ML20114F602
| ML20114F602 | |
| Person / Time | |
|---|---|
| Site: | 05000000, Waterford |
| Issue date: | 05/27/1981 |
| From: | Check P Office of Nuclear Reactor Regulation |
| To: | Tedesco R Office of Nuclear Reactor Regulation |
| Shared Package | |
| ML082170562 | List:
|
| References | |
| FOIA-84-143 NUDOCS 8106020030 | |
| Download: ML20114F602 (57) | |
Text
._
r a-MAY 2 7198I MMORANDUM F0it: Robert L. Tedesco Assistant Director for Licensing Division of Licensing FRON:
Paul S. Check, Assistant Director for Plant Systems i l Division of Systems Integration SUSK CT:
REVISION 1 TO THE WATERFORD STEAM ELECTRIC STATION UNIT 3 j
SAFETY EVALUATION REPORT, FSAR SECTION 7, INSTRLFENTATION j-AND CONTROL SYSTEMS P
Plant Name: Waterford Steam Electric Station Decket No.: 50-382 Licensing Stage: OL t
Responsible Branch: L8 #2 Project Manager:
S. Black Responsible Reviewer:
J. Rosenthal Requested Completion Date: May 27, 1981 I
Enciesed is our Revision 1 to the Waterford 3. FSAR Section 7. Instrumentation and Control Systems Safety Evaluation Report. This revision reduces the j
number of remaining open items frwm 20 to 9, as identified in Section 7.1.2 of the enclosure.
n :gnai? si a ed bg I'.aul & theck I.
Paul S. Check, Assistant Director J
for Plant Systems
}y Division of Systems Integration
Enclosure:
As stated DISTRIBUTION:
l' liocket FTie, File Qh ICSB Reading e /'
R. Mattson F. Rosa PCheck
' :n hy
~,\\
M. Srinivasan JRosenthal (PF) je S. Black Waterford Subject File
( '.,
t F. Miraglia g j l Y.. O'd F8 m J. Elsbergas (ANL)
, u. a. %,,,," ?
4 J. Rosenthal C.
% =o T. Dunning 4h
?:PJs
%gf.
- SEE PREV!0lts CONCURREN a uct:
,n --
..u_.,
g 34 ICSB*
ICSB*
l 3
F01 A-Sli-I4 5
>I JRosenthal:ct FRosa lP c
N l 5'
'"I l'
N
810808 0lO1Q
'l 3
S/
'8I FFICIAL RECORD COPY
~
l o
s.
VAY 27 198; EMDPANDLM FOR: Robert L. Tedesco, Assistant Director for Licens1 Division of Licensing FROM:
Paul S. Check. Assistant C,lrector for Plant Systems Division of Systems Integration
SUBJECT:
PEVISION 1 TO THE WATERFORD STEAM ELECTRIC STATION UNIT ~
SAFETY EVALUATION REPORT, FSAR SECTION 7. INSTRUt'Et!TATIL',
AND CONTROL SYSTEMS Plant Name: Waterford Steam Electric Station Docket No.: 50-382 Licensing Stage: OL Responsible Brancti: LB #2 Project Manager:
S. Black Responsible Reviewer:
J. Rosenthal Requested Cceletion Date: May 27, 1981
'1ciosed is our Revision I to the Waterford 3. FSAR Section 7. Instruren:'"
.nd control Systems Safety Evaluation Report.
Paul S. Check Assistant Director for Plant Systems Division of Systens Integration
'. :sure:
i ta ted DISTRIBUTION:
cc:
R. Mattson Diicket FTie i
F. Rosa ICSB Reading File M. Srinivasan Waterford Subject File S. Black JRosenthal (PF)
F. Miraglia PCheck J. Elsbergas (ANL)
J. Rosenthal T. Dunning
- 0. Parr T. Speis
Contact:
J. Rosenthal I
M
- c. h ICSS h ICSB 7-
/s Ph DSI ICSB
,,.pJR5entha I
cc frost-
'I y
R it tw,n
.,yg g
.5/ E /81 5/ 7-7 /81
- Srg]Du [^
~
7 4
o.......,-.......
O r i ICI A L R E C '~' h D (' 01
-, g n ~ - -
e
. [ ** % *\\'
UNITED sTAYEs '
- o NUCLEAR REGULATORY COMMISSION 8*
j nasmuoton. o e rosss 3 -
e W 2 71997
%...*..,l Robert L. Tedesco Assistant Director for Licensing MEMORANCUM FOR:
Division of Licensing Paul S. Check, Assistant Director for Plant S/stens FRCM:
Division of Systems Integration REVISION 1 TO THE WATERFORD STEAM ELECTRIC ITATION ;N** 2 SU3 JECT:
SAFETY EVALUAT!0N REPORT, FSAR SECTION 7, IN5TRLPENTA7:
AND CONTROL SYSTEMS Flant Mme: Waterford Steam Electric Station Cocket No. : 50-382
.uensing Stage: OL
'-:ensible Branch: LB #2
- ject Manager
S. Black Responsible Reviewer:
J. Rosenthal Requested Cospletion Cate: May 27,1981 Enclosed is our Revision 1 to the Waterford 3 FSAR Section 7, Instrwentation This revision reduces the and Control Systems Safety Evaluation Report.
number of remaining open items from 20 to 9, as identified in Section 7.1.2 of the enclosure.
[
I k 0 k. -
Paul S. Check, Assistant Director for Plant Systems
. Division of Systems Integration
Enclosure:
As stated cc:
R. Mattson F. Rosa M. Srinivasan S. Black F. Miraglia J. Elsbergas (ANL) i J. Rosenthal T. Dunning
- 0. Parr T. Spets
Contact:
J. Rosenthal X29434
-=
s SAFETV E'/ALUA~'ON :EC-VA*IRFCRD S~IAM I'.I'~A : STAT!!N 7'; : ~ :
O 7.0
ISTR'.7!INTAT ~'l
- '~) 0
- NT7C' J
7.1 Introductien 7.1.1 Ceneral We have evaluated the protectica and :entrol syster.s :f the '4:er#:rd Steam Electric Station "ni: No. 3, Docket lo. 10-2o: using as basis the Cocaission's General Design Criteria, (2) the ins'.itute of Electrical and Ilectronic Engineers (!!!I) standards including !III 279-1971, "Cri:eria for Protectica Sys: ems for Nuclear ? ver Genera:i.g Stations," (3) the applicable regulatory guides for power reac:or:, and (4) the applicable staf* technical positions.
Tne final cesign af the Waterford 3 Plant ?-e ecti:n anc :ne '45 5 ::n: :'
systems is si rilar to tna of the Arkansas 'iuclear Or.e
'.'ni: : l A.';C-: ',
NRC :ocke: 'lo. 50-268. Be Engireered Safety reatures :53:' :na are ::
part of the.'i555, and the Salance of Dian :30P) : nte01 systa :s am si:nilar in cesign to these Of.he 5t. Lacie el '4uclear hwe-2'an- ::::<e:
No. 50- 335 ).
'ne : ncentratec in sur -eview :n these areas ane e : nan;es ae e ace -
s the :esign :: resented in :ne 2SAR for me ::nstruc-i:n :e-i, enem - e desi gn di 'fe rs ' rem.he pl an ts e 'e -e n ce c a s s r.1 ' a r :y - e a::: ' :an. 5 :
the -artas ani:n 1 ave remai9ed O' ::ncern t.r4 99 ev'ews :' :- e-s - 's-sl ants.
QT*f,;,, c $ p%r; "
8%5Q3 Seismic and environmental ;ualificati:n of instr renuti:n in: ::n:r::
systems is addressed in the su *eview f Sa::er 3.*.0 an: 2.'.'
the applicant's FSAR.
1 7.1.2 Scecific Findings - Cpen :: ems We have discussed in $is asport ce issues pa: aeed to te mso:sec.
A list of SER coen items folicws. Resolutien f :nese 1:e :s.i" :e reported in a supplement to :nis report.
^
^.d. '...... a,^
~ - + >
a.
aa-==-
.... ~........ ~.
E'e: trial transmi :ers wnic provide -sact:r :: clin: sysum :resse-e -
- 9
' r =e eactor protective system are located in 19sulatec :2W. ' 95i :e
--9:ai nmen t.
!sulse lires c:nne : :nese :ressura tr ns
..e d =
e : essar':e'
'tencuali'ied neaters and associated :entmis na<e n ins al ed in rese caoinets is control temperature and humidt-.
Credi
':r tMese heaters 's "c taken in ce safety analysis.
he -
em.vas raised ma: 'ailu-e f De 9es er c:nt ols, such that be :abia
.este-s were in ::ntinuous :: era-1:n. ::uld
- otentially
- egrace **
ressart trsesducers in: in turn invalidate 2e safety r
analyses.
,,0...
4.
.m..
.u-
-- 7
.,,m _...
~.,
he cur-en: design of me Engineered Safety Fea:ure 3/ sum 'IIF-' - :es:r':e:
in hapter 7 of :ne FSAR ai'l -esult in ;erersti:n :"
.ai nren: 's:'3:':n g
.j actua:icn si;nal '.0* AS) :n fa ecticn f ni;n ::
.ent :-ess are.
9e
, g,3
- cli: ant 945 ::rm tted to icdi'y te :
,. s a:n m a : 1 ::. S =cu'.: :e i
generatec.:en fetecti:n :f hi" 1:ainmen; Oatssure :P * :w : Pes s a-4 :e - : 9 55. -
Cesi gn of :Me cdi"ed
. m 9as cct been :: o'e ec.
I l
l eIO
- is M
.c e.2. e.es ' p O f *.7 7 s S a *.'.m M : 3.0 5 *. *M
""3' 1.
g.
- 7..
v-
+
Pka - s r : N.. _.. _.
l j
?---_...
?sm
- _.."3.4.n d.4 3.s
?
.*4
..3, r
3e :ur en: desi;n Of te EIF3 as :escr%ed 'n ha::e-7 ber: e-: 1.
1950) Of me F3AR 4111 esul; in isols: en :f Emersency Feeraa:e- ?
v in Steam :sola:1cn Signal (.'dS!!',. " SIS *s ;ere a: :9
- eneratten o' a a
detection of low steam ;enerator pressunt. ~he E.ersency feeca.er 2c.a: :-
Signal (EFAS) is ;enerated :n detecticn sf ':w steam ;eners:
s ee:
- 1. ;.. e = :
by steam generator di'"e ential pressare = 'eed :nly ;c:
- e-e -a.
- -
' ;i :.
Best systems as :ur ently dest;ned serve : :ss :ur:cse. - e s/s e>
5 = :s
- redified to delete EF4 isolation my a."S:S 'and anal.e sys:em -as::nse ':- :- :
configuration), or modify the design sucn ma: EF' overM es "S:3 un r:1 :f : e 94 EF4 isolation valves.
N 7ne acclican: is.o ::rciete :esign o' me engieceaec sa'ety 'ea.res an:
8An f.
sucmi: :ne final :esign for I 53 review.
Y AStr E. ergency Feedwater 0:nt-ol.
() 4 m
The current desi;n :,f :ne E3F3 s gescrdbed in hac:er 7 ' ne 5:: si' es.::
~
a tuation 5f;nalEFA5' :n :e:e:- :n in ;eneration of an Emergenc reecwa.er c
of Icw steam generat:r le-EFAS ::es o: ' sea; in".
ihen :ne s:ea: ;ere-an-l tevel rises accve.ne i steam genera::r level set:cin: '. :.e = EF4 a c:.a- :9:
the EFAS *:r:cs out" Sucset.ent steaming 'n ce IG ui" :.9:e a;2i n : :: -e water level reins
- 19g EFAS. 3e =ncern was raisec na: =eEFi 50'a":9
<alves eculd t
..x.anced to :sciit a.e ' Om a fuli Ocen 13 fuli : :se: M s i " :-
antil sucn t' 2at ne Operator over r:ce ne EF S and uct n r.:r:'
3-:
maculati:
of the EF4 system. 3 e a:pli:an s a:ed na:
.e =n r:: sys em was bei
-ecast;ned is cdulate EFA :w.
scoif an
's = =.clete desi;n :' re E 4 =n- :: sys e an: :.:-'
- e
- s..........,.......,...-.
h nfor.ance 41:M 2egul sury ui te *..a7.
