ML20126F677

From kanterella
Jump to navigation Jump to search
Review of CE 80+ FMEA & D&Did Analysis, Technical Ltr Rept
ML20126F677
Person / Time
Site: 05200002
Issue date: 12/08/1992
From: Palomar J, Wyman R
LAWRENCE LIVERMORE NATIONAL LABORATORY
To:
Shared Package
ML20126F605 List:
References
NUDOCS 9212310056
Download: ML20126F677 (29)
v  d  e


Text

. . _ _ - _ _ _ . . - - _-

0 A Review of the CE 80+

FMEA and D&DID Analysis Technical Letter Report J. V. Palomar R. H. Wyman December 8,1992 Version 2 Lawrence Livermore National Laboratory '

Fission- Energy and Systems Safety Program -

DRAFT

[8PA88M8818jjg2

Disclaimer This doniment was prepared as an account of work sponsored by an agency of the United States Govcinment. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or reprer.cnts that its use would not h. fringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or the University of California.

The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.

l-Work performed under the auspices of the U.S. Department of Energy by lawrence Livermore National Laboratory under Contract W-7405 Eng48.

DRAFT

l

.i A Review of the CE 80+  !

FMEA and D&DID Analysis i Technical Letter Report I f

i J. V. Palomar l R. H. Wyman B

i December 8,1992 Version 2 i

Lawrence Livermore National Laboratory .

Fission Energy and Systems Safety Program '

.D RlA FT

. - . . . .- - . . . _ = .- ..

1. I n t r o d u c t 10 n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2. O r g a n l z a t i o n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .. . . . . . . . . . . . . . . . . . . . . . 1
3. R e v i c w o f t h e D & D 1 D A n al ys i s .. . .... .. .. ..... .. ....................... ..........................1 3.1 O b s e r y a t i o n s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 3.2 C o n c l u s i o n s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . .. . .. . . . . . . . . . . . . 2 3.3 R e c o m m e n d a t i o n s . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . .. . . . . .. . . .. . . . . .. .. .. .. . . .. .. .. . . . . . . . . . . . . 2
4. De t a iled D& D1 D A n a1ysis Re vi e w . ..... ........ ...... .......................................... 4 4.1 increase in Heat Removal by the Secondary System...................... 4 4.1.1 Deerease in Feed wa ter Tempera tu re ...................................... 4 4.1.2 1 n cre a s e i n Feed w a t e r Fl o w ...................................................... 4 4.1.3 I n crea sed M al n S t e a m Fl o w ..................................................... 4 4.1.4 Inadvertent Opening of a SG Relief or Safety Valve..........4 4.1.5 Steam Pipe Failure inside or Outside Containment...........4 4.2 Decrease in Heat Removal by the Secondary System.................... 5 4.2.1 Loss o f Ex t e rn al Loa d . . .. .. .. .. . . ... ... .. .. . .... .... .. . ...................... ..... ..... 5 4.2.2-4.2.7................................................................................................5 4.2.8 Feed wa te r Pi pe U rea ks .... .. .. ...... .. .. .... .... .. ................................... 5 4.3 Decrea se in Rea ctor Coolan t Flow.. .................................................... 5 4.3.1 Total Loss of Rea ctor Coolan t Flow ........................................ 5 4.3.2 Flow Con trolle r M aifu n etion................................................... 6 4.3.3 Single RCP Sh a f t Sei zu rc .......................................................... 6 4.3.4 Si ngl e RC P Sh a f t B re ak. . . .. .. . . .. .. ... ... . .. . ....... .. . .... .. .... ... .. . . .... ........ 6 4.4 Reactivity and Power Distritution Anomalles................................ 6 4.5 I n cre a s e i n RCS I n ve n to r y ... .. .. .. .. . .. .. .... .. . . .... . . ........ .. ............ .. ............. 6 4.6 De crea se i n RCS 1 n v e n t o ry .. ...... .. .. .. .... .... .. .... .... .. .... .......... .... ............... 6 4.6.1-4.6.2................................................................................................6 4.6.3 S t ca m Ge n era tor Tube Ru pt u re ................................. ............ 6 4.6.4 Radiological Consequences of a Main Steam Line Fa11ure.......................................................................................................7 4.6.5 Los s-o f-Cool a n t A cci d en t ............... ................ ........................... 7
5. R e vi e w o f t h e FM E A . . . . . . . . . . . .. . .. . .. . . . . . . . . . . . .. . . . . . .. . .. . .. . . . . . . . . .. . . . . . . . . ... .. . . . . . . . . . . . .. . .. . . . . . 7 5.1 Genera 1..................................................................................................7 5.1.1 D r a w i n g s a n d Tabl es . . . . .. .. . . . . . . . . .. . . . . . . .. . . .. .. . . . . .. .. .. . . .. . . .. .... .. .. .. . . .. . 7 5.1.2 Sel e et i y e 2 o u t-o f-4 Logi c ... .. ... . .. .... .... .......... .. .. .. .. .. .. .... .. ........ ... 7 5.1.3 Te s t i n g i s s u e s . . . . . . . . . . . . . . . . . . . . . . . . .. .. . . . . . . .. .. .. .. . . . . .. . . .. .. . . . . .. . .. . . .. .. .. . . . . . 7 5.1.4 C PC l s s u e s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . 8 5.1.5 Containment Spray Actu ation issues..................................... 8 5.2 F M E A C 1 a r i fi ca t i o n s . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . .. . . . . .. . 8 5.3 O t h e r 1 tems to be A n aly zed .... ,, ..... .................., .... ...... .................11 5.3.1 TC B Co n t rol s . . . .. . . . . . . .. . . . . . . . . . . . . . . . . . .. . . . . . .. . . . . . . . . .. . . . . . ... .. . . . .. . .. . .. . . . . . . 1 1

$.3.2 Co m pl e x Fa 11 u r e M o d es ... . . .. .. .. .... .. . . .. .. .. . . .... ...... .... ............ .. .. . 11 5.4 Requests for a M ore Detailed FM E A.... .. .........................................11 Appendix A A.1 Si ngle li ne I n te rcon ne c t Dia gra m .. .......... ......... ........................... A-1 i

DRAFT

4 4

FigureA.1-1 CE 80+ Prot. Sys. Single line Interconnect Diag............... A-2 Appendix B U.1 Pro t ection Sys t e m Block Dia gra m ....................................................B 1 Figure B1-1 CE 80+ Protectica System Ulock Diagram, Ch. A...............U 2 Figure U1-2 CE 80+ Protection System Block Diagram, Ch. B...............D-3 Figure B13 CE 80+ Protection System Block Diagram, Ch. C...............U 4 Figure U14 CE 80+ Protection System Block Diagram, Ch. D...............U 5 Appendix C C.1 S i g n a 1 A s s o ci a t i o n .. .. . . .. .. . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . .. . . .. .. . . .. .. . . . . . . . . .. . . .. .. . . . . . . C-1 Appendix D D.1 S i g n a l Pa t h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . .. . . . . . . D 1 Tabl e D.1 1 S i g n a 1 Pa t h . . . . . .. . . . . .. . . . . . . . . . . . . . . . . . . . . .. .. .. .. .. . . . . . . .. . . .. .. . . .. .. .. .. . . .. .. . . .. .. . .. D-2 Table D.1 -1 Signa 1 Pa th Oon tin u ed ........ ..................................................... D-3 Ii l DRAFT l

i s, .

