ML20115H153

From kanterella
Jump to navigation Jump to search
Detailed Control Room Design Review In-Progress Audit Rept for Peach Bottom Atomic Power Station,Units 2 & 3
ML20115H153
Person / Time
Site: Peach Bottom  Constellation icon.png
Issue date: 03/22/1985
From:
SCIENCE APPLICATIONS INTERNATIONAL CORP. (FORMERLY
To:
NRC
Shared Package
ML20115H155 List:
References
CON-NRC-03-82-096, CON-NRC-3-82-96 NUDOCS 8504220448
Download: ML20115H153 (37)
v  d  e


Text

{ l i

00RDR Iti-PROGRESS AUDIT REPORT FOR PHILADELPHIA ELECTRIC COMPAfiY'S PEACH BOTTOM ATOMIC POWER STATION, Uft!TS 2 AfiD 3 March 22, 1935 Prepared by:

Science Applications International Corporation 1710 Goodridge Drive McLean, Virginia 22102 Prepared for:

U.S. flucicar Regulatory Commission Washington, D.C. 20555 Contract flRC-03-82-095 f(UY 2 2 DYY .;D U

l

[ ' ,,

l ...e aw ,

+

r e-

- ~

! TABLE OF CONTENTS ~ -

Section O' Pace D

Introduction . . . . . . . . . . . . . p . . . . . . . . . . . . . 1 N R C Po s i ti on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3

1. Establishment of a Qualified'Hultidisciplinary Review Team . 4
2. Use of Function and Task Analysis. . . . . . . . . . . . . . 4
3. Comparison of Display and Control Requirements With C on t rol R oom I nv e n t ory . . . . ~. . . . . . .' . . . . . 10 l 4. Control Room Survey, . . . . . . . . . . . . . . . . . . . 10 l
5. Asses sment of HE Ds . . . . . . . . . . . . . . . . . . . . . 11
6. Selection of. Design Improvements . . . . . . . . . . . . . 12 l 7. Verification that the Design Improvements Provide the l Necessary Correction and Do Not introduce New HEDs. . 12
8. Coordination of Control Room Improvements With Other Programs. . . . . . ... . . . . . . . . . . . . . . . 12 l

Summary of Conclusions . . . . . . . . . . . . . . . . . . . '... . . 13 l References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Attachment 1 (Outline of Audit Plan and List of Audit Attendees) . . 17 i . .

Attachment 2 (Task Analysis Procedures and Workshett). . . . . . . . 21 Attachment 3 (Control Roun Enhancement Guidelines) . . ' . . . . . . . 32 l

t i

l l s l

l i

j .o r

- c .

g

I

.. 5 DCRDR IN-PROGRESS AUDIT REPORT FOR PHILADELPHIA ELECTRIC COMPANY'S PEACH BOTTOM ATOMIC POWER STATION, UNITS 2 AND 3 Introduction This report documents the findings of the Nuclear Regulatory Commission (NRC) audit team during ~the in-progress audit of the Detailed Contrcl Room De, sign Review (DCRDR) for Philadelphia Electric Company's (PECo's) Peach Bottom Atomic Power Station, Units 2 and 3. The DCRDR audit was conducted February 19 through February 22, 1985. The NRC audit team consisted of a representative from the NRC Division of Human Factors Safety, Human Factors Engineering Branch (HFEB), and consultants from Science Applications Inter-national Corporation (SAIC) and COMEX Corporation. The audit was conducted at PECo's control room mockup facility in Philadelphia, Pennsylvania, and on-site et the Peach Bottom Atomic Power Station. This report was prepared by SAIC, but it is intended to reflect the consolidated observations, con-clusions and recommendations of the NRC audit team members. An outline of the audit plan and a list of audit attendees are included in Attachment 1 of this report.

NRC Position ,

Item I.D.1, " Control Room Design Reviews," of Section I.D., " Control Room Design," of the NRC Action Plan, NUREG-0660 (Reference 1) developed as a result of the TMI-2 accident states that the operating licensees and applicants for licenses will be required to perform a Detailed Centrol Room Design Review (DCRDR) to identify and correct design discrepancies. Supple-ment 1 to NUREG-0737 (Reference 2), dated December 17, 1982, confirmed and clarified the DCRDR requirement in NUREG-0660. As a result of Supplement 1 to NUREG-0737, each applicant and licensee is required to conduct their DCRDR on a schedule negotiated with the NRC.

NUREG-0700 (Reference 3) describes four phases of the DCRDR to be performed by t'ne applicant and licensee. The phases are:

1

t

1. Planning
2. Review
3. Assessment and implementation Reporting.

4.

NUREG-0800 (Standard Review Plan), Revision 0, Section 18.1 (Reference 4) provides the necessary review guidelines for evaluating each phase.

As a requirement of Supplement 1 to NUREG-0737, the applicants and licensees are required to submit a Program Plan that describes how the l following elements will be accomplished:

1. Establishment of a qualified multidisciplinary review team.
2. Function and task analysis to identify control room operator tasks and information and control requirements during emergency opera-tions.
3. A comparison of display and control requirements with a control l room inventory.
4. . A control room survey to identify deviations from accepted human factors principles.
5. Assessment of human engineering discrepancies (HEDs) to determine which HEDs are significant and should be corrected.
6. Selection of design improvements.
7. Verification that selected design improvements will provide the necessary correction, and will not introduce new HEDs.
8. Coordination of control room improvements with changes from other programs such as safety parameter display system (SPDS), operator training, Reg. Guide 1.97 (Reference 5) instrumentation, and up-grade of emergen:y operating procedures.

2

4 The NRC requires each applicant and licensee to submit a summary report at the end of the DCRDR. The report should describe proposed control room changes, implementation schedules, and provide justification for leaving safety-significant HEDs uncorrected or partially corrected.