3e 19: ant Of 3e';ul a :ry lui:e *.1-
's = :iir. lay :y:asse: 19 : - n e 1: 't status :f e:ui:rnent :n a syste :s 'e,e.
e 1::' ' :an - as :es ' : e :
- . 2 -
- or : Mis sys tem.
-e so #*'e a re ' s f e ; *O :e ar*!!ar.
...w.
IL
- he aDolicant is to provide ce.riteria M te. sed 'n ce se'e:: :n :# e:. : t -
to be -onitored, and provi:e me :riteria 3 he e- *:yec in =e :'s:'!/
inter-relationsni;s and de;encences :n :ne e ui: ent, so:sys em an: sysu- ' e.e '
Succor:ing systems such as ative ;cwer and ::rcenen ::ci'nq tm = :e ::-s :e-e :
as nell as fundanental engireered safety features.
It is noted dat the piTnr:5mpu,ter at Water'ord nas ex:ansive surved':an:e
~~ ~ an O gTC C 3 c h o.asa3Q*ty ang af as aff.. J r..m. T* T inc-* :tr. - ' "
^
...-.,m
- ncerns related to ;rtssurf:er and steam ;enern=r *evel easura c: Ic: art:/
- ue a refertnce leg envir:nmental ex:csure ae t asise: 'n *
- . lie:'n ??-I'..
Res;cnses to mis c:ncern dert provi:ed by tne a::it:an
.n ts:ense =
hosti:ns 20.5 and 30.12.
hese -es;cnses adcress e adecuacy of inforu:i:n to the operator, andr.vis a vis operstar info
. ten are ac:e;;asie.
r1EN15 At our meting the concern was -sise at the steam ;eaeraer *:w *evei setsoint =ey be used to initiate
.e !?AS and in tr9 E.9 ' r an ex en:ec
- eriod of tire following a er. erg line treak 'n ::inuinrent.
ar.ag - a:
d tim :eMoo the contain
- te-::erature and ;mssert and 9ence ce steam
- enerator level re' nee *eg envirenant aili =ange aim
- ' e.
dence, s:ean generator le calibra:1cn will be tim variant.
he 1: ant is to.orovide the SG 1evel se :oint se'ecti n :M:aris. Se
.w
_u__ _---.
....s......,....a, __ __ _ _ __ _- _-... _-_ ___..-.--
1.
3.
- E Bulie:in t. 79-27.
"he appit un ats;cnse b mis bui*etin accresses ar 'aaN s.sce :a:!y.
- he emnasis of the su1*etin is :rocedural. 5:eci:sity :: 2n: :cce;Ns snould be adequate to :er lit acnf eve'ren af safa sn.:=wn, ;i.es *:ss :'.
single ins tr. ment tas.
J 7e a:olf ant 411; i:en-t'y e ui: en-ecui e: ':P safe ina:Can is :2-; :'
I
=e ac:encf x 1 (fi s :re e::1:n; rev'a*.
' e 1 ::ar.: a'
1::-*s: ' I? ' "
' sit: wing Ois -tview an: s.:~i t st a at :r-::e:L-ai :r' u-'s.
- I! ::
\\
elated.: ee :13 ??-27 -sv'ew 2nd :recedura' :r' u ' t aP ' :e '
n'~ ~ ~ :? :
6 I
in a s.::Te-en: u ne *E;.
- 23 #'
o: s e e
- e 1:-i.:
75.
btt
.1
,.. m a s
2 n
-.,-...e.
.,.w,..
Waterford 3'is equi: ped with a s:are ni;n :ressure safety 19.'e - n :. :, -::- ::
- nstalla:icn :f HPS* AB is no: a egula::ry -ecut-e ent. 7 :: 's ' s ai:
to avoi d a dmi ni s :ra ti ve snut: wns a s soci a te d.1 3 ne ra:f '. :y : f e :,.r nn - J ' :
trains. HPSI AB ay be aligned u functi:n in -PSI T- :n A Or 3 in * *eu :' : e dedicated HPSI A or 3 should HPS! A er 3 be re eva f-:m servi:e f:r a
,u. a. ce.
HPSI A8 takes power from 4.'6 kv bus 3AB3-5 4 cn in:ur t ay be ::enec ec :
diesel backed buses 3A3-5 or 383-S. HPSI A is c:manded to star: by SIAS : :r g
3.
A single mcde swit:h and several sys anc -eIay Cructs a#e !":I:/?
to: initiate PPSI AB. :1 sable HPS*
or 3. anc insure HPSI eal <e :19eu:
f consis*. ant with use of HPSI AP ICS8 will require (by pl
. -'ecnnical Speci!!:sti:n) an integra:ad sys a, 's.ei test of :ne high pres rit EC 5 sys:em (;umes :cuer, =n*r:1. sai se eu:.'
when ce HPSI AB a is placed in service and onen it is r=-cved f-m se#v :e.
We will re drawings and ;nysical sa:aration Of ee HPS* 23 ini;;a-ing cir:uit during our forthcoming site visit. We are ::ncer ec Ma: ne.se :#
as pure as described above may =moremise redundan train sa:arati:n.
.29*
G ta,9.;
2 t-
_ _ _1 m m _2
_..tw p
IE Sultatin 1o. 20-06.
- E3 30-06 addresses rese: and :verride :f engineene safety features.
he
- :e.
applican:s respense to me staff -eques to adcress this buitetin is 19c: :
e Se culie: n and res:ense dre discussed duri99 :ur 2:ri
'.5 eett 9 Se a:clican; agned *o summit additional 'nformati:n.
0.
deni toring Safe Shu::cwn.
' 33 94s ec ested inf:r.aticn -e: stec : saf a s.a:=wn ' s :r enn- :n * * -e
=ntr:1 e:ctn and :n te auxili try ::n:rci :ar.e'...:? 43,'.
e ac::':an:
is Saoviced 7s:or.ses :: :ur s:ect '* : :ues ti:ns.
Iaft inutd:wn analjs's is u :e ::ncuc ec 1:=-urce -4 0. *.* :" h - i:.
- enci t 1.
- his ana*/s's diI* i enti #7 ecu*: e**.
tece: *
- a' 1-~
'2' I2'-
0:I: sMU:Own af te r a
'8 e anc i *en i #y '9s *.P.-'e-a:* :n in: : :--
4e M :
snut:0wn '-:m Oy:3' :e
- e : n:-':I - : 1.
I 58 eas s.,s:en:ec ev'ew :f s.,u:::wn ' s - eau: :n r: ::- - -
use'e:':n 5' ee's::' : nt's !a'e D.:=-n :ca'.,; s.
7~
1.
a
- h. 8.CP tha f t 3reak.
m - -.
reactor coolant purro shaft bream (2egulatory hi:e 1.0, :evis'
., a::e 15-1,3.4). The aoolicant will cronese ocifica: ices -
..e :: ant :-::e:- a system (to initiate an earlier reactor trip "
ac ;Id 00:ur wi uout :*1e design modifications) in orcer to r=
- he preci: ed seeeri:y of :nts event.
atL The applicant has avised to ;er#crm analyses of *his event with and without nodifications and submit orocosed tesd :n ec4 "-*-'--- aset :9 C
...v 2.
Centainnant Vacuum Relief System.
The applicant has b'een requested to describe the C:ntain.ent Vacuum Relief System instrumentation (Q 30.28). The applicants risconse (.s.encment 17, May 1981) is insufficient. At our meeting of April 15. 1981, tne acclicant agreed to provide a revised, cortplete response.
6.
The applicant has been requested to comit to comcly with 2 atory Lite 1.97. Revision 2..... Post Accident.%nitorin
- n :ne i. oiementation schedule of Section D. I:rclementation e ;uice (Q 20.33).
H'.L To date (Amendman ay 1981) the applicant has not responced to this -eeues t.
At our of April 15, 1981. the applicant agreed :o submit a res:ense,
_ ne ene *%
an n14 ran e e,,1 4 - -4. n -u u---,<-u
,.. < ~
- g. Single Failure of Control System Study.
- he soplicant has been requested to cer'or n a ste/ of s'ngle 'si' ares of ee
- entrst system to ascertein f f sucn stigle ' sit art: in: s :se:ven: ::nse:;er:' a'
'silures will lea) to event sequences mre sevart than ana;y:ec 'n ha::e* ;5
- " *be FSAR.
4e soold: ant is to corni! :: ;er#crn :he s:s dy anc :rovf:e i s e vie ':e :'1 ' s e " ort.
p ya m ew,-g4-s--m,-.---
r,.--,,,,v-,--w-n,,,,-,-.---,--+-,,-------,ow-,.
c---,,,,-,w.
--w
m.
+,
7.
ge
... _ _ __ _ _ g
- he applicant has
- pos d to caera:e the atact:r r0:e :' ee s/staa '.5
- e" r
e four channels in bypass. De s/ stem woule nen #.ncti:n as a 2 0'
- an-e' pfttactive system.
(With one :nannel tri; ped, :ne s/ stem acu'
'.nction as 5 1 of 3 cnannel protective system). *he oremosal is :ased as se r:e: ': g r channel independence. To demonstrate indepencence One.olican: rus : :e cns: 3:e separation of power supplies, logic and sensors.
.erford 3 nas been ces ;ne as a two battery system, that is, the four prot
.1 <e Pannels Obtain :cwer ' m four separate vital AC instrwnent buses, wni in: en ob:ain :cwer '- m ao g
AC/DC power divisions. Mence, the :emon en: ion of a :nannsi inde:encence
's, s
f a priori, incosolete.
&*Q* \\
Separation of pmssum senso a RPS channels was discussed 3: leng:n during a drawing review of April 1981. The applicant shewed separation of pmssure sensors usin chamatics and physical layout drawings. We will eview anysical separatio f sensors and logic during our 'orthcoming site visit.
Should logi nd sensor separation be demonstrated. ae.vi'l requim (by sian:
- echnic Specification) that the RPS be used as a 'Our :nannel sys am 41:n
- yp of a known defective channel for no mort : nan 28 nours, and recuire :r 3 _
- 'n
......m r -o.w u n.
t 1.......
\\
Isolation devices are encloyed to isolate " safety" and acn-ca' elec:r :si ci rcui ts.
In response to questions at our meeting o' '
'15, :ne accli:an:
agreed to provide the qualification criteri in :ne selecticn.:rocur=-ent.
2nd installation of these isolati ces.
I 7ne apolicant i
- svide the installation criteria emleyed a: ia:er'a-: 2
.at ne creoible 'ault will risul in a :o.antial at Me 'sa'e y s':e"z to as
.-<..,. no -y < s,<-.
.a._
a_
__ _. ;, 7;
~............,... %,...
Regulatery 3uice 1.118, Seriudic Tes tine
. -:aer in 2-ec ':n I/s ta s.
M encorses !!!! 32 ' "
,ut:e is scpit: sole o :os:.'une '.9'3 ~ ns:-.;
$2.f
..._,r_g y. 3 ;;,;
>e-
.ep-w.-v--ne
,,,.-,p.,-m
-o
,,e,-mo
=,,.,-,,----,.,.--m.-
---,,m--
-e---
--m-,a
m y
i The acclicant's previous resoonse to staff rec.es: :o 3::ress.n e :
_e f
(Q 32.5) is ine:alete. 3e acpit: ant is : s mi- < ~_.
- :n e clai-i g specific conformance and ncn-c:nfor a -
.ta gul a:O ry Sut :e '.. .3.
- se aspects of the design w *
. not in c:nfor-ance ai th tegulnory Su':e 1.118 sho own to be in confor ance with GCC 13 and 3CC 2'. Of 2 :en:i x 0
- 1... ' t c : :C,....