I A Review of the CE 80+

FMEA and D&DID - Analysis  !

Technical Letter Report

1. Introduction As part of their application for a design certification for an ALWR design, Combustion Engineering,Inc., has submitted a railure Modes and Effects Analysis (FMEA) and a Diversity- t and Defense-in Depth Analysis (D&DID) on their protection system to'the NRC. This report presents the results of a review of those analyses which was performed by Lawrence Livermore  :

National Laboratory under FIN L 1867.

2. Organizalion  !

This report has two main parts. Le first part contains a review of the D&DID analysis. -This .

part contains the observations, conclusions and recommendations followed by a detailed review of each of the events analyzed. ,

i The second part is a review of the FMEA and contains four sections.~ The first section covere general issues partaining to the entire FMEA. 'Ihe next section contains comments and questions ,

that need clarification and is organized by FMEA item number. The third section is a partial  ;

list of the i; ems which are overlooked in the FMEA. The fourth and final section contains LLNL's recommendations far further FMEA and is organized by FMEA Item number.

3. Review of the D&DID Analysis 3.1 Observations The configuration of the CE S0 tsystem is such that nl' the following analysis it is assumed that a common mode fatture of the protection system does not disable the PAMI. This assumption is reasonable since the PAMI can be expected to have software which is diverse from that in the rest of the protection system. Although the hardware rnay be the same, the chance of a . .

common mode faibre of the protection system taking out both the PPS and PAMI is presumed to be incredible. '

~

With the above in mind,it is observed that the DPS raceives data from protection system sensors via both the PAMI and the PPS. The DPS then decides which sensors are working and ,

which are not. -It is not clear from any of the documentation what sensors the DPS groups in .

making these decisions. Thus, a common-mode failure of the PPS in which incorrect data is -

delivered to the DPS may well cause problems in'the DPS decision algorithm, particularly if a data group contains data from both PAMI and PPS.

One of the problems that was not addressed in the study is that of the ambiguous displays made available to the operators. In many of the events operator actions are required.  :

-1 DRAFT.

- ,, e -.- , , - - -.a,.,.,- - ,..m.. - , -v- - - -.- ,- , -e,- - - - e.- m w ,

e flowever, these actions depend on the operator being able to correctly assess the situation. If the protection system is disabled and this fact is not known to the operator, then the indications from the protection system which are presented to the operator by the DPS will te in conflict with the indications from the displays of other systems. Further, the DPS may te processing data from both PAMI and PPS as mentioned above. The protection system indications are presumably more dependable than those from the control system. 'thus, the vendor expects the operator to use the less dependable indications to mitigate the event when presented with conflicting indications.

The vendor should address this issue and make a convincing argument that the operator will always le able to make the correct decision and perform appropriately.

3.2 Conclusions In rnany of the events the vendor depends on operator actions which are unrealistic. First,in many cases the operator doesn't have enough time to react. Second, the operator must make choices which, if made incorrectly, will have consequences which are not covered in the analysis. Third,in several cases the operator has too much to do and .nay do things out of sequence with unanalyzed consequences. From this it is concluded that there needs to le considerably more automation than appears in the analysis.

3.3 Recommendations The vendor has recommended that a number of PPS back up processes have automatic initiation systems installed. In some cases,it is indicated that more analysis should be done to confinn the need for these systems. This review concurs with the vendors recommendations but widi the caveat that any further analysis performed be only for the purposes of showing conclusively _

that a particular automatic initiation system is not needed. *fhat is,it is (clt that a modification proposed should be carried out unless there is clearly no need for it as confirmed by analysis. In addition, the vendor should make all analyzes available to the NRC.

Table 3.31 contains a list of the systems to be modified, the recommended or existing initiators for that system, the event number for which they are needed, and a reference to where in the D&DID analysis the vendor recommends the initiator or whether the initiator exist in the current design.

Manual contiol of many functions should be available from the MCR. For example, control of individual MSIVs and MFIVs should be available to allow management of the various events.

The vendor should make a thorough study of what controls should be available in the MCR since management of the events may tw intractable without these controls readily available.

2 DRAFT

IaMc11-1 Systern initiating Signal livent Mitigated Cross 1(cf.

AICIS liigh Pressurtrer 4.2.1 Loss of Externallead Existsin Current Pres. 4.23 loss of Condenser Vac. design.

4.2.4 MSIV Closure 4.2.7 Loss of Feedwater Flow 4.2.8 FW System Pipe Break 43.1 Loss of itx Coolant flow 4.4.1 CEA Withdrawal /LP 4.4.2 C E A Withdrawal / Power 4.4.4 Start of inactive RCP 4.4.6 Inadvertent Deboration 4.4.8 CCA Epction pg. 30/ para. 2 low Pressurirer Pres. 4,1.5 Steam Pipe Failure pg. 85/ para. 5 4.6.2 D.E Brk of teidown Line pg. 88/ para. 3 4.63 SGTuteRupture pg. 93/ para. 3 4.6.5 1.OCA pg. 62/ para. 2 low Rx Coolant flow 433 Single RCP Shaft Seizure AFAS Low SG Level 4 2.3 loss of Condenser Vac. Eibts in Current 4.2.4 MSIV Closure design. .-

4.2.7 Loss of Feedwater Flow 4.2.8 FW System Pipe Break 43.1 Loss of Rx Coolant flow Low SC Pressure 4.1.5 Steam Pipe Failure pg. 31/ para. 3 MSIV closure High Cont, Pres. 4.1.5 Steam Pipe Failure pg. 34 / para,1 111gh Cont. Temp. 4.1.5 Steam Pipe Failure pg. 34 / para.1 low SG Pres. 4.2.8 FW System Pipe Break pg. 53/ para. 3 Cont. Spray liigh Cont. Pres. 4.1.5 Steam Pipe Failure pg. 34 / para,1 liigh Cont. Temp. 4.1.5 Steam Pipe Failure pg. 34 / para,1 liigh Cont. Pres. 4.6.5 LOCA pg. 98/ para.1 M1IV closure Low SG Pres. 4.1.5 Steam Pipe Failure im 4.2.8 FW System Pipe Break nom Cont. Isolation P-CCS provides 4.6.2 D E 3rk of letdown Line pg. 84 / para. 3 monitoring and shutoff capability of air supply to valves SI AS 4.6.5 LOCA pg. 97/ para. 3 MSL Radiation P-CCS provides 4.63 SG Tube Rupture pg. 90/ para. 2 Monitoring indications of radiation levels for each SC MSL Safety injection Low Pressurizer Pres. 4.6.5 LCCA pg. 94 / para. 3 or High Cont. Pres.

