ML20099J334

From kanterella
Jump to navigation Jump to search

Revised SPDS Program Plan
ML20099J334
Person / Time
Site: Fort Saint Vrain Xcel Energy icon.png
Issue date: 11/13/1984
From:
PUBLIC SERVICE CO. OF COLORADO
To:
Shared Package
ML20099J317 List:
References
PROC-841113, TAC-51242, NUDOCS 8411290009
Download: ML20099J334 (53)
v  d  e


Text

e P-84487 Attachment 2 l

PUBLIC SERVICE COMPANY OF COLORADO FORT ST. VRAIN NUCLEAR GENERATING STATION SAFETY PARAMETER DISPLAY SYSTEM PROGRAM PLAN September 30, 1983 Revised November 13, 1984 8411290009 841113 PDR ADOCK 05000267 PDR F

  • TABLE OF CONTENTS s

1.0 '"TRODUCTION AND PURPOSE 1.1 PROGRAM PLAN 1.2 SPOS

1.3 REFERENCES

/ APPLICABLE DOCUMENTS 2.0 REQUIREMENTS 2.1 FUNCTIONAL /0PERATIONAL REQUIREMENTS 2.1.1 Functions / Features 2.1.2 Parameters 2.1.3 Equipment 2.1.4 Human Factors 2.1.5 Operations 2.2 PERFORMANCE REQUIREMENTS 2.3 INTERDEPENDENCIES 2.3.1 Training 2.3.2 Verification and Validation 2.3.3 Safety Analysis 3.0 FEATURE OVERVIEW 3.1 FEATURES 3.2 FUNCTIONAL RELATIONSHIPS 3.3 INTERFACES 4.0 FEATURE DESCRIPTIONS 4.1 DEDICATED CRT 4.2 2-ON-1 CONSOLE /3-ON-1 KEYBOARD 4.3 PRIMARY DISPLAY 4.4 SECONDARY DISPLAY 4.5 ACCESS TO DISPLAYS 4.6 ALARM / WARNING 4.7 ALARM BOXES 4.8 ALARM BOX "REFLASH" CAPABILITY 4.9 AUDIBLE ALARM 4.10 AUDIBLE ALARM " RESOUND" CAPABILITIES l 4.11 PARAMETER DISPLAY 4.12 ACKNOWLEDGMENT OF REQUESTS TO THE SYSTEM 4.13 TIME DERIVATIVES 4.14 ACCURACY OF PARAMETERS 4.15 PARAMETER SELECTION AND ANALYSIS 4.16 HIGH RESOLUTION CRT

i 4.17 LOCATION IN THE CONTROL ROOM 4.18 SYSTEM DATE 4.19 LOCATIONS l 4.20 OPERATION MODES 4.21 RESPONSE TIME 4.22 DATA AVAILABILITY 4.23 DUAL COMPUTER SYSTEM l 4.24 COMPUTER SYSTEM RELIABILITY l 4.25 COMPUTER SYSTEM EXPANDABILITY 4.26 SAFETY ANAL,VSIS APPENDIX A Figure 1 SPDS Software Functional Relationships Figure 2 Future Plant Computer Configuration Figure 3 Existing Plant Computer Configuration l Figure 4 Paging Features on CRT Displays l Figure 5 Pawnee Computer System Availability l Figure 6 Pawnee Dual System Availability l Table 1 PSC SPDS Parameter List l Prototype Displays Fort St. Vrain SPDS Verification and Validation Program Figure 1 Sequence of Events l

A i

ABBREVIATIONS SPOS Safety Parameter Display System j NUTAC Nuclear Utility Task Action Committee i

FSV Fort St. Vrain

! HTGR High Temperature Gas-Cooled Reactor 4

V&V Verification and Validation

00 Design Directive

} TSC Technical Support Center l FCP Forward Command Post CRT Cathode Ray Tube R0 Reactor Operator CSF Critical Safety Functions 1

f 4

DEFINITIONS i

t Podian Subsystem - Post-Disturbance Analysis software that stores l l historical " snapshots" of the data base on disk.

Check point Failover Subsystem - Sof tware that keeps the data current from on-line to standby and causes a "failover" from online to standby.

} 40-700 - The memory coupling device that allows the on-line computer system l to communicate with the standby system.

4 I

Man-machine Subsystem - Software that controls the interface between the l console keyboards and the computer.

} l Abnormal Operation - operation under conditions which, if left uncorrected, l l could allow or have already allowed fission products to escape from the j l fuel particles or from the PCRV.

l Validated Parameters - data that can be validated by redundant sensors l l and/or a validation algorithm.

i l Invalid Data - data which is not current (For example: the computer is not l l able to scan that data point because of hardware failure).

i t

-,-.-._,.,,_..,_-.-__,yy_ ,, _..,.mm..m.,,..c,.-.- ,..m-.- - , . , , _ , , , - _.y,,,, .,,,,, ,__m , , , , ~ , ,-,,-,-_m_y,,,,__mm._,,_,.7, ., m,..

i

1.0 INTRODUCTION

AND PURPOSE i

1.1 PROGRAM PLAN I The Safety Parameter Display System (SPDS) is one element of several interrelated efforts designed to improve control rooms, emergency response capabilities and procedures. The regulatory requirements for providing a SPDS is contained in NUREG 0737,

! Supplement 1 (Generic Letter 82-33).

Guidance for the SPDS and related activities has been derived from various NUREGS (See Section 1.2) and the industry sponsored SPDS Nuclear Utility Task Action Committee (NUTAC) document entitled " Guidelines for an Effective SPDS Implementation Program". Methodology developed within this plan takes into account the unique characteristics of the Fort St. Vrain (FSV)

High Temperature Gas-Cooled Reactor (HTGR).

The purpose of this program plan is to describe the manner in which Public Service Company (PSC) intends to proceed to '

implement the SPDS at the FSV Station.

l 1.2 SPDS l' l The purpose of the SPDS is to provide a concise display of l critical plant variables to control room operators to aid them in

!' l rapidly and reliably determining the safety status of the plant

[ and in assessing whether abnormal conditions warrant corrective

l action. The SPDS simply concentrates the Critical Safety l Functions of the plant (most of which are indicated on the l control board) into a single set of dedicated displays.

The design of the primary or principal display format shall be as simple as possible, consistent with the required function, and shall include pattern and coding techniques to assist the i operator in memory recall for the detection and recognition of potentially unsafe operating conditions. The SPDS will include i some audible notification to alert personnel of an unsafe

. operating condition. The design of the SPDS will be expandable f

to accept new functions.

i i

i J

, - - - - , . ,,, . , , .,w - --,m,, ..n.--,me-, ,,,-------ws ,--,,---,-,a--er,p-----eys--,nm-. , - w--,---,-r-,-,--m,-ar,-,-w --,-,-e---r-m----,,--en----- --

l l Displayed data shall present a current and accurate status of the l plant. Hardware rejects, errors detected by transducer range l limit checking, and errors detected during engineering unit l conversion will cause the data to be flagged as invalid.

l Conservative alarm and warning limits will be selected for the l 3PDS parameters so that the operator will be alerted of l approaching abnormal operating conditions prior to reaching PPS l setpoints when practical. Quarterly surveillances of the SPDS l parameters and hardware checks will be performed. A Verification and Validation program will be followed in accordance with the guidelines in the attached document, " Fort St. Vrain SPDS Verification and Validation Plan".

Selected Emergency Procedures will be reviewed as part of the Control Room Design Review. Any necessary changes with regard to SPDS will be incorporated at that time.

1.3 REFERENCES

/ APPLICABLE DOCUMENTS The following documents were considered in the development of Fort St. Vrain's SPDS program:

NUREG-0696 " Functional Criteria for Emergency Response Facilities".

NUREG-0835 " Human Factors Review Guidelines for the Safety Parameter Display System" NUREG-0737 " Requirements for Emergency Response Capability" Supplement 1 to NUREG-0737 IEEE 384 " Criteria for Independence of Class 1E Equipment and Circuits", 1981 Other Public Service Company of Colorado documents utilized:

Design Directive CRT-1 (DD CRT-1)

Design Directive KEY-1 (DD KEY-1)

Design Directive SLS-1 (DD SLS-1)

Control Room Design Review Program Plan l Software Specification (EM01.AAD.GIO20) l Fort St. Vrain SPDS Safety Analysis Report

.- l L .-

2.0 REQUIREMENTS The following subsections provide the description of the requirements essential to the successful development of the Safety Parameter Display System. Using the NUREGs as guidance, these requirements were developed as they apply to an HTGR.

i 2.1 FUNCTIONAL /0PERATIONAL REQUIREMENTS i 2.1.1 Functions / Features

1. A dedicated display with a single primary display format will continuously display the minimum parameter set necessary to assess the safety status l of the plant at each mode of plant operation. Modes I of plant operation are determined by the Interlock l Sequence Switch (Startup, Low Power, Power) and the l Reactor Mode Switch (Fuel Loading, Off, Run).
2. The secondary display may be individual plant parameters or may be composed of a number of parameters or derived variables giving an overall system status.
3. The recall of additional data on secondary formats or displays will be available.

i 4. Display of time derivatives of the parameters in lieu of trends to both optimize operator-process communication and conserve space is acceptable.

