ML20128N826

From kanterella
Jump to navigation Jump to search
Summary of 921006 & 07 Meeting W/Westinghouse in Monroeville,Pa to Discuss Instrumentation & Control Sys of AP600 Design
ML20128N826
Person / Time
Site: 05200003
Issue date: 02/18/1993
From: Kenyon T
Office of Nuclear Reactor Regulation
To:
Office of Nuclear Reactor Regulation
References
NUDOCS 9302230455
Download: ML20128N826 (89)
v  d  e


Text

. _ _ _ _ - _ _ _ _ _ _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ - _

a

(

e g

4 p

[pmic UNITED STATES

!' s h'%

NUCLEAR REGULATORY COMMISSION

$. / ,E WASHINGTON, D. C. 20$$$

February 18, 1993

.... f Docket No. 52-00~.

APPLICANT: Westinghouse Electric Corporation PROJECT: AP600

SUBJECT:

SUMMARY

OF MEETING TO DISCUSS THE INSTRUMENTATION AND CONTROL 9

SYSTEMS OF THE WESTINGHOUSE AP600 DESIGN On October 6 and 7,1992, representatives of the Nuclear Regulatory Commission (NRC) and the Westinghouse Electric Corporation met in Monrceville, Pennsyl-vania to discuss instrumentation and control (I&C) systems of the AP600 design. Enclosure 1 is the list of attendees. Enclosure 2 is a copy of the slide presentation made to the staff.

Westinghouse opened the meeting with a discussion of the general philosophy behind the design. The applicant indicated that much of the design of the AP600 was governed by the EPRI Requirements Document for passive plant designs. Westinghouse indicated that it wants to discuss the relationship of inspections, tests, analyses, and acceptance criteria (ITAAC) and its design process early in the certification review, so that NRC audit points of the process could be established.

The applicant stated that the I&C design uses mostly fibre optics technology, where it makes sense to use that technology. The design does incorporate hard wire at the integrated logic cabinet and integrated protection cabinets. The AP600 uses three kinds of control systems: soft (touch screen), dedicated switches, and diverse actuation switches.

Westinghouse then discussed, in detail, the design of the Protection and Safety Monitoring System, Integrated Protection Cabinets, ESF Actuation Cabinets, Protection Logic Cabinets, Plant Control System, Data Display and Processing System, and Operatioris and Control Center System. In addition, they discussed the testing methods that will be employed on the systems.

The applicant stated that the I&C system meets the single failure criteria.

The AP600 design meets the first three of the four positions in the July 6, 1992 draft Commission paper. However, the fourth position requires a safety-grade backup system. Westinghouse is developing a non-safety Diverse Display System. Because the focus of the issue is on the failure of the software, and not the hardware, the applicant proposed to make the system non-safety. The j staff indicated it would evaluate Westinghouse's proposal.

Westinghouse proposed to use the probabilistic risk assessment (PRA) in lieu , I of a failure modes effects analysis (FMEA) because the PRA addresses common-cause failures and the FMEA does not. Westinghouse stated that the PRA only [ f 930223o455 930218 3 220001 a PDR ADOCK 0520 A

1 8

February 18, 1993 l looked at worst-case failures that affect safety, and does not address nuisance failures. 1he FMEA does not allow quantification or identification of system dependencies, unavailabilities due to test and maintenance, common-cause failures, or human error, while the PRA does. The staff indicated that Westinghouse may need to provide a way to use the PRA to demonstrate clearly the information that an FMEA provides.

Westinghouse then discussed its verification and validation program.

The applicant then discussed the ITAAC for the I&C system. Westinghouse intends to develop ITAACs for systems that perform safety and defense functions. The applicant believed that items such as electromagnetic interference (EMI), radio-frequency interference (RFI), and separation would be covered under Appendix B of 10 CFR Part 50 and 10 CFR 50.49. Therefore, Westinghouse indicated that they do not believe it is necessary to develop a generic ITAAC to specifically address these issues, and proposed to use a different approach to address the generic ITAACs that are being developed for the ABWR, The staff indicated it would evaluate Westinghouse's proposal.

0A9 hnl%vd,%; .

Thomas J. Kenyon, Project Manager Standardization Project Directorate Associate Director for Advanced Reactors 1 and License Renewal  !

Office of Nuclear Reactor Regulation '

Enclosures:

1. List of Attendees l 2. Slides cc w/ enclosures:

l See next page l j

DISTRIBUTION: w/encls. i Docket File PDST R/F THurley/FMiraglia,12G18

! POR WTraver DCrutchfield i

' PShea RBorchardt  !

RHasselberg I

i w/o enclosures:

MChiramal, 8H3 HLi, 8H3 TKenyon j

ACRS (11) EJordan, 3701 JMoore, 15B18 i 4

0FC: LA:PDST:ADAR PM:PDST: MAR (AD);$ST:ADAR NAME: PShea od TKenNrI:sg RBohardt DATE: Of/f/b 02/gN3 02//f/93 0FFICIAL RECORD COPY: DOCUMENT NAME: 1&C MIG. SUM 4

. . = . . . - - . . _ . . - . . . . - . . . - ._-.- -- . - - . . - . - . - - - - . .

I Docket No.52-003 Westinghouse Electric Corporation 4

. cc: Mr. Nicholas J. Liparulo i Nuclear Safety and Regulatory Analysis Nuclear and Advanced Technology Division Westinghouse Electric Corporation

. P.O. Box 355 .

Pittsburgh,-Pennsylvania 15230 j Mr. B. A. McIntyre i Advanced Plant Safe. , & Licensing i Westinghouse Electric Corporation j Energy Systems Business Unit l Box 355 Pittsburgh, Pennsylvania IS230

Mr. John C. Butler Advanced Plant Safety & Licensing i Westinghouse Electric Corporation
Energy Systems Business Unit i Box 35S
Pittsburgh, Pennsylyania~ 15230 Mr. M. D. Beaumont
Nuclear and Advanced Technology Division Westinghouse Electric Corporation One Montrose Metro 11921 Rockville Pike Suite 350 Rockville, Maryland 20852 i Mr. Sterling Franks l U. S. Department of Energy l NE-42 l Washington, D.C. 20585

! Mr. S. M. Modro

! EG&G Idaho'Inc.

Post Office Box 1625 Idaho Falls, Idaho 83415 i

I Mr.-Steve Goldberg Budget. Examiner -

l 725 17th Street, N.W.

l Room 8002 j Washington, D.C. 20503 i

1

_m __ __ _ . _ . _ . . _ _ . _ . _ _ _ . _ _ . . _ _ _ . _ . _ _ _ _ _ _ _ _

l I&C MEETING ATTENDEES OCTOBER 6 AND 7, 1992 HAE ORGANIZATION 4

BRIAN BELEY W PED MARKETING JOSEPH BIRSA W NATD PI&CS KAZUHIRO TSURU W NATD PI&CS i

JOSEPH LEWI CEA/IPSN (FRANK)

MATT CHIRAMAL NRC/HICB i

HULBERT LI NRC/HICB THOMAS KENYON NRC/PDST ALAIN G0UFFON CEA/IPSN/ FRANCE JEAN HULST DSIN/ FRANCE-BERTRAND DE L'EPIN0IS DSIN/ FRANCE i B0B WYMAN NRC/LLNL i-ALLIS0N NEGUS X NATD/MMD WIESLAW SZMEK W NATD

! J. BRIAN REID W NATO j SCOTT NEWBERRY NRC/PDLR PHILLIPE CROS-GEAN NATD-INTERNATIONAL SHELEGH MORANDINI NATD-PRA i EDWARD A. HART NATD-NUCLEAR EQUIP. ENG.

ANDREA STERDIS NATD i GILBERT W. REMLEY WPCD i

4 4

Y Enclosure 1 e

i i

4- .t 1

i AP600 '

i

[

INSTRUMENTATION AND CONTROL i

i

! October 6 and 7,1992 i

i 1 i

l i

_ i l' .

i l

r i

?

F AP600 INSTRUMENTATION AND CONTROL -

e t INTRODUCTION I

i

~

i i

I i

AGENDA FOR USNRC MEETING ON I&C, OCTOBER 6,71992 l

OCT. 6 WESTINGHOUSE ENERGY CENTER TIME TOPIC RESP.

8:30 - INTRODUCTIONS / REVIEW AGENDA NRC\

9.00 (W) 9:00 - OVERVIEW JBR 9:30 l

9:30 - PROTECTION AND SAFETY MONITORING SYSTEM JJB 10:30 ARCHITECTURE i HARDWARE 10:30 - PLANT CONTROL SYSTEM [420.6) - JJB 11:45 ARCHITECTURE

, . HARDWARE J i

i i 11:45 - LUNCH I 12:15 I

12:15 - DIVERSE ACTUATION SYSTEM JBR

- 1:00 ARCHITECTURE j HARDWARE l

1:00 - DATA DISPLAY AND PROCESSING SYSTEM JJB 1:45 - ARCHITECTURE HARDWARE l 1:45 - OPERATIONS AND CONTROL CENTERS SYSTEM [420.5) AKN

2:15 - ARCHITECTURE

! HARDWARE-l 2:15 - VERIFICATION AND VALIDATION PROGRAM JJB l

2:45.

l 2:45 - PMS ITAAC AS/

l 4:00 JJB 4:00 - PROCESS BLOCK DIAGRAMS [420.8) JJB '

, 4:15 i l

, 4:15 - PRA ISSUES [420.2) SM i 5:15 3 5:15 - EPRI URD COMPLIANCE JBR 5:30 PARTICIPATION IN URD, CHAP 10 SSD TABLE URD COMPLIANCE MATRIX

_e i

e

^

i l

l OCT. 7 WESTINGHOUSE PROCESS CONTROL DIVISION  !

q TIME TOPIC RESP.