3 DRAFT 1

4. Detailed D&DID Analysis Review In what follows the paragraph numbering is the same as the numbering used in the D&DID analysis, it should te noted that if the leading 4s of the paragraph numbers below are repland by 155, the numtering is that of Chapter 15 of the SAR.

4.1 Increase in IIcal Removal by lite Secondary System 4.1.1 Decicase in reedwater Ternperature The analysis done by the vendor seems adequate.

4.1.2 Increase in reedwater flow in the analysir, done by the vendor there was a concentration on the excess cooling of the RCS as a result of the excess fcedwater. The event was characterized as teing similar to the IOSCADV event. However,it would appear that the excess feedwater flow would ralt.e the level of the steam generator to the point where steam quality would degenerate and the turbine protection system would cause a turbine trip. A turbine trip is not considered in the analysis, but it would seem that the turbine trip might start a train of events. Clearly the generator would trip. The turbine trip may cau6e the pressurizer pressure to rise which may cause the reactor to (Hp. The feedwater pumps may trip as a result of the turbine trip. (This last is a speculation on control system reaction to a turbine trip.)

In the analysis it is stated that either a pump speed increase or an increased valve opening can cause this event. However, it would seem that level in the SC is controlled by the valve alone if the pump flow is adequate, so pump speed increase alone will not cause the event.

The analysis performed seems to be inadequate if the water level in the SC rises to the point of causing steam quality to degrade significantly. There seems to be enough flow (40% over nominal) to cause this s.o the event should be analyzed in this regard.

4.1.3 Incrcased Main Steam flow The analysis done by the vendor seems adequate.

4.1.4 Inadvertent Opening of a SC Relief or Safety Valve The analysis done by the vendor seems adequate.

4.1.5 Steam Pipe railure Inside or Outside Containment This is a very complicated event which moves very fast at i the operator cannot be expected to control what needs to be controlled on the time scales given. For example,if the protection system is working, the reactst would be tripped eight (8) 5,camds into the event (Table 15.1.5 2).

For another example, the pressurizer will empty in forty six (46) seconds. Reactor trip, MSIV closure, MFIV closure, safety injection and containment sprays all need to have automatic initiation systems outside of the PPS and ESPAS in order to respond effectively to this failure.

4 DRAFT

Closure of the MFlVs is not mentioned in the analysis, but if they are not closed there is no way to control the heat removal. The SG with the problem must be ir.olated and allowed to dry out and then heat removal can te bandled by the !ntact SG with proper operator control. If the PPS is functioning, MFIVs close Iwenty three (23) seconds into the event (Table 15.1.S 2).

Feedwater, either from the main feedwater system or via AFAS would have to be available.

Ilowever, the feedwater to the SG which is feeding the broken steam line should te shut down to limit excessive cooling. This could le done by operator action if there is adequate tirne and infonnation for him to make the correct decision, but otherwise there may have to be an automatic system installed.

4.2 Decrease in lleat Removal by the Secondary System 4.2.1 Loss of Enternal Load The analysis done by the vendor for these event seems adequate.

4.2.24.2.7 The analysis done by the vendor for these events seem adequate.

4.2.8 Feedwater Pipe Dreaks This event,like the steam pipe failure event, moves very fast and is very complicated. In less than one (1) minute the reactor trips, the turbine inps, the affected steam generator empties, and the pressurizer safety valves and the intact SG safety valves lift *lhe reactor trip is initiated by high pressurizer pressure through the ARTS, and emergency feaiwater will be initiated by low SG we'er level through AFAS. But there should be automatic closure of the MFIVs and MSIVs to prevent interaction of the two SGs. The intact SG must be kept available for cooling the reactor, and now into the affected SG must be stopped to limit the loss of toller water. Feedwater How must be maintained to the unaffected SG and shut off to the affected SG.

If closure of the MSIVs doesn't shut off the steam leak, if the event causes cool down ratbr than heat up, this event looks much like a steam line breal but with the exception that management of the feedwater piping becomes important.

4.3 Decrease in Reactor Coolant Flow 4.3.1 Total Loss of Reactor Coolant llow This event is characterized by a loss of offsite power to the unit main and auxiliary transformers. This causes a reactor trip by shutting down the CEDM MG sets. The MG sets will Hywheel for awhile delaying the insertion of the rods. Because of the delay in inserting the rods, the DNUR may get too low and although this is recognized in the analysis,it is not made quantitative or explicit.

This event seems to have the potential for causing considerable confusion in the control room since there is a lot going on in a relatively short time. The operators are required to sequence the loads onto the DG busses and may have to manually start emergency feedwater now.

5 DRAFT L

it is stated that the pressurizer will fiil and presumably the safety valves willlift. But there is no analysis of the consequences of this. Does the containment require cooling sprays't This is never mentioned.

The vendor r,uggest that more analysis is needed and LLNL concurs. This additional analysis should include quantitative results for DNBR, a list of information that would be available to the operator, what the operator is expected to do, and how much time the operator has to make a decision and take action.

4.3.2 Flow Controher Malfunction;

, this event does not apply to this design.

4.3.3 Single RCP Shaf t Scirure According to Table 15.3.3-1 of the SAR, a minimum DNBR of .83 will be reached in two (2) r.cconds from the start of the event. This is well telow the 1.24 value and will probably damage some of the fuel. It is critical that the control rods le inserted as quickly as possible and waiting for the operator to do it will make the problem much worse. it seems clear that the reactor should le tripped on low coolant flow.

The vendor needs to do more quantitative analysis of this event.

4.3.4 Single RCP Shaft lireak This event is similar to and slightly more severe than 4.3.3 and requires similar rneasures.

4.4 Reactivity anct Power Distribution Anomalics

'Ihe analysis for each event in this section seems adequate as presented.

4.5 increase in RCS Inventory 1he analysis for each event in this section seems adequate as presented.

4.6 Decrease in RCS Inventory 4.6.14.6.2 The analysis done by the vendor for each of these events seems adequate.

4.6.3 Steam GeneratorTube Rupture If the PPS was operational the reactor would trip in less than a second (Table 15.6.3 of the SAR) on high SG level. The turbine protection system will undoubtedly trip the turbine on poor quality steam almost immediately after the start of the event. Thus it is unlikely that operator actions in the event that the PPS is not working will be adequate for mitigating the event. Once the turbine trips on poor steam quality the pressurizer pressure should rise sufficiently to cause an ARTS trip. However, all of this is speculation. The vendor's analysis nwds to be more thorough and needs to takein to account the possibility of the turbine tripping.