Discussion PECo submitted the DCRDR Program Plan (Reference 6) for Peach Bottom Atomic Power Station Units 2 and 3, by letter dated October 31, 1983. The NRC's " Response to Peach Bottom Program Plan Submittal" (Reference 7), dated December 13,1983, was forwarded to PECo.

Peach Bottom Units 2 and 3 were selected by the staff for an in-progress audit of the DCRDR. An in-progress audit plan (Reference 8) was sent from NRC to PECo by letter dated December 27, 1984. The audit plan ,

defined the main elements of the in-progress audit of the Peach Bottom Units 2 and 3 DCRDR. The audit plan also defined the appropriate elements of Supplement 1 to NUREG-0737 which would be used by the NRC audit team to evaluate the licensee's review activities.

The purpose of the audit was to check the Peach Bottom Units 2 and 3 DCRDR compliance with the requirements of Supplement 1 to NUREG-0737. The efforts of the audit team were directed at an evaluation of the content and products of the DCRDR rather than the form of the process. The form of the DCRDR process was evaluated by the NRC's HFEB during the Peach Bottom Units 2 and 3 Program Plan review (Reference 7) and was found acceptable.

At the time of the audit, the Peach Bottom Units 2 and 3 0:RDR team had completed their control room surveys along with the task analysis of one procedure (T-100 Reactor Scram Procedure) and partially completed the- top-down analysis of control panels.

Following a brief entrance meeting with PECo at their Philadelphia, Pennsylvania, headquarters on February 19, 1925, where the schedule for the in-progress audit was presented to PECo, the NRC audit team embarked on an agenda that addressed itself to assessment of the following elements of the DCRDR revies process:

. 3

1. Qualifications and structure of the DCRDR team.
2. Methods /results of the function and task analysis.
3. Results of the control room inventory.
4. Results of the control room survey (including NRC audit team review of Peach Bottom Unit 2 panels).
5. Results of HED assessment process.
6. Results of.the selection of design improvements.
7. Results of verification activities which illustrate that HEDs are corrected and that improvements do not introduce new HEDs.
8. Results of coordination of the DCRDR with other Supplement 1 to NUREG-0737 initiatives.

The NRC audit team's assessment of the above elements was accomplished through interviews with PECo and Interlock Corporation DCRDR team members along with reviews of completed documents, photo mockup review and walk-through of the DCRDR survey results in the Peach Bottom Unit 2 control room.

The following comments are arranged according to the above-listed elements and describe the strengths and weaknesses o,f the Peach Bottom DCRDR project.

Where appropriate, recommendations are included to assist in achieving a more satisfactory result.

1. Establishment of a Qualified Multidisciplinary Review Team A review of team resumes and discussions with the team confirmed that the Peach Bottom DCRDR team is satisfactory. However, we recommend that PECo consider the addition of an individual with experience in probabilistic risk assessment or severe accident sequence studies programs during the assessment phase of the DCRDR. This individual should ensure that HEDs of very low error probability but high safety significance are properly assessed.
2. Use of Function and Task Analysis Peach Bottom is one of the growing list of plants in the U.S. that has actually implemented their new symptomatic emergency operating procedures.

The Peach Bottom E0Ps were developed based upon the guidance in Revision 2 of the General Electric (GE) BWR Owners Group Emergency Procedure Guidelines (EPGs). PECo stated that a contractor will be retained to develop the two 4

I

. i i new E0Ps included in Revision 3 of the GE EPGs. The two new guidelines cover secondary containment control and radioactivity release control. The verification and validation program used in development of the plant-specific E0Ps will not be used in the DCRDR process. The actual system function and task analysis (SFTA) process utilized at Peach Bottom is described below.

Previously, the NRC staff had met with the Boiling Water Reactor Owner's Group (BWROG) to discuss the analysis and documentation needed for review of submittals on Detailed Control Room Design Reviews and Emergency Procedure Generation Packages (PGPs). The staff's conclusions on the BWROG presentation are presented in the Meeting Summary, dated May 14, 1984 (Reference 9), and are summarized as follows:

1. It appears that Revision 3 of the General Electric Corporation I

Emergency Procedure Guidelines (EPGs) provides a functional analysis that identifies, on a high level, generic information and control needs. However, these EPGs do not explicitly identify the plant-specific information and control needs which are necessary for preparing emergency operating procedures and determining the adequacy of existing instrumentation and controls.

2. Because plant-specific information and control needs cannot be extracted directly from the EPGs, plant-specific analysis is

~

required.

3. Each licensee and applicant must describe the process used to identi fy plant-specific parameters and other plant-specific

$ information and control capability needs and must describe how the characteristics of the needed instruments and controls will be determined. These processes may be described in either the Procedure Generation Packages or the DCRDR Program Plan with appropriate cross-referencing.

4. For each instrument and control used to implement the emergency operating procedures, there should be an auditable record that defines the necessary characteristics of the instrument or control and the bases for that determination. The necessary 4

- 5

1 characteristics should be derived from analysis of the information and control needs identified in the NRC-approved EPGs and from analysis of plant-specific information.

The Peach Bottom Procedures Generation Package is presently beinc reviewed by the NRC staf f. This review will address the above concerns identified in Reference 9.

The NRC staff audit of the Peach Bottom DCRDR task analysis effort began with the upgraded Revision 2 Emergency Operating Procedures which are included in the Procedures Generation Package. The NRC audit team did not evaluate the basis of the procedures or the source of the specific numbers stated in the procedure steps.

The Peach Bottom DCRDR team intends to use all eleven plant-specific E0Ps from the Transient Response Implementation Plan (TRIP) as the compre-hensive set of operator tasks. To date, only one of the TRIP procedures, T-100 Reactor Scram Procedure, has been used in a trial SFTA. The results of this trial SFTA analysis were reviewed by the NRC audit team.

