ML20133K622
| ML20133K622 | |
| Person / Time | |
|---|---|
| Site: | Hope Creek  |
| Issue date: | 10/14/1985 |
| From: | Mittl R Public Service Enterprise Group |
| To: | Butler W Office of Nuclear Reactor Regulation |
| References | |
| NUDOCS 8510220209 | |
| Download: ML20133K622 (36) | |
Text
A Putdic Sennce g
Electnc and Gas Company 80 Park Plaza Newark, NJ 07101/ 201430-8217 MAILING ADDRESS / P.O. Box 570, Newark, NJ 07101 Robert L. Mitti General Manager Nuclear Assurance and Regulation October 14, 1985 Director of Nuclear Reactor Regulation United States Nuclear Regulatory Commission 7920 Norfolk Avenue
.Bethesda, Maryland 20814 Attention:
Mr. Walter Butler, Chief Licensing Branch 2 Division of Licensing Gentlemen:
SPDS. AUDIT, PARTIAL RESPONSES HOPE CREEK' GENERATING STATION DOCKET NO. 50-354 On August 27-28, 1985, members of your staff conducted an audit at Public Service Electric and Gas Company's (PSE&G)
Hope Creek Generating Station (HCGS) on the Safety Parameter Display System (SPDS).
During the exit meeting several items were discussed and various requests for additional information were made by the Nuclear Regulatory Commission (NRC) staff, two of which are being addressed in this submittal. contains information which addresses the request to consider additional SPDS display parameters while Attachment 2 addresses the verification and validation (V&V) process.
The remaining requests for additional information will be addressed as responses and positions become available.
Sincerely,
.b.
l U
c 851022020985101g PDR ADOCK 05000PDR-F
\\
f Attachments (2)
I\\
The Energy People 954912 GA 4 84
w Director of Nuclear 2
10/14/85 Reactor Regulation C
D.H. Wagner USNRC Licensing Project ?lanager P
I 3
v h
P 4
I
\\
1 i
i f
i i
'b ATTACHMENT 1 During the recent NRC Verification Audit of Hope Creek Safety Parameter Display System, a comment was made by the lead NRC reviewer that consideration should be given to expanding the SPDS parameter set by four additional variables, and that the current status of these variables should be presented on the Primary SPDS Display.
The variables identified were:
1.
SRM count rate
.2.
Primary containment (drywell) radiation level 3.
Primary containment isolation valve status 4.
Primary containment (drywell) combustible gas concentration (Hydrogen / Oxygen)
The Hope Creek SPDS Safety Analysis Report describes the basis for determining which variables should be included in the SPDS parameter set.
Briefly, the SPDS parameter set-should be composed of those primr._y plant variables directly controlled by the operator actions specified in the plant Emergency Operating Procedures (EOPs).
By defining the contents _of the SPDS parameter. set consistent with control f unctions identified through an analysis of the EOPs, the plant safety status assessment function of the SPDS is directly and completely supported.
The four variations as candidate additions to the Hope Creek SPDS parameter set were each evaluated consistent with the criteria applied in selecting the current SPDS parameters, as described above.
The results of this evaluation are presented below.
SRM Count Rate:
f This parameter is not identified. in the EOPs, and thus j
no technical basis exists for including it in the SPDS parameter set.
The BWR Owners Group committee which developed the BWR Emergency Procedure Guidelines (EPGs) specifically con-sidered whether explicit operator action _ steps based l
on SRM and IRM neutron flux (reactor power) -information l
was required to assure plant safety under emergency response conditions.
Th'e conclusion reached was that g
i reactor power at or above the APRM downscale trip setpoint (set at 5% for Hope Creek) provides sufficient information for initiating mitigative action to avoid degraded core t
l
o l
Page 2 SRM Count Rate:
(Continued) conditions, and to assure that primary containment struct-u.sl integrity limits are not exceeded.
The EPGs, so i
structured, were subsequently reviewed by the NRC and l
approved for implementation.
The Hope Creek EOPs were written consistent with the approved EPG steps for control I
of reactor power.
If the current value of SRM count rate was to be presented on the Primary SPDS Display, no tie would exist between l
this information and the operator actions specified in the EOPs.
With no specific interrelationship existing between SRM count rate information and the emergency I
response actions of the control room crew, no information processing which incorporates an evaluation of the status of this parameter can be defined and, as a result, no basis exists for developing any functional logic to dynamically drive a display feature.