Further there should be an automatic means to trip the reactor if this event occurs.

6 DRAFT

1 -

  • I 4.6.4 Radiological Consequences of a Main Stram Line I allure This event does not apply to this design.

4.6.5 Loss-of Coolant Accident There needs to be a fully automatic system backing up the PPS to mitigate a LOCA. *lhings will move much too fast for the operator to becorne involved.

A Medium LOCA has the peculiarity that the pressurizer pressure may be to high for low pressure safety trijection and the LOCA flow may be to high for the CVCS to maintain inventory. This rnay lead to an accident more severe than a large LOCA 'Ihe vendor needs to analyze a medium L(X'A event.

5. Review of the FMEA 5.1 General in this section several items which are of a general nature are considered. That is, the comments below apply to the whole FME A and are not specific to individual FMEA items which consider the failure of specific components of the protection system.

5.1.1 Drawings and Tables Several drawings and tables are included in the appendices of this report. The vendor should inspect these items for completeness and correctness.

5.1.1 Selective 2-out of-4 Logle Selective 2-out of-4 logic is ured in the CCS of both the RPS and ESP. For the RPS, this consists of the arrangement of the RTSG circuit breakers. The motivation for this is clear and since this arrangement includes four of the six terms of non selective 2-out of-4 logic there is no question about the use of selective 2-out of-4 logie in the RPS. Ilowever,in the ESF CCS, the selective 2 out-of-4 logic is done in PLCs where there is no particular cost dif ferential between implementation with selective 2-outef-4 logic and non selective 2 out-of 4 logic. Why selective 2 outof 4 logic is used for the ESF CCS should be explained even though it is not considered particularly unsafe.

5.1.3 Testingissues There is not a clear explanation of the automated test signal injection system. Further, there is no analysis of the failure modes of the automated test signalin}ection system. Item 23 of the FMEA looks at simple failure modes of the ITP, but the ITP seems to be an important element in the system and the analysis would appear to be too simple.

Also, there are manual test operations which are characterized by Figure 7.217. This figure is very confusing and there is no mention in the FMEA of failure modes of this system. Paragraph 7.2.1.1.92 - B does not clear up the confusion.

7 DRAFT 1

a s 4

Figure 7.216 shows test coverage overlap but does not seem to be complete, in particular, bypass tests and CPC tests are not shown. Further, not all of the text referenxs are correct.

5.1.4 CPClssues The vendor is a little loose with terminology in some instances which occasionally leads to minor confusion. For this paper it is assumed that the CPC consists of two (2) CEACs and four (4) TLCs. One TLC is assigned to each protection channel and hence requires opticalisolation if there is communication with another channel. Each CEAC is assigned to a protection channel, one to channel D and one to channel C. Each CEAC conununicates with every TLC and thiri communication path is optically isolated where communication to different protection channels are involved.

Mgures 7.218 and 19 are somewhat inconsistent in that 18 shows the CPC (TLC) connected to the LCL when 19 and the text of paragraph 7.2.1.1.2.6 indicate that the connection is to the bistable.

ngure 7.2-7 shows one (1) ITP connected to both CE ACs but there is no indication of which TIT'is being used and perhaps this is another ITP. It has always been assumed that there is one ITP for each protection channel.

5.1.5 Containment Spray Actuation Issues On drawing 7.219, CSAS is shown in all four divisions of the ESF CCS while on document number NPX801C SD640, Rev.00, Page 135 CSAS is only shown in divisions A and B.

5.2 FMEA Clarifications in what follows the numbering system is that of the FMEA, Table 7.2 5 of the SAR. Not all item numbers appear and if an item is missing it should be taken that there are no clarifications required for that item. The text takes the form of comments and questions.

1) There seems to be an error in item la. We believe that in the column
  • Effects on PPS" that the comment should be *Makes reactor trip logic 2-out of 2 coincidence" since a low output failure would not cause a channel trip, it is noted that if the " Trouble" circuit of the Ex-Core nux Monitor trips a trip will be delivered to the LO DNDR and Hi PWR DENSIW LCLs which may put them into 1 out-of 2 trip r.tatus.(NOTE: This assumes one channel is bypassed for maintenance.)

13,14) Item 14 states that CSAS is actuated by Wide Range Containment Pressure Signal transducer (352 A), but 352 A is not used for actuation of CSAS logic per Figure 7.219 and 7.2 26. The Narrow Range Containment Pressure Transducer (351 A)is used for CSAS initiation.

20b) The worst case would be the failure not detecteci nis along with the bistable falling to trip would leave the PPS logie in 2-out of 3 for un bypassed channels and 2 out of-2 for bypassed channels rather than 1-out of 2.

8 DRAFT

21a) for this failure,it is assumed that the fiber optic links are two state links such that if a light source fails or a power supply is lost that the link goes off" which is the trip state for that channel, The LCL with the failed cross connect input is converted to a 1-out-of.2 voter for that channel since it sees a trip signal on the link. All the other LCLs with working cross connects ate still 2-out-of 3 (NOTE: This assumes one division is bypassed on the failed channel for maintenance.)

21b) It would f.eem that, as in 21a, the failed input would put the LCL into 2 out-of.2 with the unfalled LCLs teing 2 out of 3. (NOTE: "This assumes a channel redundant to the failed channelis bypassed for maintenance.)

23) There is communication between the ITPs so that their activities are coordinated and Iwo channels are not being tested simultaneously, it h inferred that two channels should not le in test at the same time (see paragraphs a and b of page 201 of the CE80+

Summary Description). When testing the TLC,it is stated that two channels will not be tested simultaneously, but it is not clear that the TLC test is automatic, l.c. whether it is initiated manually or automatically. Figure 7.2 2 does not show a connection to the TLC. What occurs if the inferred synchronization between the ITPs fall and two channels go into test together?

The SAR does not provide enough information to determine what effects an ITP failure may have. The interaction hetween this processor and the LCLs is crucial and not,well described. Interactions with signal paths leading into bistables has already been remarked upon in paragraph 5.1.3, above.

24) 'Ihe analysis of this item is probably correct but Figure 7.212 is probably incorrect and the analysis should be modified to reflect the way the initiation relays are really connected it would r.ccm that the initiation relay, should be wired the same regardless of whether the relays are initiating the UV coil or the ST coil. In particular, the contacts which start the time delays (those contacts connected by a dotted line to the OR gates of Figure 7.212) are probably the contacts of the initiation relays. Slam the time delays should start timing when power is removed from the coils, the init.ation .

relays should have normally open contacts wired in sedes, one from each LCL Thus, the initiation relays willle picked up, and the contacts closed,in normal operation and will drop out on trip or a power failure, Once either relay drops out, the time delay relay will drop out and start timing. After the time delay, the contact on the UV side will open, the contact on the ST side will close and the CD will trip.

