ML20134F378
| ML20134F378 | |
| Person / Time | |
|---|---|
| Site: | Comanche Peak  |
| Issue date: | 08/13/1985 |
| From: | Burwell S Office of Nuclear Reactor Regulation |
| To: | Office of Nuclear Reactor Regulation |
| References | |
| NUDOCS 8508210082 | |
| Download: ML20134F378 (101) | |
Text
{{#Wiki_filter:t f I Docket Nos.: 50-445 AUG 131985 I and 50-446 APPLICANT: Texas Utilities Electric Company FACILITY: Comanche Peak Steam Electric Station, Units 1 and 2
SUBJECT:
SUMMARY
OF THE STAFF'S AUDIT OF THE COMANCHE PEAK SAFETY PARAMETER DISPLAY SYSTEM (SPDS) On June 25 and 26, 1985, the staff performed an audit of the Comanche Peak 3 SPDS. The purpose of audit was to review outstanding questions regarding the Verification and Validation (V&V) programs, to confirm that the V&V program is being correctly implemented, to audit the V&V results to date, and to audit the installed SPDS at Unit 1. The enclosed summary describes significant events in the audit, contains copies of the Vu-graphs that were presented to the staff, and lists the attendees. The staff observations, notes and conclusions presented in the exit briefing are listed. S. B. Burwell, Project Manager Licensing Branch No. 1 Division of Licensing
Enclosure:
As stated cc: See next page l' i
/
[ / LB#1/DL LB : GPgh/DL CP/TR / L SBurwell/mac BJ 1 lood G#dmmell VSNo n ( 08/02/85 08 85 08/ /85 08/y 85 8508210002 850013 PDR ADOCK 05000445 F PDR
p 5 ...
SUMMARY
OF THE STAFF'S AUDIT OF THE COMANCHE PEAK SPDS, June 25 - 26, 1985 On June 25 and 26, 1985 the staff performed an audit of the Comanche Peak SPDS. The purpose of the meeting was to attempt to resolve outstanding questions regarding the Verification and Validation (V&V) program, to confirm that the V&V program is being correctly implemented, to audit the V&V results to date, and to audit the installed SPDS at Unit 1. The NRC team leader, George Lapinsky of the Human Factors Engineering Branch, was assisted in the audit by consultants from Lawrence Livermore National Laboratory and Comex. A list of attendees is included here as Enclosure 1. On June 25, 1985 representatives of the Texas Utilities Generating Company (TUGCo) presented information regarding the Comanche Peak SPDS design and implementation. Copies of Vu-graphs used during the presentations are included here as Enclosure 2. In addition, the audit team examined the following reports:
- 1. " Functional Design Specification for SAS Software," Rev. 2, May 20, 1982; by Quadrex for Ad Hoc Committee on Instrumentation Systems, SAS Project.
- 2. " Industrial Design / Human Factors Guidelines and Abbreviations",
SASLOG-33, May 15, 1981; by Quadrex.
- 3. " Safety Assessment System Evaluation Program Report," SASLOG-105, May 20, 1982; by Quadrex and Inpsych Company.
- 4. " Training Manual for Initial On-Site Safety Assessment System (SAS)
Training Program," by Quadrex.
- 5. " Project Plan for SAS/ERF Computer System for Comanche Peak Unit #1," by Quadrex, for Texas Utilities Services, Inc., CPSES.
- 6. " System Functional Specification, CPSES Unit 1, SAS/ERF Computer System," December 8, 1981; by Quadrex, for Texas Utilities Services, Inc.
- 7. " System Software Design Specification," QUAD-2-82-003, three volumes, Rev. 3 April 3, 1984; by Quadrex, for Texas Utilities.
- 8. " System Hardware Design Specification," QUAD-2-82-004, Rev. 2, May 18, 1984; by Quadrex, for Texas Utilities.
- 9. " Verification and Validation Plan for the SAS/ERF Computer System for Texas Utilities Comanche Peak Unit 1," October 1983, by the Boeing Company.
. ~ . . . . . ,
.$ 5
~
- 10. " System Requirements Review Report, CPSES Unit 1, SAS/ERF Computer System," Document No. D275-50010-1, November 1981, by The Boeing Company.
- 11. " Verification and Validation Report, SAS ERF Computer System, CPSES Unit 1," August 31, 1984; by The Boeing Company.
- 12. " Phase 1-1/2 Verification and Validation Report, Safety Parameter Display System for The Texas Utilities CPSES Unit 1," QUAD-4-85-014 Draf t, April 30, 1985; by Quadrex, for Texas Utilities Company.
! There were also Test Plans and Test Reports available from the V&V report series. The conduct and results of the tests are summarized in the Verification and Validation Report. Also available was a series of letters i from the SPDS design contractor, Quadrex, to Texas Utilities documenting SPDS design additions and plant-specific changes requested by the utility, the design team's review, and final design of the changes. l On June 26, 1985 the staff tuured the Unit I control room and witnessed a demonstration of the SPDS functions at the Technical Support Center computer console. Afterwards an audit of the display page formats was done. The i audit concluded in an exit briefing, at which time the staff presented the following observations, notes, and conclusions:
- 1) It appears that no final review and dynamic testing was done on the installed system - the staff feels this is necessary since the system has been revised since the original testing that was done on the generic vendor prototype.
- 2) No final conclusion can be drawn regarding the choice of SPDS parameters until the Procedures and Systems Review Branch (PSRB) completes its review. However, it appears that Main Stack Radiation Level and/or Release Rate are missing from the SPDS.
- 3) The Instrumentation and Control Systems Branch (ICSB) has reviewed and approved, on an interim basis, the isolation devices used on the SPDS.
The audit team saw nothing that would contradict the ICSB conclusions.
- 4) The data validation methodology for single input parameters is weak and is acceptable only as an interim solution.
- 5) Human factors were considered in the design and the SPDS reflected good human engineering practices except for two items: a) severe glare on the display screen, and b) overprinting of trend graphs, one upon the i
other, to the point of unreadability.
- 6) Reliability / availability appears to be built into the system through redundancy. However, estimates and/or empirical data do not exist to confirm that the system will be highly reliable and available.
. = - _ _ . - . . .
ENCLOSURE 1 June 25, 1985 Attendance List Name Organization Don Woodlan TUGC0 - Licensing Mark A. Coffing TUGC0 Nuclear Engineering John T. Grillo . TUGC0 Nuclear Engineering Bob Hagan TUGC0 Nuclear Engineering Ron Estes QUADREX o Dennis R. Johnson QUADREX ', Russell Smith TUGC0 - Operations Support Norman Terrel TUGC0 - Operations Support Bill O'Connell Lawrence Livermore National Lab i George Lapinsky NRC - Human Factors Engineering Gary W. Bethke NRC - COMEX Tom J. Talley TUGC0 June 26, 1985 Name Organization Bob Hagan TUGC0 Nuclear Engineering Mark A. Coffing , TUGC0 Nuclear Engineering Tom J. Talley TUGC0 Advanced Systems Engineering J. T. Grillo TUGC0 Nuclear Engineering W. R. Woodlan TUGC0 Licensing R. D. Calden TUGC0 Nuclear Engineering D. R. Johnson Quadrex Ron Estes Quadrex Norman Terrel TUGC0 Operations Bill O'Connell Lawrence Livermore National Lab { Gary Bethke NRC - COMEX George Lapinsky NRC- HFEB
...x l
ENCIOSURE 2 1 4 OVERVIEW OF THE PROJECT l WHICH DEVELOPED , THE COMANCHE PEAK STEAM ELECTRIC STATION SAFETY PARAMETER DISPLAY. SYSTEM Presented to
- the NRC Audit Team June 25,1985 O
by Dr. Tom Talley l Texas Utilities Generating Company t l l i
---- - . , . _,-_,,,..m .,_ , . , , - . - .._,.,-,,_r- , - , _ . _ . - - _ _ _ , . . _ - _ . , _ _ - - _ _ _ - _ , . - - . _ _
6 4 TMI NRC WESTINGHOUSE OWNERS EPRl/NSAC THE SAS GROUP THE CPSES SITE-SPECIFIC . IMPLEMENTATION' 9 SPDS CSFM - ERF \
WESTINGHOUSE OWNERS GROUP (W.O.G.)