...... 2. C... 4. ; s.^.iii..u.
4 r...e.:,..
tt
-e....<-.,z.
i The Core Protective Calculators (CPCs) were not reviewec,:er se,3:
terf r:
3.
We have taken the operating experience of Att0-2, the previcu revi ew an c j
acceptance of the ANO-2 CPCs, and the similarity of the Waterf d 3 and j
ANO-2 CPCs, into account in reaching this decision.
The conclusions of the acceptability of the CPCs at Wat ford 3 are based :n i
the following:
(
(1) With the exception,of Position 20 which add.sses ta*a ' inks betaeen :ne CPC and the plant comuter, the applican* snould srovide a for 41 :cmi:-
,3 ment to seet the mquirements en CPCs Tacle 7.1 cf.1UREG-0208, ^ Safety Evaluation Report, Arkansas Muclear e, '#1 : 2".
(2) The cata links between the plant emputer and the ?Cs ey be ::nnected only if the plant Technical Sp ificati:ns incluce provisions to assure that (a) plant procedums s.
I be in effect to control meifica:' ens to CPC addressable consta (b) these procecures an ::nsis ent ai:n methods described in th bases to the Technical Specifications (c) CPC Addressable constan* and their anysically realistic al'cwed -anges (i.e., upper and 1 r bounds) are identified in the Tecnnical Deci f* :a :ns (d) values of A ssable "onstan,ts utsi te the nit:wed aan;e tre o: ::
"be entemd wi
- ut approval of the Plant !afety mit:se :e; an i9:e:ercea:
7 veri ficatio shall be c:nducted to ::nfi-m :na addressable ::nstan
%di fi ca-n.s have teen made is a:oreved y ne Dian: afe y :.:mi ttee :-
the intering Staff (whic9ever is a:pli: sole' 'f) Ncifica: ices a te i
~
CPC Adamssaote C:nstants cased :n in':r a:'On ::.ai ed. e.;n..e P in :
, rrouter Cata '.'nks shall not se ace ait ou: 3:c :va :f - e r in: !a 'e v CJmt itet.
\\
)
.s I
\\
l 9
(3) CPC operating experience at M0-2 anc :PC envi-:nrea 31 :es : i-ci:a >
sensitivity of the CPCs to fluctuations. anc e e:-- es 'n -:e-a:
, c-c; the Waterford 3 Technical Sceci f1:stiens shoui s, verefore
- ;i-e :FC functional tests to confirm continued oce-sci'i y of
- PC :.9an-e' whenever the CPC cabinet ther nal environ ent er
.s si' waole ranges.
The allowable ranges should me justified :
.. e basis of env' or. e-ta:
tests of the CPCs and CPC operational cerience at MO-2.
- he isolementation of the CPC gn including bo-a,ar:>are sne software 411' be confirmed during the 8:P".est program. *4e ni'l auci t t.9e tes: 3rogram :o verify acceptable pe tv,ance during these tests.
Subject t e acceptable iglementation by the applicant of the three :ost:icns s ta cove and successful cc@letion of the test orogram, we Ocnsider the PC 7 *^ " ::::- ^ ^ M : -
'd
,s.s.
ICS8 is tentatively scheduled to condu *
..i- ( Accenci x 7-3, NUREG-75/087) durf May 18,1981. Desults of our site visi; 8*.
"M1 Coen :: ems.
/
Me applicants esconse to date to ~MI Items II.3.3, W and ::.:.2 m v4 es t,a ceouate desi gn detat i. The a:plicant should :rovide safficient :e si' o
c.emonstrata conformance with Nt; REG-0737, Ciart fication of "MI a tion D1 an :ec 1 e-c uns.
,..-..w-w-
..,.-i........45
....w
..esa s...
.s a.s.. a.; j a..asaa e
........ s. s m
.a.
l m
-r
,.,,.*r.m--.-.
,,,.e
- y--,
,-,w-e..--.
7 10 -
7.1.3 Conclusions With resolution of the open items enumerated above (Secti:n
'.:.2',
e can conclude that the applicant has identified the safety-related instrunentation and control systems and the spolicable safety criteHa, and that these criteria conform to the Comission's regulations as set forth in the General Design Criteria, applicable Regulatory Guides, Branch Technical Positions, and industry standards. 3 ese are listed in Table 7-1 of the Standard Review Plan. We will also te able to conclude that, implementation of these systems in accordance witn mese criteria provides reasonable assurance that, the plant will perform as designed in normal operation, anticipated operational occurrences, and postulated accident conditions.
l I
e
.m m-
I i
r 7.2 Reactor Protective 3vste=
7.2.1
System Description
The Plant Protection System (PDS; enicn is :ssigned are tui!: :j Combustion Engineering ensists of a Peacter Dee+ecti.a
!js*=
'o described below, and an Encineered Safety Features Actaation System 'E!? I,
described in Section 7.3.
The reactor protective system monitors selected parameters in the Nuclear Steam Supply System (!SSS) and the containment, and trips the reactor whenever established operational limits are reached. The trip parameters are:
l l
(1)
High linear power level (2)
Righ logarithmic power level (3)
High local power density (4)
Low departure from nucleate boiling ratio (ONBR)
(5)
High pressurizer pressure (6)
Low pressurizer pressure (7)
Low steam generator No. I water level (8)
Low steam generator No. 2 water level i
(9)
Eigh steam generator No. I water level (10) Righ steam generator No. 2 water level I
(11) Low steen generator 'lo.
1 pressure I
(12) Low steen. generator No. 2 pressure l
i (13) High containment pressure.
s b
Tour protection channels are provided for each of the trip parsmeters a
d listed above. *4henever a trip parameter reaches the Ore:e.3 - e: -
a.
.3u-1hi
.8 1
.q.
.M
2 the channel bistable is tripped resulting in *ne deener,i:stion o' t~e channel trip relays. Contacts from the trip miays are 3resngec in :
1<
Iogic matrices representing all ;ossible two-out-of-four certinat':ns for any of the four redundant protective channels. Eacn logic mate x contains four output miays. Contacts of these relays are asec to ferr.
four trip paths that control the power to the _ _TPT ::ils of the circuit breakers to the control element drive mechanism (CEOM) power supplies.
circuit breakers are provided. 3ey are arranged in gweHTwr-s==
ac.c groups, consisting of two breakers 4 n each to control the power fecm 1
two parallel notor-generator sets. Opening one breaker in each of the W
ase groups will remove the power to both CEDM power supplies allowing all of the control element assentlies to drop into the core. Sumart :ing, coincident trip signals from two protective channels for the same trip parameter will scram the mactor.
In addition to the automatic trip of the mactor described above, means are also provided for a manual trip by the operator. Two inceoendent sets of trip pushbuttons are provided, eacn consisting of wo pushbuttons.
Actuation of the pusnbuttons of either set will trio *he reactor. le two pushbuttons in a set need not te depressed simultaneously.
The protective channels for the high local cower censity, and the 1:w
- eparture from nucleate boiling ratio ( NBR) Jtili:e digita!
core protection calculators (CPCs) to generate a trio signa:
-ne enat ace-l l
of tne RPS uses hardwired analogue ticcuitry.
j 1
l l
l t
k.
t
~.
3-The reactor trip system for the 'Jacerford-3 as described in :he 75A2 is functionally the same as that provided for :he previously reviewed ANC-2 pla=:. The differe:::: be: vat: :ha desig:: :f :h :c ::: ;.::::
deviations from the design reviewed for the construe: ion per=it 'JP),
and other areas of concern are discussed in the following sections.
f 7.2.2 Differences
- rom ?reliminar-r Cesion The reactor protective systes described in the yinal Safety Analysis Report (FSAR) has been significantly modified from the originally proposed system rrviewed for the construction perzi: (PSAP. aeview).
~5e changes, listed by the applicant, are as fo11cws:
(1) The high local power density trip is added.
(2) The thermal sargin/ low pressure trip is replaced by the low :T3R trip.
(3) The core protection calculators (C?ca) are added :o provide :he high local power densi:7 and low DN3R trips; and :he thermal margio/ low pressure calculator is eliminated.
(4) The low reactor coolant flow : rip function is incorpora:ed in the low DNBR trip.
(3) Reactor coolant flowrate is calculated by use of reac:or :colan:
pump speed inetsad of being inferred by differen:ial pressure sessurement.
(6) Control element assembly (CEA) position signa's are isecrpers:ed in the reac:or protective system (RPS). Two CIA :alcula' ors are provided.
w
+==
e ev---
_y v-w wwwmw--
vww
- m w'-'
- - ---M9
-wm-4--
- - - ~ -
-w--
- - - - ^ ' ' - - - - " " - - '
i i
6 i
(7). A high logari:h=i: power level trip has rap 12:ed :ne '-igh r2:e
.f change trip.
1 These design :aanges provice additional coera d g ' Tex ti'i y. sne i
enhanced protection 'or CIA cositien dev ation events.
As tis: sse i
in Section 7.2.1 above, tne 'inal design of the reac:or :rc:ac:i se s/ste-for tae Waterford 3 is ne sarre is
- hat of ne ANC-2 3: ant, excep: ':e enanges i n th e :c re oro.e cti on cal cul a :O rs di s c.s s e ? i n the 'o'
- W 97 section. Cn this basis we 'ind the design ac:eptamie.
=
l
~ ht 3 7.2 * " *-
- --*# - N '
- d =
- a*
- The final design of the reac:or protec:ive system u:ili:es a di gi
. ::rrou e ~
based system, consisting of four core protection calculators.
.or deriving the low departdre "rce nucleate boiling ratio (
R), and the high local power density trip functions. As stated the appli: ant, the core protection cal:ulator system for :he *J erford-3 is functionally the same as that provided for
.e ANO-2 plant whi:5 was reviewed extensively by the staff. Si e, however, the appli: ant has 1
indicated some changes because of fforent number of :entrol elemen:
7.k.
assemblies (CEAs), we reques*
that the applicant proride a detailed b
comparison of the desi f the *Jacerford-3 and.CC-2 : re protsc:icn esiculator systems '
32.7).
he applicant's response included the i
following s:at nes:
(1) Th. ardware quali"!:stisn and design :ri:eria are :he sa=e f:
the 'Jacer*ord-3 and co-2. Minor changes exis: in :ab'.e lengths. Also the nu=ber :" 7.As is dif f erent.
--w,-w-
,,w-,--w,m--
v 3
e n
(2) The CPC DN3R calculations will be derived frrn the ; *.
correlatica (design code ! RC) instead of :he W-3 ::::e'.2:i:
(design code COSP.0) used for ANO-.
(3) The CPC/CEAC algori:hms vill be modified :o reflect :he nan $e in the number of control element assemblies and :entrol
.emen assembly subgroups.
(4) The CPS /CEAC data base cens: ants are subjec: :o ange frem ANC-:
to Waterford-3, since a large number of :hese as: ants depend upon specific core and coolant systes charac eristi:s.
The applicant has also stated that the C?C/C' sof:vare for Wa:erford-3 will include improvements in software des'
- ha: are based apen in-plant system experience for SONGS 2 and 3 and ANO-2.
All sof:vare changes will be performed in accordanc vi:5 "C?C ?recec:isa Algori:bs Sof tware Change Procedure OIN-39(Ah, Revision 2" and Supplement 1-?,
Revision 01. This procedure was :.eved and approved by :he s:aff on the ANO-2 docket.
All of the differences in th C?C sof vare between ANC-2 and 'Jacerferd-3 will be reflected in the *aterford-3 ?unctional Descriptions, Sof tware Specifications and assembly language program listings.1523 l
vendor changes to Me C software are Mviewed in ::njureti:n ni:n s.a" review of '3AR Chao r 2.1, re Theriai dy:rtuli: :es ;n.
- al ' :3--
- nanges to the 0?f software is to be rested tec :y : tr.- *ecnn':1 Sceci'1 cations ' air ODen
- dm *.8'.