There is another problem which needs to be looked at. It would be good engineering practice to interrupt the current to the trip coils using the CD auxiliary contacts when the Cl3 trips, if this is not done, there is a danger of r,etting fire to the trip coils since they are not normally designed for continuous operation.

27b) In the usual design of circuit breaker circuits, the breaker is " trip free" which implies that if the closing coil and a trip coil are both energized, the trip coil will override the closing coil and the breaker will open and not re-close until the closing coil is de-energized and energized again.

9 DRAFT

Good engineering practice would put one of the Cil auxiliary contacts in series with the closing mil so that when the CD was closed the current to the closing coil would be interrupted. If this is not done there is a danger that the closing coil will catch fire.

36a) The statement is made in the Remarks column that manual ccmtrolis still available via the operators module. Ilut the failure is the loss of vital bus power which takes out all of the ESF CCS, so .. is not clear how there is any manual control of channel A ESP devices.

42) The failure modes of the Operator's Module are described an *off" and on", if the module fails off", this would seem to imply the inability to control anything from the module. If it falls on",it is not clear what is implied.11 is presumed that the Operator's Module is a form of VDT with keyboard which allows rather cornplex interactions with the system. A more detailed analysis would seem to be needed.

10 DRAFT l

.o l

5.3 Other items to be Analyzed here seem to be some items which have teen overlooked. Below is a partial list.

5.3.1 TCU Contsols items 26 and 27 of the FMEA consider failures of certain TCB control switches. But other switches exist for control of the TCDs, e g., switches on the RSP, and the failure modes of these need to le analyzed also.

5.3.2 Complex railure Modes ,

For mleroprocessor based components such as PLCs and communications multip.aors, the failure modes of "off' and "on" may be too simple. But in most cases analyzed those are the only modes considered. The vendor should defend the choice of modes and if more complex modes should be analyzed, the analysis should be made.

For FMEA items 45 51, which cover multiplexers and data communications, the failure modes (off, on) seem to be too simple. De venoor should defend the choice of modes and if more complex modes should be analyzed, the analysis should be made.

5.4 Requests for a More Detalled FMEA In what follows, the item numbers correspond to those of the FMEA, Table 7.2 5 of the SAR.

15b) The CEACs provide data to the TLC in which fairly elaborate trip calculations are made on DNBR and linear power density, if the output of the CEACs differ, the TLCs will no longer have good information on which te make these calculations. So the statement that there are possible trips is inadequate. More detail should be supplied.

In the remarks column the comments it is stated that the operation of the system is

" restricted" with one or two CEACs out of service. It should be made clear what the restriction is and why operation is safe with this restriction in place.

17) This item (a through t) is very difficult (impossible) to review because of what appear to be inconsistencies between the various drawings (7.2 8,7.210,7.218,7.219) and the FMEA text. Chapter 7 text (7.2.1.1.1.1 7.2.1.1.1.4,7.2.1.1.2J, and 73JJ.2 7.2.2.2.4) is little help. There also appears to be an interaction with item 20 since that is supposed to cover bistable failures in general. Item 17 seems to cover particular bistable failures although that is not clear, it is conceivable that the bistables referred to in item 17 are not the bistables of 20. Below are some specific comments which are not necessarily exhaustive, a) and b) Trouble annunciator bistabic: Figure 7.218 shows " trouble" contacts in the ex-core signal processor. These feed a bistable which is presumed to be one of the generic bistables mentioned in item 20. What piece of equipment is presumed to have failed is not clear, is the bistable failing or are the contacts in the ex-core system falling?

11 DRAFT

I I

1 c) and d) Trouble bistable relay contacts in annunciator circuit: his item cannot le found on any of the prints so a review cannot be made. This item rnay refer to details which are covered generically in item 20. j e) and () Trouble bistable relay contacts in power trip test interlock: nis item cannot be found on any of the prints so a review cannot be rnade. This item may refer to details which are covered generically in item 20.

g) and h)10% log power bistable: On Figure 7.218 there is a contact labeled l

  • Energired When Power > 10% in the ex-core signal processor. These feed a bistable which is presumed to be one of the generic bistables mentioned in item 20. What piece of equipment is presumed to have failed is not clear, is the bistable falling or are the contacts in the ex-core system failing?

i) and j) 1% log power bistable: On Figure 7.218 there is a contact labeled " Energized When Power < 1%"in the ex-core signal processor. %ese feed the CPC. Where is the 1% log power blstable located and what does it do7 L) and I) 1% log power bistable contacts in CPC: Ris item cannot be located.

m) and n) Rate of change of power bistable: This item cannot be located.

o) through t) Where are the summers of these items located and what do they do?

36) Since there is a communications link telween the DCM and the SMCs, there is a small likelihood that the DCM can cause the SMCs to behave improperly and start some subset of the components connected to the SMCs. A worst <ase set of components should be considered.

37b) The effect on the PPS is that "Affected ESF components actuated". A worst-case set of actuations should be selected and analyzed for effects. This concern arises in a number of items which follow and should be analyzed in those particular items too. in particular, where a processor controls several components, some subset of those components may be actuated. Re analysis is further complicated by the number of different subsets which are available from each of the processors.

39) There seem to be some significant errors in item 39. First of all,it should be labeled
  • Division A Auxiliary Master Processor"and 39 is not Al typical,but A2 typical,since this item states that " Loss of data communication to DPS" as a symptom which implies
A2 failing. See Figure 7.3 3.) Next, there seems to be a problem with the "39a Cause" l

being "same as 36a", since the "36a Cause" is a failure of the division A vital power bus which would seem to take out all of Division A ESF CCS and make this failure just like 36a. This item should be re. analyzed

41) This has the same problems as items 36 and 39, The labelis wrong and 41 is not A2 typical but Al typical, see Figure 7.3 3. This item needs re. writing just as item 39 does.
44) As in 37 above, LLNL request that CE analyze the effects of accidentally actuating the components controlled by this pmcessor.

l.

12 DRAFT

52) As in 37 and 44 above, LLNL request that CE analyn the effects of accidentally actuating the components controlled by this processor, 13 DRAFT

. . j i

l Appendix A:

A.1 Single line Interconnect Diagram This appendix contains a single line interconnect diagram of the CE80+ protection system and protection related non safety grade control and display systerns. This diagram was u>nstructal from various CE drawings rubmitted in the CESSAR and in rnectings with the NRC. *lhe diagram represents LLNL's understanding of the CE80+ system.

l

{

l l

l l A1 DRAFT 1

t c j, ___________

i i I n,:jj

" 8'l g 1 p - ,.- - - - - - - - h I, lj " "

g i, . l.l.