The SFTA analysis steps are as follows:

1. The operator tasks associated with a particular E0P are prefilled on worksheets.
2. Using experienced plant personnel, the operator information and action requirements are identified and documented on the work-sheets.
3. The requirements are then compared with the instruments and controls in the actual control room to verify availability and suitability.
4. Each step in the SFTA worksheets are walked through in a control room validation process.

Step 4 had not been accomplished for the trail SFTA on the T-100 Reactor Scram Procedure at the time of this audit; therefore, the effective-6

t

. I ness of this final step in the process could not be evaluated. An example of the Peach Bottom Task Analysis Worksheet, along with a worksheet key, procedures for analysis, and task analysis guidelines are included as Attachment 2 to this report.

The briefing outline used to train operators for the a priori portion of the task analysis is excellent. The briefing outline stresses the impor-tance of considering information and action requirements associated with each o~perator task in a manner independent of the as-built control room.

~

~

The worksheets prepared are very comprehensive with respect to identi-fying all instrumentation and control attributes including range, accuracy, time dependence and resolution.

The walkthrough technique which is intended for use at Peach Bottom is somewhat different from the approach taken by most DCRDR teams. The walk-throughs will not utilize accident scenarios as the framework around which to assess the operator interface with the controls and indications. In-stead, each step in the SFTA worksheets will be separately walked through with the operators. This method ensures that the walkthrough is comprehen-sive with respect to evaluating all operator emergency tasks.

The Peach Bottom DCRDR team is employing a technique which they refer to as " top down analysis" (TDA) which is best discussed under the topic of task analysis. The stated purpose of this TDA is to evaluate the control panel layouts from a functional, macroscopic (integrated plant) viewpoint.

The TDA work to date was reviewed at the control-room mockup in Philadephia.

The reactor control console, the off-gas panel, and the high pressure coolant injection (HPCI) panel mockups are the only three control room panels currently available in the control-room mockup. The TDA process involves the following steps:

1. Panel drawings are reviewed by operators and human factors engineers to identify system layouts.
2. Color-coding, demarcation, and mimicking are added to the drawings to functionally group related control components and instruments.

7

o

3. New panel layouts are mocked up to reflect the drawings.

4 The new panel layouts are reviewed by plant personnel and modified further as necessary.

It is our belief that the TDA process will have independently resolved numerous HEDs which result from the rest of the DCRDR process. Formally

~

assessed HEDs are not part of the TDA. The potential benefits of the TDA will be realized when walkthroughs are completed on revised panel layouts.

However, a review of the panels currently mocked up as a result of the TDA work revealed some potential problems. The balance of plant (BOP) reactor feedwater system mimic on the reacter control benchboard contains numerous proposed modifications which will mimic valves and controls in the topological order that they exist in the physical plant. These modifica-tions will require the movement or rewiring of many existing control board components. This effort is encouraged as it should make operation of the feedwater system much more logical for the reactor operators and thus reduce the potential for operator errors. A similar review of the HPCI panel (an ESF system) revealed that the reviewers have assessed the topological rearrangement of panel components as too difficult or costly to perform.

The proposed modifications to the HPCI panel are largely cosmetic. Some HPCI panel problems which might be reconsidered in the iterative TDA design process are:

a The normal HPCI suction line is mimicked as an incoming branch to the alternate suction line from the torus. This arrangement should be reconsidered. Of note is the fact that the panel

! reviewers were not aware that the condensate storage tank (CST) is j the normal suction supply for the HPCI. They were also unaware of the plant conditions which cause the suction to automatically shift.

e The mockup of the enhanced HPCI panel did not include a reactor water level meter. We recommend that the TDA process stress control-display integration aspects of control room design.

8

I c The HPCI turbine is mimicked on the panel mockup but the HPCI pump is not. The ex'isting mimic in the actual control room shows both, s The torus inboard and outboard suction line isolation valves are reversed on the mockup. We recommend a reassessment of this layout.

s The HPCI minimum flow line on the mockup does not indicate where the water goes. The existing mimic in the control room does show the line discharging to the torus. A new operator may be left with the impression that the line returns to the pump suction (as many minimum flow lines do),

e Only one manual valve is mimicked (CST suction isolation) on the control room mockup. The rationale for mimicking this manual valve and no others was not clear.

e The HPCI turbine trip button was not color-coded red as are the feed system turbine trips.

The mocked-up center portion of the reactor control panel which has been enhanced as a result of the TDA still contains the two old load increase / load decrease control buttons. These buttons are not used on BWRs since they never run in the master recirculation pump control mode. Of the six people involved in the new panel review, none knew what the buttons were for. The point is not that the buttons still exist on the mocked-up design, but rather that no evaluation of their purpose was included in the TDA.

Although not specifically required by Supplement I to NUREG-0737, a review of Licensee Event Reports (LERs) and a series of operator question-naires were performed by a BWR owners group evaluation team in 1982. The results of these reviews have not yet been included in the formal HED process of the current DCRDR. The current DCRDR team has drafted and dis-tributed a new operator questionnaire document. No results have been re-ceived on this second questionnaire.

In summary, to ensure completeness of the SFTA, the Peach Bottom DCRDR team must include in the task analysis the two new E0Ps (secondary 9

containment ar.d radioactivity release control) which are being written. The DCRDR tc:s must not allow the results of the TDA to influence the objective assessment of HEDs generated from other sources (e.g., the survey, operator questionnaires and SFTA). Further, we recommend the DCRDR team place special emphasis on the control-display relationships for engineered safe-guards systems.

3. Comparison of Display and Control Requirements with Control Room Inventory The Peach Bottom DCRDR team streamlined the process of making the comparison of information and action requirements, developed during the front end of the SFTA, with the control room inventory. The team took the prefilled worksheets developed during the table-top review into the control room and compared the requirements with installed instrumentation. The pro-cess worked well and should save valuable team resources which would other-wise be expended in comparing the requirements with drawings and instrument lists.