; AD HOC COMMITTEE ON INSTRUMENTATION -- 1 i
i COMMITTEE MEMBERS PROVIDED 8 : j A BROAD RANGE OF EXPERIENCE TO l PRODUCE THE SAFETY ASSESSMENT SYSTEM. l l l l S.A.S. COMMITTEE MEMBER UTILITIES -- i , FLORIDA POWER & LIGHT l 1 WISCONSIN ELECTRIC l WISCONSIN PUBLIC SERVICE i ROCHESTER GAS & ELECTRIC COMMONWEALTH EDISON CONSOLIDATED EDISON . PUBLIC SERVICE OF INDIANA ! l NORTHERN STATES POWER j SNUPPS l ! TAlWAN POWER SWEDISH STATE POWER BOARD TEXAS UTILITIES GENERATING CO. L.- _ _ _ _ _ _ _ - - - - . _ _ _ . _ __.__.___________.--_-----J
1 THE CPSES ERF COMPUTER SYSTEM IS A
~
SITE-SPECIFIC IMPLEMENTATION OF APPROPRIATE - PARTS OF THE GENERIC SAFETY ASSESSMENT SYSTEM DEVELOPED BY THE W.O.G. AD HOC COMMITTEE ON INSTRUMENTATION SYSTEMS OVERALL SCHEDULE 1979 , 1980 , 19 81 , 1982 , 1983 , 1984 , 1985 , 1986 ,
%* GO D O b5 NRC DEMONSTRAT I c1 o DEMONSTRATION '
4/82 l I GENERIC S A S. l ) DEVELOPMENT l I V 8 V TEST I 1/85 I I DEVELOPMENT OF l FIN AL CPSES UNIT I SPDS I V 8 V TEST 6/86 DEVELOPMENT OF CPSES UNIT 2 SPDS I i l
_2. .,_ . - - #_.n,.._.-.a.4 # s a s .,,4,,,. g THE W.O.G. AD HOC COMMITTEE THAT DEVELOPED THE GENERIC S.A.S. INCLUDED SEVERAL SUBCOMMITTEES -- . HARDWARE -- SELECTED CPU & DISPLAY HARDWARE SOFTWARE -- DEVELOPED SOFTWARE DESIGN SIMULATOR -- DEVELOPED SIMULATOR TEST PROGRAM VERIF & VALID -- AUDITED DESIGN & DEVELOPMENT EFFORTS e 1 i
---,-,a - -- -.-._ . ,
n m THE VERIFICATION & VALIDATION SUBCOMMITTEE VALIDATED THE GENERIC S.A.S. -- O e f V & V FUNCTIONS OVERSEE & REVIEW VENDOR V&V EFFORTS CONDUCT DESIGN REVIEWS REVIEW & APPROVE VENDOR TESTS & RESULTS AUDIT ENGINEERING TEST & CODE WALKTHROUGHS - WITNESS SYSTEM TESTS 'i l
~
PROOF OF CONCEPT AND DESIGN VALIDATION TESTS OF THE GENERIC S.A.S. WERE CONDUCTED ON A PWR SIMULATOR-- PHASE 1 - CAPTURE TRANSIENTS
- REPRESENTATIVE SAMPLE OF NSAC 40 EVENTS
- ROD EJECTION
- 1% LOCA
-SGTR l PHASE 2 - ENGINEERING. EVALUATION AT SIMULATOR
~
- 19 TRANSIENTS PHASE 3 - OPERATOR EVALUATION '
- 6 SCENARIOS INCLUDING EPRl/NSAC 40 DRAFT GUIDANCE
- 4 CREWS
- WITH & WITHOUT S.A.S.
- FULL DEBRIEFING AFTER EACH
- EVALUATION PROGRAM REPORT
- EPRI RETAINS TRANSIENT TAPES FOR FUTURE USE
THE S.A.S. DOCUMENTATION PACKAGES AVAILABLE FOR REVIEW INCLUDE -- R.F.Q. FROM AD HOC COMMITTEE FUNCTIONAL DESIGN SPECS VOL I & ll
, , HARDWARE EVALUATION REPORT TRAINING PROGRAM EVALUATION PROGRAM REPORT VERIFICATION & VALIDATION REPORT S.A.S. LOG W/ RESUMES OF PERSONNEL PRESENTATION GRAPHICS FOR NOV 1981 NRC BRIEFING PRESENTATION GRAPHICS FOR APR 1982 NRC DEMONSTRATION
4 I i SITE-SPECIFIC IMPLEMENTATION OF THE CPSES E.R.F. COMPUTER SYSTEM BEGAN WITH A FULLY VALIDATED SYSTEM -- I j -- S.A.S. WAS DEVELOPED UNDER A FULLY DOCUMENTED V&V PROGRAM THE S.A.S. PROJECT INCLUDED l EXTENSIVE EVALUATION TESTS 1 AT THE INDIAN POINT SIMULATOR WHICH VALIDATED THE - GENERIC S.A.S. SYSTEM ' l \ l -
e # CPSES SITE SPECIFIC ERF COMPUTER IMPLEMENTATION INCLUDING SAFETY PARAMETER DISPLAY SYSTEM e
4
)
J .] i i i i j AN COMPUTER-BASED INFORMATION SYSTEM I INCLUDES THREE BASIC PROCESSES -- j i l l
- DATA
; AQUISITION l
l DATA PROCESSING
& STORAGE -
l DATA l DISPLAY l l l l 1
e e THE S.P.D.S. DISPLAYS ARE A SUBSET OF THE ERF COMPUTER SYSTEM DATA BASE -- 4 QUICK ACTION FUNCTION KEYPAD 1 TOP LEVEL MODE PARAMETERS SPDS DISPLAYS - SECONDARY TRENDS / AIDS - DISPLAYS ERF PARAMETERS l ! SUPERVISORS. TSC, EOF ! MENU DRIVEN . l 1
t
~
l l lMPLEMENTATION OF THE UNIT 1 ERF - ! COMPUTER SYSTEM INCLUDED THREE MAJOR PHASES i l , 1982 , 1983 , 1984 , GENERIC S A S. COMPLETED INITI AL DEVELOPMENT I i . lg V 8 V TESTING , um i I I PROBLEM l
/ IRESOLUTION
! ! l V 8 V TESTING . li s 1 i f ) l CSFM ! I 1 REVISIONS I t r I FINAL l V 8 V TESTING
~~
EO P. DRAFT REVO PB - l l SYSTEM OPERATIONAL
- - - _ - - _---...-_-=,-.a neu _ ._.. . . _ __ _.