5. The secondary display format will contain the
magnitude of all variables being displayed and the j time derivatives of selected parameters.

l 6. A rate-of-change algorithm will be used to determine l time derivatives of plant parameters for increasing l or decreasing plant parameter trends.

l 7. The SPDS will contain operator interactive devices.

l 8. The display system will positively acknowledge each request that the design allows the operator to make.

l 9. A display will be included of calendar date and time

( of day with some means of indicating the passage of seconds. The display will be updated only when the system is operating properly so that a static time

would indicate a system failure. The date and time will be located in a corner of the display so as not to distract the operator.

J t

4 i

- -_ - - . __ _ . - _ _ _ . ~ , . _ - . . _ . _ - _ _ . _ - . . _ , - _ _ . - _

_ - _ _ . _ _ _ _ _ - _ _ _ _ . _ _ . ~ - -

g a r v ,

l 10. The use of color coding will be used to indicate the
approach to unsafe operations and to indicate unsafe  ;

l operation.

~

l 11. The display system will emit a distinct, audible i sound, such as the beeper available on computer -

terminals, upon detecting an abnormal operating .

condition.  !

i. l 12. The SPDS alarm system >will have provisions te - i silence, acknowledge, and reset. 4

)j '

l l 13. Performance tests of the silence, acknowledge, and

reset functions will be performed.

I i

e L F 1

4 I

4

}

a i

t i

i I

i 4

i '

i i

- - - - . . - _ , , . . . . _ . _ , , , - , _ . . _ . _ , _ . - - . _ , , - - . ._,,_..__,....._,.--.-.,---,_,-,,----,,.-,..~,,-.-,,-,..,-.m,_.,.,,--,.=,-,.,,-,.-,. ,-

2.1.2 Parameters

1. Data will be displayed to provide sufficient
information to plant operators about

(a) Reactivity Control (b) Primary System Heat Removal (c) Secondary System Heat Removal (d) Radioa:tivity Control (e) Primary Coolant System Integrity l The paramet,ers to be displayed, justification for  !

l their selection and SPOS response time necessary for j l each parameter are contained in the Fort St. Vrain l l SPOS Safety Analysis Report.

l l 2. Conservative alarm and warning limits will be 1

l selected for the SPOS parameters so that the l operators will be alerted of abnormal operating

l conditions prior to reaching PPS setpoints when
l practical. Blinking, non-blinking and color coded ,

l numbers will be displayed to indicate the condition i

l of the selected parameters. Invalid data will be j l flagged.

4

! l 3. Initial validation of the SPOS parameters will be l l done by manual calculations verifying the computer's i l conversion from raw millivolts to engineering units.

l Calculated SPOS parameters will also be validated by l manual calculation. Some parameters may be compared i with predetermined limits for different modes of l

l plant operation. The validity of parameters will be l checked during quarterly surveillances. Parameters

! l whose validity is in question will be flagged on the l SPOS displays.

j 2.1.3 Equipment .

4 t i 1. The processing and display devices of the SPOS will I l be of proven high quality and reliability.

! 2. The SPDS will be suitably isolated from electrical or

electronic interference with equipment and sensors
that are in use for safety systems, i

i 1

t l

l

! 5-i i

-._,,_._,,.m.-. .. _ _ . _ , . . - ~ . , _ _ . . , _ . . , . . , _ . , _ _ . - _ _ - - - _

l 1

3. The SPOS will be located in the control room with additional SPDS displays provided in the TSC & FCP.

2.1.5 Human Factors

1. The SPOS shall be designed to incorporate accepted human factors principles so that the displayed information can be readily perceived and comprehended by SPDS users.
2. Each group of parameters will ba displayed so that all are visible to the operator within one field of view.
3. The parameters will be sequenced in a logical manner to facilitate operator comparison of parameters in evaluating the safety status of the plant.
4. The primary display format will utilize patterns and display enhancements as discussed in Section 3 of NUREG 0835 as it applies to an HTGR.
5. The SPOS will be readily distinguished from other displays on the control board.
6. The displays design will conform to the appropriate display readability guidelines stated in FSV Design Directive CRT-1 such as viewing distance, viewing angle, and screen location for standing and seated operators at the West End Reactor Operator's Station.
7. The data displayed on the CRT will have acceptably low flicker and noise.
8. Alpha-numeric characters generated with a 7x9 dot matrix or larger are preferable; characters with 5x7 dot matrix are acceptable.
9. The density of the display will be less than 25*.' when i

complex symbology are displayed (e.g. mimics).

, 10. Glare from normal or emergency lighting will not restrict viewing of the SPOS from within the control room. The use of antiglare techniques and devices are acceptable when they are in accord with other criteria stated in FSV Design Directive CRT-1.

_ _ _ - - . _-____, - .- - - ~

l

, 11. For ease of detection, acceptable symbol to '

background contrast ratio will fall within the range ,

j specified in Design Directive CRT-1 for all important data, j

{ t i' 12. Alpha-numeric keyboards for the SPOS will have the I same keyboard layout as the other keyboards in the  !

control room (Design Directive KEY-1).

i i 13. The display system will emit a distinct, audible sound, such as the beeper available on computer I terminals, upon detecting an abnormal operating i condition, i

1

! 14. Pattern and coding techniques shall be used to assist l cperator detection and recognition of the approach to unsafe operating conditions. i I

15. Physical obstructions will not block a person's field i
of view of the SPOS when the person is at the normal l work station, r 4  !

~

16. If the SPOS is not in the operator's direct field of i j view at the work station, a reorientation of his/her  !

i field of view will allow viewing the SPOS from the j

! work station.  !

j 17. Members of the control room operating crew have  !

. physical access to the SPOS keyboard from their i normal work station. A short direct walk to the SPOS keyboard is acceptable. l 1

18. Luminance levels and luminance contrast will not I limit viewing from the normal work station.  !

I 4 19. The SPOS shall be of such size as to be compatible

{ with the existing space in the control area. ,

t

20. The SPOS shall not interfere with normal movement or i with full visual access to other control room j operating systems and displays.  !

l l

i, r

7 l '

l I

i l

.. .. - . ... .= . . . _- -- . . . - . .-. - - .- - .

j 21. Operation of the plant with the SPDS out of service i' i is allowed provided that the control board is

. sufficiently human factored to allow the operations l

staff to perform the safety status assessment task in '

l a timely manner. The Control Room Design Review l currently in progress will insure that this l requirement is met. E i -

1 22. The SPDS will be designed incorporating human factors in accordance with the FSV Design Directives (CRT-1, l KEY-1,SLS-1). The overall integration of the SPOS will be evaluated by the Verification and Validation '

program.

l i 1

i l

I J [

l i

l i

i t I

I l

l I  !

I i

s  !

r i

2~  !

l a  !

1 -8 .

i i r

I i l

! i I e

2.1.5 Operations

1. Operator interaction with the SPOS will be designed such that training in computer programming is not required.
2. No additional operating staff other than the normal control room operating staff will be added for operation of the SPOS.

l 3. Operator requests to the display system from consoles l other than the dedicated SPOS CRT will result in l display of additional data.

4 Operator acknowledgment of a change in the displayed parameters from the primary SPOS display will be possible in a matter of seconds.

S. The display system will positively acknowledge each request that the design allows the operator to make.

6. There will be operator interaction incorporated in the display designs.
7. After the SPOS has been installed operating
procedures will be available that will allow timely

, and correct safety status assessment when the SPDS is not available.

9 J

j

.g.

l l

- . - . . . - ~ . . - .. _ - _ . - . - - - - _. _ =. .

f

?.2 PERFORMANCE REQUIREMENTS

1. The sampling rate for each parameter is chosen such
that there is no meaningful loss of information in i the data presented to the operator, l 1 2. The parameter update frequency and the alarm / warning I response times are discussed in the SPDS Safety ,

l Analysis Report. i i 3. Dati will be available for retrieval and will not be

  • lost as a result of an electrical power failure.

i 1 4. Data stored for retrieval will be stored on a secure medium and will be available upon demand.

S. Response times to operator requests for information l

on secondary displays will conform to FSV Design ,

Directive SLS-1 guidelines for computer response time.

~

to operator queries.