We recommend that the DCRDR team write HEDs as they are identified to avoid loss of valuable information when rough notes are misinterpreted at a later date. This recommendation is based on the fact that a potential HED was not specifically identified in the comparison of requirements with inventory because someone on the team thought the problem had been previously documented under the ' survey. For example, a specific problem, the lack of readily observable "all rods in" indication, had in fact not been documented any place. Another example of the need to document poten-tial HEDs is the fact that the licensed operators know that they want the various containment group isolation valves identified so that isolations may be more rapidly confirmed; but no documented HED for this problem was found.

4. Control Room Survey A survey of the Peach Bottom Control Room was performed by a BWR owners group team in 1932 using an owners group-developed human factors checklist.

Survey work performed since the formal constitution of a DCRDR team has concentrated on areas of the control room which have undergone modification 10 1

l o h since the 1982 survey. HEDs have been written on the discrepancies identi-fied by the 1982 survey.

In order to evaluate the Peach Bottom survey results, the NRC audit team performed a sample survey on Unit 2, Panel 20C03-2. .Five HEDs were identified and compared with the DCRDR HED cocumentation in order to verify the completeness and accuracy of the survey findings. In four of the five cases, the DCRDR team had identified and documented the HEDs identified by the NRC audit team. The DCRDR team did not write an HED on the Torus Water Level & Temp (LR-8123B/TR-8123B) meter which is difficult to read because the scale characters are very small. The scale characters do not conform to the guidance provided in NUREG-0700 guideline 6.5.1.3.a. Since there are many scales with small characters in the control room, it is recommended that the issue of readability be addressed during the evaluation of instru-rrentation suitability during the task analysis.

In summary, it is our judgment that the contr >l room survey results conform to the requirements .of Supplement 1 to NUREG-0737. However, it is recommended that instrument readability be emphasized in the completion of the task analysis, verification of availability, and suitability.

5. Assessment of HEDs The Peach Bottom DCRDR team described their intended method of asses-sing HEDs. HEDs will first be' assessed for probability of causing an operator error and assigned a numerical rating of 1 to 5. The HEDs will then be assessed for safety significance and assigned a numerical rating of 1 to 4. The two rating schemes will not be used in any mathematical algorithm to arrive at an overall figure with which to disposition the HEDs.

While no HEDs have yet been subjected to the assessment process, the described process should meet the intent of NUREG-0737. The licensee was cautioned not to uliminate HEDs with very low error probability but high safety significance. As previously mentioned, it was suggested that an individual with risk assessment background be assigned to the team during the assessment phase in order to evaluate these types of HEDs.

11

. i

6. Selection of Design Improvements Detailed design improvements to correct HEDs have not been determined at this time. PECo stated their intention to retain the services of their DCRDR consultant to evaluate selected design improvements. We recommended that key members of the DCRDR team continue to function as a review team throughout the design selection and implementation phase of the DCRDR. The control room enhancement guidelines developed by PECo during the TDA are provided as Attachment 3 to this report. The mockup which is being devel-eped as part of the top-down analysis should provide an extremely valuable tool for testing the selection of design improvements. The licensee was cautioned that the mockup should be maintained at a high level of fidelity with the control room if it is to serve as the basis for developing design modification packages. This caution was based on the fact that the present mockup already contains numerous "approximately correct" representations of old and new instruments and controls for which no documentation exists.
7. Verification that the Design Improvements Provide the Necessary Correction and Do Not Introduce New HEDs This phase of the DCRDR is not in progress at this time. Providing that the mockup configuration is more closely controlled, it should provide an excellent tool for both verifying that selected modifications provide necessary corrections and that they do not introduce new HEDs.
8. Coordination of Control Room Improvements with Other Programs i

There is little indication of management-level coordination of the DCRDR with other emergency response initiatives. At times during the audit, there was evidence that the DCRDR team is actually resisting even the most obvious opportunities for coordination with other related initiatives. It appeared that the DCRDR team had little interest or need to know what the procedures group at the plant is doing to upgrade the E0Ps to include the new guidance provided in Revision 3 of the GE EPGs. To ensure completeness of the SFTA, the Peach Bottom DCRDR team must include in the task analysis the two new E0Ps (secondary containment and radioactivity release control) which are currently being developed.

12

l .

t

Sumary of Conclusions 4 In summary, the purpose of the in-progress audit was to check Peach 4-Bottom's DCRDR compliance with their Program Plan and requirements of Supplement 1 to NUREG-0737. The efforts of the NRC audit team were directed to an evaluation of the content and products of the DCRDR process, rather than to the form of the process. The form of the Peach Bottom DCRDR process as described in the Program Plan had been reviewed (Reference 7) and found acceptable.

. At the time of audit, the Peach Bottom DCRDR team had completed their control room surveys, part of the top-down analysis of the control room and task analysis of one emergency operating procedure (T-100 Reactor Scram

! Procedure). The DCRDR is scheduled for completion in June,1985.

The NRC audit team review of the DCRDR documentation and interviews with DCRDR team members produced the following conclusions:

, 1. Our review of the qualifications and structure of the Peach Bottom review team concluded that the basic requirements of a DCRDR team is being met. However, we suggest that an individual with experience in probabilistic risk assessment or severe accident sequence studies programs be included on the DCRDR team during the assessment activity. .

2. We audited the process, sampled results from the task analysis, and concluded that it meets the requirements of Supplement I to NUREG-0737. This res ilt is based on our review of the task analy-sis conducted by Peach Bottom's DCRDR team on the T-100 Reactor Scram Procedure.
3. On the scope of the task analyses, the NRC is requiring all BWRs to include:

c Secondary containment control

e . Radioactivity release control 13

i o -

as these are part of Revision 3 to the Emergency Operations Procedures.

