ML20150D132

From kanterella
Jump to navigation Jump to search
Design Requirements for DSS (Diverse Scram Sys) & AMSAC (ATWS Mitigation Sys Actuation Circuitry), Safety Evaluation of Topical Rept 47-1159091-00
ML20150D132
Person / Time
Site: Three Mile Island Constellation icon.png
Issue date: 02/29/1988
From: Brendan Collins, Vaughn Thomas
IDAHO NATIONAL ENGINEERING & ENVIRONMENTAL LABORATORY
To:
NRC
Shared Package
ML20150D131 List:
References
NUDOCS 8807130326
Download: ML20150D132 (20)
v  d  e


Text

. _ _ _ - _ _ _ _ _ _ _

SAFETY EVALUATION OF TOPICAL REPORT (B&W DOCUMENT 47-1159091-00)

"0ESIGN REQUIREMENTS FOR DSS (DIVERSE SCRAM SYSTEM) AND AMSAC (ATWS MITIGATION SYSTEM ACTUATION CIRCUITRY)"

L INEL Project Engineer: B. L. Collins NRC lead Engineer: V. D. Thomas

__=

Published February 1988 Idaho National Engineering Laboratory EG&G Idaho, Inc.

Rockville Office Prepared for the U.S. Nuclear Regulatory Commission

"" Washington, D.C. 20555 Under DOE Contract No. DE-AC07-761001570 FIN Ho. 06017 Project 2 l

K DR DC 0 89 P PDC

SAFETY EVALUATION OF TOPICAL REPORT (B&W DOCUMENT 47-1159091 00)

"DESIGN RE0VIREMENTS FOR DSS (DIVERSE SCRAM SYSTEM) AND AMSAC (ATWS MITIGATION SYSTFM ACTUATION CIRCUITRY)"

1. INTRODUCTION In response to 10 CFR 50.62, "Requirements for Reduction of Risk from Anticipated Transients Without Scram (ATWS) Events for Light-Water-Cooled Nuclear Power Plants," Babcock & Wilcox (B&W), on behalf of the B&W Owr.ers Group (BWOG) ATWS Committee, submitted B&W Document 47-1159091-00, "Design Requirements for DSS (Diverse Scram System) and AMSAC (ATWS Mitigation System Actuation Circuitry)," for review. This document discusses the BWOG's generic Diversa Scram System (DSS) and ATWS Hitigation System Actuation Circuitry (AMSAC) proposals for compliance with 10 CFR 50.62.

The staff has reviewed the analyses and generic designs for the DSS and the AMSAC for generic compliance to 10 CFR 50.62. For the most part, the 85W document presents an acceptable generic proposal to support the plant-specific submittals. However, several items exist which m9st be addressed in the submittals for individual plants. An additional set of guidelines has been identified by the staff. These guidelines are i presented in this safety evaluation report (SER) for use by the individual j plants to ensure their plant-specific designs are in full complianr9 with l the intent of the ATWS Rule,

2. BACKGROUND f

i On July 26, 1984, the Code of Federal Regulations (CFR) was amended to include Section 10 CFR 50.62, "Requirements for Reduction of Risk from l

Anticipated Transients Without Scram (ATWS) Events for Light-Water Cooled I The ATWS Rule requires Nuclear Power Plants" (known as the "ATWS Rule").

1 l

specific improvements in the design and operation of commercial nuclear power facilities to reduce the likelihood of failure to shut down the reactor following anticipated transients and to mitigate the consequences of an ATWS event, in the unlikely event that it occurs.

3. CRITERIA The basic requirements for Babcock and Wilcox plants are specified in Paragraphs (c)(1), (c)(2), and (d) of 10 CFR 50.62. Paragraph (c)(1) defines the requirements for the AMSAC systems; paragraph (c)(2) defines the requirements for the DSS, and paragraph (d) defines implementation.