D 6 4 a DEVELOPMENT OF THE UNIT #2 ERF COMPUTER SYSTEM IS SCHEDULED TO BE COMPLETE IN JUNE 1986 -- INCLUDES ADDITIONAL PARAMETER INPUTS ! & ASSOCIATED DISPLAYS
- INPUT FROM THE REACTOR VESSEL LEVEL INDICATION SYSTEM INCLUDES ADDITIONAL NON-SPDS DISPLAYS AND FEATURES l
-METEOROLOGICAL DATA ENHANCEMENT '
- AREA RADIATION MONITOR DISPLAYS
- CORE EXIT TEMPERATURE DISPLAY
- HISTORY PLOT FUNCTION i
i - OTHER DISPLAYS TO ENHANCE ACCESS TO DATA
i l l OUTLINE OF REMAINING PRESENTATIONS 1
- 1. PARAMETER SET SELECTION SPDS ERF
- 11. A C C U R A T E, RELIABLE PROCESSING -
DATA AQUISITION - COMPUTER SYSTEM 4 DISPLAY SYSTEM ll1. HUMAN-FACTORED DISPLAYS ' QUICK SPDS i MENU-DRIVEN DETAll
e 6 9 e
SUMMARY
OF PROJECT ORIGIN & STATUS . THE CPSES ERF COMPUTER SYSTEM IS BASED ON THE GENERIC S.A.S. THE SPDS IS AN INTEGRAL PART OF THE ERF COMPUTER SYSTEM THE UNIT #1 SYSTEM IS OPERATIONAL THE UNIT #2 SYSTEM IS UNDER DEVELOPMENT
THE PARAMETER SET FOR THE ERF COMPUTER SYSTEM HAS BEEN VALIDATED PRESENTED TO.THE NRC AUDIT TEAM JUNE 25, 1985 BY Bos HAGAR TUGCo NUCLEAR ENGINEERING
THE ERF COMPUTER SYSTEM PARAMETER SET INCLUDES TWO IMPORTANT SUBSETS TOP LEVEL MODE DISPLAY PARAMETERS SECONDARY TREND / AIDS DISPLAY PARAMETERS ERF COMPUTER SYSTEM PARAMETER SET e e e
+
THE GENERIC S.A.S. SPDS PARAMETER SET IS MONITORED THROUGH THE TOP LEVEL DISPLAY l
'S.A.S. TOP-LEVEL PARAMETER SPDS DISPLAY REACTOR COOLANT SYSTEM PRESSURE X X, PRESSURIZER LEVEL X X I REACTOR VESSEL LEVEL X- X STEAM GENERATOR PRESSURE X X STEAM GENERATOR LEVEL X X CORE EXIT TEMPERATURE X X MARGIN OF SUBC00 LING X X LOOP COLD-LEG TEMPERATURES X X CONTAINMENT RADIATION X X ,, CONTAINMENT PRESSURE X X CONTAINMENT WATER LEVEL X. X POWER-RANGE NUCLEAR POWER X X l INTERMEDIATE-RANGE NUCLEAR POWER X X 1
l l ' l l
. o o j THIS PARAMETER SET WAS VALIDATED DURING THE GENERIC l S.A.S. PROGRAM ,
l l ' l PARAMETERS WERE SELECTED BY EXPERIENCED PERSONNEL AFTER CONSIDERING INDUSTRY RECOMMENDATIONS l l - AN SPDS MINIMUM PARAMETER SET WAS RECOMMENDED , 1 BY THE ATOMIC INDUSTRIAL FORUM
- AN SPDS PARAMETER SET WAS RECOMMEND 5D IN NSAC-8 THE PARAMETER SET WAS EVALUATED BY ENGINEERING PERSONNEL AND CONTROL ROOM OPE,RATORS DURING THE GENERIC S.A.S. PROGRAM ,
I EVALUATIONS CONCLUDED THAT THE PARAMETER SET WAS SUFFICIENT TO ALLOW THE OPERATOR TO ASSESS THE OVERALL SAFETY STATUS OF THE PLANT l l l l e l l i
THESE PARAMETERS ARE PRESENTED ON THE TOP LEVEL DISPLAY CSFM
- mss -
na a , q,1 g,a q g4
' -~ '
. i' m itl a !Ty - - ' - -
~" ~
CORE COOLING _ _ EAT 5!* ~ "~ INit3!TY - - u u g a CONTA! m 19 79 81 81 82 IN@ff0RY PS!G % r SG W M SG PRISS _1m i' 3 1_4 i_ .L-M00C; HORNR OPCRAi!0H l 2 2- 3- 4_
- "." . .... , - -- I_ _g _e
, y y y -
l 11 -1 14 14
. - . . . , - . t psta
~ ' " "~ "'" I Ry
$EC CHint CCSI Ex!T RA0 lAino$ RAD LYL T[nP
! O m 's.9xte :
I"uE% mer.6 - i et* l!.iYi i u~m , ,menumarm MR/* % r F
]
i ses
#s l
4 s 4- - 2- .-ia - 'v. - ,--- .*-. - - + -- - -- -- w- - 4 s ,-,J.ag4,-g n.y e O THE CPSES EMERGENCY RESPONSE GUIDELINE PROCEDURES MONITOR SIX CRITICAL SAFETY FUNCTIONS CRITICAL SAFETY FUNCTIONS I SUBCRITICALITY CORE COOLING HEAT SINK INTEGRITY CONTAINMENT INVENTORY l 1 l ( f $ I
THESE CRITICAL SAFETY FUNCTIONS ARE DEFINED IN TERMS OF A PARAMETER SET 3$ e s8=cg: t 8aE P 5m - S ;5 5 sm 8u = 5 e 5
- u iE PARAMETER POWER-RANGE NUCLEAR POWER X INTERMEDICATE-RANGE NUCLEAR POWER XJ SOURCE-RANGE NUCLEAR POWER X .
CORE EXIT TEMPERATURE ,' X MARGIN OF SUBC00 LING X STEAM GENERATOR LEVEL X STEAM GENERATOR PRESSURE X AUXILIARY FEEDWATER FLOW X COLD-LEG LOOP TEMPERATURE X X HOT-LEG LOOP TEMPERATURE X X PRESSURIZER PRESSURE X ' CONTAINMENT PRESSURE X l CONTAINMENT WATER LEVEL X CONTAINMENT RADIATION X PRESSURIZER LEVEL X REACTOR VESSEL LEVEL X l l
i . . THE TRENDS / AIDS DISPLAY PARAMETER SUBSET INCLUDES j- ALL OF THE PARAMETERS NECESSARY TO MONITOR THESE ! CRITICAL SAFETY FUNCTIONS i TOP LEVEL
- MODE DISPLAY
! PARAMETERS 1
~ ' SECONDARY TREND / AIDS DISPLAY PARAMETERS 1 i 1 ERF COMPUTER SYSTEM PARAMETER SET I l i i l l 1 ! l I l l l
- l j
l i l _.--_ - -- _-.- . .___ O
8 A
SUMMARY
OF THE STATUS OF THESE CRITICAL SAFETY FUNCTIONS IS INCLUDED ON SPDS DISPLAYS ~ ! CSFM " mss - mR Ls gi a2 _ a_3 g4
~~ '~
ESCR!TICR.!TY
~~ -
CORE COOLING - - EAT $1* ~ " ~ INTEGR!TY - _ E E g I CONTAI M r T9 **** 81 81 79 82
! W ORY PS!G % F SG E LW SGPRESS 2- 3- 4- ._1 __l-
- MODE
- HORNR.OPDSTION
_-1
.L 4 _.
W., ,.. 21G . - - q q q
*** *** *** *** L_._11] I -11 F'14 f T4
~a a- % PSIG
~ " " "
SEC CNTNT RV COREEXIT q a rinry RAD ATHDS RAD LW TEMP
@ E L 9xt @ **** **** ****
M4R % F F "c E.. %. n u l!/i7:"
.- ... . . . . . . . ; use i mw-o.u rum.
O
a . i NUREG-0737, SUPPLEMENT 1 IDENTIFIED FIVE CRITICAL SAFETY FUNCTIONS CRITICAL SAFETY FUNCTIONS REACTIVITY CONTROL l l REACTOR CORE COOLING AND HEAT REMOVAL FROM THE PRIMARY SYSTEM REACTOR COOLANT SYSTEM INTEGRITY CONTAINMENT CONDI'TIONS RADIOACTIVITY CONTROL 6 l . - -
t~ THESE CRITICAL SAFETY FUNCTIONS ARE DEFINED IN TERMS OF l A PARAMETER SET a
. E 5
x e E h e;
> 5 t: 8 E ;:
2: 8 ;; 5 e b u, S CE 2 5 8e8e~
~
PARAMETER POWER-RANGE NUCLEAR POWER ' X INTERMEDIATE-RANGE NUCLEAR POWER X SOURCE-RANGE NUCLEAR POWER X REACTOR VESSEL LEVEL X X ' PRESSURIZER LEVEL X X CORE EXIT TEMPERATURE . X HOT-LEG LOOP TEMPERATURE X X COLD-LEG LOOP TEMPERATURE X X PRESSURIZER PRESSURE X X STEAM GENERATOR LEVEL- X STEAM GENERATOR PRESSURE X AUXILIARY FEEDWATER FLOW X l STEAM GENERATOR STEAM FLOW X CONTAINMENT TEMPERATURE X CONTAINMENT PRESSURE X X CONTAINMENT WATER LEVEL X X CONTAINMENT SUMP LEVEL X X CONTAINMENT HUMIDITY X CONTAINMENT RADIATION X X X CONTAINMENT HYDROGEN CONCENTRATION X STEAM GENERATOR BLOWDOWN RADIATION X X CONDENSER OFF-GAS RADIATION X X MAIN STEAM LINE RADIATION X X
I THE TRENDS / AIDS DISPLAY PARAMETER SUBSET INCLUDES ALL OF THE PARAMETERS NECESSARY TO MONITOR THESE CRITICAL SAFETY FUNCTIONS l l TOP LEVEL MODE DISPLAY PARAMETERS SECONDARY TREND / AIDS DISPLAY PARAMETERS l l ! ERF COMPUTER SYSTEM PARAMETER SET 0
h^~- O 6 e A STUDY WAS CONDUCTED TO ASSESS THE CONSISTENCY BETWEEN THE ERF COMPUTER SYSTEM PARAMETER SET AND THE CPSES EMERGENCY RESPONSE GUIDELINES ! 1 l BASIC METHOD REVIEW ALL ERG PROCEDURES 1 I I I NOTE PARAMETERS . N'OTE PARAMETERS WHICH TRIGGER WHICH TRIGGER BRANCH PROCEDURE EXECUTION TO OTHER PROCEDURES 1 COMPARE NOTED PARAMETERS WITH PARAMETER SET 1 1 l 1
THIS ASSESSMENT COMPARED THE NOTED PARAMETERS WITH THE ERF COMPUTER SYSTEM PARAMETER SET l THE TRENDS / AIDS DISPLAY PARAMETER SET ! INCLUDES ALL OF THE PARAMETERS NECESSARY TO MONITOR THE CRITICAL SAFETY FUNCTIONS THE TRENDS / AIDS DISPLAY PARAMETER SET WILL INCLUDE ALL OF THE PARAMETERS NECESSARY < TO MONITOR THE SITE-SPECIFIC FUNCTIONAL RESTORATION GUIDELINES I THE ERF COMPUTER SYSTEM PARAMETER SET INCLUDES ESSENTIALLY ALL OF THE PARAMETERS NECESSARY TO MONITOR ERG ENTRY / EXIT CONDITIONS l l
TWO OF THE PARAMETERS NECESSARY TO MONITOR ERG ENTRY / EXIT CONDITIONS ARE NOT INDICATED ON SYSTEM DISPLAYS, BUT MAY BE INFERRED FROM OTHER INDICATIONS PRESSURIZER PORV BLOCK VALVE POSITION MAY BE INFERRED FROM INDICATIONS OF PRESSURIZER PRESSURE, PORV POSITION, AND PRESSURIZER RELIEF TANK TEMPERATURE AND PRESSURE
, CONTAINMENT SUMP RECIRCULATION VALVE POSITION MAYBEINFERREDFROMCONTAkNMENTSUMPLEVEL, REFUELING WATER STORAGE TANK LEVEL, RHR PUMP STATUS, AND RHR FLOW RATE l
l
/
l TWO CONCLUSIONS WERE DRAWN FROM THIS ASSESSMENT . i ! 1 PARAMETERS PRESENTED ON THE TOP-LEVEL AND TRENDS / AIDS DISPLAYS ARE SUFFICIENT TO MEET ; THE INTENT OF NUREG-0696 AND NUREG-0737, SUPP. 1 PARAMETER AVAILABILITY FOR THE ENTIRE ERF COMPUTER SYSTEM SUPPORTS AND IS COMPATIBLE _. . WITH THE CPSES EMERGENCY RESPONSE GUIDELINE PROCEDURES e
~ ' ~ *e 6 .-
SUMMARY
THE ERF COMPUTER SYSTEM PARAMETER SET HAS BEEN VALIDATED.