Based :n :n a:plicant's descrd::1:n anc -Me ire cse: ' :'e er 3:t:m :' -e n an ges
- Me ::re :r;:actt:n :31:ui t;;r s,s tem. e ::nc'.ce 9 2,
v
- escl e:' n of SER lcen en
.3, tre ::re :r::sc: :
- 3::/ 2 :-s 1-9
- a: :: 'a
- c e
- e inte r#0r: 3 -tact:r Or0:ac-i.e sjs em.
, l
-5
'.2.4 Steam Cenerator and ?ressuri:er Water '_evel Jcess ge'neracor water level, Doth Irv and high, is used as a : rip pareseter in the resetor protec:ive sys:em. The low s: cam genera:::
l water level is also one of the parameters in :he engineered safety l
features actuation system (ESTAS). The pressurizar water 'evel signal is not a parameter of the plant protection system but i: is a variab'e in the Post Accident Monitoring Instrumentation System (? AMIS) and as such is safety related.
The level seasurement system for Waterford-3 uses level transmi::ers that are connected to the steen generators or :he pressuri:er by an open column reference leg. A concern has been raised previously on similar systens, II Sulletin No. 79-21, regarcing :ne effec :n :ne measurement Accuracy caused by the hea up of the reference 'eg :ce :: a hign energy line break inside containnant. *his effect would :ause
.e indicated level to be higner than the actual, resulting in er :neous infonnation to the protection and centrol systems, and to the ::ers:Or,
- n addition, an error can be introduced in the level measurement :y :nanges in fluid oressure.
The apolicant has analysed the Waterf:rd 2 level measurtren system en:
scovided c:r ection taoles to be ased :y :itn: Ocers: Ors :: ac::un
':e reference ieg neatuo and varying 'iaid pressart effec s.
~5e ef#e::s :#
flashing and hydrogen effervescence are cet sc:ountec *:e 'c trese :a:'es.
The applicant states ina in appiying :ne 'evel ::reecti:ns. ne ::e-t :-s will te trsinec to assure tha: :ne e'e ence 'es a-ce-t:are s 2: -e 91;nes
- ntainmen; tem:ers ges atacre: 3-;m :ne :eg'nn'9; :#
e e.e
7 The actual setsoints for the Mw steen ceae-st:- a te * =ra' not yet been selected. *he a:Plicant states ma: =e e r::s.se: ': -
determining the trip setsoints will ensure Oa: ne s';ral int;'ates : e action required by the plant safety analyses nroughou: :ne range :#
aseient tesseratures encountered by this instrumentation, inclucing i
accident conditions.
'l / ' '
- i 't'ee 6
setpoint selection criteria to ensure :nat me set-
..s ::nservative:/
.ID c.R Cpen Item 5), and that ne selected to encompass the above c
. s setpoint is sel nsistent with GCC 13 and R.3.1.'C5.
We will ae:cr:
7.2.5 Inceoencence of %dundant Power Sacolies 7.2.5.1 RPS Power Supplies E. '...
- --
- x c '...,. x -. n.;....: "...
120-7 uninterruptible vital ac instrument buses ani:n in :ur,
. in :cwe-from two AC/DC power divisiens (power from four AC o*
- en:r:1 : ente-s anc two batteries). *he power supply dependency -
remises -he ;ur:ortec iPS mvisec four channel independency.
- 7. h*
- 1
- h." f "he applicant nas propo
.o Operate the insulled fcur enannel RPS as 1
~
three channel s m with an installed scare, as was revicusly eviewed int c:nclu y the staff on similar designs, e ui'l -ecuire ua: -he PS :e
_.m.
m.
- s......... a..,,..,,
m : =
.3, 7.2.5.2 L:cie *datrix Sower Supeltes To prevent a reactor tr4D On :ne loss of a si99 e :us, eacn Of Se 3' t :ES 1
logic Td*Pices tre :Cwered by two *ecuncant :C Ocwe-s.*0'*es =ri:P 39 !! -
Ocnnected Oc a secartte.ninter :.ctible ac Ocwee : gs.
~9 e s a e 1:0 5 t :-
3 also taken in the engineerec sa'e y 'ea arts 2:-.a:i:a s/s e9, ::
- 7.=--
inacvertent actaati:n Of eng19eertc sa#ety #et res ec.*: ea-1-l ;c -
i c.: :.::'ar.ge: :. e Alo t:cr. anc.wm.=
ince:encence : :ne.n:
e-u. :'+
ac power buses. De same c:nfiguration is em':yed 3: 44C-2.
program was conducted to demenstrate cat me Oc power suco! es are
<e' isolation devices in conjunction with the mig-2 tview. N ac:1 can:,a:
confirmed that the pcwer supply tes:11g perfor ed for 410-2 is a:c:i:a: e to the Waterford 3 power sucoltes.
Based on this confirmatien of the applicacility of :ne acwer supcly tes ng, the Waterford 3 power supply configuration is acceptable.
7.2.6 Testing y go.. :t a u
.u.
.e_
e tested without having :o disconnec: any of the componen:s or ne for jumpers. The applicant also has commi::ed in the Technical Specifications to perform at certain intervals :he reac r : rip syste:n response time test. These tests include also the a sors, except f:
the neutron detectors. The resposse time of :h outron flux signal g
portion of the channel is to be nessured 're dete::ce out ut or in:u:
87,2,.h to tne first electronic :enconent in the annel.
a$ A The applicant was requested (Q 32.-
to snow new ne Waterf:rt 3 :est'99 follows the mconsnanda:1cns of gulatory 3ct :e 1.;;3.
he sc @ :an state:
- nat since this guide was
. Idsnec after :esign :rd ter4a nac :een as a:: sae:.
it was 14cssible to :- 1:er esting as su ' f 9ed in See:::n.
- f =a
- f
- e.
de F. ave escuested at de acclicant 3rovice acdi-i:na :etait e: inf:.a: :9 en te areas n
- c :roposed testing 3rogram :ces 0$ 'c:w :ne e::. : e :at- -
' %w e a
. 3ui ce ;. ;;3 '5ER Ocen ::em . :o :e.: ens:.1:a en: :ne :es ;9 is in - formanca 12 3 C ;3 and n.
,e 4
nct ;ce :'.c :: ;s 2
s up........
l m
m
_.-,-_v_-. - -, _ -,., _,.,, -. - - - _ _ - -, -
-_,__,,--__m.-,_,-,,.-.,_-m--..
9-7.2.7 Evoasses Trip channel bypass can be initiated :tanually by a ::ntrolled oc:est switch. Interlocks allow only one channel for any ons :ype trip :o be
, bypassed at one time.
- he bypass is manually initiated and manual'y removed. In addition, operating bypasses are provided for the ON3R and local power density, pressuriser pressure, and high logari:hmi: pcuer level trips at established power levels. *hese bypasses are initiated manually and are automatically removed whenever the permissive conditions no longer exist. (see 't.2.5.l) 7.2.8 Conclusions The reactor trip system includes the initiating :t e:uits, %gic, typasses -
interlocks, redundancy, diversity, and actuated devices Jtili;ed *.o inclement reactor shutdown. The scope of the review included the :escri:ti /e information function logic diagrams, schematics, and 2nt~Jl Wiring Diagrass, and physical arrangement drawings.
With resolution of de 0 pen Iteg M h '.;,..., i, u~
J escr':ec 'n Section 7.1.2, we can conclude, with rsasonable assurance, tnat t.me mac::-
trip system confoms to apolicable Ngulati ns, guices, tecnnical :csit'cns, e
and industrial standards, stated in 3Mt Section 7.., anc is tnere :re SRP acceptacle.
l I
r
-s----.,
i 7.3 Engineered Safetv Features Actuation Svstem 7.3.1 Systes Description The Engineered Safety Features Actuation System (ESTAS) is part of the plant protection system. ESFAS generates signals to actuate Engineered Safety Features (EST) equipment. The signals generated by the ESTAS, and the associated trip input parameters, are:
(1) Safety injection actuation signal (SIAS) - low pressurizer pressure or high containment pressure.
(2) Containssent cooling actuation signal (CCAS) - same as for the SIAS above.
(3) Containment isolation actuation signal (CIAS) - same as for the SIAS above (as couaitted by the applicant. See Section 7.3.3 below).
(A) Caetainment spray actuation signal 'ISAS) - high containment pressure coincident with SIAS signal.
(5) Main steam isolation signal (MSIS) - low steam generator pressure.
No. 1 or No. 2.
(6) Emerg-icy feedwater actuation signal to steam generator No. 1 (EFAS-1) - low steam generator No. 1 level coincident vi:5 eithe.-
1 no low pressure in steam generator No. 1. or high different'.a1 pressure between the steam generators wi:5 the higher pressure it.
steam generator No. 1
(?) Emergency f eedwater actuation siga.a'. to stenri tenerat:r 'lo.
(EFA5-2) - identi:a1 to above, ex:ept :5e candi:irns are f er s te s:-
generator No. I versus steam geners::r *::. :.
(8) Recirculation actuation signal 'XAS'
- .:v ref4e;i.g.4:=r 1: w 1 pool fP.WSP' ;evel.
u
'e o
n
%)tCN 2-Each of the trip parameters listed above is nonitor-d by fear redundan:
protective channels. The actuation system log.: is configured in the 8
same manner as for the reactor trip systes (see 5,ec:icn 7.0 with the four trip path outputs arranged into two redundant, two-out-of-four selective logica. Each redundant logic actuates one of the evo redundant 3:1 pups of corresponding engineered safety features equipment. Summarising, coincident trip sigas1s fres :wo protective channels for the same trip prameter will actuate both trains of corresponding engineered safety features equipment.
As stated by the applicant, the engineered safety features actuation system for the Waterford-3 plant is functionally :5e amne as that for ARIO-2. Nevertheless, we found in our reviev eertain areas of concern. These areas are discussed below. A discussion of changes in the preliminary design is also provided below.
7.3.2 Of f*erene e fmm preh _ iman seiem The applicant identifies the following changes fros :he prelisinary design provided in the PSAR that was reviewed for the ::ns:-4c:ima permits (1) The amergency feedwater actuation signat :.as been de e f.
(2) Variable setpoints for initistion of SL'.;*,
".AS, and O!AS or. *sv pressuriser pressure have been added.
(2) Variable e stpoints for i iciation o: "S*S cn low :.eam gener a::.r t
pressure are added.
(4) The group testing capability is added.
e[
_- J 3
The variabl* setpois: f the icw pressuri:er pressure : rip a.1:ses controlled pressure redue: ions, such as shu:down depressuri:a:i:..
wi:hout ini:iatin5 safsty injec:ica, : :ncai:mer.: cooling, or i
contaia ant spesy. The lowering of :he trip setpcia: is ace:mp is.'.ed l
manually in limited steps. On increasing pressure, :he : rip setpoint is raised autonnatically. The some arrangement is used also for the variable setpoint for the lw stems genera::,r pressure : rip
- ..'e s t 's 'e setpoint. trip for tne stesst gene-stse pers.re 's 31sc revi:ec #:r me reactor Drotecti e system).
The composests in various engineered sarecy feature sys:e=s are divided into groupe. Sele::ica is made such tha: ac:ua:isa of a :ertals ge:up n11 n.,
affect norati plant operation. Providing :he gecup :esti.g capability allowe.:esting of various :omponents vi:5 :he p* ant at power.
TM revised engineered safety features ac:uation system f:e *Jacerfsed-2 1
as disc;Jssac in Sectdan 7.3.1, cove, 's f.nettena; * / pe sa e is -*-
provided for the AFO-2.
".t this basis the :ha-e made in the l
prelinicary design e.
=cesidered acceptab e.
7.3.3 Diversi:v sf Aceaation Siria's,
~. _ - _ _ _., -. _.
generation :f te =nta'nmen: 's:'s: :r. s:
.- s ;rs' :/ 2:: ; - e l
g low :ressar':tr :ress.rt :: me t :r
..r a rer: :esss e :
- s
W
- reposec is te sc'e saria -
. ' - -- s : arge
'. :: : r ' : e -: -.