4. . In the conduct of the task analyses, we recommend a special emphasis on the control-display relationship for the Engineered Safeguard Systems in the plant.
5. We strongly recommend that readability of instruments be included in the control room verification of information and action requirements defined from the task analyses. In this regard, section 6.5.1.3 in NUREG-0700 is an applicable guideline.
6. We recommend that all HEDs be documented formally when defined during control room verification activities to prevent losing them.
7. We recommend completion of all efforts which define HEDs including operator questionnaires which are a valuable resource in defining control room problems.
8. Our audit of the inventory process used to compare information and action requirements with the control room's instruments and controls led to the conclusion that the process is adequate.
9. We audited the surveys conducted in the DCRDR and conclude they were adequate.
10. We audited the process to be used for assessing HEDs and found no probl ems .
11. We also conclude that the control-room mockup should serve as an excellent validation tool in the walkthrough of the E0Ps to ensure no new HEDs have been introduced. However, the final mockup should accurately reflect the final design of the control room.

Our specific concern deals with the fidelity of components in the mockup to accurately reflect:

14

. I c Old components in the control room which remain unchanged, e New or modified components in the control room which correct HEDs.

As a tool in the DCRDR, the mockup is invalidated if it does not properly simulate the control room.

12. There is little evidence of management integration and coordina-tion of NUREG-0737 Supplement 1 activities. We recommend that the development of the plant-specific Revision 3 Emergency Operating Procedures be coordinated with the DCRDR task analysis activity.

Based on evaluation results, the NRC audit team concludes that the work completed to date on the Peach Bottom DCRDR is adequate and indicates that the final results should meet the requirements of Supplement 1 to NUREG-0737. The licensee was informed by the NRC audit team leader that the audit team reserved the option to observe a walkthrough on the mockup when the licensee reaches that stage of the DCRDR.

l l

r 15

REFERENCES

1. NUREG-0660, Vol.1, "HRC Action Plan Developed as a Result of the TMI-2 Accident," U.S. Nuclear Regulatory Commission, May 1980; Revision 1, August 1930.
2. Supplement I to NUREG-0737, " Requirements for Emergency Response Capability" (Generic Letter N o. 82-33), U.S. Nuclear Regulatory Commission, December 17, 1982.
3. NUREG-0700, " Guidelines for Control Room Design Reviews," U.S. Nuclear Regulatory Commission, September 1981.
4. NUREG-0800, " Standard Review Plan," Revision 0, Section 18.1 and Appendix A to Section 18.1, September, 1984.
5. Regulatory Guide 1.97, " Instrumentation for Light-Water-Cooled Nuclear Power Plants to Assess Plant and Environs Conditions During and Following an Accident," U.S. Nuclear Regulatory Commission, May,1983.
6. Detailed Control Room Design Review Program Plan for Philadelphia Electric Company's Peach Bottom Atomic Power Station, Docket Nos. 50-277 and 50-278, Philadelphia Electric Company, October 31, 1983.
7. " Response to Peach Bottom Program Plan Submittal," U.S. Nuclear Regula-tory Commission, December 13, 1983, G. Gears (NRC) to E. G. Sauers (PECo)
8. Audit Plan for Detailed Control Room Design Review (DCRDR) In-Progress Audit of Peach Bottom Units 2 and 3, U.S. Nuclear Regulatory Commission December 27, 1984.
9. Meeting Summary - Task Analysis Requirements of Supplement I to NUREG-0737 - May 4,1984 Meeting With BWR Owners Group Emergency Procedure Guidelines and Control Room Design Review Committees, U.S. Nuclear Regulatory Commission, May 14, 1986.

16

t ATTACHMENT 1 OUTLINE OF AUDIT PLAN AND LIST OF AUDIT ATTENDEES 17 1

s AUDIT PLAN DETAILED CONTROL ROOM DESIGN REVIEk' IN-PROGRESS AUDIT OF PEACH BOTTOM UNITS 2 & 3 ENTRY BRIEFING:

1. NRC Provide background for audit NRC requirements Review results, Peach Bottom's Program Plan

- Define and discuss agenda

- Discuss reporting of audit results

2. PECO

- Define status of DCRDR

- Define modifications to Program Plan, if any f

- Define and discuss audit schedule AUDIT TASKS

1. Audit the DCRDR Team qualifications and the DCRDR Program
a. Need for formal program of HF orientation and training for non-HF specialists.
b. Documentation and document control,
c. Review of results from operating experience review.
2. Audit rathods used in the Function and Task Analyses:
a. Detailed description and discussion of how the ope atr 's information and control needs and their associaced characteristics are determined.
b. Evaluate records associated with (a).
3. Audit results of Task Analyses
a. Evaluate a walkthrou gh/ tal kthrough (by PECO) of emergency procedures in response to a small line break at high reactor pressure with failure of HPCI to initiate.

18

b. Conduct debriefing on walkthrough of emergency procedure.
4. Audit Control Room Survey:
a. Evaluate survey lists and checklists.
b. Evaluate survey procedures.
c. Evaluate survey team.
d. Evaluate review of Remote Shutdown Panel. -
5. Audit HED Assessment:
a. Review methodology used for assessment.
b. Evaluate results from assessment process.
c. Evaluate schedule of HED corrective actions.
6. Audit Selection of Design Improvements:
a. Review methodology used to define design improvements,
b. Audit specific design improvement.
7. Audit Verification activities that illustrate HEDs are corrected.
8. Audit Verification activities which illustrate that improvements do not 1ntroduce new HEDs.
9. Audit coordination of the DCRDR with other Supplement 1, NUREG-0737

. initiatives.

! 10. NRC Audit team evaluation of one or more panels in the Peach Bottom Control Room.

EXIT BRIEFING

1. NRC

- State preliminary finds from audit.

- Discuss reporting of Audit Results.