4 r
For the above reasons, it is unnecessary and inapproprl-ate to include SRM count rate as an SPDS variable, or to present SRM count rate information on the Primary SPDS Display.
Control room operators can monitor these parameters-by using hardwired instrumentation provided to meet Regulatory Guide 1.97 (see HCGS FSAR Table 7.5-1)'or by using the appropriate Control Room. Integrated Display
[
System (CRIDS) displays.
Primary Containment (Drywell) Radiation Level:
I This parameter is not identified in the Emergency Operating Procedures, either explicitly or implicitly, and thus
[
no basis exists for including it in the SPDS parameter set.
If the current value of drywell radiation level was i
to be presented on the Primary SPDS Display, ro tic would exist between this information and the operator
{
actions specified in the EOPs.
With no specific inter-relationship existing between high drywell radiation level information and the emergency response actions of the control room crew, no information processing which incorporates an evaluation of the status of this
,i parameter can be defined and, as a result, no basis E
1 exists for developing a functional logic to dynamically i
j drive a display feature.
l l
l 1
i e
i s
.I
. ~..
-,__....~.--_,__._.....-...-..,.._._.~..--.,_.-,..m.__,_.
o Page 3 Primary Containment (Drywell) Radiation Level:
(Continued)
For the above reasons, it is unnecessary and inappropri-ate to include primary containment (drywell) radiation level as an SPDS variable or to present primary contain-ment (drywell) radiation level information on the Primary I
SPDS Display.
Control room operators can monitor these parameters i
by using-hardwired instrumentation provided to meet i
Regulatory Guide 1.97 (see HCGS FSAR Table 7.5-1) or by using the appropriate Control Room Integrated Display System (CRIDS) dinplays.
5 Primary Containment Isolation Valve Position:
Although this parameter is identified in the Emergency i
Operating Procedures (OP.EO.ZZ-101, Step RC-1), EOP task analysis results did not identify it as a control function variable, as were all of the other SPDS parameters.
Verification and/or initiation of Primary Containment Isolation System (PCIS) isolation is simply one individual action carried out by a control room operator, as appro-
[
priate for existing plant conditions.
Including PCIS I
valve position status as an SPDS parameter would therefore f
require the basis for selection of all the other variables comprising the SPDS parameter set.
t
}
For the above reasons, it is unnecessary and inappropri-
[
ate to include primary containment isolation valve status
[
as an SPDS variable, or to present primary containment isolation valve position information on the Primary i
SFDS Display.
t Control room operators can monitor these parameters by using hardwired instrumentation provided to meet Regulatory Gu2de 1.97 (see HCGS FSAR Table 7.5-1) or by using the appropriate Control Room Integrated Display System (CRIDS) displays.
Primary Containment (Drywell) Combustible Gas Concentration I
This parameter is not identified in the Emergency Operating Procedures, either explicitly or implicitly, and thus
[
no basis exists for including it in the SPDS parameter set.
i
)
-.~. ~......
. ~ -. - - -
.-..---.-.+v m.
o Page 4 Primary Containment (Drywell) Combustible Gas Concentration (Oxygen / Hydrogen):
(Continued)
If the current value of combustible gas concentration was to be presented on the Primary SPDS Display, no tie would. exist between this information and the operator actions specified in the EOPs.
With no specific inter-relationship existing between combustible gas concentration information and the emergency response actions of the control room crew, no information processing which incor-porates an evaluation of the status of this parameter can be defined and, as a result, no basis exists for.
developing any functional logic to dynamically drive a display feature.
For the above reasons, it is unnecessary and inappropri-ate to include primary containment combustible gas concen-tration as an SPDS variable,~or to present combustible gas concentration information on the Primary SPDS Display.
Control room operators can monitor these parameters by using hardwired instrumentati'on provided to meet Regulatory Guide 1.97 (see HCGS FSAR Table 7.5-1) or by using the appropriate Control Room Integrated Display System (CRIDS) displays.
The Hope Creek Emergency Operating Procedures were developed from Revision 3 of the generic BWR Erergency Procedures Guidelines.
As future revisions of the EPGs are approved by the NRC a'nd issued through the BWR Owner's Group, the plant-specific EOPs will be reviewed and updated as appropri-ate.
Since the EOPs form the basis for selection of the SPDS parameters, the existing set of SPDS variables will be re-evaluated, with' respect to both additions and deletions, as each revision of the EOPs is issued.
As appropriate, modifications to the SPDS parameter set will be made consistent with the results of this evaluation process.
I
O ATTACHMENT 2 i
f r
I I.