I 1 1. " " - ../Ii h

.h h ) ;in k,

ri o  ; c;r:=y i I If l! dl M d d) I

'{ l o f, o

. 'I m.__ d ui l

fil.r.

gp- -4'b ( 'b - a - --

i a.

e - q

s-.4q,

'n p.o..  :

v;i 1 I

,{ _._

- e hl -

3 1 3

1: _

9,4L _l; IJL

_ _I li Ni# N}{-

AP-D- .$ MSMS 1 fdl N}{33$3
! I i i J a ut 1. j- .

2

, fg e ' -- a 3

f f,11, }]g s 1

sit_

tr ..

J .. - g .iv -

glN

[..- _* _ _ ]

i m

~~~~

f 1 _ .. . h I k ve r y

}a$ _c y 9 .

. _ _ _ _ _ _ _I&

s g .,

g I M; a j *

}. }. +

e

,i l4 rl rd

=

I [M33I 4 1 4 18 i

l --

! ) e c

[ 3 1 y

) i I2

[ s JJ jf y t

jy "p ._ _

_f.9 . _.__

y . ___-

y Ig a '

gnt c i

!.!. !o !o s

, u n s I l -

ij i 3 3 3 3 g I -

I - -

t ly r [$}3 1

. J>>>

, }O i _ _ _.

I i

EF y. l ,

} }.

': !. !. !e !a I

_G,,,

3

~

g d 1 1 j 3 1 a 3 l its g 3 3 3 1 Iir l JJ

$ . JJJJ I

I

,e rrra vec ar rrr E ggannr:ra yjjf 3 3 g s  ; ; ; ;

g 3 5 ,

5 l

j 3

y I, 1 I j .

y 81 ja A A A j a l l a I 1 .

}

1 1 u lt i l

; e o V s t at e g es ta i 3 0
1 1 I > n i E u t t JJJJ JJJJ ii s i a a E c

2 9 2 2 5 f e '! ! ! _jy $L_ _I

~

4 i

Appendix 11:

D.1 rsotection System 111ock Diagtarn This appendix contains four block diagrams of the CEBO+ protection system. One for each of the protwtion systern channels. These diagrams were constructed from various CE drawings ,

submitted in the CESSAR and in anectings with the NRC. The diagram represents LIRL's i understanding of the CE80+ systent  :

B1 DRAFT

MSMM " eye aoanoesP-eLS '.

SAmar I m T tem f9me 8tye e39 W e Cf1 % ***IeC __

m3 -

. .e. han Rgyr.m gaat taas geasset

  • pye me semp -

~~

2 '** _ r CIk 4 g _, gy = -e== e,9 _ tintsamme.semmerg

- * %O> hC m 79 0tv.Ces Ces gastsacesas e-e., he" M C M M E3 _ eaCB

, es, areecream = -enemerameeCgg .

  • W imme - temp menge Rest - """""

e, 2 2 g,,,, =* hm O W-W Suceam 9edeemeesameesw te m

pee tus see (tese - -

g g 4me _

trL _ =-- en amerne e % Ok * **CS 1***

> temas -amuse RogaM ===" ""'"

I -

88 TEp """'"*" %C't 5 m*CS shst

,A ** ----  : e

- , - ----*8 e o e v0est se - - * . - hm C ows nece

- ha esnCs ese m

Wesem CaOfwce - ~ ~ er ^

Deseemene8 mea meopsang - aseinemo gye a

I pasm OL D BO EseDe - - D'"

e ges . .

edessem me*9 a nmo,e, T,%,s my WF'es 8he'umM ""'""'"

g """"

Cas . t

.=='

% % . ac,=.,m M _-

- C, e

- 9m -

'"" i cyC* M a--

as- 'a'c"9 a===****- - %j Cr.r C.

CoC C--eve seao.ne.

Cue stmaneun tegume_ _ _

.,e bet #m $. set -

g. hep h C - e.

CEAteeme 3 "" C848 + Coas**eae .

beg gese .sunen nege nese -=ii=ii- ~*" CSm9 --- Sporeemusentyes C ""'" 2 C3h a up * "" ** D LE 88 peu m ammene, esse, a teamese . - > htm C3 Oces . chemen Comme esseur D5399 shes (Esse g = - > h LR 09 tpag . -- wesay=Summe e

DB2 4*'8 #e""* 8"9*M """

e Ces com - . . ss===

g Ch a 30

, ,,ggg gg feeg . Wamogmess *mmemem eresueu=9tre gy 7 g,,,,,,%,,,,,-

8 hen -tseMempsEmme ===== y tw - - > Tem Ce ,,, ,,

.= > ToLCL De ,  %%%

4h 98D """"

iCL toes ^_ tuye Dueseme80ame fene -

6' est2 9mme. A e,rs

.s,,,,,

e.memm,,e, ,,,-

Oa > 9e#4PPoum-4

.. . e=

Te consg gu ,go hamese Ciammeem pap Spees - -

fem m *e8C9 este esm=Commer emmen Weg,, pen. - y e ,,, AS .- * *= % 8"8 eryg

_  ; __ > Teort ,gg e,num

,,,c,, e,,-g,,,,.h OCome(Feygpunm arQ

    • e= Om 9 f'P 99 - *= * -- > Tom 9 M* WB p.g sim,,e,,,,,,,g,,,.

p.ese Ot C f** CS - - *= = = e. Tem CNC9 ey , e eg,,, es,,n,,,,,,

"hk N 6 -

, , , , _ 8 se O O f' PPM - - e- -. =- e. hm 9M D5 per e ag l m*C3 emmen Tg Camusteme em. u-n ~

, . em. Toar 3 1' 98 - - --

,. - m h tyme . p 9'e8

  • ememo tiyie

=== > b Opg ppg gp -- SWIC 9'**

7 - ****"*- --#'CW"*8EE"

- > Tecens . e MC *** te.rCamassem e Se=** 'mamany ampoense ESF - ._

. . . . , - O**thme hes s

_.- , M, ,s. - _ _-

e, i oc.,

= - -

=

e --

- De. ~_ _ _ __

cow cree c.p. c.,w sees new maw are ==em ames apes === g erw eaa. er, es= eser e - e i t e- t t t t t

.- we =- co emessener temmeuner tequemmer Smuu9 esseet  %^ 88WeC Caudb's 48stur esamme : e fiassene t_ - annan game a:

RSP 8aeussenesemen Beies,

,e.ne , ee -

APS AP9 On 2

-- me 3 Se.L.

e.emus

- eSensee 3  : Ten ,C e.e m FWFJRE B.1-1 CESoe PROTECDOM SYSTEaB SLOCK DEAORA44,CD8AN'sEL A 1 B-2

  • - ~ ~ ~ '

c==- c m a 1

- . ~ ~ . . , . _ . . -- i~sT n ~ a r ~ m, . e "

=i w-c.,., a. -

j .s - - g-

. u. m c rm e e c , e , ,..cc.

.em c - 3%:-. se -

_ ----- - -e.n t -

, - a a me r s.e. e__w

_ - . c. ..c -

e _- .  % ,

. ,i , _  ; -

e1 t--,- -

1 -

--. W 7  :

l