2. PECO

- Comments on preliminary findings.

i l

{

19

m PEACH BOTTOM DCRDR IN-PROGRESS AUDIT LIST OF ATTENDEES HAME COMPANY Mr. Leo Beltracchi U.S. Nuclear Regulatory Commission DHFS/HFEB Mr. Gary Bethke COMEX Corporation / NRC Mr. Raymond R. Betz Philadephia Electric Mr. Ralph Chidley Interlock Mr. Joseph DeBor Science Applications International Corp./NRC Mr. R. S. Fleischman BPAS - Plant Superintendent Mr. Tom Johnson U.S. Nuclear' Regulatory Commission RI Mr. M. J. Leahy PECo - PB DRDR Prod. Engineer Mr. A. C. (Dean) Macris Interlock Mr. R. P. Morrison Interlock Mr. Bruce A. Stambaugh Philadelphia Electric Mr. J. H. Williams U.S. Nuclear Regulatory Commission i

e e

e 4

20

ATTACHMENT 2 es TASK ANALYSIS PROCEDURES AND WORKSHEET-6 21

.w- , _ -. ,, , - - - - - - - - - , - . .

l l

KEY TO TASK ANALYSIS WORK SHEET TASK The task being analyzed will be identified at the top left of the worksheet (TASK: ) using Peach Bottom procedure titles.

The Step Number (STEP NO.), and DESIRED ACTION for each task being analyzed will also be taken from the actual Peach Bottom procedure. The team will first list the step numbers under STEP NO., and the p'rimary actions in the Desired Action column. The team will then fill.in any secondary actions, or substeps, that are required to perform the step.

A sa=ple entry for this section, with "a" and "b" indicating

,substeps, is:

STEP DESIRED NO. ACTION 1 Entry condition for T'-101 detected?

(No) 2 Verify Scram

a. verify control rod insertion
b. verify power decreasing This section might also include such information as:

e Regulate feed flow to reactor e obtain level between 12" & 54" e Stop pump; Start pump e Initiate flow; Stop flow e De-energize bus; Energize bus REQUIREMENTS CHARACTERISTICS:

This sertien lists the characteristics of actions or infor-

=atien for ea:n :ask item. The headings and example entries are listed below:

CODE will be one of the following:

I -

nf:: atten the operator must have to determine the sed :: perft:m the task step.

A - A::;:. taken by operator to -ent: 1 the sys:ers.

r - Teed.3:< :nformation the operator must have ::

.er:fy :me step was performed successfully.

22  : ' y l

TYPS ACTION or PARAMETER: This column should indicate the type of cetion or parameter readine thct is required:

Discretc, Continuouc, Adjust, Set, etc.

If it is c parameter, clso indicctc the type of parameter:

Level, flow, Pressure, Temperature, Position, etc.

STATE or DYNAMIC characteristics of parameters or actions that are desired to be accomplished. The emphasis is on DYNAMIC. When there is no dynamic action, indicate the lack of it by identifying the state:

Dynamic: Fast Increase, Slow Increase, Steady, Long Term Trend, Monitor, Momentary, Inject, Supply State (if no dynamic): Close, Open, Trip, Run, Stop INDICATION, POSITION, or RANGE requires the identification of the final condition that the system should obtain for this step or the range of readings required (in some cases this may duplicate the state condition in the dynamic ~

column).

Action Indication: Open, Closed, On, Off, etc.

Parameters: Range between which the parameter may vary for this specific step.

RESOLUTION refers only to the parameter reading resolution required of the scale, usually expressed in +/- units. It is N/A where readings are not required in the previous column.

RESPONSE refers to the speed of response required of the operator in determining the parameter or taking the action:

Rapid - Under time pressure Deliberate - Considered but timely action or reading required Analyze - No time constraints to consider reading or action NOTES:

Notes will be numbered consecutively for each page and filled in below.

23

VERIFICATION This phase of the task analysis is used to verify that the requirement characteristics defined in the first phase hrve corresponding instruments in the control room, and that tnu instuments are suitable for use by the operator. This phase continues the entries on the form under the headings Availability and Suitability. The following entries are made on this form.

AVAILABILITY:

COMPONENT TYPE (COMP. TYPE) will identify the kind of instrument that has been selected from the control room inventory, such as:

Meter, analog Meter, digital Control switch Control pushbutton Annunciator alarm Light INDICATION POSITION or RANGE lists the actual position indi-cation or meter range on the panel.

SCALE RESOLUTION (SCALE RESOL.) indicates the actual resolu-tion availahle on the existing scale.

ID # will list the component identification number.

PNL f will list the panel on which the instrument is loca-ted.

SUITABILITY:

In the Suitability section, the team will record its judgement on the suitability of the instrument for use by the operator. Location and relationship to other instruments and between controls and arreciated indications. If coordination of centrol room team members is required, the review will determine if that interaction is consistent with control roc = organiration and mode of operation. (Such information is appropriately noted in the Comments and Note sections.) The attached guidelines will be referred to by the team to aid them in performing the suitability deliberstions. The team will reach a conclusion on each ite and the last rolumn will be checked either Satisfactory or :ndicate the nee: for a HED. :f any aspc-r: cf suitsbil:ty is considered not arrep:5nle, a HED must be prepared.

24 _.

A check in the satisfactory column will r.lso indicate that the availability is considered to be satisfactory. Therefore, this column indicates overall verification for each line entry.

Comments will be entered if appropriate. Numbers in parenthesis will refer to notes below. A note is mandatory for til entries requiring a HED.

e e

O e

6 6

25 -.*

6 TASK ANALYSIS GDIDELINES that 6111a5 The primary purpose of the task to anclysis is to ensure perform the Emergency 6511bc all controls and displays needed and suitable, 6512ab Operating Procedures.are present The word " suitable" means:

operator actions by location, e They facilitate arrangement, and identifiability, and design.