Paragraph (c)(1) states: "Each pressurized water reactor must have equipment from sensor output to final actuation device, that is diverse

! from the reactor trip system, to automatically initiate the auxiliary (or emergency) fcedwater system and initiate a turbine trip under conditions indicative of an ATWS. This equipment must be designed to perform its function in a reliable manner and be independent (from sensor output to the final actuation device) from the existing reactor trip system."

Paragraph (c)(2) states: "Each pressurized water reactor manufactured by Combustion Engineering or by Babcock and Wilcox must have a diverse scram system from the sensor output to interruption of power to the control

rods. This scram system must be designed to perform its function in a reliable mannar and be independent from the existing rot
tor trip system (from sensor output to interruption of power to the control rods)."

The criteria used in evaluating the BWOG document include (1) 10 CFR 50.62, (2) guidance and information published in the Federal Register as the preamble to 10 CFR 50.62, and (3) Generic Letter 85-06, "Quality Assuranc-:

Guidance for ATWS Equipment that is not Safety-Related." The evaluation was dona on a generic basis, and the relevant criteria are presented below.

l 2

( - - -

(....-

[ - -

l The systems and equipment required by 10 CFR 50.62 do not have to meet all of the stringent requirements normally applied to safety-related equipment. However, this equipment is part of the broader class of structures, systems, and components defined in the introduction to 10 CrR 50, Appendix A (General Design Criteria (GDC)). GDC-1 requires that structures, systems, and components important to safety shall be designed, fabricated, erected, and tested to quality standards commensurate with the importar,ce of the safety functiores to be performed. Generic Letter 85-06 details the quality assurance criteria that must be applied to this equipment.

In general, the equipmant to be installed in accordance with the ATWS Rtle is required to be diverse from the existing Reactor Protection System (RPS) and must be testable at power. This equipment is intended to provide the needed diversity to reduce the potential for common mode failures that could result in an ATWS leading to unacceptable plant conditions.

The DSS and AMSAC systems for the ATWS mitigation desir,ns are not required to be safety-related (i.e., to meet IEEE 279). Howe';er, the implementation should incorporate good engineering practice and must be such that the existing protection system continues to meet all applicable safety- related criteria. Equipment diversity to the extent reasonable and practicable to minimize the potential for common cause (mode) failures is required from the sensor to, but not including, the final actuation device for the AMSAC systems; from the sensor to and including the final actuation device for the DSS.

The rule requires that all DSS and AMSAC instrument channel components (excluding sensors and isolation devices) be diverse from the existing RPS. It is desirable, but not required, to use sensors and isolation devices that are not part of the RPS. However, if existing RPS sensors and isolators are used, analyses must be provided that indicate that the isolators have been qualified using an approved method similar to, and preferably identical to, the one presented in Appendix A of this report.

3

The capability for test and surveillance at power is required; however, surveillance frequencies have not yet been established. During surveillance at power, the mitigating system may be bypassed; however, the bypass condition must be automatically and continuously indicated in the main control room. The DSS and AMSAC designs may also permit bypass of the mitigating function to allow for maintenance, repair, test, or calibratit n to prevent inadvertent actuation of the protective action at the system level.

The use of a r.intenance bypass for the system should not involve lifting leads, puliing fuses, tripping breakers, or physically blocking relays. A permanently installed bypass switch or similar device should be used for removing the system from service.

The design should be such that, once initiated, the protective action at the system level shall go to completion. Return to operation should require subsequent deliberate operator action.

The ATWS system should be designed to provide the operator with accurate, complete, and timely information pertinent to its own status.

Displays and controls for manual bypass and initiation of the ATWS mitigating systems should be integrated into the main control room through system functional analyses and should conform to good human factors engineering practices in design and layout. It is important that the displays and controls added to the control room as a result of the ATWS Rule do not increase the potential for operator error.

The power supplies are not required to be safety related, but they must be capable of performing safety functions with a loss of offsite power. Logic power for both the DSS and AMSAC and actuation power for the DSS must be from a power supply indeceadent (no common mode failure for any design basis events) from the power supplies for the existing RPS. Existing RPS 4

- sensor and instrument channel power supplies may be used, and these supplies may be used only if a comon mode failure cannot degrade both the RPS and the ATWS mitigating systems' functions.