6. The SPDS as used in the control room shall be designed to an annual operational unavailability goal  !

j o f . 01.  ;

1 7. The startup annual unavailability goal for the SPDS j during startup mode for the reactor shall be .2.

i i

I i

1 1

l l

l 1

i i i r i

i l  :

1 l

i i

4

2.3 INTERDEPENDENCIES 2

2.3.1 Training

1. The control room operations staff shall be provided with sufficient information and criteria for performance of an operability evaluation of the SPDS.
2. Operating procedures and operator training in the use of the SPDS shall contain information and provide guidance for the resolution of unsuccessful data validations.
3. After the SPDS has been installed, operating procedures will be available that will allow timely i

and correct safety status assessment when the SPDS is not available.

l 4. Operating procedures and operator training in the use

.! I of the SPDS shall contain inforn.ation and provide l l guidance for the resolution of invalid data.

l 5. The operator training program will contain instructions on the use of the SPDS.

6. An SPDS user's manual will be available for operator reference in the control room.

l 2.3.2 Vc ification and Validation

1. A qualification program will be established to l demonstrate SPDS conformance to the functional

] criteria of this document.

i j 2. A test plan will be available for the SPDS which will i

define a minimum of one test case for each major functional criterion of the display system.

i

3. All display formats in the design will be tested, j including mode dependent formats.

l 4. A test report containing the results of the test

! cases will be compiled. All major functfonal .

criteria must be tested successfully, i

I i

k i

I 1

4

) 1 >

r j

i

2.3.3 Safety Analysis

1. Public Service Company will prepare a written safety analysis describing the basis on which the selected parameters are sufficient to assess the safety status of each identified function for a wide range of events, which include symptoms of severe accidents.
2. The selection of specific information that will be l provided for FSV will be based on engineering

. Judgement, taking into account the importance of I prompt implementation.

i 4 3. The minimum set of critical functions will be the ones by which the operator evaluates the safety i

status of the plant.

1 I

h i

P I1 l

i i

l

, 4 i . _ - - . . _ , . _ _ . _ . . . , _ _ . _ _. - --,, __,.__. , _ . . . . _ _ . - _ . - . ,_. - _ .. ._, _ - _ . . _ _ _ . . - . , . , _ . , ,

.(=

y ,

. 3.0 FEATURE OVERVIEW ^^

i

3.1 FEATURES -

TheFSVSafetyParameterDispiahSystemwillbebuiltaroundthe y'( current Fort St. Vrain plant computer system. It will use the existing data base, data acquisition subsystem, the alarming.

,

  • subsystem and man-machine subsystem. Additions and some modifications will be made to the existing softwire to perform the SPDS functions. The analog scan rate will remain unchanged.

The historical data requirements will be met by the Podian Subsystem, the Post Trip Sab' system and the Historical Data Subsystem. Minor modifications will be made to the existing Checkpoint-Failover Subsystem to incorporate a second 40-700 (memory coupling device) into the' scheme. 'This is to increase system reliability.

A single dedicated CRT will be used in the control room for the SPOS displays. The CRT will be mounted in the control board in N '

the I-04 panel and will share the keyboard of the West End s Reactor Operator's consola. Only SPOS displays will be allowed i i on the CRT. Any other CP.T will have access to these same SPOS ,

s s displays. ,The Technical Support Center (TSC) and the Forward Command Post (FCP) will have CRTs which are capable of displaying the SPOS parametars but not dedicated to that function.

e The SPDS displays will be distinguished from the other displays l by tha five boxes (one for each CSF category) on the display which will indicate whether each category has any acknowledged or unacknowledged warnings or alarms (see the detailed feature l descriptions in Section 4 and the prototype displays for further explanation of this feature). Accessing the SPOS displays will be as simple as possible. An audible alarm on the CRT will be added for the SPDS parameters which can be silenced from the control board. The alarm limits of the SPDS parameters may be variable depending on the pl&nd statbs. Alarms generated by the l SPDS parameters will be distinguishable from other computer l system or control room alarms. ^

s 3.2 FUNCTIONAL RELATIONSHIPS ' '

See Figure 1 for functional relationships. This diagram shows the areas in which nsi code must be added or existing code must be modified. '

l 4 i g

s t

--r -* e -

=--t~ -4

3.3 INTERFACES All interfaces to the SPDS system are through the CRT's. There will be very'few changes required to the existing Man-Machine subsystem. The definition of the SPDS keyboard will take care of limiting the functional capabilities of the SPDS CRT to those things which are needed to determine the safety status of the plant.

4.0 FEATURE DESCRIPTIONS The following subsections describe in detail the external features introduced in Section 3.0 (FEATURE OVERVIEW).

4.1 DEDICATED CRT 4.1.1 The SPDS will be a single dedicated CRT in the control room.

4.2 2-0N-1 CONSOLE /3-ON-1 KEYBOARD 4.2.1 Although the SPDS is a physically separate CRT, it will be part of a 2-on-1 console with a 3-on-1 keyboard. The SPDS CRT will be located in the I-04 panel; the other two CRTs are located at the West End Reactor Operator's Station in the control roos. There are 3 buttons, numbered 1,2,3 respectively. Numbers 1 and 2 will access the 2 CRTs at the West End Reactor Operator's Station; number 3 will access the SPDS. When the SPDS is accessed, the physical keyboard layout remains the same but the pre-assigned function keys are defined specifically for the SPDS.

4.3 PRIMARY DISPLAY 4.3.1 The primary display format consists of the 5 Critical Safety Function (CSF) categories through which the associated parameters for each category can be accessed.

This display serves as the " master menu" to the other SPDS displays.

When the operator recognizes there is an alarm / warning condition in one of the five CSF categories, he pushes button number 3 at the West End Reactor Operator's console. At this time he has the option of going to either:

1. The poke point to the left of the category in alarm at the top of the display, or i
2. The poke points across the top of the large boxes at the bottom of the display. i By pressing the " cursor transmit" key, he will then access the secondary display with the associated parameters for that category.

4.4 SECONDARY DISPLAY 4.4.1 The secondary display format consists of:

o the parameter name o the value o a rate of change value (where applicable) o an associated display where the operator can access further information at another CRT 4.5 ACCESS TO DISPLAYS 4.5.1 Access to the various displays will be through the following methods:

o poke points located next to the CSF category name and immediately above the large alarm boxes at the bottom of screen o "page forward" key will access the displays in the following order:

SPDS Master Menu Reactivity Control Primary System Heat Removal Secondary System Heat Removal Primary Coolant System Integrity Radioactivity Control o "page back" will access the previous category's secondary display o all other paging keys will return to the " master menu" display

. . ~ . -.

Another method of accessing the SPDS displays quickly and easily will be through pre-assigned. function keys. This requires pressing the number 3 button on the West End Reactor Operator's console at which time the keyboard is assigned to SPDS. The SPDS master menu and the secondary I displays will then be available through the assigned ,

function keys. l l

l There will be a pushbutton on the control board which will l enable the operator to "page forward".through the SPDS l displays on the SPDS CRT.

l All of the other consoles will have the same pre-defined l function keys. However, these keys will bring up displays l that will allow the operators to use the " paging" function l keys to automatically bring up associated displays. See l prototype displays and Figure 4 for further explanation.

l Also, on any CRT other than the dedicated SPDS CRT an

-l operator can bring up any other display by typing the l display number on Line 1 of the CRT and pressing the i " display" function key. These features are currently in l use and will require only minimal operator training.

4.6 ALARM / WARNING 4.6.1 When any designated plant or SPDS parameter goes into an l alarm / warning condition, an alarm / warning message will be

'1 l posted on the appropriate summary. A small red (alarm) or l yellow (warning) box will blink at the top of all plant l computer CRT displays until all alarms / warnings are 4

l acknowledged. Acknowledgment of SPDS alarms / warnings will l be by Reactor Operators only from the West End R0's l console when the secondary SPDS display containing the l parameter in alarm or warning is up on that console.

4.7 ALARM BOXES

~

4.7.1 All SPDS displays, both primary and secondary, will contain five large alarm boxes across the bottom of the screen that indicate a warning / alarm / normal condition for all parameters in each of the Critical Safety Function l (CSF) categories. See the prototype displays included in l Appendix A.

The appearance of the boxes will be (for each CSF category):

blank - normal condition for all parameters f ,

~~

blinking yellow - unacknowledged warning for one or more parameters solid yellow -

acknowledged warning for one or more parameters blinking red -

unacknowledged alarm for one or more parameters I solid red - acknowledged alarm for one or more parameters 4.8 ALARM BOX "REFLASH" CAPABILITY 4.8.1 The large blinking boxes will have "reflash" capability.

This implies that within the same CSF category, when a parameter goes into an alarm / warning state and is acknowledged or returns to a normal state, a second parameter going into an alarm / warning state will cause the box to flash again.

4.9 AUDIBLE ALARM 4.9.1 An audible alarm will sound when any of the SPDS I parameters go into an alarm or warning condition. The I alarm can be silenced by the operator at the control board l or at the West End R0's console.