The operators are not overloaded by the requirements of e

controls and indications in performing the procedures

.under stressful conditions.

secondary purpose of the task analysis is to analyze A and certain minor operational sequences that require operator engineering judgement to determine their suitability for either normal or emergency operations.

right hand column are NUREG 0700 (The numbers in the references.)

GUIDANCE The following general guidance is provided for reference by the team during the task analysis.

GENERAL PANEL PRINCIPLES controls and displays minimize operator movement by 6811

' o The 6821 appropriate grouping. 6921a to avoid 6511d No redundancy unless required for backup or e

excess movement.

6111b e Controls and displays are in the primary work area if required for continuous monitoring or critical timing, 6112 e Manning provides timely coverage of controls during emer-gency operations - no extra personnel needed.

panel 6514e e Precedures terminology should be consistent with 6633c labels.

General d:mensions of work station:

6122e2 e lateral viewing angle 45 deg.

6122f e lateral spread no more than 6 ft.

requ::e l e Ver:: cal panels - instrucents frequently used er prer:se read:n: c: setting: f'.25a:

n:rols 53 :nches above floor 6'. Er
s,: lays 65 inches.above floor 26

=

CONTROL / DISPLAY RELATIONSHIPS c The arrangement of controls and related displays is 6911e i cicurly identifiable, c, Controls and displays that are normally used together are 6911a located in close proximity.

e Control movement should have apparent display feedback in 6932a sufficient time ur. der expected dynamic conditions, e controls that have a display response lag should have an 6931c

  • i immediate feedback of the process and direction of para-j meter change.

e Annunciator windows are located above related controls 6331a and indications.

l CONTROL PRINCIPLES l

l e Provides sufficient range of control. 6422a l

l

  • Provides sufficient precision (but not excess precision) 6932ac within limits of dexterity, coordination, and reaction time.

e Multiple controls related to the same function grouped 6921a together.

e controls used in the hiind are identifiable visually and 6422d tactually and have separation. 6441c DISPLAY PRINCIPLES e Scales consistent with accuracy needed. 6512a e Operator does not have-to convert readings. 6512b e Scales cover the range needed. 6512d e Multipliers should be avoided if possible. 6512e e Multiple displays related to the same general function 6921a should be grouped together.

! e Displays to be compared should have compatible numerical 6515d progression and organiration.

i e Recorders:

s Ge'erally n should show trends or provide information for 6541g later reference.

i e Channels clearly identified. 6542n

$ 66353 e Located in operstir.; area :f required. 654.-

! . 27 s

l

^

i ,

TEAM BRIEF FOR ?ASE ANALYSIS The task analysis will be performed by the team using the

~

Peach Bottom Trancient Response Information Plan (TRIP) proce-durek. The analysis is divided into two distinct phases. The first phase determinct the REQUIREMENTS for panel instruments and controls- to suppor_t the TRIP. The second icfc VERIFICATION that I the available paner' instruments and controls me'et the requirements of the first phase. 1.

m REQUIREMENTS PHASES In thisphaseohtheanalysis, the team must establish the requirements for control room panels to support TRIP. To do this, team members are ask,ed not to think of'the controls and instru-ments that exist in the control room,. but to concentrate on ,

systems requirementc' and actions.1;Think in terms of what the systems are doing and what is required to be done in the systems.

Operators will find it difficult not to think of the control room ,

components, with which they age familiar, but should understood that the existing components might not he exactly what is needed v e for a specific step. Not all indications provided are used for a particular operation, and sometings additional indications could help in controlling the plant. Do not limit your contribution to

, what is available.

i ~The team should realize that what is said during the task analysis is not final. Although the analysis lists a requirement eat now provided on the panels, this does not necessarily mean that it will be provided later. Further study may show that a listed requirement is not needed. On the other . hand, not specifying theneed for an instrument on a particular operation does n6t mean that an existing instrument will be removed. This

, analysiU.must be a best attempt to specify.the CHARACTERISTICS of instrumedts re quired for each specific stop, based upon the team's L '

combined ex'perience and expertise. This analysis phase must be independent of what already exists.

VERIFICATION ,

In this phase the team is asked to reverse its previous approach, and think of.what exists in the control room. For this phase, the team will htve control panel prints and other informa-tion and listings for reference. The team may have access to the cont /c1 r'oom for this phase.' The intent in the VERIFICATION phase is to ensure that what does exist in the control room meets all the EEOUIREMENTS specified in the first phase of the analysis. By comparing what exists wfth wnat is required, we can identify any problems . with the control room t'nstrumentation and controls :n support of performing the TRIP procedures.

~-

/

/ 28

PROCEDURE FOR ANALYSIS The method to be used in the first phase of the task analysis will consist of reading each step of the TRIP and then specifying what actions must be taken to carry out the step. Where the opera-tor will need information, the team will specify the characteris-tics of the information needed. For example, each TRIP sequence has initiating cues, all of which must he specified. Each action consists of two parts: taking the action that alters the system, and receiving the feedback indication that lets the operator know that the action was successful. Both parts must be discussed for each action.

Because the TRIP procedures give only general direction, the team must fill in the specific actions to be taken in performing each TRIP step. This will involve recording each valve that must be manipulated, each pump that must be controlled, and each indication that must he read in order to perform the operation specified in the TRIP sequence. Any other procedures referred to in the TRIP will be reviewed to determine if they must also be included in the analysis.

As each step is listed on the form, the team will assume there are only two types of activities for the operator: either he must obtain information, or he must take action. Decision points usually require the operator to obtain information. Also, the word " verify" will be assumed to mean action, since any verifica-tion process that reveals a control or parameter not in the correct state, then requires the operator take the action that will put it in the correct state. For an item verified not correct, the action to be taken must be stated.