Te0
- s crev':ec *:* --
.A3, ::AS, p
.:: s ; s's
- : e -s. -. ' -
Sect'en -
sco re.
e -t.a - ; e t et e: 21'e / 'es:.-e 1..-
3
..n...,.
D.EW'
.,g
.1 1
A,.
...a...
..-.....a....
.....a--_..
.......c on high containment pressure.
Final design cdifications to the C:A
. reui t y :c ini tia:e ::nta n.,e n:
1 solation on low pressuri
. ievel have not been ::.mletec '5ER lcen ::en 2' We will rev e final design :nodifications and inchde sur 'indings 'n a
.w4.
7.3.4 Emerancy Fee &ater System The Emergency Feehter System (EFS) is au:cmatically initiated my Energency Feedwater Actuation Signals (EFAS) 1 and 2.
3ese s'gnals are generated by detection of low steam generator ' eve! and s.es.t. generat:r differential pressure. Feed only good generator 10gi: is emc10yed. EF35 is par *. of the Engineered Safety Features Actuati:n System and mets me requirteents c' "'ask Acticn Plan ::am !!.E.1.2.
As describec in Section 7.3.1.1.5 of :ne F5AR, :Dening of me emergency feeeratar val ses to :ne intact staam ;eners::e is initiatec 'EFAS;.cen
- ne aa:ar level decreases below -he 7:w level trds se :cin. Af te r :.9e Ievel rises ac0ve this set;cin*, ce valves nil? be :::sec.
EFAS ::es 90: ' seal in'.
We are :encerneo acout accarent : sci"atten :' s eam generator datar 'evel at the !cw levei se :ci.*: anc ne sai aci y :' me e9er';ency feewater isolation sabes. and ass:ciata: -4:ing ' r S s y:e of ser<ite. N apolicant 9as sta.ec :nar me EM ::n:-:' sys.am as ::
l been finali:ed '!ER Open : em h). ne wi'i -e:or: esciati:n :# m's ::-ce -
1
- n a sucolement :o this ecort.
on
I s
7.3.5 hsetting of the ESFAS Signals IE Sulletin No. 50-06 addresses rese and Over-i:e f engt eere: :a'i-features. The applicant will suomi: acci:icnal infor ation in -es::-se ::
IEB80-06(SEROpenItemp.
7.3 7 Conclusions The engineered safety 'eatures actuation systems include -ne 'nstru.ea:a-i:n and controls used to attact a plant condition Ngui-ing :cerati:n Of an engineered safety features (ESF) system, to initiate acticn of the E!?, anc to contns1 its operation. The scope of review of the E5FAS ine'udec Instr'Juant Schematics and ' ogic Diagrams anc Cont: 1 'dirdng Jiagrams sn:
descriptive information for the ESFAS anc 'or : nose auxil'ary se:certing systems that are essential to the operation of eitner the 55FAS or :ne engineered safety Watures systems themselves.
lJ $2 b Wi th resol uti on of the Open :tems b :. ;, ;, :. :..,..,., _ : '. - -
disc.ased in Section 7.1.2. we can c:nclude, with -tasonaole ass.rsnce, that the design of the engineered safety 'eatures actuati:n s/s;e-:s :: ':--
to applicacie regulations, guides. 3ranen tecnnical :ositi:ns, anc
'a.s: y standards, stated 'n SRP Section 7.1. anc is there'ere ac:eo so's.
l m &,,, n.s.4 s ko k d g
-,, + - - -
t 7.4 Systerns 4ecuired for Safe Shut::wn 7.4.1 General Instrumentation and centrol systerns that are recui-e:
esta:I sr 2n:
maintain a safe shutdown : ndition for the plant are identie in ha::e-7.4 of the FSAR.
In many cases these instraentati:n anc ::nt 01 syste s are utilized in the performance Of nor-nal and ernergency 1 an: ::e-a -i o ns and as sucn are not exclusively utili:ed f:r the safe snut:own 'unc ::n.
The systems, ::nsidered by the appli: ant, as recuired f r safe snut::wn, are:
(1) Emergency feedwater system (2) Atmospheric staan dump valves i
(3) Shutdown cooling system (4) Chemical and volume control system, beron addi: ion portion (5) Emergency shutdown from outside of :he main control room.
The following EST support systems are also required :o fune: ion:
(1) Component cooling water system.
1 (t) Onsite power systee, including diesel generator sys:en.
(3) Besting, ventilating, and air condi:icaing systems for areas containing systems and equipment required for safe shutdown.
(4) Diesel fuel oil storage and transpor: system.
j al*Jtoufi *ne acciicant coes not ::nsd:er, and tne staf# ::c,cu rs. 7 2 -
3 -e c*iteHa Of the IEEE Stancard 279 :: :e :t e :l/ a:ci':a::e : :ne syste s aecut ed f r safe st'ut:own, tne scu emen s f Ie:- :n a :' - a s.2
- 3-:
neas f:ll: wee in ve :es';n.
- s s ta te c :y
_9 e a :
- an, : e :e s ;- : ~., :e s ecuncancy anc se:arsti:n #:r ve s/s:n-s : ee-ie 1 -fe '1.7
- r' te rd :n.
Als: :a:a: / 's :-:r :e: ':
a s 1 : :3' :-1 ':- : i 74 AI* au : a::: anc an,a: 30.3: :n 3 : ::r--:- :e, ::s 3 -o im 4*.4 g
T)
+
P!
a 2-The applicant will perform a Safe Shutcown Analy.is in accor:ar e ai:-
This analysis will icentify equi:mn: ee :e:
to obtain and maintain cold shutcown after a fire and icenti'y inst-nenta: :r and control needed for emergency shutdown outside the control room (SER Open Item [. This analysis will either confirm the adecuacy. or requim the nodification, of the list of systems now identified as required for safe shutdown. We will review the instrumentation and control in the control room and at the auxiliary contml panel, of those systems i:en-i'ied in the Safe Shutdown Analysis and report our findings in a supplement to this report.
s The results of our review of specific amas of the design are as follows.
j 7.4.2 Shutdown Coolino System The shutdown cooling system (SDCS) is a low pressure system, beated outsi:e of containment, which interfaces with the RCS, During the snutcown : col g
operation, a portion of the reactor cociant is circulated througn the snt.:-
down cooling heat exchangers via the low oressure safety injection sunes.
Either of the two pumps in contination with the associated snu::cwn nea:
exchanger is sufficient for proper system ooerstion. "he electrica; :evices l
needed for the operation of these systems are supplied from recuncant anc l
independent Class IE power sources.
i Over pmssurization and consequential fa11are o' the SOCS neul: es.1 :
a loss of coolant accioent outside of containrent. Overoressure :ro e:: :r s provided by reduncant isolation valves. ~here are two SOCS suct'on *es.
one in RCS 10o0 '80.
- and on in RCA 1:co 'lo. 2, each :ossess
= *ee in series' isolation val ves. Two of these salies in eacn f *.ne '- es are *::3:e:
inside the containnent, the :nird vai ee is 'ocated Outs::e ce ::r:a n ea
'talves located insite :ne oncsinment ar= :reviced aim '9:e-Ocx3 :: : -a.
d
3 opening and to initiate automati: :'es are ane-e,e-oc =ci an O res s.*e exceeds a preset value. ~5e re a rt ' cur ;cwer s.:ci es # e Nese,s.es.
l ac and two cc. diviced into do -e:uncant syste :s, :ne #:r ce va'.es :# etc-of :ne two suction lines.
- his can'igura::en arevices escun ancy an: ee n
- ne single failure criterion on a loss of a :ower sour:e.
- he isolation valve interlocxs, :es rtbed in Se:: ion
.a.;.3 anc siso in Section 7.5.1.1 of :ne F5AR. prevent s:ening o' ee vai ees n-11 ne :ress e secreases below 377 osig, and close ne valves aut:maticalij *nen :ne cressare reacnes 500 osig. Pressuri:er pressure is uti;i:ed as an inou to me n:erlock circuits. Four inoependen: prtssure monitoring :nanne's are omvided, one for eacn of tne isolation val ees. 3-essure sensee ecwi: men-aiversity. :>o sensors f-em eacn of *:wo manu#act rers 1as :een :ro i:ec, ar:
is in confomance mita Branca Tecnnical Dest: ion 033 3.
7.4.3 Emeroency Shutdown F=om Octsite *he Con:MI tocm
- he auxiliary control manel, located outsica ce main =ntrol ecom. ::nta ns contmis anc instr:reentation to e -aole -he :cerster :: sen4 eve anc uinta 9 the 31 ant in ne 50t stancby :encition in the even: Oa me a'n =nt ::
- cm saast be acandoned. *he trans*er sf =nt-c's '-om tne ain =nt-o* -com =
tne auxiliary contrei sanet is :ene unua;'y my me means :' tesns'ee s ' n es mounted on euxiliary sanels. 'hera!'on s* te trus'er sw :c es is ann.,n :3:ec 4
e
- n :ne controi 'sofs. *he :entrol -com trans'e r sa* :: es, anc 1;xi s.'
contml :anei ars :r.ys.tca'.'f.separatac. hys':ai se:arsti:n s:ecuacy s accressed
'a ce sta"'s 'i at sm:acti:n re*r ew :is:ssse:
'a iec-':e 9.5.'.
d I
or.nis sta.
);
- n k
pq 4Yp
}l N
J
4 A Safe Shutdown Analysis is to be conducted in ac::reance c:n ;0 7:t Part 50 Appendix R.
This analysis will 1:entify equimmen neecec n obtain and :naintain cold snutdown after a fim.
Bis stucy wi ' i:ent"#j instrumentation and control needed for shutdown from outside One ::ntr :
room, and will be used to demonstrate confomance wita 3CC 19.
7.4.4 Conclusions The myiew of systems -ecui-ed for safe snutdown inciaces ce sensom, initiating circuitry, logic elements, interlocxs, -edundancy 'estures, actuated devices, and auxiliary devices that provide the instr;mentatien and control functions that prevent ina reactor from -eturning u :rd:1:2:':/
and provide means for adequate residual 9 eat removal 'em :ne core, ::nu'9 e-.
and other vital casocnents and systems.
Tht scope of review o' system requi-ed 'or sa'e snut::own for ne ::an:
incluend InstrJaentation Senematics and.:gic Oiagrares anc :ent~:: 41 -i n g Diagrass and cascriptiw infor nation 3:r :nese.systams.and 'or sai'isry system essential for :neir coerstion.
ne eview 1as d c:acee ne a::' :an-s proposed assign trd: aria, casign sases, and analyses.
With resolution of Goen Item.
cisc:.ssed 'n See:1:n 7. '. 2, ne :an ::cci.:e.
with reasonable assurance, that the design of syste s 7c;i ee 'or sa'e snutasun :endons :s ne acolicable engulat*:9s, ;uices, tec ni:s' =cs':*: s.
and industr/ stancar s stated *, SRP 5ec isn '.'. anc is - ered: e ic: :u:'s.
4
-.. ~
.m
.-__.__.,.._,_m_
_m_
E i
7.5 Safety Related Disslay Insteeen a ion i
7.5.1 General The safety related display instrumentation provi:es infor 2-icn :: :. e operator to ascertain the status of the reactor core, react:r ::c'ar-system, containsent, and safety related process sys ems so :na: the ::ers::r may perform manual actions insortant to plant safety.
5,e aco:ican: as tabulated the display instrumentation in the fol' wing categoMes:
(1) Plant process display system (2) Reactor protective system monitoring (3) Engineered safety features (IST) system zonitoring 1
(4) ESF support systems insert.usentation lil (5) Control element assembly (CIA) position indication 1
(6) Auxiliary control panel instrumentation (see Secti:n 7.l (7) Post seeident monitoring instrumentation (4) Bypass and inoperable status indication (9) Safety parameter display system (SPDS).