~
~
IT INCLUDES AND PRESENTS ON THE TOP LEVEL DISPLAY THE SPDS PARAMETER SET VALIDATED IN THE GENERIC S.A.S. PROGRAM IT INCLUDES ALL OF THE PARAMETERS NECESSARY TO MONITOR THE CRITICAL SAFETY FUNCTIONS AND IMPLEMENT THE FUNCTION RESTORATION GUIDELINES ALL PARAMETERS NECESSARY TO MONITOR ENTRY AND EXIT POINTS IN THE CPSES EMERGENCY RESPONSE GUIDELINES EITHER ARE INDICATED ON SYSTEM DISPLAYS OR MAY BE INFERRED FROM OTHER INDICATIONS
IIIGil SYSTEM AVAILABILITY llAS BEEN DESIGNED INTO Ti1E SYSTEM. DATA DATA DATA SOURCE SOURCE SOURCE ERF DAS ERF DA S I E ISOLATION lE ISOLATION C PU A PLUS ,
, C PU B PLUS PERlPHERALS PERIPHERALS a a 1V 1r1P 1P 1r 1P 1r 1P 1r 1r 1P 1P 1r 1r 1r (C e < l 2 3 4 5 6 7
\ / \
y y / \ CONTROL ROOM TECH NiC A'_ SU? PORT E.'t.iRGENCY OPERATIOW.: DISPLAYS CENTER DISPLAYS FACILITY DISPLAYS
D DESIGN FEATURES OF THE SAFETY PARAMETER DISPLAY SYSTEf1 : AT THE COMANCHE PEAK STEAM ELECTRIC STATION PRESENTED TO THE I NRC Auo1T TEAf4 ON Junt 25, 1985 - BY j; , MARK A. COFFING TUGC0 NUCLEAR ENGINEERING I
i Tile C.'P.S.E.S. SAFETY PARAMETER DISPLAY SYSTEM llAS BEEN DESIGNED TO PROVIDE THE USER WITH DISPLAYS THAT WILL AID lilM IN RAPIDLY AND RELIABLY DETERMINING Tile SAFETY STATUS OF Tile PLANT DURING NORMAL, ABNORMAL, AND EMERGENCY CONDITIONS. e G
>e CRT-BASEDDISPLAYSPRESENTV.ALIDCRITICALPLANTVARIABLES THE SYSTEM IS DESIGNED TO ACHIEVE IllGil AVAILABILITY DISPLAYS INCORPORATE APPROPRIATE II.F.E. GUIDANCE - u ___ _ _ _ _ - _ _ _ _ _ _ _ _ _
.mm_ .h.. --,
e e 4 THE ACCURACY OF Tile DATA PRESENTED TO THE USER IS ENSURED BY RIGOROUS CAllBRATION PROCEDURES AND HIGH-PRECISION COMPUTERS.
?
DATA DATA DATA DATA SENSING ACQUlslTION PROCESSING DISPLAY CAIJIBRATED CAllBRATED 32-BIT HIGH . FIELD > b.A.S. -> MICRO - >
' ItE86Lufl0N >: CUSER)
SENSOR LOOPS PROCESSOR CRT
' ~
. i ,
^ % _ _ _ _ _ _ _ ______ _ _ . _ _ _ _ _
'l ACCURACY AND PRECISION WERE CONFIRMED THROUGH TESTING.
FIELD (INPUT) > ,
' . DATA AtGUISITION AND m DATA DISPLAYED SENSUR PROCESSINGCONI THE
' ON
. kRF COMPUTER SYSTEM SPDS CRT l
n
! [ TESTING:COMPARISomi CON I ACCURACY AND PRECISION '/
u 1 TRADITIONAL,CAllBRATED bATA INDJGATioNi .
-[ INSTRllMENT ! LOOPS L
B RD METER i l I
DATA VAllDATION IS ACCOMPLISHED THROUGH SYSTEM DESIGN FEATURES. . DISPLAY FEATURES INDICATE VALIDITY EACH PARAMETER IS " RANGE-CHECKED" REDUNDANT PARAMETERS ARE COMPARED l i i J l h
1 DATA VALIDITY IS INDICATED ON THE DISPLAYS i VALIDITY CONV5NTIONS i gg. 710 (WHITE TEXT) . I l SUSPECT. DATA . I7101 (YHITE TEXT tELLOW BOX) BAD . ! DATA . (YELLOW ASTERISKS) 1 1 i
THE DATA VALIDATION METHODOLOGY INCLUDES SEVERAL DIFFERENT PROCESSES. DATA m DATA , STRING & RANGE-CHECK y SENSED VAllDATED PERFORMED I DATA m bATA STRING m RANGE-CHECK SENSED VAllDATED PERFORMED i DATA DATA STRING RANGE-CHECK DATA DATA SENSED m VALIDATED m
" ALITY '
' [
l PERFORMED '
.ASSESSMEhfT AVERAGED OlSPLAYED
! O O O j O O- - O O O O DATA , DATA STRING , NANGE-CHECK __j SENSED VAllDATED PERFORMED d d
i II' l E L L A
%C A 0SN G "
0 LS 1 I L UF FO
*5 5
,+ .~ v "
u j Y G N I S S S K I T I I T C L C L D L C E l l C Y^ A P N S G E A O N O G G A E N S G U P D B E I U I I G S S ' S S N
/
A : R S I hS ff N O I T A D I L V . V A D - A G G T N I N A R I R D E E N E E I NS N H! T WG I P E G NN I GI ON T S HEU (E Y E K A ll ' l
'I FOR PARAMETERS MONITORED BY ONE SENSOR, RANGE-CHECKING ALONE DETERMINES DATA VALIDITY. RSb C0bkkif N -
~
GOOD GOOD l SUSPECT SUSPECT i BAD BAD
FOR PARAMETERS DETERMINED BY TWO INPUT SENSORS, Tile DISPLAY CONVENTION IS DETERMINED BY RANGE-CllECKING AND SIGNAL DIVERGENCE. RESULTS OF RANGE-CllECKING SENSOR 1 SENSOR 2 DIVERGENCE CONbkN
. GOOD GOOD ,
( 10% GOOD A 10% SUSPECT GOOD SUSPECT N/A SUSPECT GOOD BAD N/A SUSPECT SUSPECT SUSPECT N/A SUSPECT SUSPECT BAD N/A SUSPECT BAD BAD N/A BAD
,, , su o i< a 'I
~
flulTIPLE-SENSOR DATA VALIDATION EMPLOYS CilAUVENET'S CRITERION TO IDENTIFY STATISTICALLYSIGNIFICANTDIVERGENCE. (X-PARAMETER VALUES FROM VARIOUS SENSORS) n
' SUSPECT" J L
- X PARAMETER X -
RANGE AVERAGE VALUE X
~
" SUSPECT'
, r RANGE OF STATISTICALLY INSIGNIFICANT DIVERGENCE
-> (DETERMINED USING CllAUVENET'S CRITERION);
WITilIN Tills RANGE,~ PARAMETER VALUES ARE " GOOD". s pr_ _ _u FI __ ___ E - - - - - -
~
f0LTIPE-SENSOR DATA VlAIDATION USES RATUES FROM THE SINGE AND DUAL SENSOR DATA VALIDATION . FOR "N" SENSORS MITIPE-SENSOR DATA (h 3) futER GOOD fAMER SUSPECT f&BER BAD DISPLAY CONWNTION N33 E M GOOD 2 M M USES 2 INPllT CRITERIA 1 M M SUSPECT .