In general, decision points in the flow diagram will take the NO option. In some cases, there will be a short branch where an action is required under the YES and NO options. In order to be thorough, the team will first assume a YES and take that action, then backtrack and assume a NO to continue the worst case flow path.

l l When specifying the range required for meters, the team should address only the range of readings expected for that specific step, not the whole range of the meter. The term

" resolution" refers to how accurately the operator must be able to i read the scale. Generally, if a fairly wide range of readings are acceptable, the scale will not require high resolution. In other cases, a fine resciution may be ' required. The scale should l

prev;:e enougn tas;;;t;en to all:w the cperet: to perfer-  : *. e specific step under consideration. The resolution is usually given in +'or - namners. If an ansclute limit is involved so that l

the operator must know when that ite:t is reached, it must be made clear :n cur res::rse.

C5 gg

During the verification, the team will determine the avtila-bility of specific controls and instruments in the control room that meet defined requirements. In addition, the team will consider the suitability of the component identified. The component must be suitable in location, type, and arrangement. For example, some controls might be separated from the necessary feedback display so that the operator cannot reasonably observe the results of his actions. Or, because of angle of view, it may be difficult to read some displays. In some cases the needed information may be widely dispersed making the operation difficult. To aid the team in recognizing some of these suitability considerations, Task Analysis Guidelines are attached.

These guidelines are intended for frequent reference by team members during the verification phase.

After the team considers the availability and suitability of control room components for each requirement established in the first phase, a final judgement will be made. Either the selected component will be marked as satisfactory, or a human engineering discrepancy (HED) will be written. The HED will then be investi-gated and processed in the same manner as all other HEDs generated during the Control Room Design Review.

l t

30 _. .

9 r, r da ,

e W

M.

3 m M

62 O e **

L E

, E

.F.

8 E

D w e

.. g 0

b m e T:

M

.eileiD N d o* d 'es U

e es 3 ..l

~

n 5

> Om

  • as == E WO h>m 0"E.

=0 wk a e

bH to C

l' E Of h

E=g In ,

y=

=

=

eg U .

  • 42 M g NJ b 4 g JO 4m M

4 -

H g W 9) es 11

8. .

88 P me C.

E UMM W en ** O m o ei s D R,kOa4

  • O kt e tU.

e N5 e* 4 ax

>w et O ,

2

  • CE u m= n bkE De U d

> a a.

1 1

u D

D l

8=

e6 0 oo **

W M f 8, M .

WU en O4 I

4*

e.

i.;

M i:

. J.

4 H

31

4 ATTACHMENT 3 CONTROL ROOM ENHANCEMENT GUIDELINES s

32

I ELECTRICAL ENGINEERING DIVISION N3-1, 2301 Market Street Peach Bottom APS, Units 2 & 3 Control Room Design Review Enhancement Guidelines Mod 1091 A. Basic Control Panel Color

1) beige (Sherwin Williams, Sunfire 421, color #BM 8-10)

B. Color Pads

1) used to highlight instrumentation & controls used during emergencies
2) pastel colors shall be used to avoid visual shock
3) approved colors listed in COLOR CONVENTION document C. Colored Outlines
1) used to highlight systems important to normal operations
2) color selections same as for color pads D. Boxes
1) used to define functionally related items
2) used as needed for highlighting
3) black or system color as appropriate E. Erackets
1) used as needed to define groupings of related I & C
2) black F. Dividing Lines
1) used as needed to create subgroups within highlighted areas
2) used as needed to separate unrelated items located in close proximity to each other
3) black G. Mimics
1) used only where needed due to ccrplexity of syster. cr arrangement of centrols
2) paths go through center of controls
3) arrangement shall be physically correct 33

4 t.

Enhanc;mant Guid211nas for F.cdification 1091

4) same elevation and referencing required for discontinuities
5) mechanical systems shall be black
6) electrical bus colors listed in CCLOR CONVENTION document
7) symbols r.ade from engraved lamicoid H. Labels
1) hierarchal layout
2) information contained on each basic label: title, equipment or instrument number, MCC or head chamber number (where appropriate)
3) label design details contained in NAMEPLATE STANDARDS document
4)
  • approved terms contained in NOMENCLATURE document
5) standard labels white lamicoid with engraved black 1,etters
6) DC powered instrumentation label: yellow lamicoid with engraved black letters I. Push Button Coding i 1) annunciator controls a) acknowledge - yellow, mushroom b) reset - silver c) test - silver, raised collar
2) emergency (scram, trip) - red
3) all others - silver J. DC Powered Instrumentation i
1) denoted by yellow label K. Group Isolation Notation t

(

l 1) indicate isolation valves of Grcup I, II, & III by 1,2, or 3 yellow dots

2) indicate control switches that are reset permissive l by color coded handles: Group I - orange,

( Group II - light blue, Group III - yellow

3) indicate control switches whose isolation signals can be bypassed by black ring around handle
4) indicate isclaticn state (cpen or closed) by (LATER)

L. Regulatory Guide 1.97 Instrumentation Notatien

1) instruments designated as categcries 1 and 2 for variable

- types A.E, and C are identified by a yellow stripe on the instrument 34

F

. . Enhancsm2nt Guidalinas fer Modification 1091 M. Com.cn Reference Leg Notation

1) head chamber nurbers for reactor pressure and level instrumentation located in lower right hand corner of label N. Information Plates and Diagrams
1) existing information retained as appropriate (photoetched or lamicoid plate) in permanent fashion O. Plexielass Protective Covers
1) as required to protect emergency controls against inadvertant actuation P. Normal Valve State (where needed)
1) red or green dot located between indicating-lights
2) red, green or red-green valve shaped magnet placed on valve mimic symbol

. , '?  ;

0 l

/ .

L MJL:sjf (( '

SF112984M830 December 3, 1984 Rev. 1. January 29, 1985 O

e 35

Retrieved from "https://kanterella.com/w/index.php?title=ML20115H153&oldid=3475119"