,3 n
Information is dispiayed in the main c:ntrol mom. sing car::wiSc disolays.an:
computer driven ORT displays. Audible alarm and visaal annunt:a.cd are pmvided to alert the operator to :eviations f-em nor nai :ce-s '.g ::r:d:':rs.
sucn as sm.trdo alars and trdos of the plan: org:ee:t:n 575:33, 3n.,,
[
!Bhe5 r4.
..s Status. MIf'AC* ion, typass Or Over 4 c :::nciti:ns o sa g y sjs.,3 5,
s e
gw a s e4 - ~ ~ a..
p.es. *. e sei ~.
(m c,w Inser1.5 s.ifEched
i 2-
':.;; ' = :f : r - ;' r : : ;..;;..x; n'n.
7.5.2 Post Accident %nitoring Ins r.snentation h e -- - - - - * - - + -- 4
- 4a----'
" n ' " ': r - -
to the operator to senitor and Cope with post-accident :encittene In our review we found what we considered inacecuacies *
.he SANI syste-design. We have requested (SER Cpen ::em ;3) the pli can: to i n fo r-n.;s f
his intent to meeting the requirements of atory Guide 1.97, hvision 2, gdf5CO
, which states that 21 ants scnedu'ee g Q Decescer 1980, Section 0, Inglementa to be licensed to coerate befo wune 1,1983 snould meet the *ecui-ernents of NUREG-0737 and the Co ssion Memorandum anc Order (OLI-20-21: anc.ne schedules of thes cuments or prior to the issuance of a license =
operate, wh ever date is later. ~he balance of the provisiens :f dis guide uld be completed by June 1983.' We will include our evaluation f
^---":-t'- n: :::: '
- : n ': c..; _...
7.5.3 Svosse and Inoperable Status tadication In our review of the inoperable status indication system, as origina**.y described in the TSAR, we found that no indi:scien was provided for s 1
aumber of systems that are considered to be important for safety.
These included such systems as the Containment Cooling System, j
Cambustible Gas Control System. Diesel Tuel Oil Storage and Transfer System, and WAC systems f or safety related equipment areas. 'e 1::' * :a r -
)
333 revised tot s/stam to orovico incoe-scie stati,s inat:3:::e 3r : ese e
systems, anc ne :ensider this issa res:'vec.
= :
j
- ,c 3
,?
i, 6
- f. a 1
.q The indicators on the inoperable s:a:us panel are divided in:o :hree La l
El groups according to :he safe:y systems' dependence on a ::cmen e'.ec:ri:
[j power supply. These are SA, 53, and SA3. The display ligh:s are back j
j LL i
lit, maintained posi: ion pushbuttons. The '.ights have a sp'.i:
[-
)
architecture. The upper light is actuated by :he plant computer. The operator can extinguish :he light by depressing :he respective pushbutton. This actuates simul:aneously the lower light.
This '.igh:
J h
i again een be extinguished only by the operstar by depressing the y
1 respective pushbutton. Har$si'1d status indication o' -ajor ::conents 3
t J
it also disolayed in the control reca.
~4 4
t
'Aile system hardware 9as been dest;neo associated sefware is je: :: :e
}
written. We have requested that the applican: provice sofware :est;n P
- riteria (SER Open Itemg. We will report our "indings in a su;;olemrt :
f I
this report.
Se numan engineering aspects of the display 'uncti:n ':r :nis system d
{
4a m
he accressed by the 01 vision of Human. ac:ces !a'ety.
f' 7.5.4 Safet, Parameter Dispie, system
?
l
(
In resposas to the requirements. cf NUREC-0696, "Func:iona* Cri:er.a f::
y Wa
(()
l Emergency Response Tacili:les," the applican: has proposed :s provide k'N for 'Jacerford-3 a Plant Safety 7 ara:eter Disp *.ay System '3705'.
The e
proposed SFDS system consis:s of plant c:spu:er-driven :27 disp'.ays :n the sais control board. Ouplication of the SPOS :isp'.ays is :s be aQ
~$q) er r
r,m r
'l
\\.
=* --
=
~
- ~
,1
-....-s 7
,..-yyy-
,-,,+-,,.- - -
-,,,,.y
,y.
,my,,-.-,.---.-y
.g
- w,,.,
,.-,,m--r-,,
g rr rw
.L t
.1 provided in the Technical Support Center 'TSO and :he I:nergency Operations Facility (EOF).
A computer-driven CRT display system was selec:ed primarily on :he basis of flexibility. This includes flexibill:7 in changing :he display formats, choice and grouping of displays by~ operator, and flexibility for incorporation of advanced concepts and :echniques in the future. The applicant has committed to obtain an independent organisation to evaluate the capability of :he exisiting plant compu:er systema in meeting the design criteria set by NURZG-0696 for the SPDS system. Also, an independent coordinated computer power supply reliability study is to be performed. Je will review :he evaluation results and include our findings in a supplement to this report.
7.5.5 conclusiona With resolution of the Ooen ::ams $,$. f emP90 disc:.sse: '9 Ie ::' :a.
7.1.2, we can conclude with reasonsole assurance, :na: :ne dest;n :'
safety-related $1solay instrJuanta:1cn :enf:r.m to s : i:act e -e;. s: :es, guides. technical positions, and industry stancarts, statac '9 !U ~ :: :c.
7.: and is therefore ac:sstable.
1 l
1 i
.r-
-,-.w
y r--
t s
7.6 All other Instrumea. cation Svstems Ree air ed f 3r S af *:y 7.6.1 ceneral The systems listed by the applicant in :his :stegory are:
(1) Shutdeus cooling system interlocks (2) Safety injection tank isolation valve interiseks (3) Refseling interlocks (4) Spent feel peel cooling and clesaup system l
(3) Centainment purge isolation signal (6) Seester coolant systes leak detection systes (7) Area and process radiation assitoring (8) Costatement veevue relief systee (9) Law temperature everpressure protection.
The ohntdoom cooling sys:ee inter *ecks, included in :hs section, are aloe discussed is Sectise 7.a of the FSAR. Our review of these interleeks is provided with :he evaluation sf the shutdeve :solies system in Secties 7.6.2 of this report.
"he refueli=g :::er*::as, although listed is the required-for-safety :steger, as reqaired tv 37?.
are considered by the applicent as set safety related s; ce s: :redit is taken for these intetiseks is accident osa *. v s e s. Se res d:s :f
- .r review of the reesining eye:eme are prevised below.
7.6.2 Safet,1s!ectism Tank !sels:ise *?sive Oster*.?:e s Four safety injectise tanks s**st are ased :s f;:ee :r., :rre berated water fsil wi g iestessarizati m a: a res4.-
f s *.0"A.
! ;-- t i
aermel plant eperatise. each safety in;e:*. :e t a r. a
.o
. s e '. a t e : ! ? -- -
- reactor coolant systee by twe :he:k va*. es := ser.es.
- - a t :. ? **. e wwn+
,wy-,--
m..-----PNN"-ew'MW'>T* *
'y-"-""7'-
W pf-
.g.
N
?.f, b
h~,
motor operated isolation valve on eacn safety tanz cisenarge s :rev :e:.
A Interlocks, provided by pressuri:er pressurt measurenant :nannels.
re.er:
1 closing me valves until the artssure secreases celow 'C0 :sig, in: 3.: -
I matica11y open the valves unen the pressure reacnes 500 3s17
- 9 a cct :t :r:.
the valves util open autoestically on a safety injection actaati:n s ;na:
(see Sec:t on 7.3).
Ta'e apolicant constsers me equirements of lEEE Suncarc 2'9 as, : :: -e::'f applicable to the valve interlocks.
- he appl i can t 9 as. 9 ewe ve r. : re v :e 4
analysis of how me desip meets me recuirements of Section s :* lEEE 2'9.
- he valves are locked open and the valve seter breamer and'e s :ac' :<e:
in me :cen sosition.
l ve )os t :1 on t idi ca ti ng I t gn u a re O a:. se : 'n : e setn :entrol coon. !c aud.21e alars is actatec weenevee ne :ressa-. s aeove 500 as g and a sat se is 'io: *al if :oen.
%e pos* : on nct a:t:- see ausible stars are incependent of :.Se 9eter :sntest somee.
he mest gr: ss sescritee sy :ne aos!icant *ollsprs me e:cimaasatt:es :* 3ranca eenn :a*
Desttien38 4. and *38 '8.and is :nem*:re ac e::an'e.
- 6. 3 Osatst ment 8aase 5fs me "he contatment atzessne v surge syste* =es su :* a ::ru:9 e :
- u s e.:
mit and a conte *nannt surge esaus:.n*:9 *s ::ane::ec ::
3, e,- 4.s : :: - :-
sf Jie mac:or aus*
- t a y out * :1eg me me een:t'at :e sf s:e. :a: s: :-
c- - -
- oca:ee as* se me = eta **sent gemeate a ::au meu-: :. ge s: ' : :- ;
-a
."P!$1 to me zwege sfstee
- sola:t:*.a:<es.
- ':s 39
,,a",es : e,e-::
surging me :sntatnurit aren ?-
- ac? : tee 's isove e
- e:ue*, e,.*
e asel'can: as sesc-*nec :=adsemance :* :- s s,ste. :: : gI 2-..
3-,, :e:: :-
- he s/s 8'3
- s 'es*.aele
- OW **4 2r trO *
- K't.
',a
- ,$e : ales 4 **: *e system aC:e :st'e.
n M
- 5
I 7.6.4 Reactor Coolant Swstem 1.eak Detection Svstem The means provided for leak detection consis: of ins:r.:sen:a:i:r. eni:.
cas detect general leakage from the reactor :colant pressure boundary. The process variables that are son'.:ored f or detection of leakase Lactede liquid level, flow rate, pressure, and :empers:are in verious empo, tanka, and fluii lines. Also :he tentai Jsent atmosphere la mesitered for particulate, iodine, and gaseous radisactivi:7 Radiesetivity in the containment atmosphere indi:stes :he presence of fission predests hoe to a reactse coelast system *.eak, or leakage of a eseesniested secondary fluid eyeten.
N sesip 3* Wstar*:rs 3 = tact:r ::c* an sfs v ess :sta::*:a sf sta s
- ansistent witti :se scommencat' es s* me :egiat: f k :n *. 25 "af '.:
2n trits tests se **'is mis systes ac:sstan*e.
7.6.5 contaissent vee.us 1.tief s,ete.
Two redundant e.stainment vacuens breakars have :een pr:vided f 3r protecties agaiset less of containneet integr.:7 ader ex:er.41 1:adi a esaditions. Se infersetias, Neuever, :aa de f rust s :he 7:A1 :Pa:
seeld allser *.3 to evelaate the design adetuacy.
e Mave resaestet
- e= f: - e a::? * :29:
IER :neet
- :es: :e e
s -. w-. -* :- :-. :e :
sec 7e ses* ;P : * :tr*.a ts:**e: *:a :.*t s s:s.
.e
- '. :e :. -
- 7e f.::. sat's -et:cese
'9 a s,3:*e=ea: ::.- s 7::-
~'
i, u-p
/ a, ;l
.,1 7. 6.' 6 Low Temperature Overoressure protection j
'he overpressure protection of tne reac:Or coolant system br'n; :=
j L
temperature conditions is providec 'ty relie' val ves 1:catec, ime 1
h shutdown cooling system (SXS) suction lines.
- he relie' <a:<es tre spring-loaded (bellows) type. There is no instrumentation assoc stec f
directly with these valves.
.oseuter indication is previoec to a*er a
the oserotor amen the $KS isolation valves may be opened. *.sss unualif aligning the 5%$ relief valves to se reactor :oolant system. % e se:cota:s for the relief velves are sucn that the setpoints 'or me 5XS *s: sit:n valve interlocks will met be reacned sue to a low tesserature Over:'tss re event and the SDC5 eelief volves wt'! avesta a1*gned to tne vectae coolant system (See Section 7.2.2 of inis voort on :ne 's t a *:n
.a' <e interlocks ).