8:30 - OVERVIEW OF DIVISION PRODUCT & PROJECTS PCD

! 9.00 I

9:00 - Pl. ANT TOUR (GENERAL) PCD 9.30 I" 9.30 - IPS PROTOTYPE ROOM PCD 10:30 10:30 - EMI/RFI FEATURES [420.1) JJB 10:45 10:45 - NOK BEZNAU COMPUTER SYSTEM TEST AREA ~~

PCD l 11:15 11:15 - SIZEWELL WISCO SYSTEM TEST AREA PCD 12:15 -

12:15 - LUNCH 3

1:15 1:15 - WRAPUP ALL 2:00 1002nenn J. B. Reid,10/2,92 i

'W . 0 1 NATD A"TENDEES- NRC ATTENDEES J.J.BIRSA S. NEWBERRY R.B. MILLER H. LI S. MORANDINI M. CHIRANAMAL A. K NEGUS J. B. REID A. L. STERDIS W. SZMEK K. TSURU

.4

i '.It Ii, : It . :rI I ! ,i l f!:: I :6 h .  ![?

6 .

I !

- L

- O .

- R

- T N d O

C D

N A W E

0 0 N I V

6 O R

_ P I E

A T A V T O N

E M

U 4 R

T S

N I

g t

A 41 i 4 4 e ;l

.a. g _ 1:.. a=;,a -

l go 55

- 4 a h

I -1 s 1

. I 1 , ml ,

u

!' i '

2 - 1 I.

il Il l~:'lli --

il j

rF 3

p =

8 1 a f n L lll

~

i  ! l 3

I , - ,

~

il  ! l i l

'5 bile $

It -

bi l li ==

! $I h '

  1. lk-

- +1' I slrll +~ ,lf b [i ,lJ J l

Ey c -

=

=' s i g r

ss t I-g -

e

  • 8,i s

s

.h r e l lb- {3 te a lg a g, If g- an l,I i ie a- a__

ds.ka. I; .

5 I h ik a

amreIEW

Equipment Design Philosophy Core Digital Processors Characteristics:

~

e Rapid technology evolution e Large development cost

  • Other industries set standard g
  • Complex m6dules Design Approach:
  • Purchase from vendor j e Select board level modules e Relies on broad-based .

experience e Standard interface to next ,

layer

a Equipment Design Philosophy input / Output Mocules Characteristics:

  • Established technology

_ e Relatively !arge numbers

  • Impact by Nuclear requirements k Design Approach:
  • Custom design by @
  • Integrate with diagnostics e Design verification testing d

!l l;,  ! jjl:i; lll  !:!

, i !!!

e c

n s e

r i t

e n f

r -

u t

e e l e

t ns n b yi s i

b ga ne r me t

i ai go c r c h

cd ca l

s ef a c del i p t

c n oo nf a eh ns e g i t

i o

r gI r

y n s ci t l p i sFa r

i i

cor p h

p i

g r

e stmetn Ad/u eRl o a t c e o i

r o n I

Mo d

s k c aSPC r

a eee i@EM g

s o a h e eee l

i P C D h

P n

g i

s -

e D -

t n -

e .

m i

p u

q E

U

!!!i1 )l1 1l1, 1,;!, li!l!ili s

m e s t

s e dr -

s e u a kb s e l y cng d ni S f aoavi t

nix a al e l

r r e a c n t e t nref t e st at f

h i l

ad a t

r t n o n c m O d ois h i

oirt o

r t y t o  :

s n ef one c a a n t

o pf a

h c vl o r r t s

i m eea s eiea r t

p r o e i r

l pni t pt bd p ni f c eie u A eee i

p s a t t l

c uoe t q o f r aMPR n sse gUUK e

l i r i h t a ee* .

s

  • ee n h e P I C D n

i g

s e

D t

n e

m i

p u

q E .

g .

i l

Westinghouse Design Philosophy MAINTENANCE FEATURES Characteristics:

Complex functions g Diffuse symptons

~

Key to reliability Design Approach:

, Automatic tester ,

Comprehensive diagnostics Plug-in modules 1 Y

h

g 2 . . . . .

N m

4 s

k l <

l

'5I,\

I * . -

tm

.E '

=

l E

b

.Mk 5

\ ,,

l 2 ~

m t

y I

1  !  !, 1 ,

i i l@

I l

2 l

i 1 i i i. g 2 . 5 1 g l 1 . . e

! ir En t.a 1

i  :

l

7 _

9 _

1 _

7 _

1 _

P _

A -

f W _

=

=

=

=

W E

I V

- R R

E

_ _ _ _ - ^ _

_ __ _ _ _ ___ _ - R t

u o

y a

L I t e

i n

b W a

, , , , , ,7,,' , , ,', E C l

. I a 7-v""~"~"~"w"v"uvvm"~vvvv, h ' ' ' 'h1= ' 'iI , , ' i , i V r e

n 1

3 i

N E e 3j- D G i i -

I 4-J -

S 1 3

e r

I u g

i P

,s W l l l

' . ,h

i. E
a .. I

". V m

,= .

- ". T N..

m ._

N O

l [

~

(

-s - 2

. R l - [

F

~

I ,

I r

9 2

AP600 ,

l f PROTECTION AND SAFETY MONITORING SYSTEM a t l

l

[ .

l ARCHITECTURE .

1 i

~

a l

i l

s i

i

-_-. . - - _ - - = _ . . _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . - _ _ _ _ _ _ _ _ _ _ - _ _ _ _ _ _ _ _ _ _ _ - . _ _ __- -

STRUME U

.A__P_600 IN_ggg,.,NTA__T_I_O_N_&,_ -- =-

- g, CONTROL , ARCH._ITECT_g_RE_.

, _ _ . _ .i 7__.__g, -_ ,______,,m________,l.,___;___., j

!.  : -i i i
  • I

!  ! - - !j.j Oe p'I

i. lir  : _ _._.

m :i:  : 1 5  !

$ ~=-

i _

l M ll[

__ ' ner._ _ __._____W r . I' .

i._ ___

-____..._____.__.._.______.__.g._._< : ~3_ 7 ------ r - g

,-! "r--- ------

. <x, .x, ,,,,. , oo . i i j .

t 95_}- l'k l , , _

.F g i i i

-y l

I p'cp lne.mmenon ue

<d opi!4! r!10

.l*ns n=

a "

lL

= _ . . _

= mcw me9;

,,,,,,,x,,,,,,

L-y <,

! " """" ""_" _.NY ._ __ . i

,, I I .

l I"m m**" _ __ _ __ _ __ . _. . __ _ __ _ __ - --

- r= - o Figure 1.0-1 1.0-3 i

! WCAP 13382

+

AP600 PROTECTION AND SAFETY MONITORING SYSTEM ARCHETECTURE .

2 r5a:

c>c)

S c>o c)o eo

- 70800 i,

j oooo ^

A '

/ g O d

(2 n

,7 - =

-ya..

i s

. F,.

,y

-l < gg A WITEemATED V

e l t>

jl M I g NT LDS O I N  :

O p.i' . .

1 A A A

[

t

i a

i i

I t

AP600 ,

l<

PROTECTION AND SAFETY MONITORING SYSETM i

,e  !

E 1

I INTEGRATED PROTECTION CABINETS t i

l I

4

! l 4 i I j I ,

t i

i

m.44 3-w-%.m Me -mE.mm .h.ww-m.a4,-- *-W.w.24z-teu-. A.4'-w w'- -----w'--'- -=w-----------w.---.-n '

-w wA--Aw - --- --4.w--m--- - ---'- A.---- %-- --w ----- - .h -m-m..e. pr h*u-nA-:E.

s I

I 4

i AP600 i

PROTECTION AND SAFETY MONITORING SYSTEM l l l 9 .

i ENGINEERED SAFETY FEATURES ACTUATION CABINETS 1

t i

i i f

l l i

4 1

j

- - - - - - - - - - - - - - - - - - - - _ - A -- w

i AP600 PROTECTION AND SAFETY MONITORING SYSTEM i g4 O

PROTECTION LOGIC CABINETS i -

l 4

i i

as n. .. - n..~.a .- u. a u..r...a.-m..a.--- .-aw a a.- - - ~*.a ne -as,- a ~ --,s e, - . + - - . we-an.----.n ua-.._ - - - - n.s e e 3

r i

E a

l-t,n u)

J O O o

  • 43 Q H

< Z O

O l-Z

~

CL.

i i

i l

l i.

