rev, o - 3/1/84 5.0 SPDS VERIFICATION AND VALIDATION The purpose of the SPDS verification and validation (V&V) program is to ensure that a traceable and auditable development of the system oc-curred to provide assurance that a highly reliable and available system is implemented.
Verification and validation are integral parts of the system design, development and installation process.
Review of requirements and designs, preparation of test plans and overall system validation must be performed in conjunction with system development.
Verification of the system after installation and periodic testing must also be provided.
The V&V program will be designed such that the design, development, qualifica-tion and installation of the SPDS can be verified and validated by someone other than the original designers and developers.
The V&V program is based on the NSAC-39 report with a few specific refinements.
The refinements are a result of industry experience which has shown that the V&V effort: (1) must be tailored to the specific hardware and software development approach; (2) should not be on the critical paths; (3) should be integrated with the project quality assurance program; and (4) must not interfere with the approval proce'dures.
The program meets NSAC-39 with these added four operational modifications.
In addition, the V&V effort meets the basic objective of providing necessary and sufficient documentation to demonstrate that an adequate independent technical evalua-tion has been performed.
The elements of the V&V program integrated into the SPDS implemen-tation plan are:
o Systems Requirements Verification (System Requirements Review) o Design Verification (Design' Review) o System Validation (Validation Test and Report) o Field Verification (Verification of Proper Field Installation) 5-1
- SAI-84/1045&CW Rev. 0 - 3/1/84 These elements, which are discussed earlier in the implementation steps, form the basis of the V&V plan.
The detailed application of these elements into the implementation steps is addressed in the V&V plan, which is submit-ted as a separate document.
o 6
9-9 e
5-2 e
+
e w-
SAI-84/1045 &CW Rev. 0 - 3/1/84 6.0 NRC STAFF REVIEW OF SPDS As discussed in Supplement l' to NUREG-0737, the NRC Staff has indicated that licensees may request a pre-implementation review and approv-al of SPDS. Accordingly, NPPD has requested a pre-implementation review of the Cooper Nuclear Station SPDS. NPPD plans and suggestions for integrating the review into the implementation process are discussed below.
6.1 REVIEW OF SUBMITTAL PACKAGE This SPDS implementation plan and the separate SPDS Safety Analy-l sis and Verification and Validation Plan provide a comprehensive package of information covering the Cooper Nuclear Station SPDS.
NRC Staff review of this package is thus considered the first step toward SPDS review and ap-proval.
SPDS implementation has already begun and will continue during NRC review of the submittal package, thus evaluation against the submitted plans can also be incorporated into-the NRC ^ review. If the NRC desires to observe some implementation progress as well as discuss the general plans for the Cooper Nuclear Station SPDS, a review meeting in June 1984 is proposed. At that time, NPPD will be well into SPDS implementation and applying the V&V approach and plan for the verification of design requirements.
Also, TPPD will-have completed the critical design review of displays with application
~ of human factors engineering principles. Thus, this review will provide the l
NRC with the information to evaluate the initial SPDS implementation steps and application of V&v to the SPDS design and confirm that human factors engineering principles have been followed in the development of displays.
6.2-SPDS DESIGN VALIDATION REVIEW To assure that SPDS implementation efforts will indeed provide a system that meets its intended functions, detailed implementation plans and a systematic verification and validation process have been developed and
,will be utilized.
The re fore, it seems appropriate that further NRC imple-mentation review be directed at actual system implementation progress and evidence of the Vsv process.
The amount of observable evidence and imple-mentation progress that is available for NRC review obviously increases as the implementation schedule progresses.
From evaluation of the submitted
' pack age, the NRC Staff may determine the depth of review appropriate and/or 6-1
SAI-84/1045&CW Rev. 0 - 3/1/84 identify a point in the schedule most valuable for review. For the most comprehensive and efficient review, NPPD suggests a review in February 1986 as SPDS nears operability.
At that time, the system can be physically observ ed, validation test results will be available, and records of design verification and requirements verification will also be available.