'he use of recuneent. techant:41 attief <at <es 3rowi ots a at*
- an't *:=
i tweeeature overgressure protect on systet anc ts : ens's p. * :-.s e aeovirewnts of 3DC '5.
- 5.*
".oaclastons dite cosc1. tion of SER 3sen * *as
..onta t auseat ta:.e :e e' : ste-
- ns trumenta tt en. se :an conc'. aas..* :n -vase nan t e ass.r ie ce. ; a : *e aest yi of nese systens :en*org to aso!': scie tg
- at*:-s. ;.* ses.
- scuticai sosttians. ene 'NNstry s.ancarcs. statec
- S :e:: -
sad is tne*edore ac:estaste.
1
?(;,
h
- < iik
7.7 Coetrol Systess 'fot Recuired for Safetv
/
7.7.1 Ceneral The control and inst;asentatirn systess that are :ensidered by the applicant as required for the control of the plant, but not essentia'.
for safety, ares (1)
Reacter regulating system (2)
Berem costes!
(3)
Pressuriser pressure control (4)
Pressweiser level control (3)
Feedwater control system (6)
Steam,'Jypse cent:el aystem (7) llois turbine toetrels (8)
Core operating limit supervisory systes (9)
Flest seeputer systes (10) W instementation systes 1
(111 h e sentres flus sealterias (12) Reaster power entback systen (13) lassanott desond setter system.
j N assi*: ant 9as stamt mat :=e '3113 ::ata:' sfsum ' e 4 e*':-: ' tm
? sent*:st :n ecse :' 2Je0-2. escos: 'se som :f "*emaces
'a re 2:s t- :ftett sys me. N Mact:e :cuea : :acs s/sm. sa: ? e v iewa:: :e-aa : :e s-sys m am 4 : :M e*sec 'se 2.*C-Z.
i
2-7.7.2 ')1"erences Frem Dreliminary "esi;n Additions ace to the preliminary esign of me :ntrol syste s, as Itsted by the applicant, are:
(1) Core operating limit sacervisory system nas teen acced.
(2) Megawatt demand setter system has been addec.
(3) Movable detector system has been added to te incere ins r.ments-icn sys tem.
The core operating limit supervisory system consists sf Dracess ins r menu :r i
and algorithms inglenanted by the plant ::scutar :: continuai*/ mni: r ce limiting conditions for operation on :ean linear nea; este. ar;tn :: NSR, total core power, anc azimutnal tilt. OLSS is an cut: mates at : :: we operator wno is charged with maintaining :ne siant di:nin ce ' 7.i:11; conditions for operation. *he levacia decore ce:a :o* sys.am a* * * :e a-t :
incore 19 tar:a11bration of ne fiaed position 'nc:re atu n :etect:-s.
Sotn of tne above systans are installed 4: ING-2.
- hese 3/steas ec9an:e data acuisition and on this basis these :nanges in me :es*i-193r/ :es';r art acceptacle. *he megawatt ::emand setter and ne -eact:- Ocwee :a::ac<
systens are ani:ye to 4 tar #0rd 3 31 ant. a Oi..us s i on : # O ese syste s
'I smvioed seiow. Also discussac belcw sm the ::ncerns egar:ic; ::ctre' system *ailures.
l l
7.7.3 Wesett "Xend Sette" $1 stem snc :ea:ur 3 wee Cattatt ijs ea:
7.*.3.*
Menewet: temend Setter Systee The megewett demand setter systes 'MDS? seni::rs NSS3
- isi:s :s assart that p* ant pcwer zu:put is ::r. sis:ent vi:5 ac: 4a. **333 ::e r s:. r. 4 conditions. S.e 'CS accepts ir. crease :r.e:rease :-wer *.:a: : r_ a c. 2 free either the aut'estic fispat:n systes MS remet e s : a:.: :,
s set by the sperator a :he '..ca' S s ;ane'.
N: : man:
.e me n. ;
with various NSSS operating limits including those avai'.able fe m ore operating limit supervisory system (COLSS). A Isad rate :hange consistent wi:h the operating limits is then issued :o the :urbine digital electro-hydraulic (DER) control system.
If :enditions exis: in which the turbine is limiting or the NSSS is limiting, Or a failure renders the MDS system inoperative, the MDS system may be placed in an "eff" mode, or is a tracking mode until the specific condi: ion is sleered.
7.7.3. 2 Reactor power Cutback Sys:ee The reactor power cutback system is a control systes designed to assesssodate certain types of imbalances in :he operation of :he plant, by providing a " step" reduction in reactor power. n is is acecaptished by dropping one or several preselected groups of full length :en:rol element assemblies (CIAs) simultaneously into the core.
- he reac:or power cutback system sise provideo control signals :o :he turbine to rebelanee turbine and reactor power following the initial reduction in reactor power. SS mall as te mstom steam pneratcr mater *evet sac j
omssum t: their wr'nal controi*ed sal as, e
- 3.3 Sasts o' ac:setabilitv
- he safety analyses 9 ave seen serdorwe ass =riag es tre-su::ma- : ::e n: :a of the :=nte:1 s/s:ses. automatt: :ce- :':n nou teae.: v e - e consecuences :' se event som a: verse. :r ::ees:':e a 'an.a' t:e (control system itsacleo!, if automatt: ::e-st*:r aci a eae :: ve :*e consequences :' an event *ess seve e.
- , :.? s :sse, :re %;ana t: :e a :
setter 5fste i. anc Seact:r hwer.::a:x I/s.a-s
-= iss. e: :: :e
- tsaclec.
.'t
~
Credit for operation of these systems is not assunec in the safety ana! s s.
f Failures of these systems, in and of themselves, anc excl st ee of sc:e.t a' consequential failurts (See SER Open item h)' are less severe nan evea; sequences explicitly considered in the Waterford 3 safety ana /sts. ae consider addition of these systems acceptable.
1 The Megawatt Demand Setter System, and the Reactor Dower QtDack S/ste i l
are first of a kind systems. Failures of these systems niti cnal:enge engineemd safety features. Therefore we require that :t e soolican: -e:o rt (by suturittal of a Licensing Event Report) inadvertent 9e sourious :ceration t
or malfunction (exclusive of testing) of these systens nnien chal enge :ne engineered safety features including mactor trip.
hese moorts :'.E2.s ;
i art to be sutMeitted for at least the first two fuel :ycles of oce-stten.
Seseguently, the acolicant may review and submit the coersting excerience gained with these systems and request rtlief fmm the reporting ato 1eement.
This reporting requirement is to be made a condition of the hrsting.*:ence.
7.7.4 Loss of power to Contml Systens A concern was esised in IE Bulletin 79-27 regarding the 'ess of a non-Class 1E power bus resulting in a consecuential con:mi syste n at '.nc: on and sipificant loss of information to the coeestor. as aa <e etc es te: :ne
~
applicant to provice,ss etth atsut:s of ne #.ter#or: 3 of an: *ev ew n :-
mspect to Bulletin 79-27 (SER 3 pen *:es). me ni" t e c'.ce :.: e,a ',.a: :a in a supplement.o this moort.
7.7.5
- ontrol Sfs a:e= 'si t urts 201*cw*ng.i ~9:n E er;y. ae Bee, E Sulletin '9-22 andresses consecuenttat ::n 91 s/ste'a 's**.m '::=
- i ni gn enerity *
- ne creas. 4 ec mstec ': :20.: :.ne s::' :se: ::
- e - t ',
the con tmi sys tees, ' ' any, ne * :n n' " Je s c;e:: :: tra e < :- e-: ?:
~
- ng 'acm a n * ;n ene a * *.e : ean arc nacse 's* *,m ::.' :
- a:: "- :sa-analyses. %e to0I* Can* s res:Cnle k't
- 0'9t * :
'*a f..U '.
': t:
- 5-7.7.G Single Failurt of Con:ml System Study The applicant has been recastec :: :er#ct-n a stacy o' single #1 '.ms :'
the control system to ascertain i' suen single fat hres and s.:sec.e-:
consequential fa17 ares will lead to seqwnces ore seve-e inan ana'/:e:
Chapter 15 of the FSAR (SER Open ::em $ and *2 resolved Sa'ety 'ssue 2-4,'
7.7.7 Concl usions The staf* 'tps reviewec the =ntrols 'or systees 7ct aec. ec #:r sa'e /.
to determine :ne af'ects of fa11 ares se mal'anc:t:ns of nese =r: :!s :n the reactar 2rotection system and other piant safety-cela:ec s/ stems.
a'*-
estelution of SER 3 pen !*essj and h, se can Ocnclace. yim easona:*e ist.rsece that failures of is1'anctions of mese :cntrols sncu13 ac: :e e s:ecta: :: :e ;*1 :e one cacao 111 tes of slant sa'ety systees 'n any st;ni'i:an't :eg-te. Or :: 'es:
- 3 slant :anditions mort severt : nan inose *:e en* :n :ne sa'e:/ sys.eas 3 7 casi gned.
I
INSERT NO. 1 (SECTION 7.1.2) 1.
EMERGtNCY FEE 0 WATER CONTROL The energency feedwater (FW) control system receives actuation corrancs from: (1) the Emergency Feeevater Actuation Signal (EFAS). (2) the $4ain Steam Isolation Signal (MSIS)
(3) the manual controllers in the control room. (4) the manual controllers on the auxiliary shutdown panel. The EFw control system controls the eight EFh clock valves.
Two deficiencies in the EFW control system as described in tne FSAR have been noted. First MSIS closes the EFW block valves while EFAS opens the EFW block valves. Following a steam line break both comend signals wil' he generated. The EFW control system is to be configured sucn that ETAS overrides MS!S. Second. EFAS (to the block valves) does not " seat in".
The system, as now configured, will cause the steam generator level to oscil' ate about the low level setootnt with the EFW block valves comanoed to osci' late from a full open to a full closed position. The concern nas been raised inat the EFW valves and piping may not be adequate for sustained esc 11attey serv':e.
The applicant will revise the EFW control system to Wulate tae nioca sa*<es.
The revised system should be designed sucn that nanual :entroi svere':es t9e EFAS signal to close the block valves, and such that the EFAS s* gnai ::
open the block valves ovecet ses manual control.
N applicant is to cosolete, the evised EFV contro? sfster :es * ;e s a c s.:-
- the final sesign fer 'CS8 envie.
1 ilmi D
_---~--v v-mt
"--F- - - - "
"--"N-"""***"*'
INSERT NO. 2 (SECTION 7.1.2) 6.
RC PUMP SHAFT BREAK The applicant has performed scoping analyses T' a nyaothesizec reic*. r coolant pump shaf t break (Regulatory Guide 1.70. Revision 2. ~3:1e 5-:.
3.4) aild has determined the protective system as presently designed al
not provide an acceptable level of protection under a)1 operation ::nci: :~.
The applicant will propose modifications to the plant protect? ve syster tre will provide the results of an analysis of this event.
Reactor protective system modifications will De reviewed by Me sta in; results of our review reported in a supplement to this report sr.ausemu..Y.i ~.7-
- L.D
.L "
- a INSERT NO. 3 (IN EUTION 7.2.2) t ez D
Electrical transmitters which provide reactor coolant system pressure sersing g7 for the reactor protective system are located in insulated cabinets insi de containment.