~
O t1 M SUSPECT 0 0 N BAD
. E
Tile C.P.S.E.S. SAFETY PARAMETER DISPLAY SYSTEM llAS BEEN DESIGNED TO PROVIDE Tile USER WITil DISPLAYS TilAT WILL AfD HIM IN RAPIDLY AND RELIABLY DETERMINING Tile SAFETY STATUS OF THE PLANT DURING NORMAL, ABNORMAL, AND EMERGENCY CONDITIONS. CRT-BASED DISPLAYS PRESENT VAllD CRITICAL PLANT VARIABLES
>- Tile SYSTEM IS DESIGNED TO ACHIEVE 111G11 AVAILABillTY DISPLAYS INCORPORATE APPROPRIATE H.F.E. GUIDANCE
s AVIILABilITY TFSfGN GGAL lEAVAll. ABILITY - NORW. 01
- 0.D SHTDN .20 PRIE 750 MTBF=7419 HRS (00966)
DISK DRIVES MTBF=6695 HRS (.01075)
=
EST.TTR 72 HRS
+ SINGLE SYSTEM EAR CRITERIA
- IDL SYSTEMS WITH AlH0MATIC FAILOWR
-REQUIRES SIMULTANEOUS FAILURES TO TAKE THE SYSTEM DOWN.
DUAL SYSTEMS ALLOW OPERATIONAL FLEXIBILITY.
-CODEUPGRADES
-SPECIALANALYSIS
-0THER ACTIVITIES l
1 l l l l l
TN'
~
X
$( .
s% k w x h k
o Tile C.P.S.E.S. SAFETY PARAMETER DISPLAY SYSTEM HAS BEEtl DESIGNED TO PROVIDE Tile USER WITH DISPLAYS TilAT WILL AlD HIM IN RAPIDLY AND REllABLY DETERMINING Tile SAFETY STATUS OF THE PLANT DURING NORMAL, ABNORMAL, AND EMERGENCY CONDITIONS. CRT-BASED DISPLAYS PRESENT VAllD CRITICAL PLANT VARIABLES THE SYSTEM IS DESIGNED TO ACillEVE IIIGli AVAILABILITY
>- DISPLAYS INCORPORATE APPROPRIATE H.F.E. GUIDANCE
~
INCORPORATION OF ll.F.E. CONCEPTS WAS AN INTEGRAL STEP IN DESIGN DEVELOPMENT.
- BASIC DESIGN CYCIF l
OTILITY > VENDORhDESIGNI TEAMl. VENDOR H.F.E. . DEFINES'. DISPLAY i > TEAkt REVIEWS
' gEVELOPS DESIGN CONCEPT DESIGN l n n
~
! . c l VENDOR H.F.E. TEAM , NO
- ACCEPTABLEt NECOMMENDS CHANGES YES l
UTILITY REVIEWS , VE}ludR DE5lbf4 iE^k4 , FINAL DISPLAY IMPLEMENTS DESIGN , i
SPDS DISPLAYS ARE PRESENTED IN Tile CONTROL R00f1 ON A CONSOLE THAT INCORPORATES II.F.E. CONSIDERATIONS CONTROL BOARD MONITOR i
~ ~ 5 5 5 .~ e*
. e". E 2 :." ****
- m.
!. . . . _ _ _ _ _ _ _ _ _ .i
' 's' ~ --
N-s s g, \..\..
~
( N., D \ , - /
/
N ,.
DN A O RM
' r LS G - E G T V D I M E R
A T LP f O N 2 B C H C r L O E R G L T I . N S O C D I E A S H R S T T , E G R D S P N A I WW FO L A FL T. A R EV C G R p L O S W E . I C L N S S AW EO R H L T L P SF O T A , R E V A R R G N LE E P O D b E E 'S P SM 1 i T R i
. T E E M D R O A P T P4 P R P O M F Y E
O E L D K S S E C C S N , N R R S O D E I P P C T O M C C A N O E U E G Lh E F R S , R L A D E E O C S T D C Y A O A C L I M P D I S E D S D A M N S R K L D A O N E P I N V S V TA E L
~
FROMALLOTHERl.R.T.S.,DISPLAYSARESELECTEDBYUSINGBEZELKEYSTOMOVE' I TilROUGH A HEIRARClllCAL DISPLAY SELECTION MENU, ,. l 1
. l
;GRT SCREEN -
' MENU LOCATION u
I I l OOOOO 4 3EZEL KEY LOCATION j
'j i
i
, 9
Tile DISPLAY SELECTION MENU IS llEIRARCillCAL,
. TOP d1EVEL@ENU !
, y SRDS <0RITFEWNC COMPTR SYS LOGS PNT MGMT HISTORY P & ID v
'SPDS MENU TOP LVL MODES AIDS ' TRENDS .
L . l u
, MODE MENU:
TOP LVL AIDS IRENDS NORM HTUP/CLDN CLD SHTDN I MODEF DISPL'AYG'E.
s e t
- { j i , ;
i k 5 8 s I m
- 5 a R 2 5e .
3 g o a I s
~ l 5
@ x s
Bl l9 5
=
eI- ; m
i INCORPORATION OF ll.F.E. CONCEPTS IS EVIDENT IN Tile SPDS N RMAL OPERATIONS MODE . DISPLAY. CSFM E s m ss ma m ai _ aa a3 _ a4_ SUBCRITICALITY O - -- CME c00uMG O - rai sIm o INTEGRITY O - - ' ' 5 CONTAIWlENT O 19 81 81 79 sa INVENTMY O PsIG % F SG HR LW. SG PRESS N00E: NORMAL OPERATION i- 2- 3- 4 _L 2- 3- 4_
%1" m .... .. , - - - -
y y y 11 -1' 14 14 c-1.. 1m.
% PSIG
~ ^ " " ~'"* '
SEC CNTNT RV CORE EXIT RAD ATMOS RAD LYL TEMP s O E 6.9xte5 C HE PEAK Ii 1 EM %. I I TOP LVL I I Ollis 1 TFF.llDS I NORf1 l HTUP/CLDHICLD ShivHI u__ _ _ _ _ __ _ _ _ ____
t ACCIDENT INDENTIFICATION DISPLAY SYSTEM (AIDS) DISPLAYS INCORPORATE SEVERAL - H.F.E. CONSIDERATIONS, ' I CSFH LOCA RCSPRESS PSIG i 9tBCRIllCR.11Y ppy tg Ell, ggg g , CORE COOLIE CNTMT TDF 76 F V ltAT SIE Dimi IR PRESS 0 PSIG j INTEGRiiY CNTNT MIDITY 13 %
' "I CHI 4R V INE PR R PORY CLOSED PRR SfiY EV CLOSED W: COLD 9RHOOWI PRIPRESS El PSIG
-.-..-c=- - RC N Elf PSIG PRR LE **** %
l CNTNT TDP 7P F V DUNT M PRCSS 0 P916 DUMT H IDITY 13 %
~",'~ HIGEST OfiNT SttF LE DOSR WT GAS M 0.7 4 tit Fi pC/el pC/mi SG BLDH RfC ,* tti ,
MSL 150 titt 44tt litt 44tt PC4l 96 m LE **** $494 **tt st** %
".cEE
. . e4 ,8e
... ue, m E Y ['
SG H FLOW [-~~l
, . . m .s . -,
***8 O
-,, , to
[ 15 m i EPll
= ,
4 0
e e e e M Z C. M C Q Z W M F-- M . C C_ M M ' d e , b 3 .' [* $ M : :s c C- M ! #
= J 4 !
O g
-9g l g'g 5
- 8W :8W E b! E ::: E I
- .= :
b .5
-s l .-a g LL :8 -
- s C : I -: b Z
C * ~ M
,lI.