By conduct of the review at this time, the NRC will be able to evaluate the complete spectrum of design, development, and testing activities and have a sound basis for completion of their safety evaluation.
s e
4 I
6-2
+- +
w
,,-,_.~,..r-.
_..,y,
.,,m.
S AI-84/1045 &c'd Rev. 0 - 3/1/84 7.0 SPDS IMPLEMENTATION SCHEDULE
- Figure 7-1 illustrates the SPDS implementation plan and provides the proposed schedule for implementation steps and associated reviews by the NRC.
I i
9 a
, 1 e
re-
-wa
,,-,-r e
+.w+
n-,-e,-r--r,-,
e.~w---w-we
--e.
n~+--
ww-+,-
e e
-e-.
men---s-,
.m i
., gRi%Do u,*g wQ-oe w)N%
4 I1 gllIglIilI11lI',Il[IllIlIIlIlI! IIgIIiIlIl II 6
F o '
8 9
J 1
11 g(lII liIlIllllltIiIlIIlIIIIlIi gIIIIIII lI D
N ll11 t l1II llllilIII1II1IIIIlII IIiIiIIlIIlI 0
x 5-x xx 1I1lIi111llIlIlI1IlIIliIIIlII IIg1iiIlIIII A.
xx J
x 5
x 8
llllIjillll1lIlllIlIillIIIlii iIg iilIlI1 II x
9 1
J xx M
xx lIll IiIll1lllIlllIl1i! IIIIlil lIg liiILIliI x
A x
x x
x M
x x
x x
x x
1li1 1IIllllll11i1Iilil II1Ilii IIg itlIIIllI
. F xx
[
J xx x
I8 ll1I1 11!1lI1l11l)lIIlIliI11lIi IIgilIIIIl iI D
x x
x x
x
.N x
x e
x x
1I1il)llI I1llI !1lIi1IltI11lIli' )
IlIIlIl II O.i x
x x
x e
t
.S e '
x x
m x
x i
t x
x t
l)lI IlII)
.Ii Il!ll!IllIllIiilIit*
IlIIl1lII
..A x
x x
x s
J x
x h
i x
x 4
,~
x x
t
. 8 IlllIiIl!IItlIlllI!IIliIiilIl l*
IlIIlIlII 9
,.~
1 J
x t
x o
x a
, x x
H x
. xx x
d II!l II11l e
A
',xllII
)
(lIIlIIlItilII I l*
IlIIlIl II l
i xx u
x -
x x
d H
x x
x e
x x
- x h
u x
x I1ilII1lllIlIII!lIIIIIIIlIlII I*
c llIIlIlII
~
. x x
s F
.x x
x x
t J.
x x
. x x'
x' o
x Il IIl N
I i l 1, tllI1Ill1IIIIlIIlIlIII*
x x
(
ilIIlIlI1 D p's 3'
x x
8 x-x 9
N^
x 1
x l1llJ Il IIl1tIIi1IlIiIl!IlIiIIIliIIIiliI1I1I1
- c d
n r
d n
e ro es. r os n
a n l
ei s
sy oS y
nn a
.u t t o
w e
. "o.
aa D
wa w
ao n
e l
.d ea Bl tP el e
l i n
o i
b i
+
e Imc' t
p' nS i p t
ai c
f s e
s vs.i st l o d
i v'
a
. h' a
v ea ai ea t
e r
c n
rfsa oi md y ei e
Dc nt g t n a
R e
c S
o ai Fw D
pea RD R
i,
i oan at l
p i
. Pt s
w onl
. r idi rn l
C o
f t
n ni eS li p l S C
et tit gi ai R
a Se av iD ef s aD R
t r cl s ea t
N S
t Dd me vP vei, nr N
se nae t r s e r
ns PI un eS ERD iS yv uvT nT n
P v
D ep S
H R
D F
o S
F I
I o
S me-et
- l se 2 a 3'
4 5
6 7
8 9
p 1
m I
?
0 li I1III tilI1II1)II) 1!1IIiI1i1IiIIIIiIi1II1lI 1
p' j
m$E*4L*
,o8 sB7$*E%g3megcE
,e t
ye"
' - J '"
2