I

< . ... ~, . . ,, . _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ - _ . _ _ . _ _ _ - - . . - _ _ - . . _ . -

u n. .m m + 2 a . m 4 - . - - , - , .e.. -w --m w A I e"

ou Y

cm E

2 I z i 6 1 3 ~

i

=

@ ,T-o< .

m i s  :

h l 8 m F

>. 1 - I  !! 3 8

$ ,l li

g! m g* MB

- EgIn 8 ..

g Ek @

o 7 em u

5 m.

V w ..--, . , , , . - - , . - , -

4 l

(

f l

l il 4

i

'f i

t i

b -

4 i

AP600

}

DIVERSE ACTUATION SYSTEM 4

l

[

4

. t I

t i

I I

I t

~

! i i'

I i

l  !

1 i

l AP600 D VERSE AC JAT ON .

i Current PWRs Provide Diverse Actuation ATWT Rule '

l -

Westinghouse provides diverse actuation l (AMSAC) to trip turbine and start AFWS l .

Pressures To increase Diverse Actuation j -

Common mode failure of the IPS willlimit the  ;

l core damage frequency of advanced plants i

NRC / ACRS concerns (SECY-91-292,10/91) l -

Software common mode failure L

Multiplexing / I/O card common mode failures l .

Westinghouse AP600 Approach l -

Latest advanced l&C design uses the same

micro processor based design for both the

! control and the protection system design -

The AMSAC will be expanded somewhat so that j the plant CDF / SRF goals are met Some additional diverse automatic actuations j -

Some diverse manual controls Some. diverse control board indications

)

The diverse actuation hardware / software will  !

be made diverse from the control & protection system l -

The diverse actuation equipment will be non-safety grade T.: = 1 ;* %

. - . _ . . . . - . . . . _ _ , . - . . , - , . _ _ , . _ . _ . . - _ _ . ~ _ . _ _ _ . . _ _ _ . . . . _ , _ ._ .-- ....-, - _.-.._.~ .. _

i i i

l l A3600 DIVERSE I&C FUNCT ONS I

Diverse l&C Functions j -

ATWT mitigation j -

Reduce core damage & containment failure l l probability i

Reduce dependance on operator actions -

I

! . Diverse Automatic Actuations Reactor trip (MG set)

Turbine trip (turbine isolation valves)

PRHR HX, CMT, PCCS actuation (valves)

Selected containment line isolation (valves) l . Diverse Manual Control.s l

Hard wired controls mounted on main control board, bypass IPS and DAS Limited number hard wired controls Backup for automatic DAS actuations ~

For ADS valves & H2 Igniters.

L - Diverse Control Board Indication Limited number-diverse control board indication l

To confirm diverse automatic actuations l

To guide operators manual actions L

r.: . > :, 1: -, .

__ _ - _ _ . - _ . . . _ _ . . , _ - _ . _ , _ . _ , - , . ... _ _ - , _ _ _..., . _ ,_ , ,_ _ ,_..,.--_. ,_ . ~ , _ .. _ - _ ... ~. ,._ _

i l AP600 DIVERSE ACTUATION i

l Instruments used for Diverse Actuation  !

Instruments Automatic Manual

! Actuations Actions l 1. SG wide range level -

- Reactor trip - Reactor trip j - Turbine trip - Turbine trip l - PRHR HX - PRHR HX 1 4

2. Pressurizer level ' -CMT -CMT ~

', - RCP trip - RCP trip l 3. Hot leg temperature - PRHR HX - PRHR HX

-ADS i

4. Hot leg level - IRWST MOV -CMT

! (shutdown) -ADS l 5. SG high level - PRHR HX L -ADS l

j 6. Containment temperature - PCCS -PCCS j - Cont isolation 4

j 7. Containment H2 - H2 Ignee -

i i

i T.! 8 h4 ,

a Y .

, . - , . . . , . . . - - _ , , - , , - , . ~

1 t

PROTECTION SYSTEM / DIVERSE ACTUATION SYSTEM BLOCK DIAGRAM NKOXTi><- M A X,X>OOOO'S moI.N,u".Ak

- -o rtAa - ,s

, oseruvs -

,oc 5 ometave piosen W//,///X 5"""XOX$ o v/. nonctase is I I

_ m g,, (ZKixWKg ,w o.vew oweur systs= mt se oevense

. -  ;,.::rs. ;  :

.g: =g##>j == "a="-"c-= "-

gymg=..

ac m nows acunous g4g ,m ,m ,,,,,,,,,c ,,,,,,, ,,t,,,,,,,,,,

" ,nces tm ensonarto rnortc,m srstru

%WWW

. x <asossionsus <K j ons certAv >

iemocEscom >

w

- o

""E****

cuatrWD MN # O'U X #/

o.m tAv q_ _ _ "qggggo -

$M a'"

W. E.4. .~g$

_ q.,

i s

e-e-o .,,,,,A,,,

WEN inA ROO Of4WE ano sti AC,uADOM ogg3 _,_

v oz_q1.--

(stoa,c }

. - = =

e -e- .

E00sc .-- -

CA.uET AP600 CONCEPTUAL e

.._m___ . . . . . ...::... e

l

~

j; 1

i .

l t

i 4

DIVERSITY GUIDELINES i

L 2

DIFFERENT VENDOR'S PRODUCTS i

[ DIFFERENT CIRCUlTS  ;

i

i DIFFERENT PROGRAMMING LANGUAGES t,
DIFFERENT OPERATING SYSTEMS i i

i BUT: .

i FUNDAMENTAL COMPONENTS SUCH AS RESISTORS,

! TRANSISTORS, LSI CHIPS MAY BE THE SAME i  :

}

i

- - -- -- - - - - . - ~ , , -. - - - - - , - _

t

j i

4 i

a

[ DIVERSITY IN THE DIVERSE ACTUATION SYSTEM

.1Y PRIMARY DIVERSE SYSTEM PROTECTION ACTUATION SYSTEM SYSTEM INPUT SIGNALCONDITIONING WESTINGHOUSE 80 BOARDS non-WESTINGHOUSE m BOARDS

^

INPUT SIGNAL CONVERSION Intel A/D CONVERTER - non-wilel A/D CONVERTER SIGNAL PROCESSING (SOFTWARE) PLMe6 BASIC. ETC.

MACHINE LANGUAGE DOS NO OPERATING SYSTEM SIGNAL PROCESSING (HARDWAE] Intel SINGLE BOARD COMPUTERS *XT-CLASS

  • PC COMPATIBLE las. Jos. 3e8 PROCESSORS 8088.8b86 PROCESSORS PROGRAMMABLE LOGIC CONTROLLER OUTPUT SIGNAL CONDITIONING WESTINGHOUSE to BOARDS non-WESTINGHOUSE M BOARDS
i. SOUD STATE RELAYS ELECTRO-MECNANICAL RELAYS l
l. OPERATION AUTOMATIC FUNCTIONALTEST MANUAL FUNCTIONAL TFST I t

! CONTINUOUS SELF-DIAGNOSTICS NO DIAGNOSTICS

[

DE-ENERGIZE TO ACTUATE ENERGlZE TO ACTUATE REDUNDANTFOR SAFETY REDUNDANTFOR AVAILABOUTY *

. .,.vER SOURCE CLASS 1E NON-Ct. ASS 1E  !

HVAC CLASS 1E MON-CLASS 1E LOCATION . SEPARATE ROOMS DIFFENNT ROOM i

-*=== -

==e es 3 i i.

d

DIVERSITY IN THE DIVERSE DISPLAY SYSTEM SYSTEM OUALIFIED DISPLAY DIVERSE DISPLAY PROCESSING SYSTEM SYSTEM INPUT SIGNAL CONDITIONING WESTINGHOUSE 1/O BOAR [,S INPUT SIGNAL CONVERSION WESTINGHOUSE 1/O BOARDS SIGNAL PROCESSING (SOFTWARE) PLM/86 MACHINE LANGUAGE OPERATING SYSTEM SIGNAL PROCESSING (HARDWARE) Intel SINGLE BOARD COMPUTERS

  • 186,'286,'386 PROCESSQRS INPUT SIGNAL CONVERSION intelND CONVERTER OUTPUT SIGNAL CONDITIONING WESTINGHOUSE 1/O BOARDS SOLID STATE RELAYS OPERATION AUTOMATIC FUNCTIONAL TEST i CONTINUOUS SELF-DIAGNOSTICS DE-ENERGIZE TO ACTUATE REDUNDANT FOR SAFETY -

POWER SOURCE CLASS 1E HVAC CLASS 1E LOCATION SEPARATE ROOMS

t

=

@ O 8 (1) (e) M QAGEt 8 PMMR HX START g ADS 8g O @(2)

Pcca WATEM START g

(7) m ' Q2g ADS  !

@ (8) s8 -. Q - @,

s _

O. _ @s (3) 82 -- O @(4) w a

(9) @ - Q - @

mg v v v .

r 1

g(5)-.