I r
f' r
1 a.
i L
I
{
l
HOPE CREEK SAFETY PARAMETER DISPLAY SYSTEM VERIFICATION AND VALIDATION PROGRAM PLtd' i
l 1
I.
OBJ ECTIVES 1
The Safety Parameter Display System (SPDS) is*one of the
]
elements of the emergency response facilities called for in NUREG 066 0 (Reference [1]) and clarified in Supplement 1 to NUREG 0737 (Reference
[2]).
The Hope Creek SPDS verification and validation (V&V) program has been developed i
j in accordance with NSAC-39 (Reference [3]),
to ensure.that the SPDS is acceptable and meets applicable requirements of NUREG 0737, Supplement 1.
l I
I Specifically, the program will provide a basis for ensuring i
the following:
A.
The variables displayed on the SPDS are sufficient to provide the minimum information required to assess the i
critical saf ety functions.
B.
The SPDS is suitably isolated from electrical and electronic interf erence with equipment and sensors that are used in safety systems.
l C.
Means are provided to ensure that the data displ ayed 5
are valid.
l' D.
Characteristics of the SPDS displays and other t
j operational interfaces are sufficient to allow i
t reasonable assurance that the inf ormation provided will i
i l
?'
i PSE-1210-01.
1 Rev. 2
'i f
. i
be readily perceived and comprehended by the Hope Creek Operations Staff.
The Radiation Monitoring System (RMS) is a separate system which feeds data directly to the Control Poor; Information Display System (CRIDS) computer (ie.
SPDS).
The RMS implementation is in accordance with a schedule different than that of SPDS.
The SPDS design review identified in Section II shall include the review of avail able RMS documentation when applicable.
The SPDS
" performance validation" test will incorporate RMS display features by simulating RMS inputs.
RMS characteristics inherent to acquiring and transmitting radiation data to CRIDS will be validated at a later date and in a manner consistent with this plan.
PSE-1210-01 2
Rev. 2 1
W II.
METHODOLOGY The SPDS V&V program will be perf ormed in the following five parts:
A.
System Requirements Review The requirements review will consist of the development of a
matrix to identify and track applicable SPDS requirements throughout the validation program.
The requirement list will be a compilation of applicable Hope Creek design requirements in addition to any requirements obtained from a
search of applicable regulatory and industry standard documents.
B.
Design Review The design review will document in a traceable manner that the identified design requirements are implemented in an unambiguous and consistent manner.
Test results documentation (ie.
hardware supplier and site acceptance tests) shall be reviewed to assure that applicable performance characteristics have been demonstrated.
Appropriate tests will be perf ormed as part of the pe rf ormance validation or field verification testing for those identified characteristics not previously demonstrated.
'l Any deficiencies. identified during the design review will be documented along with their resolutions.
C.
Performance Validation Test l
l l
PSE-1210-01 3
Rev. 2 l
t
The performance tests will consist of a series of plant simulator static and dynamic tests to determine the effectiveness of the SPDS.
D.
Field Verification Test The field tests will be perf ormed on the installed equipment and are intended to verify that the installed system is in accordance with that previously validated.
E.
Final Report i
A final report will be prepared to provide 4
documentation of the conclusions of the above efforts and. to provide traceability for future reference.
Included within the report will be any observed deficiencies and associated resolutions.
i r
i r
PSE-1210-01 4
Rev. 2 i
4 e
-1
III. SYSTEM REOUIREMENTS REVIEW The system requirements are the foundation on which the completed system is
- designed, built, and accepted.
Consistent with the intent of NSAC 39, the ' req ui r ements review shall include a hardware, software, pe rf ormance, and effectiveness evaluations.
During the SPDS system requirements review a
literature search of regulatory documents will be conducted for applicable requirements which are considered to be relevant to the SPDS to assure that the system is adequate to support the saf e operations of the plant.
From the following minimum set of documents a
list of requirements will be compiled and cross ref erenced to show which document each requirement was derived f rom.
1.
NUREG 0 80 0, Section 18.2 (Reference [ 4] )
2.
NUREG 0737, Supplement 1 (Reference [2])
3.
NUREG 0696, (Reference [ 5] )
4.
NUREG 0835, (Reference [6])
5.
NSAC 39, (Reference [3])
This list will then be incorporated into a
design characteristics versus requi.rements matrix, as described in NSAC 39, to be used during the Design Review phase of this program.
The following topics shown in NSAC 39, Section 2
and i
expanded by NUREG 0800 will be addressed as a minimum.
l PSE-1210-01 5
Rev. 2
-,r l
A.