4. DESIGN BASES The B&W Owners Group reviewed previous analyses which had been performed for the ATWS transients arvi presented the results of that review in the document "Design Requirenents for DSS and AMSAC." The results of the review were evaluated and approved by the staff and were determined to be acceptable for defining the dominant transients which pose the most risk to the plants. It was determined that the most severe ATWS transients were those in which there was a complete loss of normal feedwater. Two scenarios were identified which could lead to these transient events:

(1) loss of main feedwater and (2) loss of offsite power.

The limiting condition and primary safety concern associated with these two transients is the potential for high prassure within the Reactor Coolant System (RCS). In the unlikely event that a common mode failure in the RPS and the Engineered Safety Features Actuation System (ESFAS) were to incapacitate the Auxiliary Feedwater System (AFW) flow initiation and/or turbine trip, in addition to prohibiting a reactor scram, then an alternate method of providing a scram, AFW flow, and turbine trip would be required to minimize the RCS pressure excursions.

The final rule, approved by the Commission on November 11, 1983, requires that B&W plants install Diverse Scram Systems (055) to interrupt power to the control rods and ATWS Mitigation System Actuation Circuitry (AMSAC) to initiate a turbine trip and actuate AFW flow independent 'of the RPS (from the sensor output).

Because a loss of offsite power results in a loss of main feedwater and because the primary safety concern is reactor high pressure, feedwater flow and reactor pressure measurements are acceptable inputs to the ATWS mitigating systems. ,

5 L -_

Loss of feedwater flow or high reactor primary pressure are the acceptable methods of initiating the DSS circuitry. Upon initiation, the DSS will use g "energize-to-trip" logic to cause a reactor scram by interrupting power to the silicon control rectifier (SCR) gate drivers for at least rod groups 5, S

6, and 7 by a means other than the existing SCR gate driver relays controlled by the RPS.

Since a high reactor pressure signal would occur too late for the AMSAC to g be effective, the detection of a total loss of feedwater flow is the only teceptable measurement for initiating the AMSAC. Upon detection of a loss of feedwater flow, the AMSAC will actuate the AFW system and initiate a turbine trip using existing actuation devices in these systems.

During the selection of the feedwater flow and reactor pressure measurements as DSS and AMSAC inputs, the individual plant-specific submittals should justify the selection of the prooosed ATWS mitigation systems inputs. The licensee should determine whether feedwater flow or reactor pressure or both will be used for the DSS initiation and how the total loss of feedwater flow will be determined for the DSS and AMSAC. The licensee should also specify the setpoints, both magnitudes and timing, at which the systems will be initiated. The licensee must describe how a ,

total loss of feedwater flow will be detected and why the measurements chosen are indicative of a total loss of feedwater flow.

The ATWS Rule, Federal Register guidance, requires the DSS logic and actuation device power ar.d the AMSAC logic power to be functional following a loss of offsite power and independent from the RPS power supplies.

Existing RPS power supplies can be used only for sensor channels and only if the possibility of common mode failure-is prevented. The BWOG document is not in complete compliance with this requirement. Therefore, the plant-specific submittals should address the independence and diversity of the power supplies and describe how the power supplies and logic channels will function following a loss of offsite power.

6

che BWOG document indicates that testing at power is anticipated for the DSS and AMSAC systems. Test intervals commensurate with the desired reliability must be addressed on a plant-specific basis and should, therefore, be included in the individual submittals.