Iguise lines connect these pressure transmitters to the
'a pressurizer. !enqualified heaters and associated controls have been installec i
in these cabinets to control temerature and humidity. Credit for these heaters is not taken in the safety analysis. The concern was raised that failum of the heater controls, such that the cabinet heaters were in continuous operation, could potentially degrade the pressum transducers and in turn invalidate the safety analyses. The applicant will reduce the size of these electrical heaters such that continuous operation o' tnese neaters will not degrade the qualification and calibration of the transcucers.
r.
t l
I r-a
0 as 4 %
v3, 4
3 le h
y '. A
. r
W i
f i
7.2.3 Core Protection Calculators The final design of the reactor protec:ive system u:ili:es 2 : p :3:
- :. ar-based system, consisting of four core protsc:i n calculators, i:r deriving the low departdre free nucleate boili=g ratio f N3R',
2nd :he high local power density : rip functions. As stated by :he : pii:snt.
the core protection :;1:ulator sys:en for :he *.*a:erford-3 is functionally the same as that provided for :he ANC-: planc hich was reviewed extensively by the staff. Since, however, :he appli: sat has indicated some changes because of different number of contre! ele =en:
assemblies (CIAs), we requested that :he applicant provide a detailed comparison of :he design of the Waterford-3 and ANC-2 =cre ;:::ee:i n
{
calculator systema (QC32.7). The applicant's response ine'...ted :he following statements:
(1) The harivare qual!!ication and design cri:eria are :he s.;=e for i
the Vaterford-3 and ANC-2.
Minor changes exist in :ar:e s
lengths. Also the number of CIAs is different.
(2) The CPC DNBR calculations will be derived frem the CO-correlation (desigs code 70RC) !. stead of :he V-3 ::::e:::isn (design code COS T ) used for ANO-2.
(3) The CPC/CIAC algori:hms will be medi!'ed := reflec: :5e :na se in the number of :entrol ele =ent assemblies
-d :en:rol e'. men:
assembly subgroups.
f4) The CPS /CIAC data base ::nstants are subje:: to :nange f-e U;C-:
b to Vaterford-3, since a 14:3e u=ter sf these ::ns:J-ts fe;.ns a
upon specific : ore and :solant sys:en :haracter'sti:s.
i y
IP N
??
t ia
't,
,, 7. w.3% s.pp:c ' ~ '.
@M y
4 gte
, v i
The applicant has also stated : hat the OFC/CIAC software i;: J ir.
3 vill include improve =ents is sof:vare design that are has.J.
plant system experience for 20NCS 2 and 3, and ANC-2.
Ali f: are changes will be performed is accordance vi:5 "CFC Pr::ee::en A!;::::.:
Software Change ?rocedure CEN-29(A)-?, Revisien 2" and Sepp;c en: ;-?.
Revision 01. This procedure was reviewed and approved by :.we s:aff :n the ANO-2 docket.
All of the differences in the C7C sof:vare be:veen ANC-2 and 7aterf:rd-3 will be reflected in :he Waterford-3 yune:isnal Oescripti ns, Sef tware Specifications, and assembly language program listi gs. '4555 cendor changes to the CPC sof tware are -ev'ewed in ::n;arcti:n
- h s ta" review 'of 'SAR Chapter 1.4, : ore 3ermal Hydrault: Ces ' ;n.
- ': ant changes to the CPC sof;eare is to be estricted by :' ant ec ni:s!
Speci fi cations.
"he Core Protective CalcJlators (CPCs) were cot reviewed,:er se,3: ;a:e #:r 3.
'4e have taken the :perating ex erience :f *.':0-2, the ;rev':cs ev' ew tec ac:eptance of the ANO-2 CPCs, and the similart:y of ne Waterford 3 in:
A30-2 CPCs, into ac::wnt in reaching :his tecision.
"he conciasions of the sc:eptabliity of 3e ;?Cs at Water':rd 3 are :asec :n the following:
(1) With the exception of Dosition 20 which addresses cata l'ars de weea the CPC and the plant concuter, tne apol' cant is to 9eet t'e e Lame*"
on CPCs in Table 7.1 of '4UREG-0308, ' Safety Evaluati:r Secort. Or*a-si:-
Nuclear One, Unit 2".
a (2)
'he cata idnas etneen the pian: ::. Ou tz e : c ; e.F :s af
~
~-
only i f the ::an t Te c. ni cal Ipect f t :a : :a s c :. e. - :. ; ~ s cm that (a) pian: ;recedures snali :e in e"e : :: ::n: 2
,c : -
to CPC addressable c:nstan:s (b' N es e rt :2 2. re s 1 -2
.: s's methods described in :he bases to ne ~ec.ni:31 i:ect' :1: :-s Addressable : nstants and their :hysi:alif realistic 3:' -e:
-t,'
(i.e.
.;cer and icwer beunes) are ' te9:i f'ed 'n :Pe 7e:1r' :2: ::e.
(4) values of Addr.ssaole a:nstants su:s':e Me al':wed -1 ;e 1-e de intered wi: Pout acproval of the ?'an: 54'e ty : mmi t tee :e, in 3:e a -
verifica:icn shall be ::nducted to ::nfi-, : Mat a dressatie :: s tan:
c "odifications have been made as 1:crosed by ne 81 ant Sa'aty ~;.m* ::ee :-
the Engineering Staff (wnichever is 2::lf:able) (f) vect'* :r :-s :: *e CPC Addressable ::nstants based :n inf:- ati:n :otsi ed in :.;n te P in :
Computer Cata Links shall not be ma:e ni:nou a:o re s al : f :m e " in:
'e.
Commi ttee.
(3) CPC ocerating experience at 't:0-2 2nc ~?C eevt-:nrental tes :
- :2:e a sensitivity of the CFCs to fluctuat' ens. ic: es: e es *n
".e 3'
+.
- - ea:
The Waterford 3 Tcennical 0:ecift:2:icns a: 11. therefore, recui ra ' O '.
functional :ests to c:nf'-m :entinued ::e- :it ity of esen ~PC : 2-ei nhenever the CPC :!bi'.
.e rmal en vi a:r.. e n: tr:2eds t:-a:' e In ;es.
The ilicwable ranges we.1 be justified on the basis of environmenta' tests of the CPCs and CPC c:erational et:erience at 2?.0-2.
The imolementation of the CPC design in tacing :c n tar?otre in: 10 ' '. 4 -9 a ' ' '
de confir.ed during :he ~PC test ;rogram. :.e at ti sact
- 9e tes t
- -ti-29 13 veri fy acceptable perforPance during these tests, dith implementatinn by the annlicant 1'
- .9* *.%rea ros'**aas : 3*at'156.a 9-successful completion of the test orogram. e const er t he ~~' te <
s sr* 1 ms. m.m.e w t er*, ~ ~= " :~*~
O INSERT NO. 4 (SECTION 7.2.4)
The staff notes that, in the course of the initial phase of an accident, during which the steam generator tubes are covered, and during which sensed level my be in error due to the level sensor reference leg environ-ment, the heat reeval rate is governed by the safety relief valve setpoint.
and is relatively insensitive to the emergency feedwater flow rate.
4 i
l t
l 7.2.5.1 RPS Power Supplies The applicant has proposed to operate the reactor protective system witn one of four channels in bypass. The system would then function as a 2 o' 3 channel protective system.
(With one channel tripped, the system would function as a 1 of 3 channel protective system). The proposal is based on asserted four channel independence. To derrenstrate independence the applicant must demonstrate separation of power supplies, logic and sensors. Waterford 3 has been designed as a two battery systern, that is, the four protective channels obtain power from four separate vital AC instrument buses, which inturn obtain power from two AC/DC power divisions. Hence, the demonstration of 4 channel independence is, a priori, incorrplete. As was previously reviewed and concluded by the staff on similar designs, we will require that the RPS be operated as a four channel system. Separation of prtssure sensors to RPS channels was discussed at length during a drawing review of April 14, 1981. The applicant showed separation of pressure sensors using scherratics and physical layout drawings. Physical separation of sensors and logic was demonstrated during our site visit.
We require (by plant Technical Specification) that the RPS be used as a four channel system with bypass of a known defective channel for no more than 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br />, and require trip of a known defective channel af ter 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br />.
l
)
i
5 7.2.6 Tes ti ng l
As described by the applicant, the cceplete resetor trip system can be tested without having to disconnect any of the components or need for jumpers. The applicant also has ec=mitted is the Technical Specifications to perform at certain intervals the reactor trip system response time test. These tests include also the sensors, except for the neutron detectors. The response time of the neutron flux signal portion of the channel is to be.easund fem etector out:ut or 5:ut to the first electronic congonent in *.he channel.
We consider that these tests. in accordance with the plant Technical Specifications (including test intervals), meets the intent of Pegulatory Guide 1.118.
6 7.3.3 Diversley of Actuation Strnals The applicant has ccmitted to provide af ve-si y in :ne generation of the containtant isolation actuation si;nal by 3dcing ; e 1cw pressurizer pressure to the high centainment :ressure originally j
proposed as the sole variable. With this cnange, functicnal di eersity 1
is proviced for the S*AS, CMS, anc CIAS signals (::e-s 1 :nru 3 in l
Section 7.3.1 above).
Be renaining engineered safety fea: ares ac:aat :n signals, :tems 4 thru 3 in Section 7.3;1 above, de:end on icnt tor'rg of a certain single variable, e.g., containment spray actuation signal depends on high containment pressure.
Initiation of CIAS by low pressurizer prtssure is shown in Anendment 17 of the applicants SAR. Electrical diagrams are not available to date.
t When drawings are submitted the staff will confirm whether os not the circuit nodifications meet the electrical criteria of Section 7.1 of the applicant's SAR.
1
_ _. _. ~. -_ _. _ _,. _
e s
7.3.6 Transfer of Spar-ESF Pung Waterford 3 is equipped with a spare high pressure ' safety injection Dun'c.
{
HPSI A8.
Installation of HPSI, AB is not a regulatory requirement. The pump is installed to avoid administrative shutdowns associated with operability of mdundant HPSI trains. HPSI A8 may be aligned to function in HPSI Train A or 8 in lieu of the dedicated HPSI A or B should HPSI A or 8 be removed from service for maintenance. HPSI AB takes power from 4.16 kv bus 3A83-5 which inturn may be connected to diesel backed buses 3A3-5 or 383-S. HP50 AB is consnanded to start by SIAS A or 8.
A single mode switch and several relays and relay contacts are employed to:
ini tiate NPSI A8. disable HPSI A or 8. and insure HPSI valve lineup consistent with use of HPSI A8.
The staff was concerned that: (1) the system would compromise separation of redundant ESF channels, and (2) the system did not provide adequate indication of successful transfer of control logic. The system was reviewed during our site visit. It was concluded that adequate separa61on has been-maintained. The applicant will add indicating lights to show successful transfer of the control logic.
In addition. ICSB will require (by plant-Technical Specification) a system level test of the high pressure ECCS system (pumps, power. control. valve lineup) when the HPSI AB pump is l
Placed in service and when it is removed from service.
l l
l l
i i
t
{
i
_,.---~m,
_ _ _ ~, - -,.. ~
Ms:NL..))
INSERT NO. 5 (SECTION 7.5.1)
Input signals for these information display systems is obtained in cart *-'-
~
safety systems. Where "non safety" displays are employed, quali fied bu*'ers are used to separate " safety" and "non-safety" circuits. Bese buf fers ;' ten are simple electrical contacts attached to actuating devices such that ;nys? cal separation in accordance with Regulatory Guide 1.75 is maini:ained.
Infor ut'en circuits are also segregated in dedicated closed cable trays.
l i
I l
l 1
l
_ T ll _
I
-l 7.5.2 Post Accident Monitoring Instrumentation The post accident monitoring instrumentation (PAMI) provides infortrat:]n to the operator to conitor and cope with post-accident conditions.
In our review we found what we considered inadequacies in the PAMI systen design. We have requested the applicant to inform us of his intent to met the requirements of Regulatory Guide 1.97. Revision 2. Deceeer 1980.
Section D. Implementation, which states that " Plants scheduled to be licensed to operate before June 1,1983 should meet the requirements of NUREG-0737 and the Comission Memorandum and Order (CLt-80-24) and the schedules of these documents or prior to the issuance of a license to operate.
which ever date is later. The balance of the provisions of this guide should be cogleted by June 1983." The applicant has committed ( Amenormnt
- 17) to cogly with the intent of Regulatory Guide 1.97. Revision 2. by the above implementation dates. Regulatory Guide 1.97. Revision 2. is explicit (proscriptive) in nature. Hence, we consider this issue satisfactorily resolved.
a