Completeness and correctness in specifying the perf ormance requirements and operational capabilities and concepts of the system relative to Emergency Operating Procedures (EOP).
1.
Display format and content.
(a)
Assure that critical plant variables for the SPDS are presented on a
single primary display or on a group of displays at a single 4
j location.
(b)
The display should be responsive to transient and accident sequences including-scenarios I
which assume plant conditions beyond the design basis conditions, such as (i) Primary t
i.
containment pressure at. emergency venting
- level, (ii) Reactor water level below top of t
. active
- fuel, and (iii)
Reactor building i
i radiation at the reactivity release alert j
j level.
t i
i (c)
The display should be capable of presenting magnitudes and trends of critical plant variables or derived variables.
I e
(d)
The system will continuously display j
information from which the plant ' safety
~
status can readily and reliably be - assessed I
i.
by the control room personnel.
t PSE-1210-01 6
Rev. 2
- 't l
i t 7,.
t*. - - -.
__v
s I
(e)
SPDS users are made aware of important l
changes in critical saf ety-related variables when they occur and that the SPDS users can
+
readily obtain-information from SPDS to help
'them determine the safety status of the plant.
(f)
The minimum information to be provided shall i.
3 t,
be sufficient to provide information to j
control room operators about (1) reactivity r
- control, (ii) reactor core cooling and heat
[
removal from the primary
- system, (iii) reactor coolant system integrity, (iv) radio-activity
- control, and (v) containment conditions.
l i
(g)
For each mode of operation, the displays contain the ' minimum set of indicators and s
1 data needed to assess the plant functions that are used to determine the plant's saf ety i
status.
i i
(h)
There should be provisions in the display to i
l indicate to the control room operator that a change in the mode of plant operation has occurred.
2.
Sensor scan intervals.
)
i (a)
The sampling rate for each critical plant PSE-1210-01 IT Rev. 2 c
f 1
i l
m:
variable is. such that there is no meaningf ul
[
loss of information in the data presented to r
the control room operator.
(b)
The time delay from when the sensor signal is t
j sampled to when it is displayed. should be consistent with other control room displays and should be responsive to control room operators needs in performing assigned tasks.
^
(c)
Each critical. plant variable is displayed with an accuracy sufficient for the-control =
4
]
room operator.
to discriminate between-
}
' conditions that impact the plant's safety i
status and normal operating conditions.
(d)
The display does not give false indications j
of plant status.
3.
Scale optimization.
Scales for displayed variables allow tracking of l
variables over a wide range of conditions.
The f
conditions include normal plant modes of operation such as startup,
- shutdown, and power operation; f
j
.and~ abnormal conditions up to and including design limits.
These displays may also provide a means of reading values should any variable go off scale during abnormal conditions.
4.-
Data validity.
PSE-1210,01 E'
Rev. 2'
Displayed data is validated on a "real time" basis where practical and redundant sensor readings are compared before displaying the critical plant variable.
5.
SPDS Failure.
Members of the control room operating crew are provided with the information and criteria they need to perf orm an operability evaluation of the SPDS.
In
- addition, the crew must be able to easily recognize a f ailed SPDS.
B.
Completeness and correctness in system definition and interf aces with other equipment.
SPDS is suitably isolated f rom electrical or electronic interf erence with equipment and sensors that are in use for the saf ety systems.
C.
Unambiguous, correct and consistent description of the interfaces and performance characteristics of each major function.
Maj or SPDS interf aces and perf ormance characteristics (har dware and software) are adequately documented to provide a
basis for evaluating the acceptability of future system alterations / modifications.
D.
Establishment of a reasonable anc achievable set of-test requirements.
PSE-1210-01 9
Rev. 2 l
r i
The Hope Creek SPDS V&V Program shall include the deve:opment of acceptance criteria (see Sections IV & V of this plan).
E.
Definition of physical characteristics, reliability, and maintainability objectives, operating environment, transportability constraints, and design and construction standards, including those intended for software.
1.
The portions of the Control Room Integrated Display System (CRIDS) hardware and software characteristics that pertain to the SPDS will be validated during the performance test as they are intrinsic to system operation.
(see Section V of this plan) 2.
SPDS Location.
(a)
Assure that the SPDS is convenient to the control room operating crew; (b)
The SPDS is readily distinguished from other displays on the control board; (c)
The display is readily accessible to the following personnel, but not necessarily simultaneously:
Shift Supervisor Control Room Senior Reactor Operator PSE-1210-01 10 Rev. 2
?