4.10 AUDIBLE ALARM " RESOUND" CAPABILITIES 4.10.1 The audible alarm will have " resound" capabilities. This implies that within the same CSF category, when a parameter goes into an alarm / warning condition and is l silenced, a second parameter going into alarm / warning will l cause the audible alarm to sound again.

4.11 PARAMETER DISPLAY 4.11.1 Change of condition of a parameter will be indicated by the following codes:

Color o red - alarm o yellow - warning o green - normal o magenta - bad telemetry l

l

l Next to o inverse-video blinking magenta "V" l Value- - SPDS data may be invalid l o white asterisk - value was manually l replaced l o cyan "I" - alarm on parameter is l inhibited Appearance o blinking - unacknowledged alarm / warning o solid - acknowledged alarm / warning or normal l It should be noted that no SPDS parameter can have its l value manually replaced or have its alarms inhibited l except by an authorized person with the proper written I authorization.

J 1

0 I

s Y

4.12 ACKNOWLEDGMENT OF REQUESTS TO THE SYSTEM 4.12.1 When the operator makes a request to the system, it is acknowledged in the usual manner: 1) the cursor goes away

and upon return the request is complete or, 2) an appropriate message indicates the request is in progress.

Acknowledgment of SPDS alarms and warnings is recognized by the blinking red or yellow box becoming solid. The method by which those alarms are acknowledged is discussed in Sections 4.6.1 and 4.8.1.

4.13 TIME DERIVATIVES 4.13.1 Time derivatives will be displayed for selected parameters. This will include displaying the rate-of-change value and an arrow next to that value indicating a positive or negative rate.

4.14 ACCURACY OF PARAMETERS 4.14.1 Instrument sensitivity, alarm / warning limits and deadband values will be analyzed for each parameter to insure sufficient accuracy for the operator to evaluate the safety status of the plant.

4.15 PARAMETER SELECTION AND ANALYSIS l 4.15.1 The parameters to be displayed, justification for their j selection, and the SPDS response times necessary for each l parameter is contained in the Fort St. Vrain SPDS Safety l Analysis Report.

4.16 HIGH RESOLUTION CRT 4.16.1 A high resolution CRT will be used for the SPDS.

Documentation of the acceptance criteria can be found in Design Directive CRT-1.

4.17 LOCATION IN THE CONTROL ROOM 4.17.1 The SPDS will be located in the I-04 panel of the control i board for easy access and readability. A section of the t

l I-04 panel will be cut out for the CRT which will be mounted from the ceiling with the appropriate supports.

This implies that the SPDS is separate from I-04 and does not affect the seismic qualifications of the panel. The SPDS keyboard will be on the 3-on-1 keyboard at the West End Reactor Operator's work station.

l y+ 9w --

-7 ----

+m -

- - - , y. , -a- i et r+- - ----s- 7 y- -

-t t

=

4.18 SYSTEM DATE 4.18.1 The system date will be displayed in the upper left hand corner of all SPDS displays and will automatically

" refresh" the passage of seconds. MST is indicated with the semi-colon (;) as a delimiter (i.e. 08:23:20) while MDT is indicated with the colon (:) as a delimiter.

Usually, the ability of " walk back" in time is allowed on displays (indicated by inverse video - solid background, black letters) but this feature will not be available on the dedicated SPDS CRT. This insures that the information viewed by the operator is current.

4.19 LOCATIONS 4.19.1 The SPDS will be:

o A dedicated CRT in the Control Room o An optional function of the CS-19 1-on-1 console in the TSC. The 1-on-1 was purchased primarily for the SPDS.

o An optional function of the CS-19 2-on-1 console in the Forward Command Post t

(Emergency Operations Facility) o An optional function of any other console l 4.20 OPERATION MODES 4.20.1 Variable alarm limits will be applied to the SPDS l parameters as a function of the Interlock Sequence Switch j (Startup, Low Power, Power) and the Reactor Mode Switch l (Fuel Loading, Off, Run).

4.21 RESPONSE TIME l 4.21.1 Response time for each SPDS parameter is addressed in the l Fort St. Vrain SPDS Safety Analysis Report.

4.22 DATA AVAILABILITY 4.22.1 Historical data is stored on disk and dumped to tape l periodically. Historical data residing on disk may be l accessed from any other CRT than the dedicated SPDS CRT.

y 7... _.... - . - .. . , . - .

4.23 DUAL COMPUTER SYSTEM 4.23.1 The FSV plant computer will be a dual computer system (Figure 2). The existing computer system (Figure 3) will be expanded by the addition of a duplicate system to improve availability. The back-up computer will be kept current through check pointing software. An automatic fail-over from on-line to stand-by will be used.

All safety-related, Class 1E equipment will be electrically isolated from the FSV computer system. The intention is to provide additional isolation for safety-related analog inputs, only as all safety-related, digital inputs are isolated through the use of auxiliary relay contacts per IEEE 384 (1981).

l 4.24 COMPUTER SYSTEM RELIABILITY l 4.24.1 The computer system reliability goals are based on l historical reliability data collected for the Pawnee Plant l computer system (see Figures 5 and 6 in Appendix A for l further information). The hardware configuration l resembles Pawnee's dual system with the exception of the l communications link between the two CPUs. Pawnee's system l has a single 40-700 memory coupling device. Fort St.

I Vrain's system will have two 40-700 devices to insure that l a secondary communications path is available if the l primary path is not (i.e. a hardware failure occurs).

l The primary and secondary computer systems will have l separate non-interruptible power sources. Loss of power l to the on-line system would cause an automatic fail-over 4

l to the standby system.

l 4.25 COMPUTER SYSTEM EXPANDABILITY l 4.25.1 The CDC 1700 as it exists today is very near its potential l in data acquisition and computing capabilities. However,

[ a team of analysts from the Information Systems Division l is currently developing a 1700/CYBER configuration to

[ expand the capabilities of the Energy Management System l (gas and electric distribution) CDC 1700 computer system.

l This is the system on which Pawnee and Fort St. Vrain l computer sys+ ems were based. If the result of their l efforts is a reliable, more powerful system, it is l possible that the Fort St. Vrain 1700 system could be l upgraded to a similar configuration.

i

. s

- _ ,m._ -

-_,_--.,-_-_,___..,-r- _ _ . - _ _ , - , - . ,

~

4.26 SAFETY ANALYSIS l

l 4.26.1 The primary safety analysis for the SPDS is. in a document i entitled " Fort St. Vrain Safety Parameter Display System l Safety Analysis Report". Safety analyses will also be l prepared for utilization to implement the SPDS system as

.l- is required by existing Fort St. Vrain procedures.

i I

a k

l t

)

i I

i l

i -22 i

i

!=

9 6

e' APPENDIX A l

> l 1

g .,

1 5 CONVERSION lWl/MACIIIIIC E

  • SECURI'IY 0  % "
~ * " *
  • d "

DATABASE EXISTING SOIM1ARE G ENGINEERING KEYBOAIO E DEFINITI0fl A UNITS R

  • SPDS KEYBOAPD DEFIllITION o

'I a _

LIl11T CHECKING APPLICATION g PROGRAMS AIARM SUBSYSTEM COMPUTATION OF CALCULATED VAllES i

  • SPOS CATEGORY
  • May require ALARM S nodifications Figure 1 WARNING for SPDS SPDS Software SOPIWARE Functional ,_
  • Indicates . -

(Use digital Relationships New Software points in the existing data-base to drive SPDS category alanns/ warnings:

~ ' '

PLANT IN5fTS l

1500 GEAR

  • l l 11 0-700 -

MEMORY l COUPt ING_

/' l AUX ROOM L _ _ _ _ __ _ . L _\ _J COMPUTER ROOM %o 4

  • LINE k PRINTER , lA 6>

4

[ VA LIN E TAPE DRIVES 1784 1784 TAPE 65K CPU CilECKPOINTING 6bK CPU DRIVE

<--v PATilS v--w 4 DISKS PRIMARY

/ \ SECONDARY 4 DISKS M v_____.__v CONSOLE

/

4 9 4 40-700 40-700 CONSOLE MEMORY MEMORY COUEUNG COUPLINC NOTES: BDC DDC l ) EXISTING EQUIPMENT NOT MARKED. /  %

2)$ = EQUIPMENT ON llAND DUT NOT q p o

  • /4r49 YET IN STALL ED.

3 ) IMPLEMENTA TlON OF Tills

[ g %9 *

(fG9 Pp 1 CONFIGURATION CONTINGENT i l

UPON C ONSTRUCTION OF NOVA NOVA4-' NOVA M ,

DUILDING 10.

MAN- MAN- -I- MAN-M A c illN E MAClilNE l MACillNE CONTROL. CONTROL l FIGURE 2 FUTURE  !