(jo)g m -

g e

c Tu ,,E T, c c >

LEGEND 1 @ SWITCH i l STATUS LAMP -

~

(n) FUNCTION NUMBER DIVERSE ACTUATION SYS M MANUAL ACTUATION PANEL 1

~

j '.w k>g.c3 drw . J. B. REID 10/2/92 i

~

i 4

Fig 2-1 Connection of DAS to Solenoid !

l I

l (J) 5 .

a suppo y

(3) i

.5 V

RCS N.

q .-,  !

(2) s -

3 l

CMT i (2) 9.

1  :

{

RC$ -

A-OM l

i N01t$:

l (1) t,'l volws shown in normal positions.

l (2) Sofety grode solmoids are octuated by RP3. Loss of power to solenoids ca.64.

block'eg of air svoely and wating of operator cousteg main volw to open (3) Non-sofety sdenoid octuated by CA$ or hard wired menvoi suiten. soleaov ,

feas in current position on loss of power to sWenoid to reduce chonce of inodentant CWT octuotions. h WCSTINGHOUSC - 12/91

,- - - . . . , -- - , - , - - - , - -., . , - , - , - . .-e a.

DIVERSE DISPLAY SYSTEM ISSUES.

HOW TO SHARE SENSORS WITH IPS FAILURES IN EITHER SYSTEM MUST NOT PROPAGATE TO THE OTHER THROUGH THE SENSOR WIRING .

120 VAC IPS " " "

QDPS AL1/1 CONVERTERS ,

?

.. . . . .. ... ._=. ,. _....-. -

1 s

t

=

4 4' '

's o

k i f i

?

9

?

I k

?

I i

AP600 t, a

f  ;

i l'

1 DATA D SPLAY AND PROCESSING SYSTEM h

i  !

t i

I I

i t t

I

?

I 4

?

7 I i

! 5 1

w _ g g- ,--------4. --w w- ea.. ..mm_ ,4 k. m m-% ..mma em., e.-. m daw.'

+

9 DATA DISPLAY AND PROCESSING SYSTEM ARCHITECTURE 9 M e t CCS g 8 UpCpWISTATIOPS 8 8 t

g _,  ; ___ _

5

. ~

my a aug ~ _

f b) b

  • =

a- .ee l.Julr i

l

,p 1

de A u l', 7 j.,,

m

.-=

mu -

O EN $ M N N f

-T_f __
__. __ _ _ - __ __r ,

8 8 8 9 MONITOft BUS - '

N PWIS c c

.83 .e

.i ,,

O O O t

9

i i

i DISPLAY PROCESSOR ELEMENTS Wi J  ;

I

[ '. ' D..-

g

,......r..... ...r----et *--s  !

(i 'j

!! i mpuy l 'j MMI SOFTWARE i i j OPERATM

\\\ j

'"" moowns*h51

" APPLICATION li,[*i INTERFACE G u==== y I; .-

, #)!!, i!I OPERATING i

-[jyll k{!3 SYSTEM mass sTm  :

! CARD CAGE / CONSOLE iso uveD I k -

DATALINKS t DATA HIGHWAY MONITOR BUS i DATA HIGHWAY F82: **8N -" "

.l

i 1

L I

h a,

r l

l AP600 .

t OPERATIONS AND CONTROL CENTERS SYSTEM 4

l I

4 l

i l

l l -

! i 1

i 1 i I  !

4 i

d

9 k

5h B

lg T \

/ ~

\

.\

. \\

,, - N ll .L _

fc--~ s -

L \\

/ \\ \\

iN\\9/

i, [ x o\,

. 6 cc p

(,

/

e%

o'

=

3 f

J l lt -

I x

ta g

JA bi

OVERVIEW OF PLANT INFORMATION SYSTEM DISPLAYS The following . types of displays will be available to the operations staff in the main control room:

Accessible at the operator workstations:

Plant Functional Displays representing a functional depiction of the process Plant Physical Displays representing a physical depiction of the process

  • Computerized Procedures -

Alarm Support Displays which can show:

A plant-wide chronological list A chronological list by function / category LAn overflow display of messages oflower priority A list of possible messages that may show in that category

A trigger logic display showing the logic that was used to g'enerate the alarm Soft control panel displays depicting control devices

i OVERVIEW OF PLANT INFORMATION SYSTEM DISPLAYS (cont'd)

Also accessible in the main control room: -

~

QDPS displays for post-accident monitoring Wall Panel Information System displays for an overview of the plant state and alarm conditions i t

l

[

_m__

WALL PANEL INTERACTIONS W WALL PANEL DYNAMIC.! . DYNAMIC. INFORMATION l SAFETY :t:  ; PRODUCTION ~

STATION

[GOALSY . ,.

. GOALS:

LDISPLAY U - ~ ~

DISPLAY
l Au rTEuS snOwN ARe m mE DATA

.;.:.;. .;. . ...:.;..a .: :.:. .; _;- ,.: . ; ,: . ,., .w ~ . ~~.. . ~ ~ . .~~..~.s.

. DISPt.AY AND PROCESSING SYSTEM (DDS) g o iDYNAMIC-. .

OPERATOR WORKSTATION l PLANT! . - .