8 1 8 8 i i i , 0, , 3
,lI.e.
g 3 0 3, eg m, W w g C _ m nl3,?,?,?,*,*: . nl!,?.? ?.* g _
~ " = g i: .lj , ? , ! , ? , ? . ** .lj . ,?.? ?.? "g s z ~
E l! . , 9 , y , e , *. ,,l {_ , 9 , ? , 9 , 9 ,
- g -
p I- . I- g Z " LL I a m E b w [ *
!!L : si e
M rs L E ig v :i a mdsyg 9 g l- = E U: 8Eg*g
<
- l -
w 8 I s E
- .. ti h ;. < h- -
M I,i ;
! ~
M C. W U Z O U unsmme I i i
l SUMARY THE C.P.S.E.S. SAFETY PARAMETER DISPLAY SYSTEM PROVIDES THE USER WITH READABLE, COMPREHENSIBLE, AND ACCURATE DISPLAYS OF THE PLANT PARAMETERS. l l 4
- THE SPDS DESIGN ENSURES THAT THE DATA PRESENTED TO THE USER ARE ACCURATE AND VAllD. - .
i
- THE SPDS IS DESIGNED TO ACHIEVE HIGH AVAILABILITY.
- THE SPDS DESIGN INCORPORATES APPROPRIATE H.F.E. CONCEPTS.
+
b
I VERIFICATION & VALIDATION ACTIVITIES FOR THE C.P.S.E.S. UNIT 1 SAFETY PARAMETER DISPLAY SYSTEM PRESENTED TO THE NRC AUDIT IEAM JUNE 25, 1985 BY MARK A. C0FFING TUGC0 NUCLEAR ENGINEERING
A COMPREHENSIVE VERIFICATION & VALIDATION PROGRAM HAS BEEN AN INTEGRAL PART OF THE ERF COMPUTER SYSTEM PROJECT, f
- THE VgV SCOPE ENCOMPASSED THE ENTIRE SYSTEM THE PROGRAM REQUIRED V&V TEAM PERSONNEL TO BE INDEPENDENT OF DESIGN EFFORTS THE PROGRAM WAS BASED ON NSAC-39 " VERIFICATION ANDVALIDATIONFORSAF5TYPARAMETERDISPLAY SYSTEMS"
~
THE V8V PROGRAM ENCOMPASSED THE ENTIRE ERF COMPUTER SYSTEM. INCLUDED, BUT NOT LIMITED T0, SPDS FEATURES INCLUDED ACTIVITIES TO ESTABLISH COMPLIANCE WITH:- REGULATORY GUIDANCE FUNCTIONAL SPECIFICATIONS e e
V&V SERVICES WERE PROVIDED BY CONTRACT PERSONNEL WHO REMAINED INDEPENDENT OF DESIGN EFFORTS, i BASIC PROJECT ORGANI7ATION UTILITY PROJECT MANAGER v VENDOR PROJECT MANAGER e 4 , VENDOR CONTRACTOR PROJECT ENGINEER , V & V TEAM v PROGRAMMERS - OPERATIONS SPECIALIST VENDOR -
' - V & V SPECIALIST H. F. E. SPECIALIST VENDOR ,
QUALITY ASSURANCE VENDOR m SUPPORT 1 l
--.--,-.__---._r , . , , - _ , , . - - _ _ _ _ _ - . , _ _ _ . - _ _ _ _ , , . . , . _ ,
THE V&V PROGRAM INCLllDED ELEMENTS TO ESTABLISH COMPLIANCE WITH REGULATORY GUIDANCE AND FUNCTIONAL SPECIFICATIONS, BASIC PROGRAM FIFMENTS SYSTEM REQUIREMENTS REVIEWS HARDWARE, SOFTWARE DESIGN REVIEWS V&V TESTING COMPREHENSIVE DOCUMENTATION
9
~
V&V ACTIVITIES FOR THE C.'P.S.E.'S, UNIT 1 SPDS INCLUDED SEVERAL ITERATIONS OF A SIMPLE SEQUENCE WHICH PARALLELED PROJECT ACTIVITIES.
~
l PROJECT VaV ACTIVITY . ACTIVITY SPECIFICATION -> VIEW v v 4-- --* '
. DESIGN R Vl I
IMPLEMENTATION +- -> TESTING l
THE REQUIREMENTS REVIEW ACTIVITY ENSURED THE ADEQUACY OF THE SYSTEM FUNCTIONAL SPECIFICATIONS. REGULATORY CUSTOMER GUIDANCE REQUESTS
,,,r (V & V)
REQUIREMENTS TRACEABILITY MATRIX (VENDOR) ,, (V & V) SYSTEM COMPARE NOTE FUNCTIONAL :: AND RESOLVE SPECIFICATION DIFFERENCES
,, (v&v)
SYSTEM REQUIREME NTS REVIEW REPORT
)
THE DESIGN REVIEW ACTIVITY ASSESSED THE ADEQUACY OF
~
DESIGN SPECIFICATIONS,'
-{ VENDOR)
SYSTEM FUNCTIONAL SPECIFICATION
, , (VENDOR) , , (VENDOR) (V&V)
. HARDWARE SOFTWARE DESIGN
. DESIGN DESIGN TRACEABlLITY
. SPECIFICATION SPECIFICATION MATRIX (V & V)
COMPARE NOTES m [ AND RESOLVE DIFFERENCES
,, (vav)
DESIGN - VERIFICATION , REPORT
O 8 l THE V8V TESTING ACTIVITY VERIFIED IMPLEMENTATION OF THE DESIGN SPECIFICATIONS' (VENDOR) (VENDOR) (V a V) FUNCTIONAL DESIGN TRACEABILITY ' SPECIFICATION SPECIFICAT10N MATRIX
,(vav) vav TEST PLAN
~
,, (vav) ,
, (v a v)
VERIFICATION . VALIDATION TEST TEST PROCEDURES PROCEDURES
,, (va v) -
, , .Cv av)
VERIFICATION VALIDATION TESTlNG TESTING
,, (vav) ,, (vAv) . VERIFlCATION VALIDAT10N REPORT REPORT
TilERE WAS A LOGICAL SEQUENCE TO THE C.P.S.E.S. VaV ACTIVITIES. REQUIREMENTS [I DESIGN & V8V TESTING .
' FINAL REVIEW 7 REVIEW F F V8V REPORT l . . 1 1
REGULATORY - HARDWARE & - TEST PLAN GUIDANCE SOFTWARE SPECIFICATIONS - TEST PROCEDURE FUNCTIOTIAL REQUIREMENTS DESIGN MATRIX - VALIDATION TEST REQUIREMENTS - VERIFICATION TEST MATRIX MOD VERIFICATION { PHASE lh TEST t
THE BASIC V&V SEQUENCE WAS REPEATED SEVERAL TIMES. REQUIREMENTS DESIGN REVIEW REVIEW TESTING VENDOR STAGING TEST [El [ 82 [ 82 SITE STAGING TEST 12 /82_ 6 /83 8 /83 SITE VALIDATION !83 !83 '[83 SITE VERIFICATION /83 !B3 !83 FINAL V&V !84 !84 !84 CSFM REVISIONS '/85 85 /85
SUMMARY
INDEPENDENT VERIFICATION & VALIDATION ACTIVITIES HAVE BEEN COMPLETED FOR THE UNIT 1 C.P.S.E.S. SPDS, REQUIREMENTS REVIEWS
. - DESIGN REVIEWS V&V TESTING -
t COMPREHENSIVE DOCUMENTATION i 4 4
THE D00MMTATION AVAIUeLE FOR EVIEW ON THE BACK TABLE IS: V&V Pfu]ECT PLAN REQUIfeENTS REVIEW fe0RT DESIGN EVIEW REPORT TEST REPORTS: VALIDATIONTESTREPORT VERIFICATION TEST REPORT POD 1VERIFICATIONTESTREPORT PHASE 1h VERIFICATION TEST REPORT FINAL V8V REPORT GENERIC S.A.S. DOCLENTS
~
HARDWARE SELECTION REPORT FUNCTIONAL DESIGN SPECIFICATION EVALUATION PROGRESS REPORT 1 HlNAN FACTORS GUIDELINES {
- TRAINING PROGRAM i 1
EXPERIENCE SUPNARY REPORT I
SPDS PROJECT PERSONNEL INTERFACE WITH PLANT OPERATIONS PERSONNEL . i PLANT OPERATIONS , IRC
~
. PLANT OPERATIONS , OPERATIONS OPERATIONS TU CONSTRUCTION VENDOR PROJECT
& ENGINEERING > ENGINEERING > MANAGER PLANT OPERATIONS .