PLANT COMPUTER CONElGURAT10ft

PLANT INPUTS 1500 GEAR CARD READER s TAPE ORIVES 4 1

1784 V- N

/ 65X CPU 4 OISxS LINE PRINTER # J~~%

\

OPERATOR i CCNSOLE NOVA MAN-MACHINE l

,ccuTRet.

AUX. ROOM I

EXISTING PLANT COM PUTER CONFIGURATION

, FIGURE 3 l

l l

i

\ . . _ _ - . - . _ - _ - . .

. Etyarc Y FUNC7'/oN KEY LAYCLLY COPY PAGE PAGE CAT llP BACK THE POSI776N of THE EDGE L/)SELS pg, p y gag py CMRESPOND 7'o THE Lefr Dr.setsy assar N*MN MY" DEPRESS PAG: PAGE xNtr

/ '

,/

RAM'4CD DowN OMOA l

/

- r 09:32:51 10/31/84 PRIMARY SYSTEM 0021 )

CORE INLET ORIFICE VALVES DATA 0317 SPDS REACTIVITY gi I~

f POWER-TO-FLOW T '< 4 RATIO ras v' Parc hafe ^8%RR%o 317 1

-N. MEASURED POWER-T0-FLOW O.000 Iih g I POWER-TO-FLOW RECORDER ALARM NORMAL pa,a<gu --y A

b PRIMARY HELIUM FLOW 18.2 KLB/HR 0 0; R kl N

CORE AVERAGE OUTLET TEMP 331 DEG F P O

MAX REGION OUTLET TEMP MISMATCH ACTION CODE N MAXIMUM MISMATCH A - 399 DEG F 00 MAXIMUM MISMATCH B - 380 DEG F 00  !

7 ACTION CODE IOO= SHUTDOWN 200:2 HRS 300:24 HRS

1. AVERAGE CIRCULATOR INLET TEMP. 342 DEG F F*

b W7 1

1:

REACTIVITY ggfY g GARY g g TIVE SPDS S,ECONDARY SYSTEM SPDS MASTER MENU A

4}f-0/'uld fd A}c dou)A

-h t

i pal 4 NEE COMPUTER SYSTEM AVAIL ADLITY 1983 li) 99.99 100.0 100.0 100.0 100.0

[ 100 00 7 99.86 '

e '. .g s W

99.93 qqq! n r r9 7 r r n 99 91 99.94 tr y t

+

{- q J e +

3 lynn u F ,

. - t r t fe RO; ;M i wi  ;; ;

~

r

?  ; cr#  :

.x, 4 >

.~. s.. 4g 4 s w . as s q m .

nr

, ,  : . .. s,. ,

Jti g 99.69

+i l Q' !l pi g: .

M 5  ! $ ;

3 . fn i rf . gii @ R i yiy w

$ riy -

~

i

~: : :

s- o -

g i

)

r i

. fs :t r;

11

,- r.

L f$

4  :

!:ri:-

q::

Mi.

u.i i.

f..ii T:

rig m."

I

@ V

~

2E g9.50- ' i h '

"i 4".

~

3*  : <

Mi tN ~

2 . . L 1 i i -

, 3 1 q 4<

99.4 a L

, dg
j: t. gjp-

? ' '

s mnre hK

J ti W .d y i. 1: -

i $ F G s  : - - - - s W

W .

Mi g -

f 1

9 -

. + 4 S 9;3  :

v: :qw L4: i;!ni:!?;

iqi;r:;p

(!

r ;g 4 4

tr

q -

s 7 A i.t:. u; y ;l sp . - -: .

13 ly J

4.,

F p q t y !- -

4 1 -

t e: i: $ ,

t i ? f a i G4

'" E! di M qhl. t ij:

i: 4 W

ita

1. i.  : / ? k i 99.00 - .' i f k.1 iig i. F 0 .i  ?. E7 i a',. s o . gr.g.

q .$1fTih

. y s y ,  ; +  ;.; 7  ; , . ,

s g o r .s g s , , .

  1. 3 3 x + 's s ;3 c . .

3 ...4 j' O j.g jg.6 Niis

@s f > 4 W l-8 t i ;  ; s i s r <

F 4 F: f>  %

  • be 1  : s J. i x i '

!i.j 9 i ' '

! b iU!

g a

t -

a f

sli L

i t s.

m a -

i si?

'i@ ,

W@;en stsjtig@A; d

i f  : s t - g;! : '

W :b l a; m:

.t - - -

0 - i;li- Mit] !TNF b

- m.

98.50-I L h}

pl  : idi f

..il U

s 9 5 M

l t c.

lllJ Pe rcent S ystem Month ly Avai l ab l i ty s:

, e ~:- -

S 3  ;.

U I ( - i db  !  : i' 1! -

l $ i s;  !!! $! r'. . 5 k !, 'l 5 1 h ll f. ')  ! $ 1 si $) -

l -iic -

G.  : :; i i @t.ilil- e ::s 1- 43  : -

i  :

1, f .

.- J g..

~ 's --

s, y s- !,

'. f ni  ! a 1  :-  ; - s e: ::.::

g; s- x g:

.  : . .. , , . , , .. , :2:n

i4::  : ~
s !;

l :t S t + S,:. f f s  : i R l f 5; f .!!su3 L 3 t  ! g p

  • k.

W

K  :
i:y.i H i i-i; '

i e R i .

4 1 4 . -:

t: i:i 98.00-

%  ; iE IML '

/ [ r' M  ! ff kEia::j;i;wl=j 4: # R 4

r l  % i:  ; 5  ?. ? 3 5 l  !!

r s :!J 5:!EI! I' 5 I

q  :

gj

4 h !!

-a m

/

1e

M I" t

b r .:

s '

/ .s h c

s:

?

f ?

^ 'i

~

?

s ,

t

?:RE:!

g W

! i 4 .  ! , ,

iy  : "

a !!  ; J ji s l s -

t ' - -

6 %

97 74, M  : :d s t F !-:

w a' *i J ix p .'. .x P r s *

' ,L ,i t

s 5 H 9 I II .
i i 5 - 5.:

9 f

e

'! M t

5

x ?

I: R 5 TE! k i!:i !:sts

? ::'

Big!'ci '

l: t::

R R N -

-  :  :.: 4 - - , ~ :4

!h i' 'i h  ! 5 h k I h t

> .: f N . $i d i E m

III I I ku h ;w ..

i - N 1 1 !

w m 4!E: < ji i: ii .!!

t sa: s a o sa am u n

[3 %q-hk s

n f p ': m ;p p m n

!< : 4 i s rS

97.50- 4  ;

% g u p  ; g j s

=

mr i

eri-cir, <s

<  : o x i s s :ig ... s  :

. s h

' i e r  : fi 'r u a i si M ' '

W F- In U agg $l fe[

ijd  : f j;: s

. ? L
Migj

. si ..

, f ..

ii s s s ti-

!4pw.

s  : s

. ii
5 mgi;  :

.i 7

t - , .

.iti- '. , w  ;

im , qr Eig ;n o n si qpie gr t Nij : j!lf y :p.i.7: i -lji fiy j

~

i y 6: .-  !: gi; .

n j:Fi s i

> ir t E!i -

J 4 3.

? p;  : ! 6 h,

5! g:- s i? < * < 5
G S- $ O tip=e 11 ;p1 N: dix 97.00 I I

I I

'I

-I I

' ~ ~

I I

l Jan Feb Mar Apr May Jun Jul Aug Sep Det Nov Dec MONTHS

Pawnee Ove rhaul Feb - Apri i 15, 1983 1 . -,

t

e w C

b C

b.

e am. e a-M M C1. Q.

-"1 i

ol 0 0.0

. . . . . . . . . . . , . .A*.+hhn-: .v.,

. m.ANM=.,

'.N

.w... ....................s. . ~

i y._ _

S4.=v=M._.e.d._%_,hn.=e+f.pg y -ye_

. vee _svey. . ~f?f w'A~i.='h.Ms afs ._M y_ '=wd4Ns-n*Rw%~A*hn%'

'f sf= ~ ~_f.?_~_f m f.e.? ~ e?$~ -

()

=

WWAP '

O L

O L

A ns..+.~- n.s.~.n a- s .~~ v s. + s-s :

b CI

- +.. .h.+s. .,-s-h h.va,x-n .v .~...~ .+:

Y y WWW .Wd?=? W w. : Y sv

.%%'"xr_*uf.~w?.s .v =.ww m7=.~.m~q7a %Y".~ .r- .m='&"m~L wws

'.e$my".m =y.*uf ,x~x~rg <*i<?'e.~s'?~f.*s?.

wx . ws.~ns. ?y+%yWWdh un: 'Je

m. :'g.,

m - 2 . 11

}. s..

. ,. t

  • I 7eg] gggg m-.7m g

',yyyigic; gu4pfggg'

._y-e

._O,,

L

  • m- ,

cw

  • M4 h i H

y h~:~^c$$2de,feg....s J

a . e. .a a .:. .