I
~.
Shift Technical Advisor One. Reactor Operator (d)
The control room operating
- crew, not
. personnel outside the control
- room, control images displayed on the control roo,m SPDS.
3.
The. SPDS reliability analysis shall be reviewed for consistency with the overall requirements l
objectives defined herein.
Included will be the
~
review of any maintainability (ie.
repair) j assumptions incorporated within that analysis.
F.
' Definition of the necessary logistics, personnel, and training requirements and considerations.
j 1.
Since. operators must be trained to Evaluate plant l
status in response to accident. conditions both i
r with and without SPDS, this assumption shall be i
factored into the
" effectiveness" acceptance criteria for. the simulator perf ormance test (sec t
i Section V of this plan).
t t
2.
Procedures and Training.
]
.i
. a)
Assure that operating procedures and training l
(
are provided to the control room operating
[
t l
crew that will allow timely and correct i
L
~
i safety status assessment when the SPDS is not
{
t operating.
i i
(b)
No additional operating staff other than the l
PSE-1210-01 11 Rev. 2
[
i r
-,... - =
,w,
normal control room operating crew should be needed to operate the SPDS display during normal and abnormal plant operation and during display outages.
i (c)
The control room operators training program contains instruction and training in the use of the SPDS in conjunction with operating i
procedures for
- normal, abnormal, and l
emergency operating conditions.
G.
Definition of input and output
- signals, and establishment and management of the database.
P 1.
Critical plant variables.
(a)
Assure that the predetermined set of critical plant variables will aid control room operators in rapidly and reliably detcrmining the-saf ety status of the plant.
(b)
The variables associated with each critical f
r saf ety function should also be available for display and operator assessment.
b H.
Treatment of man / machine interf ace requirements.
Assure that the SPDS display incor porates accepted human
. factors engineering principles so that the displayed information can be readily perceived and comprehended by SPDS users.
I i
L PSE-1210-01 12 Rev. 2 l
t y
.-..---y
...m
I.
Definition of subsystems and integration requirements.
Subsystem integration characteristics will be validated during the performance test as they are intrinsic to system operation (see Section IV of this plan).
J.
Definition of installation, operation, and maintenance requirements.
1.
Operation characteristics will be verified during the performance test as they are intrinsic to system operation.
2.
Installation Audit.
Assure that the data displayed reflects the sensor signal which measures the variable displayed.
3.
Vendor eq uipment documentation shall be reviewed to verify implementation of recommended periodic maintenance guidelines in plant procedures.
P PSE-1210-01 13 Rev. 2
{
,,-.e me___
,,..n.-v-
,,,er
,m-,v.
IV.
DESIGN REVIEW The objective of a design review activity is to asce'rtain in a
- planned, controlled, and documented manner that the implementation of system requirements into hardware and software is
- complete, and there are no ambiguities or deficiencies.
During the design review, a literature search of system documentation which describes the Hope Creek SPDS will be conducted in order to complete the compliance section of the requirements matrix which was developed during the-systems requirements review.
This includes a review of vendor and site test programs to ensure that appropriate performance characteristics are nemonstrated.
Any deficiencies identified during the design review will be documented along with their resolutions and will be included in the final report.
A
" walk-through" of the SPDS will also be conducted to' supplement. the documentation being reviewed.
The design review of the Hope Creek SPDS will be approached in four parts.
A.
The first part of the SPDS verification task shall consist of an analytical review of the existing documentation for a random selection of safety-related sensors which require class lE isolation between the sensor ' output and its CRIDS input to assure that the PSE-1210-01 14 Rev. 2 s s
1 f
required isolation has been included in the system design.
The same sensors selected for documentation review will also be included in the " walk-through" of the installed system to assure consistency between the design and installation.
B.
The second part of the review shall be an evaluation of the display descripcions, CRIDS hardware descriptions, and vendor / site acceptance test reports.
This review will address requirements such as:
1.
Available Data (a) display feature development descriptions (b) display functional descriptions (c) selection of critical plant variables (d) select' ion of variable scales
[
2.
Data Manipulations (a) sensor scan intervals (b) display update timing intervals i
(c) e,ngineering unit conversions i
3.
Data Validation I
(a) validation algorithms (b) display of. invalid data l
4.
Acceptance Testing i
(a) acceptable results demonstrated (b) results applicable to the installed system
[
i PSE-1210-01 15 Rev. 2 t
I
A design " walk-through" will tx3 conducted to supplement the review of design documentation.