TRAINING PLANT OPERATIONS EMERGENCY PLANNING O
O 9 m e eM ae b 6wh w g l ' j . 1 l I SUBCRITICALITY Rev.1 . GO TO FR8-0.1 POWER RANGE NO ORANGE LESS THAN GO TO FR8-0.1 5% YES YELLOW i I GO TO FRS-0.2 N 7 INTERMEDIATE NO INTERMEDIATE NO y RANGE SUR _ ,_ RANGE MORE o ZERO OR NEG ATIVE'THAN m NEGATIVE YES -0.2 DP M YES
. GREEN CSF SATISFIED NO SOURCE RANGE ENERGlZED YES l
YELLOW [ i i 00 TO FRS-0.2 i O t L E SOURCE RANGE , SUR ZERO OR NEGATIVE l YES J
~ ~ ' '
Che uMm. ._-
-l , I I i
~
I i CORE COOLING Rev.1 , I i 00 TO FRC-0.1 ORANGE , 00 TO FRC-0.2 [ l NO ALL CORE NO ALL CORE L e EXIT TC TEMPS _ EXIT TC TEMPS i LESS THAN . LESS THAN 1200* F YE8 700* F YE8 ; l YELLOW i l 00 TO FRC-0.3 RCS NO SUSCOOLING I GREATER THAN , i 45' F YES O C CsF sATisFieo J.
HEAT SINK
~
Rev.1 TO AL FW NO 00 TO FRH-0.1 N [ OREATER THAN 470GM YES NARROW RANGE NO LEVEL IN AT ' LEAST ONE SG OREATER THAN 25% YES YELLOW i I GO TO FRH-0.2 PRESSURE NO IN ALL SO's LESS THAN YELLOW 1235 PSIG YES i I GO TO FRM-0.3 X y I Y g NARROW RANGE NO LEVEL IN alt; SG*e LESS THAN 80% YES YELLOW i i 00 TO FRH-0.4 O If feed flow is throttled due to PRESSURE NO operator action instructed from LE THA ECA-2.1. UNCONTROLLED DEPRESSURIZATION 1185 PSIG YES YELLOW 0F ALL SIEAM GENERATOR 5; FRP-0.1. i l 00 TO FRH-0.5 o Y RESPONSE TO IletlNENT PRESSURIZED - (D g IIERHAL Sil0CK EONDITION: or due to SG MARROW RANGE NO ^ l l level setpoints for normal containment g[.{E qEAT cceditions in other procedures, t THAtl 25% vr3 FRii-0.1 does not need to be M - - - - - -
....,-...n
l - ;
! I
~
INTEGRITY Rev.1 . i l RED ALL RCS PRESSURE- MO GO TO FRP-0.1 l 2:50 - - - - - - - - - - - - . COLD LEG TEMP- , I' ERATURE POINTS TO lem 25W RIGHT OF t.IMIT A YES 2 <,.iel e ' M u l'd I T e l ALL RCS MO ORANGE 00 TO FRP-0.1 ,
$ 8 : COLD LEG c Red 4 Orange YeRow Green TEMPERATURE
. reglen region region region GRE ATER THAN YES 222* F
- YELLOW 1
O 186188222 252 i l 00 TO FRP-0.2 1N COLD LEG TEMPERATURE (* F) 7 w ALL RCS go GREE
- COLD LEG
!"g RCS TEMP. RCS PRESS. TEMPERATURE i (* F) (pale) GREATER THAN YES 3*3* Y TO 438 100 438 150 498 i 200 870 ORANGE i GO TO FRP-0.1 1 300 jQ 2100 g 313 2450 ) ALL RCS COLD LEO NO YELLOW COLD OVERPRESSURE LIMIT TEMPERATURE NO TEMPERATURE DECREASE GREATER THAN YES GO TO FRP-0.2 . IN ALL COLD LEGS 222*F
- LESS THAN 100* F IN YES io THE LAST 80 MINUTES RCS PMESSURE NO
'7 - LESS THAN COLD ' = OVERPRESSURE GREEN LIMIT YES CSF S ATISFIED lo < u
- RCS NO j TEMPERATURE -g-l OREATER THAN t u ,. .. s 350'F YE3 n-- - - m -rm - mm_ _ u, _. t
CONTAINMENT R . .. , RED ' 00 TO FRZ-0.1 l CONTAINMENT NO i PRESSURE LESS THAN 50 PSIG YES - ORANGE g g
~
00 TO FRZ-0.1 l ';' E CONTAINMENT NO M PRESSURE LESS THAN ~ S PSIG YES t ORANGE _ _ _ _ _ 00 TO FRZ-0.2 ). CONTAINMENT NO SUMP LEVEL LESS THAN 917 FT YES I O YELLOW i i l OO TO FRZ-0.3 g I . o-
'CONTAll4 MENT NO RADIATION !
LE88 THAN , 20 9/**n .._7
. _ - ___ _ _. _ _ ._ _ ________ __ __ $m b _farr3_nnsTrrrTa___I
INVENTORY R . .. , YELLOW i l OO TO FRS-0.1 I . PRESSURIZER NO LEVEL LESS THAN 82% YES YELLOW j i l OO TO FRS-0.2 i f U PRESSURIZER NO LEVEL OREATER THAN 20% YES YELLOW i l OO TO FRI-0.3 PRESSURIZER NO . LEVEL BEHAVIOR NORMAL YES ! O OREEN I E CSF SATISFIED l
.__--..___.-_._7______ ,
i . ..
.i i
i . SCENARIO - For i SPDS AUDIT i ! l
. i
! PRESENIED TO i THE NRC AuorT TEAM i JUNE 26, 1985 l 1 i BY ! NORMAN TERREL ! TEXAS UTILITIES 6ENERATING COMPANY i \ i i i t l l 1 1 l l t
~'
, C ', ,
DISCUSSIONS
- 1) Operations Department Philosophy On SPDS.
- 2) How Does STA Begin Monitoring l The Critical Safety Function Status Trees ?
- 3) Scenario
+
~
OPERATIONS PHILOSOPHY ON SPDS SPDS displays are used as aids in evaluating plant parameters and possible trends that may be occurring to which the operators may need to give l immediate special attention during any accident condition. It also pr.ovides the primary means of continuously evaluating the Critical Safety Functions during any accident 'co'ndition. (*
l
,z For the entire set of trees, priority of operator action is given by the following:
- 1) REDS (Extreme challenges), in tree order i
- 2) ORANGES (Severe challenges), in tree order
- 3) YELLOWS (Not Satisfied), in tree order As an example, a RED condition for Core Cooling is of higher priority than a RED condition for Containment (order of trees). However, the RED condition for Containment is of higher priority than any ORANGE condition (order of colors).
1 2.3 Status Trees Usage The predefined and prioritized Status Trees provide the mechanism that coordinates event-related recovery and function-related restoration. The Emergency Response Guideline " rules of usage" requi're the operator to start Status Tree monitoring when the symptoms of the emergency transient result in
~
C' transition out of guideline E-0, REACTOR TRIP .OR SAFETY INJECTICN, or when so instructed in guideline E-0. Since a trarisition out of E-0 is er.pected during the event-related diagnosis, the Critical Safety Function Status Trees are monitored soon after the reactor trip or safety injection. However, if the f operator does not make a transition out of E-0 due to lack of appropriate l symptoms, E-0 gives explicit instruction to monitor the Status Trees while
' remaining in E-0. Placement of this instruction after the verification of automatic actions and the diagnostic sequence is due to various reasons.
Verification of automatic actions ensures that plant equipment is operating properly. These steps are performed prior to monitoring the Status Trees since the proper operation of the safeguards equipment is the first means of preventing or correcting any challenges to the Critical Safety Functions. The diagnostic sequence can be performed fairly quickly and any transition to another Optimal Recovery Guidelirc auld require that the Critical Safety Function Status Trees be monitored. Hence, the step to explicitly monitor the Status Trees in E-0 follows these actions. In addition, any extreme challenges to the Critical Safety Functions due to equipment failure are accressed by explicit transitions out of the immediate action steps in E-0. -
l l CPSES ISSUE DATE PROCDD E 50. EMERGENCT RESPONSE GUIDELINE 5P-yAR 2 61985-l \
~)x _
REACTOR TRIP OR SATITY INJECTION REVISION NO. 2 PAGE 10 0F 17 l
- l STEP ACTION / EXPECTED RESPONSE RESPONSE NOT OBTAINED ' ' -
13 Check If SGs Are Not Faulted:
- J l a. Check pressures in all SGs - a. Go to E0P-2.0, FAULTED STEAM GENERATOR
~e NO SG PRESSURE DECREASING ISOLATION, Step 1.