~g % ..pse ws-$e pa~..

.~n-~~t $e$ s = $ p:s..

. . w.:~e

=$s@=e.:Mp eeee e..:a...

F

- o y s .O RJ s *. s l' ( 5 '

P l.

E

_.J H .S %.w,w .v.gs4-4-nahre.WwR-R-d4Au

.=

-s%s.__ %svw '_ . :m., .w%. _%%> ._ ww.vW_ wfyypM.

_e_yu s 'A .+

y Ks%yp'.'R.hhN.yk.hn~y. . m =3sR.

y

.W.+ Rah'd6pid.-A-hM.y-Oh.qWppy ysv. _ ,v_ %.K.n.~. .~_. yyy3.p3yppp A._ y-ypf.w.ny m. _ e_s.?X Asis <

v_.mm. . s.v ~?. C

_ . _ __ .~___ __.._m_~.n..~_.v_e~. - ~ _ - _ _ ~ _ . . ? .. _w._ m _ - -

    • =g '

- Lu. rme - , .<. ,, u.: - .y. ,d d.& ~.imm, . -e vv msix.n e s o . . . . . . . , . . ... .

mye 3 g.... ..

t . . . . . . (ecys

-rimys:w #MPWiMMMfDMwm rt: L @

C A

l$$$$$5$$$$$$$$2$$$$$$tsM$$$$_$_$$$$5in._b ,

Q b s w_L : a;y.typl.,q2;/re. .* i .1 s.

iy r
,Mvsyn.n_r:n

.:...2 MX.s am_vem ....v..

Q C

m c.&4.sss,.ae.ssssss.'-s.s.i.ss a w a.. .v..v u, .w.<v .m..; 3.4egy w  ;;waiap4;,v%. i.

ve a s,, ~w.;.s.wr.g_<.4w'ca.s.vew.ss.c-s

,_.e.? _

.e. ca.v.-n u.- wk.gv w.m..av.ss c eu e  ;. vagn.g e e. wwwww.v.y . g.ssssas; x.g y ,::.s ge z g 2L.Q.'.:-.ifi,;.;, '

,,Y

  • ts f WLY ' lug.X
.W.. '

Kl:

K2... . . .Y D (D as, ,. m,vn.12 m.. y , m .w,z.m.n_.. . .g s gm .,

w ah @

- w wwxv..v.e.

sv.ww.e e s.veceee..ow 3 .v. e.v uweppe . ..v.v.v v.a+w v. ewe.s.s.w .y s- m..xv p .v ,.p. s e ,, ...se v.,.y e .ww d==

%~-.+kw%WWn.- - _~ _ _ m. .w%N_  : ~'ne+'i w- -; e wwn.a+vn~ v wwe

- -: xx:A: _n_~.%+yi_2.w - . . -

s e.wg..+nen_ cmcee%sva.%.w;eew.v.,,ywee.'a

?_c ._+.4. 4.%_w ._ _esa$i. 4.yey.:.:.: aca .wg. '

g;Aeg;i M. p=.

p

2 x w. .

_.a ._4._.:- _

J_L -

'^

. ' - - ,- -gg,,,,__w,,,wa- 2- ;M,LJga;_m h ch.;i$12TdYI.4h!.i.dM.,15 dN2._. W 'Y' .-- ' ^ ' WE$ *

^ .giu) MU. } YY1

'[5  %

b W F")

s rpsh d A=.hs'v y .m ce. c.v e ; .y w e. .ve. a.

...-w.%

w . e eg . ., , . .vecc eec,.; 9.

to c egs eeX.aMsv.ypR.%.N.a,gw'.+vegg ehA%

c.c.x----%%ve#weg.y

.w, c+Mehhh.A-wK.s.s+ve%%K%hWM.pSR._c_. .;m;.v______. Rc3 .. . e . .c y . c._ R_ _.ww.yege_3_.v.ya_gwww ppXch A..

cep.weg wpMw:

v-re n .-egw3ywe_gg

_ py M...p. ._ _ __ _ -__ .

. ""'?,

==

G g ', _'h?,'.ss2YiCGieinp&..x)M' ",'s..

"Md A Wi4Xiniu '%m ^ 'k L .iiRF 4)CD?i.Y >Y y

t: s xy _:.3: ;_

v ,,, s s m

D. .

v- .t r7pe.7w.va7.vga.$2$2.m.7a:v.$.v$.w7.wwq.wv#.vw.5.s

.% t ":$ ~x 5w .w7 w.v  :

$$$$ 32 w.e $g.$$$.vns. $.v .ssse

, es:.32.7.s7 pr e.7 7# u m w Q .. . .. .

. ...~....... .y Q Y . . . :. . . :$ Y ~ .CT Y?WNue.r.ce%Wut.#MrMtWW(.', .??. - . . . ' . J'M' ' $$W $Y -^ '

m

' ' ;;;. .J.;WAthe6W4'.:. T,;'//Mr.Z;'. ' t/.". .',i L ' 'O.

22 ' T ' 1'.'.;'.Z/J.' ',L ',

.. geeeeeuw.v .w. w-w -

7 w'u ' -,,.-c.v.+A=.h.hnses ee.sv v veewuw . h Q M .

j$lL'* y. . . . SE.'T; -

w  ?""'"% ptco L

[

CL __ __ _ _ _ __ _

v r_

.v.sv.-

..y =.f,e.g.p. v2.e.%.%.spf3 a

s.y~yy -e w.e w.sv...v.v v u n_ e s-; .va.s.e,.v. .yf.3.yyge.V.yfye.,c.f.yeg v.p.y. gw y., M s.

p . . .p yy py: py.. y.  :...., .

7 b b

..YYY?.. . .

r a,.. u . w v ; w u m ' a. .r Y Tc 'w w < u d_,huTfL.Yi . . . . . . w,a ..? > ; 52; YYh?.

h w w L.;; .a u o 3; :;L.,m n; y.. fs::::. m v.;  :::.

e o._c. :. . . . .v. . . :.fm .a o ut.c.; t m. i4 .

(

l ueave . eN

_ e. ,,. .- s2. _ . eep. , , .sc =.=r% . . e .

m e o. .%,e . . . .%f e.. _~ ..

v. e , , , , _ .

'""e'*

. e. cee...Ni3*.%Qadjj8N es ,.e.., J.N.*f,7.

m

-*.7 m S *S N *N sS = Jsi/4.'. N M*d*N*iM.'* %*N.787 .

. fics. 4/; 7 . . . e .%c e.s ,j e., mI l

--- m . . ....m--, .n- - me . ' ' ' ' ',,,,

- m r0 l

,k 2.:a..L ':y16-1;.Xn% K K;:fia. Zb. .: r

Lh.^''*'u^' > 2 [

l L l

I I i W o o o c) e >

. . . . . O o cn co rs- e O D D D D W .

=d W C

9 - ':/ _fN33BBd 3 I

m .

TABLE 1 FORT ST. VRAIN SPSS RECOMMENDED PARAMETER LIST Parameter Critical Safety Comments Function (*)

1. Average Neutron Power RC
2. Neutron Flux Rate of Change RC
3. Primary Heat Balance Power RC
4. Secondary Heat Balance Power RC
5. Power-To-Flow Ratio PHR
6. Primary Helium Flow PHR
7. Core Average Outlet Temperature PHR Tech Spec. Def. 2.20
8. Max Region Outlet Temperature Mismatch PHR A & B (LCO 4.1.7)
9. Average Circulator Inlet Temperature PHR
10. Feedwater Flow SHR Each Loop
11. Main Steam Temperature SHR Each Loop
12. Main Steam Pressure SHR Each Loop
13. Hot Reheat Steam Temperature SHR Each Loop
14. Hot Reheat Steam Pressure SHR Each Loop
15. Steam Jet Air Ejector Activity SHR
16. Primary Coolant Pressure CSI-
17. Primary Coolant Moisture CSI
18. Circu~1ator and Steam Generator Penetration Interspace Pressure CSI Alarm High Only
19. Primary Coolant Activity RAC
20. Reactor Plant Exhaust Stack Activity RAC