'N[ D N' E 1

. }y Cbb 4 l MIMIC;; J Q<

~

d

. DISPLAY;!- .[ , o. 4 _.; g n ' o

%.d Q I  : ,' xO y -

% .4

[_ men aus <7 ,,9-*

.g t

~

i

.. _ _  ;. . _2 *-.; DISPLAY

~~~~" #,

i  ; PROCESSORS

;i o me -. .. .-

1

i L l

I D O

  • C m C m i M o 6 m ,C *O $

e m .o g> =

o e C -

o O O C.=

m g C O Oy ,

j _A D D h i U a

o 5

.m 0

h-

.8E

~ a, D

i to D Q = EC *

'b 5 8 $ $f $. -

! O m' e M to$CO h m h

- o yo O .

  • L l n E 06 [ i
.h C  ?* h6 Y 5 88 98 vi os 9 i

no

<D 0,e g3 .s g 8 l

~

CC -6 Cm Q

" =O co 'g *y >

a gh DQ o *- 5 h he " "C S I ex SEo 54g 8Sg 2mo 1 0  % ay g f.

l

! - oR O< Go oeB eo 6 #6 SB ~

B 'o_o Dc OG c -=

Oe DC 9 2C g -

+9 "e a<

e

. O-E S2 o_ lo $o 2

5 &[ 08 su 08 ao bo*O Ooo o E.E 23 g.

0 o" =5 .C C - e dt c> cr Ms t C o .- ~o Oo CW 4 GS eD DD pa eO c .

fA 5< W RU bEb $$

Alarm Types of Messages i a the -

System Alarm System I

. Alarm Overview Messages - Display Abnormality

. Alarm Support Messages - Provide Means for Operator To Query the Alarm System

. Auto Systems Actions Messages - Messages Telling the Operator What the Automatic Control Sys-g tems are Doing

. Emergency Safeguards Status Messages - Continuous indication of the Binary State of the ESF

~ . . . ~ ~ ~ - , ~ , .

I' i

~

Alarm Overview: Summary ot dorting and -

j Wl _ Disphys e Organytion of Marms By Function:

  • Alorms are Sorted by Function and Then by Process Units Within Function
  • Each of These Alarm Categories Corresponds to o Static Label on the Overview Displays

- . Static Labels are Arranged to Reflect the Functional Structure of

  • 8 the Plant -

Local Prioritization:

a Prioritization Within Alarm Category Not Over Entire Alarm System 4

  • Identification of Most important Alarm is Dependent on Overall Plant State

,...~.,-,....,-,~m, i

ff CRITERIA FOR ALLOCATING MANUAL OR AUTOMATIC CONTROL

  • The time in which a response is required
  • The number of tasks the operator might be expected to perform at the same time
  • The consequences of a wrong action, or one made too hastily
  • The level of difficulty of making a control automatic and its associated cost o

_-____________m

sot-I CONTROL INTERACTIONSV O i GRAPHICS "

WORKSTATION N DISPLAY k N -!

(OPERATOR { N )

\

! SELECTS -

E DEVICE) xxxxxx .

if '

l DDS ,

~

r

~

\ PMS w P

..._..... _._____ SOFT ,

,y REACTOR;. .  ; l. CONTROLS

'5 ---

ntAKEUP.; 3 -

(PROVIDE '

j SEl' AUTO '$, - OPEN j OPERATOR

/_ .

/ z_, _ _ z _ _ = / /2 =_ =_ _ _ _ /

INTERFACE)

,u - o ,-

t i

4 P

i s ,

1 i

SOFT  !,

- CONTROL i i

i TOUCH .

jSCREEN

: f i ::  :: ::  : i i

. SOFT i :-: : -- . I.4. .1 .: -p i. i. CONTROL r

) i. i. . . , . i.

~

. / i. DISPLAY i i E!REACTQRi. .i i.

'/

!! MAKEUP;i i ii DE N l

i i i i  :.  :  :
i.  !. -
r. -/.3  :- f

.  !.-7 i.

! .CLOSE ll AUTO ! lOpyy i/

! i

.i  :/- - . .a

rc - - ff y i.

i Figure 4.5-3 SOFT CONTROL STATION ARCHITECTURE Fte. SCSTA OMWt M M 4.5 5 UCAr 133n?

AP600 CONTROL SWITCH INTERFACE ARCHITECTURE '

H/W CONTROL SW MUX'O CONTROL SW ! D! VERSE H/W SW i ,

m  : -

CONTROLS 5 SYSTEM LEVEL .

$ $ AN6 b PERMIS88VES (wired Direct) i

( -

i COMPONENT:

ACTUATION i IPC - -

ESFAC MUX stocks a (Serial th*) [ DAS PERMISSIVES I i i

I I -

/  !

i I

LOGIC BUS  !

RT I I SWGR -

EC ROD

DRIVE

! M/G eew Honeseed  :

Th*'.T,h.9*'" **~l- ~-- c~ . _ _ _ _ _ _ .

i.

oas-. Reactor nc-RT e mTetsW' an.e smee c TO COMPONENT ACTUATOR  : me comim onw

  • m .s2m2 ONE DNISION SHOWN i

g .... - . . . . - - - % .. taw _a - . m2. .. , = .m_-.. - - --m -- - -r----- --

-1.4._-_.-- =.----- . . me-3......w... ._ - - . . ..m_. m,-$.. mm.-- . .%_.e-m_- - -- . mam_.._.... _2.%- . .m s

i l

[

[

i I

i I

f i

i i

t

[

DESIGN, VERIFICATION, AND VALIDATION PROGRAM ,

t i

! t

. l i

i '

i t t

l 9

s

[

! r i

a Purposes of the Design, Verification, and Validation Process To , insure that System Functional Requirements are prop-erly and correctly implemented in the Instrumentation and Control Architecture.

To aid in the development of high quality hardware, software, and systems designs.

~

To help ensure that the Instrumentatio'n and Control Architecture conforms to customer, reguatory, and West-inghouse requirements Direct the necessary activities in the design, implementa-tion, verification, and validation of Instrumentation and~

Control Systems .

,  ; ;! ' , , l

_ ~

n i

o e t

a s d s u i

s f e

l a o

_ V c e

_ d o

r g

- n P n

. a n a r

e n

g r )

- o i

s a n g

i t

a D e t we i s

c h f

o e -

i d

f i

r t

i S (

_ e w d d V d n e e a d n t e n

_ g a r

r e i

s g a t n

e e w i D t n dr n r a o e e I H

i v

. h s t a o t s f c f e o i d e

o c f i

s o n r e m r g r e P i V o r

u s f

- n e l a r e

t a o D t n p e i t

a r e

- F c a g

_ l l

u m n as i

f i

d e r

i t

i t s r o c s n e e n e

- ec V M i T

. so sr

. EP

- l I

lI:

Design, Verification, and Validation Process implementation Define Documentation Requirements 4 Define Standards for Content and Format of Each Docu- ,

ment i

Define Interactions Between the Development Activities and Verification and Validation Activities Ensure that Documents generated are Correct, Complete, ,

and Without Ambiguity .

i l

i

I i l  ;  : l ! : ! 1llll!

e ad hi n c

u sa n i

nto

. ele nb

- oa df i ,

i ie sr n kv i

o ry t

a ol i

c wtae f

i ni

- r gd

- e ies V em r

f o dmyi n b be l

_ g i

s mt el e su s s D

ae r de" nh .

at y t l

etaar

- uhp

- dt t onn mid oe h

s n l

l "Aaf pe

_ I

. + : ~ i

e e

e Y

AP600 -

PROTECTION AND SAFETY MONITORING SYSTEM.

TIER I DESIGN DESCRIPTION ITAAC 4

WESTINGIIOUSE AP600 I&C PRA Shelagh Morandini PRA I October 6,1992 9

  • PRA Goals: To assess risk to the public through the use of a .

probabilistic risk assessment e Core Damage Frequency was Quantified for many Events:

Initiating Event Core Damage Percentage of Frequency (per year) Total Transients (except LOOP):

- Turbine or Reactor 4.3E-8 .- 12.9 Trip

- Others 2.9E-8 8.6-LOOP -

2.9E-9 0.9 Small LOCA 2.3E-8 6.9 Very Small LOCA 1.2E-8 3.6  ;

PRHR Tube Rupture 4.2E-8 12.6 2

Initiating Event Core Damage Percentage of Frequency (per year) Total Medium LOCA 1.2E-8 3.6 Safety Injection Line 7.3E-8 21.9 Break CMT Line Break 2.7E-9 0.8 Large LOCA 1.6E-8 4.8 SG Tube Rupture 2.6E-9 0.8 ATWS (loss of feedwater 4.5E-8 ,

, 13.6 w/o ,eram)

Vessel Rupture 3.0E-8 9.0 Total 3.3E-7 100.0 t

  • I&C PRA is not a standalone model, but is instead integrated with the i

rest of the PRA model

  • PRA modeled all signals required for safety functions, from automatic recognition of the need for a safety function to function actuation 4

l -

a

?

i

  • I&C systems were modeled as a part of all these accident sequences Input Signal Failure (Analog inputs, Contact inputs, Nuclear Instrumentation)

Random Failures of Protection and Control System IIardware Test and Maintenance Common Cause Failures (Hardware and Software)

Support System Failure (AC and DC Power, Equipment Cooling) i l

L -

i l

4 i

e Common Cause:

e Multiple Greek Letter (MGL) method was selected to assess potential 1

common cause failures e Possible common cause failure mechanisms were identified (hardware and software)

  • System performance of non-nuclear digital I&C systems was assessed.

i MGL factors were estimated based on engineering judgement.

i o Preliminary studies showed I&C common cause failures to be a dominant risk contributor i

n .

o e Westinghouse performed sensitivity studies and determined diversity would improve results e NRC SECL 90-016 also addressed this issue e Diversity was modeled in the final PRA e DAS and DIS were assigned failure probabilities, which the design group will use as a reliability goal e With DAS and DIS, I&C common cause failures are no longer dominant contributors to core damage.

. - _ . _ _ _ _ - - _ _ - _ - ez -

~ ~- -

F s

PROTECTION AND SAFETY MONITORING SYSTEM Revision: 0 Effective: 09/04/92 EE $ .

X,X PROTECTION AND SAFETY MONITORING SYSTEM -

Design Description The Protection and Safety Monitonog System single failurs in the PMS. Additionally, the PMS (PMS) for the AP600 providea the following sa rety- protects against unnecessary reacter tnps or engineered related functions safety featuru actuations resulting from single failures l in the PMS. less of power or input signals, or
  • Tripping the ructor by opening the reactor trip disconnection of portions of the system results in a inp bnaken, or actuation initiating state.
  • Actuation of the engineered safety features Reactor Trip Function equipment.

The reactor trip function of the PMS is