- 'J* *
iO

- , . . - . ~ .

., - ~

c ...e.,.___

.__ eattra .rm

, - ~ a. . .  %

e.e., c c,. . . .._ ___ >

u et- s,. - -_w c--

- -~~~

C,

, . e.e. 2___0 Cf. Ces ""

-. .8."18 c1 .--

    • '.*8.**.'T.,*

__________y_ _

_ _ c_.c_.

c

c. c: - -_ __

=~a c, e.-

cm . - - - *  : e

= t ,. -

, - et. c. c-:-se - . -

_ _ . ict .,

e, , e

, e c w

_ __ __ ,.,.t am e.,, .. ---

m. -c

= . . , use - - .-

--un .

_ _ _ v. m e. ...,

._..c,,.e.,,.

_ ,.c,c,c.c ,t.e,

_ _ _ ,.in o. -

~. w_-

. , ~

_._ ,, c.c s, g_ ta

s. t.re i-

.t c.

--~ -

e. _

.=

,, _..e.,

a cz c -..ec, . ,i _ ,_, -. -

i _ _ _ __,_,e, c., . .,

e, ~. e.- - w ecta.= ' e m aa.o . m m. . _ _ . , . c, e a----

--~~ - - ,_ ., ,. - c oc ..esce____ __ _ ,.c e. ---

. o. v= == -

s,

-,c-c.z - -- .%.

_ _ _ , .. . , . ..c m-

'a, w Ca

'tC

. -- ~

ESF

m e-e uce.-

r Sk ir-r- c- Ake k e k e k:e ,

~~ ~

t - =

g g _ _

c~ c~ <~ c~ c~

. .. . $ h -- . h h . g h - @ .. f ____I t t c-t t t t t t t t t t t t 7 we oc .- oc

.e om e er e..P e 9 .g F.ey e. a.p C C gey S 9 Du e f t y a cf.w .c RSP SEE SHEET 1 FOR APS DIAGRAM DOU8tE B.1-2 CE83. P8tCTECT1084 5TSTDI BLOCK DAORAM. CHAM'4L B B-3

an ""**""**"'*******

  • en===s c Pes m ,wiu "'""*"*"""**"- cm o,.c

-. . so. . a.e.s. m +=ee=,,

cc.ce,s

==w T -

e

  • d**

2 -~ NUe $ Esc $

~

"* *==* b

~~ '~ ** *

      • [

so,u .===a a.e - -

___ m-y wen a ew -

g - --a-e.,,- - sem acm sean se.s -

=.=e.. cem s

,see t , m--a.g.a. -

s. - .

C2 . .e L W -acs a - a cm a no v4 na - - *. *- %.tm

--. i C m **c1 o e cs#CC3 sce v: - ,

    • C ****~~ , *--. e.

r c a ..a pm - ,

%,c,C.m

, ., o NW a "cn" e's'o"e.o-

  • a8* sm me h 9 meme LPo 4 ar *-a *pr*

'c-= ,a -m -,ee - ,e -

=== ucs w ca.s .:

can cm.o._, _I ce , .c

- - s. .: ---=,4 a===== a. . e e.g. == = c, .___

____.Y. c.e ,

e c.c.

c

. cw c- - - . - -

ismen et , - - _

-c- c

, ,e- me e m . - si e,.

c'c.ite -

isart eiaa.a ,a e - -

c'*cd

~s T -*-

, ,c. -_  %,.ta ta as a e ec=

<====c=

c. - - - .- - e nter es ==.=.=.-s --

leasoem sum -

co.,s . .om -

e ,-,--, 's.== a a.==. w

- - - % in ** gs pg.,..,,,,, , -

c. e so - - > htet ** vv e= =.

, e a i a=,.n 4 - - gc, .e,e.te - .- > T.ttt De twee ow==w**= ===== heaps.

,a ,

g, ggg taa i

- - gc. oe,c,tc LCL 4.uu8 C "W4Pw. t.v.

It.,*= m -

c3 -

- . n.=:a .c - *===

p e om. %., -

-- cm,e === .-.=.==*ha-

= = < = = = = = = = - . s -

e _ _ ==t=

.n c a ,s e - -

cs _-muca t. e.s u e.,e ===s sema.ft.,.ec amo ,, ,

_ _ ses ===s===.===sa.-***

a-.<

cm a c. . ., - - _ _ . we. . = s w o o n ,s *-s w a== .- w===

t. ,ev==amao - c e , ,, _ _ _ w .w - _

e ces.am p o e :=, on _ - _ _ v.o owee, ==> a.-.=*==.-**

en.e - y c.,, ,, ,, . es a.-

  • eca w c> == a-a'on tea arc. - u , se --
  1. 988*******

_-u.,, Tv. c,.ec .e.,s . p aw"9

  • tc

. sa.=*===."*****W"*

c t 9s.m.W e.e.ny g gem

_ _ u p.s ESF

{.-

r- r-co c.tc~m uttavo o,can

- =c L We wcys v. oms p., e, e gg.e --m 0*. Cees c c*w cP*

i a

c s ,

s,s ..me 5.eu, r .

e . .

s==- c.=.,

RSP SEE Sheet 1 FOR APS DIAGRAM nOURE 8.1-3 CEsc Pft0TECTION SYSTEM BLOCK OLAORAM.CHANNELC B-4

w,,,,,,,,,, e us- - _- m,, ___,,,,,,m,,,,_ _

,,,, _ y , t -- _

,,, __-.w.e...,.=_- , , , , , , - - - m, - -

-__ .. ._ m cc _ _ ,-=--

- - c- - -- -

,,.e.,_ ___

- c .

.e. . .e.c.,_- -_

-- c.e.e - - - ..

- ~ , - -

L. - -- _

y =

- m - -

-we..- -

-ee%

e

-o..--

- ~ _ :::c o.g =

, e m c. - - - eate ammunee aseeseng yne Ceutsameremen, whometaep - p - s ebenCB a 30eseas - - > arg esamme, sneen., genesis, me*g ww hy gyme a ~ c-

- g - eJr,

'Capestuusepe#mes - Neuem fsg

- c - c. ' H ""L** a== =:= *w==

g cea ting Capons fazios assommo g._ _ _

em gy.e

.mensenpo pues . seg.Se=po pe - g U"C**'"*I*"'*" Chassie 9 C*r-6 9 cec"1LC W C*****""e*'*~E-Cees Pun jW33 men. Rast S -+ C-Fom.e th Cg C9 9 -

  • = .Spee esmetap 9 pus CE cerses ^

w,mese, l332teve mRee Reagt Psm, - g

-e= ===' _- g, g ,g = _ > h LCL

- To LCL3,,

C T***

9'**'"tas"ieg t>aemp anneur g% DCw a . o p. T.tgg e3 r ._ me ene %,sene

'9G7CBE P'es t lemt

- g h

8 a (Nt3 L'**

ge og O**8"****"899"***e,

_e e. g,,,,

'932tme meme= Amipet** -

e -

e g ,g = -m.T.Ett es gee sw g e, e mese.

g g- e = .= fo LCLCe 99P aremmemn 9m puumeneur km LeeIte=ymE.=9 - . . em. T.LCE AG 198e9 .

9 t AI. - tere W ~

- t*"1 tere Camer. cons, toys

@ pet M - *W88'3*48*

-  % ,,. _ p T,esta paid - O s'i> e areTee_ -

M teue 4 Oneur Tome _ gg ~~s a e= == - .* --