This review will compare actual display format and content with that described in the display description documentation.
Any deficiencies identified will be documented along with their resolution.
C.
The third part of the review shall consist of reviewing the CRIDS/SPDS " Human Engineering Discrepancy Reports" resulting from the Control Room Design Review to assure that all applicable discrepancies are resolved and incorporated into the displays as necessary.
This will ensure that items such as anthropodmetric considerations, system compatibility with human input / output abilities and limitations, along with a
review of the display formats, color selections and operator comprehension of display
- content, were considered.
D.
The fourth part consisting of a
system perf ormance assessment will be included in the pe rf ormance validation test defined in Section V of this plan.
The scope of the performance validation test will be expanded as necessary to include the demonstration of those appropriate characteristics not documented in Item IV. B. 4 above.
The remaining items will be addressed during the Field Verification test described in Section VI PSE-1210-01 16 Rev. 2 l
V.
PERFORMANCE VALIDATION TEST A.
Validation Philosophy The principal function of the SPDS is to aid the
(
operator in determining the plant safety status.
The issues in evaluating the degree to which the, operator
{
t is aided are:
i Compatibility -
The nature of the SPDS presentations to the operator and the responses expected from the operator should be compatible with human r
input / output abilities and limitations.
Understandability -
4 The structure,
- format, and content of the i
operator /SPDS dialogue should result in a
meaningful communication.
i Effectiveness -
The SPDS should support the operator in a manner
[
which leads to improved performance, or results in a difficult task being less dif ficult, or enables l
accomplishing a task that could not otherwise be
[
accomplished.
t l
The design review performed in accordance with Section IV of this plan will addresr.
the issue of "compa tibility" and will confirm that the displayed variables are suf ficien' to assess the critical saf ety j
PSE-1210-01 17 Rev. 2 L
p
(
. ~.
._,._-__m
functions and that the system is suitably isolated f rom other systems that are safety related (See Obj ectives A & B Section I of this plan).
To complete the review of " compatibility",
static simulator tests will be performed to confirm the adequacy of Objective C (See Section I of this plan).
The primary focus of the performance validation test shall be to demonstrate SPDS " effectiveness".
It is recognized that " compatibility" and "understandability" are necessary to achieve
" effectiveness".
Assurance that the SPDS displays can be readily perceived and comprehended by the plant operators (See Obj ective D Section I of this plan) is an
" effectiveness" goal.
If sufficient assurance is demonstrated that the system is "ef f ective",
then the system will also have been demonstrated to be
" unde r standa bl e"..
To establish reasonable assurance that the system is "ef f ective",
a series of dynamic tests using time dependent data via the plant simulator will be performed.
B.
Acceptance Criteria To assist in determining the functionality aspect of the static
- tests, acceptance criteria shall be developed from results of the requirements review.
The static test acceptance criteria shall -include the following minimum set of
- items, depending on the applicability of each item to the specific design.
PSE-1210-01 18 Rev. 2
[
n'
-~
- 1. Alarm and status changes occur as defined,
- 2. Automatic scale changes occur when required,
- 3. Range checking occurs as defined,
- 4. Analog input is within prescribed accuracy and appropriate' engineering units assigned, 5.
Sensor input failure detection,
- 6. Hardware f ailover occurs. as designed, 7.
Sensor scan interval are within prescribed limits.
The explicit goals of the dynamic perf ormance test that shall be addressed relative to effectiveness are whether or not the operator. can determine the following, via his experience,
- training, SPDS, and knowledge of prior plant conditions and activities.
1.
If plant conditions warrant entry into an EOP.
2.
Which is (are) the appropriate EOP(s) to enter.
C.
Test Description 1.
Static Tests The static tests shall be performed on the HCG S simulator when possible with the remaining tests l
being performed at the site.
The simulator CRIDS computer is a replica of the plant CRIDS computer and receives sensor input from the simulator computer.
A unique f unctional compatibility test shall be performed to demonstrate each of the static test acceptance criteria.
PSE-1210-01 19 Rev. 2 L
,m
+. - -
- _ ~
l' a.
Alarm and Status Change:
Six randomly l
selected inputs, four analog and two digital,-
l-will intentionally be increased and/or decreased, or toggled, to the specified alarm setpoint.
Each channel shall be co,nfirmed to change status and/or initiate an alarm condition, j
b.
Automatic Scale Changes:
Six randomly selected analog inputs that utilize multiple ranging will be checked for appropriate scale changes when the applicable simulated plant conditions or operating modes are altered.