  • Safety related plant parameter monitoring prior implemented by plant sensors, the reactor tnp to, during, and after an accident or plant transient. processors, and the reactor trip switchgear. The reactor is tripped by opening the circuit breakers in the reactor For this design description, the PMS consists of the trip switchgear, thereby removing electrical power to the season, detectors, signal conditioning, data acquisition, control rod drive mechanisms, causing the control rods data processors, detalinks and data highways, operstor to drop into the ructor core due to gravity. The reactor interfaces, displays, and other equipment necessary for trip breakers are arranged so that tripping any two out the execution of the functions of the system. The PMS of fcur divisions results in interruption of power to the for the AP600 implements its functions by software control rod drive mechanisms. Tripping any single logic installed in programmable digital devices (data division will not interrupt power to the control rod dnve processors). Plant data and other signals are exchanged mechanisms. Once a reactor trip has been initiated, thw l between data processors by means of isolated datalinks ructor trip breakers in the reactor trip switchgear latch and data highways. open, and must be manuJly reset before the control l

The necessary sensors and logic for genenting the rods can be withdrawn.

ructor trips, engineered safety features actuations, and The ructor trip function utilizes the four safety related plant parameter monitoring are discunaed independent PMS divisions, using 2 out of-4 logic for within this design description. PMS components and automatic trips based on plant sensor inputs. The inanual equipment are electrically isolated from nonsafety- ructor trip function uses 1 out of 2 logic, related plant instrumentation and electrical equipment. The . tensors monitor plant conditions and send Signals from the PMS to other plant instrumentation and signals to the reactor trip processors where these signale control systems, such as the plant control system and the are compared to setpoints. When two or more i

data display and pra.essing system, are transmitted unbypassed signals monitoring the same plant parametee through isolation deview. Certain sensor signals - in different divisions exceed the setpoint, and pernusso e l originating in the PMS an shared with the diverse or interlock logic is satisfied, a ructor trip is initiated i actuation systam through isolation devices. Plant parameters that ere monitored to produce a reacim l

The PMS is a four division system which trip uh. ;Je:

automatically or manually initistas a reactor trip or engineered safety features actuation coincident with a e Neutron fluc l

l T Westinghoust l

l.

PROTECTION AND SAFETY MONITORING SYSTEM

==

Revision: O e Effective: 09/04/92 i

e Reactor coola..t pump speed monitored to produce engineered ufety features

  • Overtemperature AT
  • Overpower AT
  • Neutron flux
  • Preuuriur level
  • Pressuriar pressure
  • Pressuriur pressure
  • Pressurizer level
  • Steam line pressure
  • Startup feedwater flow safeguards actuation are implemented by directly ..
  • Core makeup tank level.

Engineerad Safety Features Tunctions The engineered safety features actuation signals include:

% engineered safety features functions of the PMS

  • Safeguards actuation are implemented by plant sensors, the engineered safety
  • Core makeup tank injection actuation processors, the protection logic, the logic
  • Reactor coolant pump trip buses, and manual stuation devices. The protection  ? Cootainment cooling logic provides actuating signals to operate the plant
  • Contamment isolation components. Several engineered safety features sensors
  • Steam line isolation h engineered safety features functions utiliu the
  • Reactor coolant system four independent PMS divisions, using 2.out of 4 logie depressurtzation for automatic actuations based on senaar inputa. An
  • Chemical volume control system isolation.

two divisions and 1-out of 2 logic. Manual, systems

  • Turbine trip level actuations are provided for individual functions.
  • Steam generator blowdown system isolation The sensors monitor plant conditions and send a Block of boren dilution signals to the engineered safety features prneames.
  • Block steam dump where these signals are compared to setpoints. When
  • Letdown line isolatice two or more unbypsued signals monitoring the same
  • Contamment sump pH control plant parameter in differect divisions exceed the
  • Normal residual heat removal system isolation setpoint, and pennissive or interlock logic is satisfied, a system level actuation signal is produced in the Safety-Related Plant Pararneter Monitoring engineered safeey features actuation prne==rs. This Function system level signal is transmitted to the asociated protection logic in the same division by the logic bus The safety related plant parsmeter monitonna data highway. The protection logic then provides function is implemented by plant sensors, actuation signals to the component if the compocent communications processors or data acquisition interlock logic is satisfied. Plant parameters that are processors, qualified display processors, and qualified operator displays. Plant sensors may be shared with the X.X 2 i WeS Q Oust j 1

\1 J

C PROTECTION AND SAFETY MONITORING SYSTEM Revision: 0 .

Effective: 09/04/92 si E!

reactor trip and enginected safety features function:. For

  • Automatic depressuriution system first stage plant sensors shared with either of these functions, date valve status acquisition takes place at the communications
  • Automatic depressuriution system second stage processocs, for sensors which are not shared, data vrJve status acquisitiou is performed by the qualified display data
  • Automatic depressuriution system third stage acquisition processors, ne plant data is then valve status transmitted to the qualified display processors, where it
  • Automatic deptereuriation system fourth stage is prepared for display on the qualified operater valve status. .

displays.

The safety related plant parameter monitoring function utilius two of tbe four independent PMS ,

divisions. A minimum of two operstm display devices, one per division, are provided at uch location.

Operator display devices an preavided in the main control room and at the remote shutdown workstation.

The sensors monitor plant conditions and sand signals to sicher the commurdcations processors, or the qualified display data acquisition processors. Tins data

,. is transmitted to the qualified display prn=mts, where it is collected, organized, and prepared for display. The final data is displayed on the qualified operster displays.

De plant parameters that are collected and displayed by the safety related plan; parameter monitonng function include:

  • Pressuriar level
  • Neutron flux
  • Contamment water level
  • Core exit temperaturs

.

  • Passive reeldual heat removal best exchanger outlet tempersrurs
  • Passive residual heat ren:, oval flow Incontain-t refueling water storage tank water level
  • Passive containmant cooling flow
  • Paasive contammet cooling storsge tank level
  • Contamment pressure
  • Containment radiation
  • Pressurist safety valve status T Westinghouse *

)

i t

PflOTECTION AND SAFETY MONITOPWG SYSTEM Revision: 0 }1*d

Effective: 09/04/92 - :

  • Table PMS Protection and Safety Monitoring System inspections, Tests, Analyses and Acceptance Criteria Certified Design Comenitment inspections, Tests, Analysis Acceptance Criteria i
1. He prosection asul safety moede3 ring system I(s) System functional tests shall be conducted 1(a). Reactor trip breakers open when trip logic perfones the safety-related reac1ke hip, to verify that reactor trip breakers open when is marisfied froen the following plant parameters engineered safety fessures actuation, and p. 8sad synWei logic has been satisGed.

parameser smoeitoring functions;

  • Neutron fles
  • Reactor corilant pornp speed
  • Overtemperature AT
  • Overpower AT
  • Pressurizer Icvel
  • Pressurizer pressure

',

1. (contimmed) f(b). Systems functional temas she'l be conducted 1(b). Component actuation signals are s.a.C to verify that engineered safesy futurce when engineered safety features actuation kigic ,

' actuatics signals are soitiated when syssem logic is satisfied frone the following plant parameters.  !

has been satisfied.

  • Neutron flus
  • Pressunzer pressure 4 a Pressurizer Icvel
  • Steam line pressure i
  • Cold leg temperature ,

4

  • Containment pressure i