,, _ _ " 8'em Ceee aman

-c e as 9 -

2 OS v. .e.s tp4'S enom tessmanau e sm W

,,a,,,, ,,, ,,, e,..gegpg T.Co s *ts *==co'==****

% 8he rgiour QCPJe(TegeGPhate APC)

- 9 e.e,.en y, g gg g etreog-99p gg . _-

.e. c. . - ., - - e p

- , ve em o ** sn

,,,,p g.

v.Ch.

c C.f"oT.,I

==

emp I

--e.'"

U'" **8*

wup

_ , , . 9f** #*CS em.ame a* 3,pmaamme osame mesm. s isr"Om TCg etBC o -

a

. men,e,

_' - m T.# wast

- .- u. .es. ,

.. ,-e~e

-, m

-,.m.,.

,.,e tc m,s. ~c~ . , .

- ca ESF ct estcn:m tm.c l c . e.e-

- ll e.

c- t-

- sec t'

,. m ,. c.e e w - - --

c~

c~ T$ c.a.

I c~

e .,

co e s ,

se.name

,;- menees.

ta=,umsy *******

- c. -,

RSP APS SEE SHEET 1 FOR APS DIAGRAM nOunt au cesee PROTECT:ON SYSTEM SLOCK DIAGRAM,CHAhWEL D B-5

e $

. o Appendix C:

C,1 Signal Association Below is a table vhich shows which process signals are associated with which ESFAS The top row list the initiating signals and the first column !ists the ESFASs. An T indicates that tk process signal in this column is used in the ESFAS in this row. Urcommon acronyms used in Table C.1 1 are defined here:

Cont Containment H High H-H High High L Low P Pressurizer Pres Pressure Rx Reactor SG Steam Generator Table C1-1 Signal to ESFAS Association H H L MSIS Sl AS H-H L L H-H H L Rx Cont P P Signal Signal Cont SG SG SG SG Cool-Pres Pres Pres Pres Water Pres Water Water ant' Level Level Level Pres CIAS X X SIAS X X CSAS X X MSIS X X X MSIV X MFIV X SIS X X EFAS-1 X X EFAS-2 X X AFAS X ARTS X ,

C-1 DRAFT

4 4 Appendix D:-

D.1 Signal Path Below is a table which shows how various process signals of the protection system are routed.

The top row list the display and control systems and the first column lists the process signals.

An *X" indicates that the display or control system in this column directly interfaces to the sensing element of the process signal in this row. A subscript on the T indicates which particular sutrsystem receives the signal or which particular signal is read. The remaining entries in the table are protection or control system acronyms and indicate which system passes the process signal to the display or control system listed in that particular column. For example, the first process signal is SG1 Cold / Hot legs and has four redundant transmitters labeled TE112A through TE112D. This signal is directly connected te ne ?PS and the PCS. The DPS and the DIAS-N receive the signal from PPS.

Uncommon acronyms used in Table D.1 1 are defined here:

C/H Cold / Hot Cont Containment Dep Depressurization dp differential pressure Emer Emergency H High HH High High injec injection L Law Lev Level Nar Narrow P Pressurizer Pres Pressure Rg Range Rx Reactor SG Steam Generator Tk Tank D1 l

DRAFT

. . L e-

'w.

Table D.11 SJgnal Path Process Signal .DPS DIAS D1AS PPS PAMI ES F- P-CCS PCS NIMS Transmitter Tag - N P CCS SG1 C/H legs PPS PPS X X TE112A D l SG2 C/H legs PPS PPS X- X  !

TE122A D-SG1 Lev Nar PPS PPS X X XFWCS LT1114A D j SG2 Lev Nar .PPS PPS X X- X FWCS j LT1124A D .-

SG Primary PPS PPS X dp/LT1124 A D P Pres H - N PPS PPS X Rg/PT101 A D P Pres L-N Rg PPS PPS X TT103-106 RCP Speed 1 A PPS X SE113 A-D i RCP Speed 1B PPS X SE123A D RCP Speed 2A PPS X SE133A-D RCP Speed 2B PPS X SE143A-D ,

SG1 C/H legs PAMI . PAMI PAMI -X.

TE111 A&B SG2 C/H iegs PAMI PAMI PAMI X TE121A&B RCP Pres - PAMI PAMI PAMI X P190A&B Rx Flux .PPS PPS PAMI X X X X-RT-001 A-D PAMI- PAMI Cont Pres Wide PPS PPS PAMI X X PT352A D PAMI PAMI Cont Pres Nar - PPS PPS PAMI X X PT351 A-D PAMI PAMI SG1 Lev Wide =PPS PPS PAMI X X X LT1113A-D PAMI- PAMI SG2 Lev Wide PPS PPS PAMI X X X LT1123A-D PAMI PAMI SG1 Pres -PPS PPS- PAMI X: X X PT1013A D'- PAMI PAMI SG2 Pres PPS- PPS PAMi X X X PT1023A D PAMl' PAMI D-2 DRAFT

.-, .V

. ; -. - _'i w

e

. g. . ,

Iable D.11 Signal Path Continued =

  • Process Signal DPS DIAS DIAS PPS PAMI ES F-. P-CCS PCS NIMS Transmitter Tag N P CCS Refuel Water Tk ESF-A 'iSF A XA&B LT&TE300/301 ESF B ESF B i Emer Feedwater ESF A ESF-A PAMI X uvei XA&D Various B, C, D B,C,D Safety injee Tk ESF ESF X X Various P-CCS P-CCS Cont Spray ESF A ESF-A X Vadous B, C, D B,C,D Shutdown Cooling ESF-A ESF-A XA&B Various ESF-C ESF-C Safety injee ESF ESF XA&C X Various P-CCS P CCS Safety Dep ESF-A Xt emp XA&B XALMS Vadous ESF B ESF A NIMS ESF-B .

Pressurizer lxv PAMI PAMI PAMI X X TE & LT P-CCS P-CCS w

D-3 DRAFT

Retrieved from "https://kanterella.com/w/index.php?title=ML20126F677&oldid=2907584"