This shall include checks for "zero clamp" if j
applicabl e.
I c.
Range Checking:
Six randomly selected analog i
i inputs that are used in the calculation of i
l other point (s) shall' be subj ected to simulated signals that are out of the l
l expected indicating range.
Each input' i
channel and associated composed point.shall l
be confirmed to change to indicate an invalid j
input condition.
i d.
Analog Accuracy: Six randomly selected analog inputs of each signal type (ie RTD,.
l thermocouple, conductivity, square
- root, i
l polynomial approximation, etc.)
shall be PSE-1210-01 20 Rev. 2 6m 1
j I
provided with a known input value and the 4
j displayed value shall be verified to be
- l within specified accuracy.
When specific t
I accuracy requirements are not specified, the accuracy of the equivalent con, trol room benchboard instrumentation shall be utilized.
ran'omly e.
Sensor Input Failure:
A single d
selected input for - each sensor
- type, excluding digital inputs, shall be subjected to:
a simulated hardware failure such as-
" point selection f ailure" or-
" analog to j
digital
'ov erflow" ;
and both open short circuited inputs to confirm that an invalid status is displayed.
l l
f.
Hardware Failover: One of the redundant CPU's shall be intentionally failed to verify transfer to the alternate processor so that j
the operator does not have to repeat j
previously entered SPDS commands, i-i i
g.
Scan.
Interval:
A single input from each of i
the input
" scan classes" (ie.
1 second, 5 second, 15 second, and etc.)
shall be
- verified by artificially varying the input signal and timing the point update time on an j
associated display.
l PSE-1210-01 21 Rev. 2
- sv r
y...
-w--e+aq----
g e-w&
re
-w
--e
--t~-i
=-w-u,w,----
-++weym
-+-etw
-,w--c,,*
---y,v-+-y g----,--+m
+rw--w->--
e-~,.-
w-e.,a g et-
---e+-y-..g o
ee.ee+i=s-e d
s w
L i
2.
Dynamic Test The simulator dynamic performance test shall I
i subject three randomly selected control room crews i
i i
to three different transient scenarios.
The 4-j transients shall be selected so that as many of l
the SPDS displays as possible are addressed.
Each transient shall focus on a different EOP and at i
4 P
f least one of the transients shall introduce I
i multiple failures to ensure concurrent execution i
l of at least two EOP's.
Two permutations of each transient, resulting in six separate tests overall, shall be perf ormed, f;
l One of the permutations shall be the baseline for compa rison upon test ' completion.
Only control I
l room instrumentation shall be utilized.
The i
1 i
second permutation shall require the use of SPDS 4
f in addition to normal control room instrumentation.
For ' the purposes of these tests l
l it shall be assumed that the training of each of i
the three crews is comparable.
This will
(
facilitate the effectiveness evaluation by l
allowing a
different crew to perform each
{
1 1
transient permutation.
Test results evaluation l
will compa re general crew performance to e
i substantiate this assumption.
}
I Sufficient saf ety parameter data shall be recorded f
to determine if the operator was able to I
PSE-1210-01 22 Rev. 2 f
wr-,---~.
-..-w.
-.vy-
,~,r-r--,,--.---
.,7
,.,--e
,,,,-v,,,w-m,--,,_
we.,,-,,,.w-
.,e-,.-,--
y, ry
s e,-,-
appropriately follow the correct EOP(s),
remain
'within normal EOP control bands, and recover from the transient.
To assist in making an evaluation on the effectiveness of the SPDS, the following will be considered.
Assuming time "zero" is the initiation of the transient:
1.
The elapsed time reg'uired to enter the appropriate EOP.
2.
The elapsed time required to exit the appropriate EOP.
i 3.
The worst case value of the EOP entry parameter.
Evaluation of these results shall be limited to determination of perf ormance trends since no real significance can be associated with any absolute measurements.
Feedback from test participants will be included in the evaluation of performance trends via operator / instructor post test interviews.
l i
i l
PSE-1210-01 23 Rev. 2 L
VI.
FIELD VERIFICATION TEST The obj ective of this activity shall be to verify that the system was properly installed.
Construction installation and test specifications shall be reviewed to ensure that sensor inputs to the system and system power supply transf er schemes are physically checked for correctness.
Specific items that shall be included are:
A.
Point to point continuity checks, B.
Polarity checks, and C.
Calibration The design review " walk through" discussed in Section IV of this plan-will be coordinated with the audit of the installed system.