(*) Critical Safety Functions CSI = Reactor Coolant System Integrity PHR = Primary Heat Removal RAC = Radioactivity Control RC = Reactivity Control SHR = Secondary Heat Removal I

l l

l R90TO7^YPE 09:43:09 10/31/84 S_ P_ D_ S_ M_ A_ S_ T_ E_ R_ M_ E_ N_ U_

O PRIMARY SYSTEM O SECONDARY SYSTEM 3 O PRIMARY COOLANT PRESSURE D RADI0 ACTIVE RELEASE

  1. C # # #

S$S$M $NfEk^" RhPk$h

PRO 7^6 YYPE 09:34:35 10/31/84 REACTIVITY 0025 SPDS RADIBACTIVE RELEASE

^818EIRY5 AVERAGE NEUTRON POWER ll g LINEAR POWER CHANNEL AVERAGE O.0 %

NEUTRON FLUX RATE-OF-CHANGE NI-il31-2 .I DPM NI-il32-2 .2 OPM NI-il33-2 .I DPM PRIMARY HEAT BALANCE POWER ,

SECONDARY HEAT BALANCE POWER O.5 %

ShbhEb bhbfEM A REkSk l SPDS PRIMARY SYSTEM

s' PRO Yo 7~ yPE 09:35:52 10/31/84 PRIMARY SYSTEM 0026 SPDS REACTIVITY POWER-TO-FLOW RATIO ^81*E'$YE 3

MEASURED POWER-TO-FLOW O.000  ! 72 POWER-TO-FLOW RECORDER ALA9M NORMAL PRIMARY HELIUM FLOV 18.2 KL8/HR CORE AVERAGE OUTLET TEMP 331 DEG F MAX REGION OUTLET TEMP MISMATCH ACTION CODE MAXIMUM MISMATCH A - 399 DEG F 00 MAXIMUM MISMATCH B - 380 OEG F- 00 ACTION CODE: LOO: SHUTDOWN 200:2 HRS 300:24 HRS

, AVERAGE CIRCULATOR INLET TEMP 342 DEG F i  !

REACTIVITY gQgyggY gEgyggARY E

! SPDS SECONDARY SYSTEM L

I

---,e,,.. - . . . ., .,, - , - - - . , - - - , . . - - . - - . , -- . , , - , , . , , , - , , , , , , , , - - . - - - - ,

s' r

PRO TOTyPE 09:37:17 10/31/84 SEC0NDARY SYSTEM 0027 SPDS PRIMARY SYSTEM ASyggIATgD LOOP 1 LOOP 2 Ik74. If75 FEEDWATER FLOW O.0 KLB/HR -

2.5 KLB/HR MAIN STEAM TEMPERATURE 115 DEG F 180 DEG F MAIN STEAM PRESSURE -

3 PSIG -

18 PSIG HOT REHEAT STEAM PRESS 8 PSIG 20 PSIG HOT REHEAT STEAM TEMP SG B-t-l THRU 6 SG B-2-1 THRU 6 CALCULATED AVERAGE O DEG F 0 ~DEG F STEAM JET AIR EJECTOR ACTIVITY 4.778 E+ 2 CPM l

Shb$M hhhkkk^

ff kEbkkSb SPDS PRIMARY CLNT PRESSURE

J k PROTOTYPE M@g{ Cgg(QGI C@@@@y 1

SPDS SECONDARY SYSTEl1

^878E}IED 11 117 PRIMARY COOLANT PRESSURE 20.2 PSIA PRIMARY COOLANT MOISTURE CALC RATE OF CHANGE MI-9306 27.3 PPM 4L D DEG F/ MIN

) MI-9307 1.1 PPM 4L D DEG F/ MIN CIRCULATOR PENETRATION INTERSPACE PRESSURE A B C D hkkhbuRE LAhM GH NORMAL NORMAL NORMAL NORMAL I

STEAM GENERATOR PENETRATION INTERSPACE PRESSURE LOOP I LOOP 2 hkkSNUhbbARkHSNE'"a" NeRnat NeRnal l

SbhEM bhbEk E SPDS RADIOACTIVE RELEASE

, 1 PRO TOT >'PE 09:39:48 10/31/84 0029 SPDS PRIMARY COOLANT PRESS PRIMARY COOLANT ACTIVITY RIS-9301 1.891 E+ 0 CPM STACK ACTIVITY t STACK NOBLE GAS RIS-7324-1 3.800 E+ l CPM STACK NOBLE GAS RIS-7324-2 1.346 E+ l CPM RAkbbNbH GE STACK IODINE RIS-73437-l 1.747 E+ l CPM + 5 CPM / MIN 1

l l

S EM bhbfEM EbkkSk E

SPOS REACTIVITY.

O' 4

cr 1

FORT ST. VRAIN SPDS VERIFICATION AND VALIDATION PROGRAM A. INTRODUCTION

1. This section of the SPDS Program Plan profiles the verification and validation program to be implemented at the FSV plant.

4 B. GENERAL

1. Design, development, qualification, and installation sh'll a be 4

verified by qualified personnel other than the original designers and developers.

2. These requirements and the acceptance criteria for validation shall be documented and verified with the safety system requirements for programmable digital computer systems in lj accordance with the following:
a. Organization - The V&V group shall be organized to be independent of personnel responsible for the system design j and development. The technical qualifications of the V&V j team shall be comparable to those of the design team.  ;

I b. Review and Audit Procedures - Verification of phase by

, phase documentation is needed in addition to comprehensive

  • I test results (validation) in order to demonstrate that the completed system works as required to perform its intended function. If the translation from one stage of development to another can be understood by knowledgeable j persons other than the originator, and it is determined j that a faithful and accurate translation has been performed, then the stage-by-stage verification can be j considered satisfied, l c. Software Test and Analysis - Procedures will be developed l outlining the tests required for software and any modifications to software.

) 3. There may be a need for two types of V&V plans and/or procedures j for safety and non-safety systems.

1 o- j

4. The V&V program will be a three phase program made up cf reviews, testing, and documentation.
5. To assure a logical translation from one stage to another for the SPDS, the Designers and V&V will adopt a sequence of events similar to that denoted in Figure 1.

C. REVIEWS

1. Reviews of three basic areas will occur:
1. Design
2. Development
3. Test
2. V&V will provide assurance that the designers and developers have

~

met the requirements of all associated documents (System Requirements, Design Specification, NUREGs, etc.).

3. V&V shall provide assurance of operational conformance to design specifications.

1

4. V&V will provide assurance that significant changes to the system are verified and the changes are accompanied by a statement indicating whether or not availability will be affected.

1

5. V&V will provide assurance that the users are trained both
initially and when modifications occur.
6. The results of the control room design review will be applied to verification of the SPDS parameter selection, data displays, and functions.
7. V&V will serve as a second check of computer software for correctness, etc.
8. Discrepancies will be documented that arise during review and
will be accompanied by their resolution.

D. TESTING j 1. All data displayed shall be validated where practicable on a real time basis as part of the display to the control room personnel.

4

2. The computational capacity and data throughput of the plant

, processor must be sufficient to accomodate the combined computational and input-output loads of the ERF system and other functions being performed by the plant processor. V&V will test to verify this.

c;

3. The data acquisition system will be initially tested by V&V to provide assurance of correlation of data with the readings observed by the operators.
4. The integrity of the software and the integrated system will be tested (validation).
5. A formal test plan will be produced.

J E. DOCUMENTATION

1. V&V plans to use where possible existing documentation from Lookout Center, Fort St. Vrain, and Engineering. This documentation will be adapted for use with the V&V program.
2. .V&V shall provide an auditable trail for QA with regard to the following:
a. Performance of V&V functions;
b. Satisfaction of requirements fror.. NUREGs, Reg.

Guides, etc. by the designers, developers, and the V&V team;

c. Satisfaction of Systems Requirements and associated documentation requirements;
d. Test and evaluation results; and
e. Discrepancies and their resolutions.

F.

SUMMARY

]

l 1. In the near term, Verification and Validation will provide adequate documentation and evidence of a comprehensive independent evaluation of the SPDS.

t l 2. In the long term, SPDS Verification and Validation will provide l the same for any modification of SPDS software.

l I

i l

l l

r 9 o .

FIGURE 1.

SEOUENCE OF EVENTS SYSTEM REQUIREMENTS (HARDWARE sr SOFTWARE)

REQUIREMENTS { VERIFICATION REVIEW HARDWARE SOFTWARE SPECIFICATION SPECIFICATION I I PRELIMINARY PRELIMINARY DESIGN DESIGN I I FINAL FINAL DESIGN DESIGN DESIGN DESIGN REVIEW kVERIFICATION ) REVIEW TESTING ENVIRONMENT 4 TOOLS; REQUIREMENTS;etc.

l MANUFACTURE l TEST PROCEDURES CODE / DEBUG DESIGN CONSTRUCTION l TEST TEST l INTEGRATE

& TEST I

VALIDATIO TEST i

l TEST RESULTS]

I FIELD INSTALLATION

& TESTS INSTALLATION VERIFICATION TESTS ALIDkTION REPORT

, - n - ,.---.-,,n

- - - - - - - - , , , , - - - -------,,---,.-,---en .---,,-,-+,ne + . - - - - - - - -

.e ,,

d't -i

o. ,

vir- H;. 'i t e . . '  ! ;g. ,

. o, : 1

.y C '#

c

- R'evisien 1

. e,r l-e

. - 1' g , ,

/f' ) .,

'+

~

Prepared by: I < M

D. Shipman

^

//

T. McIntire t

F Approved by: I M. E. Niehoff,(./(/

U!M

$ i~

p, r,  :

.Rs s' E.X Novachek

, 4 1 -

3

e .1

\

i 4

.,I, a .