IN AN UNCONTROLLED MANNER , o NO SG COMPLETELY DEPRESSURIZED 14 Check If SG Tubes Are Not Ruptured: Go to E0P-3.0, STEAM GENERATOR TU3E RUPTURE, Step 1. e CEV pump radiation - NORMAL e SG blevdown radiation - NORMAL e Main steamline radiation - NORFAL 15 Check If RCS Is Intact: Go to E0P-1.0, LOSS OF REACTOR (' 's/ OR SECONDARY COOLANT, Step 1. e Containment radiation - NORMAL e Containment pressure - LESS THAN 3.0 PSIG e Containment recirculation sump levels - NORMAL l 2 l . d w .
CPSES ISSUE DATE PROCEDUR5H0. EMERGENCY RESPONSE GUIDELINE E0P-0.0 MAR 2 61985 REACTOR TRIP OR SAFETY INJECTION RE7ISION NO. 2 PAGE 11 0F 17 STEP ACTION / EXPECTED RESPONSE RESPONSE NOT OBTAINED "- 16 Check If ECCS Flow Shoula Be Reduced: ,
- a. RCS subcooling - GREATER THAN a. DO NOT STOP ECCS PUMPS.
15 'T Go to Step 18.
- b. Secondary heat sink: b. IF neither condition satisfied, THEN DO NOT o Total ATJ flow to SGs - STOP ECCS PUMPS. Go to GREATER THAN 470 GPM Step 18.
-OR-e Narrow range level in at least one SG - GREATER THAN 10I
- c. RCS pressure - STABLE OR c. DO NOT STOP ECCS PUMPS.
INCREASING Go to Step 18.
- d. PRZA level - GREATER TRAN d. DO NOT STOP ECCS PUMPS. hy 20I to stabilize RCS pressure with nornal PRZR spray.
Return to Step 16a. 17 Go to EOS-1,1, SI TERMINATION, Step 1. 18 Initiate Monitoring Of Critical Safety Function Status Trees. 2
*e.
- 3
.c .
~
SCENARIO Feedline Rupture Followed By' A Steam Generator Tube Rupture. e Actual Scenario Time is 7 Hours.
~
1 e Demonstration Will Be From'30 To 60 Minutes. i I e
l ,
?. .
INITIAL CONDITIONS 1 i 1) Centrifugal Charging Pump TRAIN A
- Out For Maintenance .
- 2) Motor Driven Auxiliary Feedwater Pump TRAIN A Out For Maintenance. .
- 3) Unit is at 100% Power. .
- 4) All Plant Parameters Ars Stable.'
- 5) All Unit 2 Systems Are Out Of Service.
i i(D EMERGENCY PROCEDURES USED l l 1.EOP-0.0 Reactor Trip Or Safety injection.
- 2. EOP-2.0 Faulted Steam Generator Isolation .. ,
3.EOP-1.0 Loss Of Reactor Or Secondary Coolant
- 4. EOS-1.3 Transfer To Cold Leg i Recirculation l
- 5. EOP-3.0 Steam Generator Tube Rupture,.
- 6. ECA-3.1 SGTR With Loss Of Reactor l Coolant - Subcooled Recovery l Desired.
- 7. FRZ-0.1 Response To High Containment Pressure. ,
- 8. FRH-0.5 Response To Low Steam Generator Level.
l 9. FRI-0.2 Response To Low Pressurizer l Level.
- 10. FRC-0.1 Response to To inadequate l Core Cooling.
p.1 of 2
i e. x .' I These are entered from the Critical Safety Funct. ion Status Trees. FRZ-0.1 (- FRH O.5 FRI- O.2 FRC-O.1 i 2 i l
~
- p. 2 of 2 EMERGENCY PROCEDURES USED
--w ,: w w- --- - . - -
- p. .,e g 7y-,.--v--,--w-..--- ---- - - - , . - - . , - - - - - - - , - - - - - - - - - - . - - , - - -
, --,-.y , - , .
; 3 .?
~
l SCENARIO
- Initiating Event Indication
- 1. Feedline Rupture
- Steam Generator No. 4
- Pressure Rapidly Decreases.
- Containment Pressure Increases. ,
- Containment Water Level increases.
- Phase A and B Isolation.
- Steam Generator No. 4 Level Rapidly Decreases.
. O J. -
SCENARIO initiating Event Indication
- 2. Turbine Driven
- Steam Generator 1 & 2 Auxiliary Feedwater Pump Levels Decrease.
Trips
- Auxiliary Feedwater Flow Decreases.
(Only One Pump' Available.)
C
~
SCENARIO - Initiating Event Indication .
- 3. Steam Generator
- Pressurizer Level Decreases.
Tube Rupture.
- Pressurizer Pressure Decreases.
~ '
- Core Exit Thermocouple j ,
Temperature Increases.
- Subcooling Decreases .
- Secondary Radiation increases.
i
m . s , l . ! Kyle Davis - 1) Act as Reactor Operator.
- 2) Follow flow path through i
procedures. Russell Smith - 1) Act as STA .
- 2) Follow SPDS display as required,
- to aid in determining plant l conditions.
Norman Terrel - Will alert the STA when different Critical Safety Function Status . Trees are being challenged. 4
< w W. G. Counsil Comanche Peak Steam Electric Station Texas Utilities Generating Company Units 1 and 2 cc:
Nicholas S. Reynolds, Esq. Resident Inspector / Comanche Peak Bishop, Liberman, Cook, Nuclear Power Station Purcell & Reynolds c/o U.S. Nuclear Regulatory Commission 1200 Seventeenth Street, NW P. O. Box 38 Washington, D.C. 20036 Glen Rose, Texas 76043 Robert A. Wooldridge, Esq. Regional Administrator, Region IV Worsham, Forsythe, Sampels & U.S. Nuclear Regulatory Commission Wooldridge 611 Ryan Plaza Drive, Suite 1000 2001 Bryan Tower, Suite 2500 Arlington, Texas 76011 Dallas, Texas 75201 Mr. Homer C. Schmidt Larry A. Sinkin Manager - Nuclear Services 3022 Porter Street, NW #304 Texas Utilities Generating Company Washington, D.C. 20008 Skyway Tower 400 North Olive Street, L.B. 81 Dallas, Texas 75201 Mr. Robert E. Ballard, Jr. Ms. Billie Pirner Garde Director of Projects Citizens Clinic Director Gibbs and Hill, Inc. Government Accountability Project 11 Pen Plaza. 1901 Que Street, NW New York, New York 10001 Washington, D.C. 20009 David R. Pigott, Esq. Mr. A. T. Parker Orrick, Herrington & Sutcliffe Westinghouse Electric Corporation 600 Montgomery Street P. O. Box 355 San Francisco, California 94111 Pittsburgh, Pennsylvania 15230 Anthony Z. Roisman, Esq. Renea Hicks, Esq. Trial Lawyers for Public Justice Assistant Attorney General 2000 P. Street, NW Environmental Protection Division Suite 611 P. O. Box 12548, Capitol Station Washington, D.C. 20036 Austin, Texas 78711 Nancy E. Wiegers Mrs. Juanita Ellis, President Spiegel & McDiarmed Citizens Association for Sound Energy 1350 New York Avenue, NW 1426 South Polk Washington, D.C. 20005-4798 Dallas, Texas 75224 Ms. Nancy H. Williams CYGNA 101 California Street San Francisco, California 94111 l m
a w Texas Utilities Electric Company Comanche Peak Electric Station Units 1 and 2 cc: Resident Inspector - Comanche Peak c/o U.S. Nuclear Regulatory Commission P. O. Box 1029 Granbury, Texas 76048 Mr. John W. Beck Manager - Licensing _ Texas Utilities Electric Company Skyway Tower 400 N. Olive Street, LB#81 Dallas, Texas 75201 Mr. Jack Redding Licensing Texas Utilities Generating Company 4901 Fairmont Avenue Bethesda, Maryland 20814 William A. Burchette, Esq. Heron, Burchette, Ruckert & Rothwell Suite 700 1025 Thomas Jefferson Street, NW Washington, D.C. 20007 Mr. James McGaughy Southern Engineering Company of Georgia 1800 Peachtree, Street, NW Atlanta, Georgia 30367-8301
7 l'& MEETING
SUMMARY
DISTRIBUTION
't{. G' fin'i,.
. NRC Participants NR PDR~~ ~ ~
L PDR NSIC PRC System LB#1 Reading File Project Manager S. B _ Burwell M. Rushbrook Attorney, OELD R. Hartfield* OPA* OTHERS G. Lapinsky J. Joyce F. Orr W. Regan bcc: Applicant & Service List
- Caseload Forecast Panel Visits
.I}}