This will include a check to verify that the installation of Class 1E isolation devices, for randomly selected sensors, is consistent with design drawings.
Randomly selected parameters will be tested by varying the sensor output signal to assure that the variable being displayed is being measured by the sensor assigned to that function.
The existing graphic displays will also be reviewed at this time for consistent format and content with those validated on the plant simulator.
Test items not incorporated into the Performance Validation test will be_ subjected to a field verification test.
e PSE-1210-01 24 Rev. 2 1
g
~~
VII. FINAL REPORT A
final report will be prepared to provide documentation of the results of the above efforts and to provide traceability for future reference.
The report will'contain the design requirements matrix, any deficiencies noted with their associated resolutions, results of the perf ormance validation tests and results of the field verification tests.
PSE-1210-01 25 Rev. 2
\\
VIII.
REVIEW TEAM OUALIFICATIONS e
The Hope Creek SPDS V&V program shall be conducted by qualified individuals f rom EIGEN Engineering, Inc. who were not involved in the design, development and installation of the SPDS eqsipment or software.
The team f rom EIGEN Engineering, Inc.
Will consist of the following individuals:
Luis E.
Fl or es,
P. E.
Principal Engineer Mr.
Flores earned BS degrees in Physics and Mechanical Engineering, has professional engineering licenses in California and Ohio, and holds a Senior Reactor Operator Certification.
Mr.
Flores has had extensive experience in the
- design, operation and testing of nuclear power plant
- systems, including instrumentation and control system engineering, data acquisition system specification and implementation and design verification testing of process computer systems.
He has been responsible for various projects at the Hope Creek Generating Station, including:
Development of the Power Ascension Test Progrim; Design and implementation of the Plant Transient Analysis and Recording System; and Analysis of Post Accident Mo11toring capabilities.
He has also directed a group of startup engineers and participated in all phases of several startup programs for nuclear power plants.
PSE-1210-01 26 Rev. 2 y
4 Gregg A.
- Reimers, P. E.
a Senior Consulting Engineer Mr. Reimers earned a BS degree in Electrical Engineering and has completed courses at the General Electric BWR Simulator and Westinghouse PWR Simulator.
He has a
professional Engineering license in Calif ornia.
Mr.
Reimers has over ten years experience in the nuclear power industry in the areas of power plant operations, system design, design. impl ementation, design and analysis of electrical power systems, pr.ocess system instrumentation and control circuits and design reviews of actual plant systems to design criteria.
He has participated in several projects for Hope Creek Generating Station, including:
Development of various test, instrumentation and control tuneup procedures for the Power Ascension Test Program; '
responsible f or the preparation and instruction of site engineering on the Emergency Core Cooling System design theory and operation; and responsible for development of relational database sof tware for plant information tracking management.
He has also been involved in several design projects at other plants and was assigned to the technical staf f of an operating nuclear power plant for a number of years.
PSE-1210-01 27 Rev. 2
Kenneth V.
- Allen, P. E.
Senior Consulting Engineer Mr.
Allen earned a BS degree in Electrical Engineering and has professional licenses in California.
Mr.
Allen has over eighteen years experience in the nuclear power industry.
His areas of expertise include
- design, installation and testing of instrumentation and control
- systems, including design and evaluations of reactor shutdown systems.
He has pa rticipated in preparing an SPDS design specification for a utility as well as the development and installation of a SPDS for another utility.
This required the coordination of process data engineering units conversions, algorithm development; participation in the development of color graphic displays; coordination of computer software and hardware groups and overall integration of software modules with hardware components.
He has also served as systems analyst on several fire protection evaluation teams to determine the ability of nuclear power plants to saf ely shutdown under various worst-case fire scenarios.
PSE-1210-01 28 Rev. 2 L
~
D REFERENCES o
1.
NUREG 066 0, Task I.D.
TMI Task Action Plan, May 1980.
2.
- 0737, Supplement 1,
Requirements for Emergency
Response
Capability (Generic Letter 82-33) dated December 17, 1982.
3.
NSAC 39, Verification and Validation for Safety Parameter Display System, December 1981.
4.
NUREG 0 80 0, 18.2, Rev.
O, Saf ety Parameter Display System (SPDS),
November 1984.
5.
- 0696, Functional Criteria for Emergency
Response
Facilities, February, 1981.
6.
NUREG 083 5, Human Factors Acceptance Criteria for the Saf ety Parameter Display.
PSE-1210-01 29 Rev. 2
-.