,e

  • \

j ' t s'g \

+

c p

4 s.-- e +- -- - _ .-.w, _ . - _ - , - - - - - - . 7 ,e ,-v, - .-

f y ..__,__e,.m,,, -

-..,..m...,y,y-- ,7 ., , , , . , , ,,,wy, .,

-P-84487 Attachment 3 i

-t SPDS INSTALLATION SCHEDULE

1. SPDS Power System Installed April 1985
2. Installation of Second CDC Mainframe October 1985
3. SPDS Software Design & Development March 1986

, Completed

'I

4. SPDS Hardware Operational July 1986 4 5. SPDS Verification and Validation 4th Refueling Completed Outage i 6. Control Room SPDS Operational 4th Refueling
Outage 1

a l.

1 P-84487 T- Attachment 4 t

REQUIRED SEISMIC RESPONSE SPECTRA' CURVES FOR 9

FSV ELECTRICAL ISOLATION SYSTEM 4

i i

r d

! Figures 1-4: Response spectra for mounting equipment in existing cabinets.

Figures 5-6: Response spectra for qualification of new cabinets.

i 4

J k

9 i

i l

i t

l' I

- Figure 1 Arracantar 4 l / cad Auxiliary Control Room Instrument Response Spectra Combined Instrument Spectra Maximum Horizontal - 0.10g OBE 1% Equipment Damping l

4.212 s.

l

e. _

i e- =

APPLICATION: To be used as the Table Motion

! 4 in the qualification of any component or instrument mounted at any elevation

- within an Auxiliary Control Room Instrument enclosure or structure. -

a The effect of the supporting structure j is included in this Response Spectrum.

l

,.y I

e ,

, l e '

e I $

0 4

n R,

% 3 4

0 s . .

T , i '.

w i. v.

9 e

\

, l l

, t e

3 i

h

.:.c

.si a a a s e r e s, a s a a s r se, s  ; , , , .

fr.taa,.Cc hi! .'.o rsenamie. 3  ! cfc...

-~ rigure' E -

l .

arrAceme 4 Auxiliary Control Room i Instrument Response Spectra Combined Instrument Spectra l Maximum Vertical - 0.10g OBE 1% Equipment Damping

,J .1 e.

. u APPLICATION: To be used as the Table Motion __.__

i in the qualification of any component or 4

instrument mounted at any elevation l

within an Auxiliary Control Room Instrument enclosure or structure.

! The effect of the supporting structure is included in this Response Spectrum.

j

~

i

  1. N I  : 0 \n 9
e ,

= .

p-j < , I 's

. W*

s i  %

  • 3

- 's 4 ,

N I,. ,

\

\

i 9 '

s s s

a 3

l f

i

.JI

/ a a a  : **ee ,g a a .  : a r e e,,j a a, . . .,

i fitse Q, !/C i

j F4:1 b pinamie. ! s J Cycles i

E '" S E Auxiliary Control Room .

l Instrument Response Spectra 1

Combined Instrument Spectra i Maximum Horizontal - 0.10g SSE  ;

1% Equipment Damping too.)

s

s. .

, APPLICATION: To be used as the Table Motion e- -

in the qualification of any comoonent or instrument mounted at any elevation within an Auxiliary Contrcl Room Instrument enclosure or structure.

- . . - - The effect of the supporting structure -

is included in this Response Spectrum, a-I L l

s

! e

  • ~
o i

, v ,

h 4

4 i  %

5

~

3

  • % e i \

n.

/

s 1

. (,

c' ' ' '

s l s ,

.l .

s a

A h

-l 5

_l

.J '

,y . 4 . s e r ae a a e a e r ss a a . s e -

a-le /. 2 l/2/a 4 , !A*C h!! Laptissaic. ! a 1 Cre:es

. Figure 4 firyxMsMT Y 4 erc.

Auxiliary Control Room

.. Instrument Response Spectra

Combined Instrument Spectra j Maximum Vertical - 0.10g SSE l

! 1% Equipment Damping l

tu _-

9-

. s.

f 7-APPLICATION: To be used as the Table Motion _C __

in the qualification of any component or _= =_ .

a instrument mounted at any elevation ==

within an Auxiliary Control Room Instrument enclosure or structure.

The effect of the supporting structure is included in this Response Spectrum.

! s-l  : '.

i

- Ei 1..

Ql Fi Y

e e . ,

e r i

. x 5

=

s n

=

3 s

5, .

q x-

./J '

9 i e i ,-

s'

8 _.

t I

.Js '

.:t a s a s e r

    • a a s a s e r e e ,. ,

a 2 . ,, ,,.

P::isa, fic  !

I rsa upms.,a.> . c,an., l

~ mCg'D( aS$wbu b 1 t aa 0

0 0 5 1 8 6 5 0 0, 0 5 g 0 0 0 0 0 0

~ - ,

8 6 5 4 3 2 1

)

i

0. 7 .

74 3 2  ! [

0 0 0 _

1 _

1

- = - - - 1

- b ok N

\ \

2

.k \

0 0 2 2

= r[

- /'

[ / 3

/

3 1- 3 3

)

E 5 S 5 P 0 C

( ' -

s 5

,N\ \ \- 5 , l a

E E Y C v 6 B N o r

D O f p l

l p 1 1 Q A E M I E

R Gl 0

1 F

G .

F F," N

-.7 0 E  :

[ L e 1

1 1 -

' 0 1

T A

3 in t

/

r-A ED-N S S.D_I

. ' (-

s u, '

o z _E _ "

o B._ui- n.

1_ _ B

- R _

l F__ re83_ a I

V c c

_" 3 i a 4 __ m r 1![ ,

0 f f_s @__

i m

- 0 )

2 } 2 m

PH a fM S

i n

} g P n

HpS .

s" gWk( MgO (O

3 .

1 3 3 n.

, n

,d c

0 i .

0 , .

r 0 0 0 5 0 0 0 0 0 0 3

0 2

5 0 8 0

6 5 0 0 5

Y .

4 3 2 1 1 8 6 5 4 1 1

- - n.

O D All' d

a

@ 1 t /

T N E 4G 1

/

t e 7 O C

- t

<p / E N

A h fg l

MXe Ed A

. 1 T OL r0E qE G

O t

PI E MB R 6A OR5 1 i

L }

pfE i l O U n 7 f4NON i

L O l I Q

it i t

_ i a D PttAP t uuf qo / f t t foC.US

. i (io lT t

f uR5QG oF06R *g* o,

1  ! l Ahjg A vgoa .5 Y$oN

~ 6 gi^

0 _

0 0 5 1 8 6 5 _

0 0 0 _

  • .0 0 0 0 0 0 3 2 1 0 0 0. / .

7 1

)

' 1 l

8 6 5 4

)g 0 4 N

\

0 - -

0 h S'-

- 1 1

=

y_ 6 _

- - - . _ 'g -

t a

u

- - c i

- N r 2

0

)

E

\ _N 2 0

I b

G  %

E 6 3

D D ,r

% 6 0 3 3

3 3 4 w

4s G

I S f F P P -, 0 C S ,

s

8. l -

, Y a C v N o r

f p l

l p Q

E A g u k R

c,

/

F

_ u _

0 _t e t i

t u

i i

l 7 0 1

L _nw e o~

e.

A

-  !, C I Ms m Ei y

- / T R R

( R d_ s

' E t y

/-

e <s.GN v Oi _

3 C~ e Rs <

,~ 0 F 4 I N

2 N

> o M ~ J" S

i d A L

- g y P n. P g gu er "L O N

~

3 3

p%ICc Mo A a G N

I R

E p7" ^ .I E 0

R f*s. A

,, -- mm 5 N 0 0 0 5 0 0 0 0 0 0 0 5 0 8 6 5 I 8 6 5 4 3 2 1 1

0 0 0

~

G 4 1 2 1 1 ' t .

N 0 t o M g. E_

g fR E 8 ggi,pm _

o l

7 E f

iI D 6e T

- G, f) N L

6

/ oKgb r

faC l

F . C A / iLoM fLLE N H 4 1

t oCA _

p nSuR

!pi P - = 3  !

1r u E t

i OQ u V 7 f E EoA 1

t1s t l  ; _

Q A R -

Pi He't / ( l '

TrtTC ._

u0 9 WL Q01o

/

/ j gD uA i6ScE oTHt$

u xP 8

'trT f3 -

. l0]

l ,)!i i-iI j lI li)l!j) jij

Retrieved from "https://kanterella.com/w/index.php?title=ML20099J334&oldid=3484400"