  • Core makrap tank level l i

l

  • s,e _ _ . _ _

XM I

i e

PROTECTION AND SAFETY MONITORING SYSTEM jj II "

Revision: 0 Effective: 09/04/92 _ -

Tatde PMS Protection and Safety Monitoring System inspections, Tests, Analyses and Acceptance Criteria Certified Design Cornmii..~. : t Inspections, Tests. Analysis Acceptance Criteria

1. (continued) 1(c). An inspection shall be performed to verify l(c). The Protectkm and Safety Monetoring that the designated plant permanceers are System displays the followin.g plant parameters displayed. in the snain control enoen and at the renwge shutdown workstation:
  • Pressurizer level
  • Neutron flus
  • Containment water level
  • Core exit temperature

.

  • Passive sesidual heat tenuwal system best exchanger outlet temperature
  • Passive residual heat resmwel flow
  • Incontainment refueling water storage tanit water level
  • Passive containanent cooling flow
  • Passive containment cooling storage tanlt level
  • Containment pressure
  • Containment radiathm
  • Pressurizer essety valve. status
  • ADS system first stage valve saatus
  • ADS second stage valve status
  • ADS third stage valve status
  • ADS fourth stage valve status

)

X.X-5

PROTECTK)N AND SAFETY MONITOR 8NG SYSTEM i

Revision: 0 '

Effective: 09/04/92 Table PMS Protection and Safety MonitMag System inspections, Tests, Analyses and Acceptance Criteria Certified Design Commitment inspections, Tests, Analysis Acceptance Criteria I. (continued) 1(d). Syssem functional tests shall be conducted 1(d). Operational pennissives and inserlocks see so verify that operational permissives and generated and reisoved when reactor trip and interlocks are generated and removed when engineered safety features actuation logic is syst+m logic has been satisfwxt satisfied from the folk = wing plant parameters-

  • Neutron flum
  • Pressurizer pressure
l as,'#  % W X.X-6 C '

l

. _ , - - - - - _ _ _ - - _ _ . _ _ _ _ _ _ _ . _ - _ _ . _ _ - - _ _ . _ _ _ _ - - - _ - - _ _ . - . - . _ - . _ _ _ _ - _ - . . - . _ . . - , , _ ~ - . . . .. - ..

t .

PROTECTION AND SAFETY MONITOfuNG SYSTEM '

in i Revisiori: 0 ,

t Effectewe: 09/04/92 I, l Table PMS Protection and Safety Monitoring System inspections, Tests, Analyses and Acceptance Criteria Certified Design Cosamitonent Inspectiong, Tests. Analysis Acceptance Criteria  ;

2. The Prosection and Safety Ma=naa ing System 2(a). Tests shall be conducted to snessure the 2(e). The time to seeisfy trip logic, the trip

, design provides tissely initiania= of safety- response timme so initiene resceor trip when trip signal so reach the reactor trip breakers, and the i

related reactor tr
p and esegimmesed safsey seapoemas have been enceeded. reactor trip breakers so open is less then or ,

featuees actuations. espaal so the tiene respuise resteirement Inseed i Timme response is defined as alte ansainnesa for the following channels: I alloweble tiene for the reactor trip breakers to open following a seep change by a sis sulesed = Power range sneestrosi nun i[TBD sect sensor froen 5 5 below the seepoent to 5% shove

the seapoemt with each enternally adjuseable tiene 1[TBD sect delay met so OFF. '

  • Reacsor coolant flowi[TBD sec)

,,

  • Overpressure ATi[TBD sec)  !

= Prc=suriier leveli tTBD cl

  • Pressurizer pressure 1[TBD sect
  • Saeem generator nonow range level ,

1[TBD soci l

0 W X.X  !

I

-i

PROTECTION AND SAFETY MONITORING SYSTEM i l Revision: O I

Effective: 09/04/92 s

Tatdo PMS Protection and Safety Monitoring System inspections. Tests, Analyses and Acceptance Criteria Certified Design Commitment inspections. Tests. Analysis Acceptance Criteria

2. (continued) 2(b). Tests shall be conducted to measure the 2(b). De time to satisfy engineered safety response tirnes to initiate engineered safety features actuation logic and the comprment features actuation signals whm trip seapoints actuation signal to be pecesced is less than or have been exceeded, equal so the time response requirement hsted for the following channels:

Time response is defined as the smaninuem allowable time for component actuation signals

  • Source range neutron flum (rate) so be produced following a step change by a A (TBD sect sirautated sensor from 5 % below the seapoint so
  • Pressurimer pressure & ITBD seci 5% above the seapome with each enternally adjustable time delay set to OFF. Time
  • Pressurimer level 1[TBD seci
  • Skam generator narrow range level response shall not include the engineered safety 1[TBD ser)

Imtures components.

  • Sace:n generator wide range level i tTBD sec)
  • Steam line pressure 1(TBD sec)
  • Cold leg semperature i lTBD soci e Startup feedwater flowi[TBD sect
  • Containment pressure 1[TBD soci
  • Core makeup tank leveli(TBD seci X.X-8 e

PROTECTION AND SAFETY MONITORING SYSTEM flevision: 0 j

] '

Effective: 09/04/92 Table PMS Protection and Safety Monitorit:g System inspectusns. Tests, Analyses and Acceptance Criteria Certified Design Commitment inspections, Tests. Analysis Acceptance Criteria 3(a). h Protection and Safety Monieormg . 3(a). The manual reactor trip switches shall be 3(a). The reactor trip breakers open when the System provides a manual re trip -

tated. ma=ual reactor trip switches e.e opensed.

capebility.

3(b). The Protection sal fafety Monitoring 3(b). The manual safeguards actuation switches 3(b). The rencsor trip breakers open when the System initiates a reactor trip coincideos with shall be teetcA. manual safeguards actuation swisches are truesal safeguards actuatica. operased.

3(c). & Protection sad Safety Moniwing 3(c). h following mennual engineered safety 3(c). Component actuation signals are generased System provides manual engineered safety ' features ar*waan rwisches shall be semanut; is accordance with engineered safety features features actuation capability. actuatism logic when manuel engineered safety

  • Manuel safeguards actuation features actuation switches are operased
  • Manuel passive remadual heat reasoval actuosion
  • Manual seen:n ime isolation
  • Manuel aseem/feedweser neolessom .
  • Manust feedweser isolation
  • Manual contaname coolong actuation
  • Mammal contammest isolation actuation
  • Manual depressesiastion syssem actuation M

i g X.X-9

PROTECTION AND SAFETY MONITOWNG SYSTEM i Revision: O Effective: 09/04/92

[ ,,

Table PMS Protection und Safety Monitering Gystem inspections, Tests, Anolyses and Acceptance Criteria Certified Design Commitment inspections, Tests. Analysis Acceptance Criteria

4. The four redundant divia of Protenion 4. One Protection and Sefety Monieceks Sysseum 4. The ervaaca criscrie is the same as the and Safety Monitoring Syssess equipement are division shall be schcied and decourgiand. The -, ---

eriteris for ITAACs f(a). I(b),1(c),

independant frons each othee except for iso 834ed tests of ITAACs !(e).1(b),1(c), and 1(d) shall and 1(d) encept for the division that is data coeneman.cw-mis requised for voting Ic3ic. be repeseed deemergized.

The fwr reden-daat divisions of Prosectice and Safety Monitoring Syseese ,'; - ^ see d powered fras @ power sources. _

4 f

}

e x.x-1o S

=

' i i 1 -

/l: ;; y,E , Integrated System Concept 1 - , , , ,

,-- v = r, French Joint Developme'nt r, ,,.

IPS Prototype

/ 1 e em mm == 1 g First WDPF on Util'Ity/ i

~

r=**==== ' USNRC Approval I w s e s e _e T g '

Japanese APWR O = e* = = := \

e  ! '/ / w ** == 4 0

.Sizewell PPS Contract Italian Joint Develop. ment O m se at s \ .

' / J sp an ds \ \ -.

2nd Generation Protokype's// 6 x s at 7 \ '\

/ z / X f> at at, y .,

P'PS S,pecific Prototype NOK ANIS jbesi,gn '

( .1 SD at SD h s -Se,quoyah Eagle 21 f J. 9 9 O k1 Aovanced Dig  ! _l'tal ,' PPS Equipment Manufacture Feedwater/ Control I

/ ,' /

I f1991 3 ISCO Co.ntract ISCO Equipmer I on / bite' J$$ \' \,

i  :

-\ .

i  ;

i

. \ .\

a;s[jp A V,~

e i i Ug ,

\ '

[ hp. .cf

/

n , . \ .

mas M ,N"n) l l l l  ; \

, \ \

\.

,/

'. i.

/

\

l

/ sinew,.Iell l  ! \ ISC()\ \' \

. . . . . . - . . . . . . _ . - - . . - . - - - . , , . . . ~ . . . . - . . . . . . . ~ . . . - _ _ . . . . . . . . - . .

I .

C O

l l

Q l

_ Q) 0 -  :

)

N C k O -

o 0.)

w >

aO O

l O u

b  :

a a

1

Paul Lego W Westing 1ouse enairman CEO e.

Te'd Sterr; Senior Executive .

Vice President I _

l Human Westinghouse The Environmental es urces Financial Electronic Power Knoll Industries Broadcastin9 Systems &

Service Systems Systems Group Total Ouality Inc.

, t Westinghouse Electric Corporation Founded. . . . . . 1886 Employees . . . . . . 110,000 Headquarters . . . . Pittsburgh, PA t

Locations . . . . . 619 U.S.

s 200 International DWO1 DWB OtSC 149

k I

W Westing 7ouse eo-er systems ,

John Yasinsky -

Energy Systems Execut,ive 1

Business Unit vice eresident

. .:> c . .. s e v ~-. Power Generation A.

@c. .

E, .n. ge.rgy;Syste, m' spi.2

-. Business Unit BusinessiUnil.R .

,.gs *,.:,., j=

Frank Bakos

  • Nat2WobifsonM$.,.

Vice President &

@N Vi,celR.e

~r,+..~

isideriC&9 n ' General Manager-

_? Gen. er.a. lM. .- an. a gerg I

f#$N@~$MN 9 6

'4-@m~.,@m@ihi@$i!$us8 dkMedWm+

m uy. . m MMU $4s$$NSWi!.@NMI!)

. w a- e c,<. u.. u F6@p,%ommercfalm m - ~ ~ . -

m Advanced Elebtro-Mechariscal v  :

  1. didsd2@-@L.

nProces,s

~ . .

Co.n t

.n .

,yNuclea folk t yServ --. J :C ,leatyFuelfaNuclear:&<

icesn u g. wgn "mWW 'iityrf  % 4  :

e' gg- -Division e.er:wrpreg ggf wNma%ge b,Fr$Nucm gqy w a w "T*ech*nol*gy.'

o Division iW;r iDivision

,? j g

" %w w4 j!qp;i;a gg arg wayDivision$$$jp! ig H!P WM 95

@@hgDivi'siony;%$

Q$iM9#3 $ p$@3Pi p44t#gg!l@ Msgs ssh5N%M6*:

l si$Nj@M21e@.;6a W$ Qld@if!f$tk91id MMWBSM , ,

. , L I

r e

\

b t p b

i owc 2.0ws 06C ise i

. i k

6 1

W:stingh:use Praprietiry Cists 2 -

Process Control Division Orginization Unit Code K65 .

October 1.1992 ORG-0 Process Control Division General Manager A.E Pauley A

I a

U.S. Regional Sizewell!&C Customer Systems simulators operations & Projects operations Department R.J. Nath R.L Loving E.J. Madera R.A. Judd J.B. Blythe (Acting)

(Acting)

- ORG4 ORG-5 ORG-2 ORG-3 ORG-1 Marketing Human Resources Controller Strategic Engineering J.D. Cotton F.J. Fratto E.B. Ritz F.M. Bordelon ORG-7 ORG-8 . ORG-9 ORG-6 Total Quality f .

E.Torres ORG-10

M,am.5 WDPF N e?

ar Control g Systems

.N  !

b raw b

W ETs :u 1 hyp;simulators ff N.y Process COntfOl

. = 9 D_ivision

+ -

hu * ***iA

  • 1400 Employees Wu oew:

r

  • 12 Major Facilities g Nuclear Plant -

!* E.

s Instrumentation .

' fj and Control DWO4.DW8 DISC 149 e

W Westinghouse .

Process Control Division Metals / Water /

Industrial Wastewater em bb E n;e c$2 Ql ig 4

ll;q Nuclear

~

.; g?[ } y,, Energy i ,

g I N-J Chemicals DWO9 DWB OtSC 149

T Instrumentation & Computer Product Evolution

/A' R +

1960's 1970's 1980's 1990's 7100-Analg Control m Eagle Family Microcornputer Control f )

r, &ones r pp Information

) .

r pig Processing

  1. *' J Digital ,

Control P-50  ;

I 4

@ PCD Procuc":s .

  • WDPF - Distributed Processing Family e Eagle 21 Protection System .
  • Eagle DPF Control System o Plant Process Computers
  • -Plant Information Systems ,
  • Nuclear instrumentation System o Flux Mapping System o Reactor Vessel Level Instrumentation e Rod Position Indication .
  • Sensor Highway .
  • Diagnostic Equipment voo3_vos OtsC 102

Process Control Division Installations Nuclear Industrial Total )

26 100 126 Miscellaneous Process Control 44 60 16 7100 Process Control 167 208 41 7300 Process Control 602 609 7 -

WDPF Process Control 156 Plant Process Computers 48 108 Turbine Control Computers 29 255 284 17 -

17 Emergency Response Facilities Reactor Protection & Control Systems 90 -

90 26 -

26 Eagle RVLIS Systems 5 Eagle QDPS/ PSMS Systems 5 -

9 -

9 Eagle-21 Upgrade Protection Sets -

1 Integrated Protection Systems 1 Rod Control Systems 118 -

118 118 -

118 Nuclear instrumentation 118 Rod Position. Indication Systems 118 -

10 -

10

-Digital Flux Mapping Systems Eu*

  • EMS DeSC 153

i 1

. Westinghouse Proprietary ,

e Recent Westinghouse Nuclear ,

! Digital I&C' Experience instrumentation and controi i

Sequoyah Units 1 & 2- Eagle 21i Protection System

!- Watts Bar Unit 1 - Eagle 21 Protection System Turkey Point 3 & 4 -- Eagle 21 Protection System

!l RTD Bypass Elimination i.;

! Zion 1 & 2 - Eagle 21 Protection System .

Diablo Canyon 1 & 2 - . Eagle 21 Protection System

.WDPF Advanced Digital Feedwater Control System j Prairie Island 1 & 2 - WDPF Advanced Digital Feedwater Control System Ginna - WDPF Advanced Digital Feedwater Control System  ;

Catawba 1 & 2 - .WDPF Advanced Digital Feedwater Control System i

j Beznau 1 & 2 - ANIS Informr.(ion Network

j.  ; Advanced Flux Mapping System

, ASCO 1 & 2- - . SAMO Plant Computer <

l

l. Farley 1 & 2 Plant Computer System -

DEH Turbine Control System ..

.~

l Temelin - Total Plant Protection, Control and Information System t i

Process Control Division Headquarters

  • Located in Pittsburgh, PA a

(O'Hara Township)

  • 280,000 square-foot facility

. -u-

- State-of-the-art manuf actunng

- Project engineering / management * '

- Staging and testing

- Strategic engineering ~

- Training

- Marketing

  • More than 1400 full-time employees

, e Averaga engineer has more than 15 years of process control experience -

e Four additional major manufacturing .

facilities Ow10OWS OtSC1a8

Process Control Europe e Located in Frankfurt, . m..w _.

'i j Germany 8# ' Gu s ' ' " ' ' b.

e Service to: 4

- Western Europe ]g fg' fl 1. . s <."' N% :

^

4*

~

,1

- Eastern Europe _

w .<

= . :. y....,

- Middle East , ,,, .

p...

1a _ l

- Africa -

, m.

l n

w -

mm.m m --

_ E ,-- .

e Seven Partners _

h"* .NCMG . E

~

La .

DW15 DwB OtSC 148 l

..g-a--- <a. . - _ - - - - - - -.1. - , - _ _ - _a_..=-._-s_x.----- ,, , . _ . ~ ..a..~

s 1

e 19

. ;, W n ws,pp. W O,l'isY.T@%p n, .

% n%*%r/p%q!

%%d % *m

l , if J Q (&f , ;. ,d-l o ;4 f ,> w h 3p*.g; .
.-.s. .o j- , i, t w.m, ; 4,W*- +-.4,. we~ -:m w@s m;yl!> o

_m.. .m-1r e4- *r

., : e.

,e e.r.

t A b

L 4 i $ s a .,q'4% J$ , l' . 'a

.. *eU,- 'd,[+'I[' h % i:/w I , N.Y ^

  • s..

...v,

.,,4 y".6,.

. ,T~&.

cu, ,. %w.,-alw 'w[?,

L, -

.. .n : 'y.-,ud

.d ', mo f*

?; w . U., ,> n

s. .

D. T~

b 4$- 5 #.

f,, A -

ne w 4

2 A ,3s4 ,

wy n ' h.,'. t.m  ;

di ~ g Y h.,, 4 W!~

m ;y,[m, "A ' J .:'g g g i o

;9 5

, .y r.L L , ' . r y %'s,f-y i a. ,a . r. -. _., ._,. C ,# .

,m . .wrw . q , , vj 3 m a (')" '

/ /)

4 same e ' ' ~ W, 4 3nv , ,4 ,.. - -4~ V ef WV

~

.M J,y Q[r han -

L@ O-C- *y O*w Tg gAN ,OtdarMol> @' "y;.g*E;p' p" %"' C 'O O 4

(: .QM S M ** C ; o hs .-- ,kg%,A, (Y

  • Wl -

r m em 4 Q y,;.C - 6OyWfM ,C . & W:4 4.J p q m.hhh[*4Q,'hhh -

YO

0) '-

C g n

O O-heoge3 @%'AEM# N'M2ukW > t o h .n 8 WM @ m$ $ nw @N N< ez W E @

.$ E]

ow w%[s g.j yO,ME ,

t .

e 7,

. gum.r
gQws, a
s. t. 4 r ,%
4. . - . . . . . . . .;;...o  : , .- w, s 3

b

  • i ,. A 8 m.1t, . v' F. ;-_. lod i g:.1 <

m : m' n W.

I v : n Taa '% i r ASG <r:f4 k*g j g eg. wh A g xy n,a bm wW' ,s M,p  ;, tW

  • af ' gry'r q[p fg'. Ns t~ Mi,.r e . g[j

@nh dp;)g}gw ?4 wfl .... ' :Q s _;

k'\q w' y e.m 7 sf C a v y y_ k..: &'m) f;f,g }gw'i.i'-ff;%y"Ty jgQ a . T-t ?f.

  • w s;dyf ..,. ; v w.t* j. r QQ
  1. w QG, .Ql,l:

e 4.o-fi

%Oo A 4-y ..

n* % s :s, g e ,. m%,. t,..ja++

i

g. y c, ., ... ~,

J>Ge - - t3.<*e-J- , :; f.ag'$h % Qu,v-s ? g,.

a.

^ ;sf *4 L \ _*;i.v t S R -

s f* lG s' K c&, fG.y,bh ,:j O.e q ,Q lS%, k;,;k',3 1

Vl%.3) dy m,ea }4,k%.mm,M$MW#..e Q

,+v.

s w.m

v. m+? *N y.,gr n ., uJ

' f shf s&ftj fgyf,WW.

y4 1,'{1C 1

= :v!

mj. ,.

e yh4 r 2 sn

' D T'4*g

<.t.)3 +hL lf % {J h j +'4 a (-p a p"tW.*'q s,f

,,c-if '

,Q'.O v Ff N 44vid%y.c & ' '(4n ,)

y-d .A d H<bd S7 .J vp v@+@#.p.:'trha+

o 3n 9 4. %w 9 w?-*m.,u+

a pra p%gh,, qw,w A*

fm)c

  • aply;ng,r.f aw.emp. r c#,r :i u p..a *c (, t W $ t.a wm n; b

m.em.:? g F n;g@

p'[. 4 s,e

.,pa y g w'g,,y.

g.-my,,7%y ,w 4,

.m m y i

go, Q , ,gg dr

" *[--

6 ig ;r ,.}

Alp A W g,yyit.W.:;,i,U W;%g;3 "

l (d,,gya%sa . . wy y

l. hy ?ff: .,3.h,m.y,h h f i

% r $ ,: @s. ng "MM p(' ~

y% g M"r*hP Q mn M.fjM{mM 4.,, w ,w&u.,$m ,% ,, 9 ,2 9e o.,v c g , - &;.:4Q $

% un M O;.y*%+;rt:?

s.

j mG g M V.P. '

0 r, age ,

u M.eD. *p%@g ft%Qgg stfay ;$

, y iQM% Q4 Q P

M Q~17 'E ;**%"*ils p Q, W *%GM'M l

~

Q .+M w C Wps %

E 4 9 P

a  %}9fMi r

"* d &,PE +* h@2 GbFfW

  • M g G y)

VQ j "! f

. C u 4'M O LL *Jn.js wMp c)

! \*(.*%d -

O

, s *+==

i g

  • e O @')
0) O. M Q
OO G) +-*

C O u u '3 - .

O., b 4

W1 l o ,

N

- t

' O i

e

- i , .*:- r- o  :-a=re+--------v -

--s - - , - - + - - . - 1-*-i- _.--m #+-

. @ Process Corr:rol Division Summary

  • Long heritage of advanced control & computer systems

.* Recognized leading supplier to electric utility, steel and other important industrial segments .

  • Business structured on global participation e Very creative engineering-based solutions to customer needs - long list of " industry firsts" e Management team and other employees dedicated to
long-term success of the enterprise ,

)

i YOOS.YOS DISC 102 i

- _ - - __ ___-_-_______ -_ -- - --___-__--_._ - ____.__ - -_-____ ._---___-_--_

Retrieved from "https://kanterella.com/w/index.php?title=ML20128N826&oldid=2892290"