The DSS and AMSAC systems should be designed to initiate mitigating actions in a reliable, timely manner without causing an increase in inadvertent scrams and actuations. The BWOG and staff has performed transient analyses which indicate that rod drop must occur within 30 seconds after the event initiation and that AMSAC must actuate within 8 seconds after the total loss of feedwater flow.,

5. DESIGN REQUIREMENTS This section presents the asign requirements for meeting the design and implementation criteria for the DSS and AMSAC. It is intended that the plant-specific submittals address each of these generic design requirements. Most of these generic design requirements have been addressed at least in part by the BWOG "Design Requirements for DSS and AMSAC" document. Where the B&W document satisfies these generic requirements, the plant-specific submittals need only indicate agreement with the B&W document. For those generic requirements which are not addressed or are not satisfied by the B&W document, the individual plant proposals should present the specifics required to allow the staff to review and approve their proposals for implementation of the ATWS systems.

The staff has found the BWOG generic design unacceptable or incomplete when addressing the design requirements for the equipment power supplies, the use of isolation devices, the methods of bypass and display, the detection of loss of feedwater flow, and the specifications for surveillance and testing. The design requirements presented in this section address these issues and give the licensees guidance for preparing their plant-specific proposals in order to satisfy the intent of the ATWS Rule.

7 j

5.1 Diversity from Existina RPS For the DSS, equipment diversity to the extent reasonable and practicable to minimize the potential for common cause (mode) failures is required from the sensors to, and including the components used to interrupt control rod power. The diversity of the DSS equipment from existing RPS equipment shall include all signal conditioners, bistables, logic channels, logic power supplies, and SCR de-gating relays.

For the AMSAC, equipment diversity to the extent reasonable and practicable to minimize the potential for common cause (mode) failures is required from the sensors to, but not including thh final actuation device, i.e.,

existing circuit breakers may be used for the auxiliary feedwater initiation, but signal conditioners, bistables, logic channels, and logic power supplies, must be diverse from the existing RPS equipment.

The sensors for the DSS and AMSAC need not be of a diverse design or manufacturer; however, it is preferred that existing sensors in the RPS not be used. Existing protection system instrument sensing lines, sensors, and sensor power supplies may be used. Sensor and instrument sensing lines

, should be selected such that adverse interactions with existing control systems are avoided. All DSS and AMSAC instrument channel components (excluding sensors and isolation devices, but including all signal conditioning devices) must be diverse.

The B&W generic design meets the design criteria for this area, and is in compliance with this requirement.

5.2 Electrical Indeoendence from Existina RPS Electrical independence is required from the sensor output up to the final actuation device for AMSAC and from the sensor output up to and including the final actuation device for the DSS. Nonsafety-related circuits must be isolated from safety-relaited circuits by qualified Class IE isolators. The use of existing isolators is acceptable; however, each plant-specific 8

submittal should provide information indicating compilance with analyses and tests which demonstrate that the existing isolators will function under the maximum worst case fault conditions. A method acceptable to the staff for qualifying either the existing or diverse isolators is presented in Appendix A. The B&W generic design is acceptable in this area.

5.3 Physical Seoaration from Existina RPS Physical separation for the DSS and AMSAC from the existing RPS is not required. However, the implementation must be such that separation criteria applied to the existing protection system are not violated. The plant-specific design should be such that RPS and ATWS mitigation channels will be separated and that separation between RPS channels will not be compromised by the ATWS installations. The B&W generic design meets the design criteria in this area.

5.4 Environmental Qualifications The plant-specific submittal should address the environmental qualification of the DSS and AMSAC equipment for anticipated operational occurrences only; not for accidents, i 5.5 Ouality Assurance for Test. Maintenance. and Surveillance l

The plant-specific submittal should provide information regarding compliance of the DSS and AMSAC equipment with Generic Letter 65-06,

' Quality Assurance Guidance for ATWS Equipment that is not Safety Related."

i 5.6 Safety-Related (IEl Power 5u0011g1 .

The use of safety-related (IE) power supplies is not required for the DSS and AMSAC systems. However, the power supp'les must be capable of l

performing their safety functions following a loss of offsite power. Logic and actuation device power for the DSS and logic power for the AMSAC

designs must be from an instrument power supply independent (no common mode

{ 9 i

i

I

~

failures for any design basis event) from the power supplies for the existing RPS. Therefore, the logic and actuation device power for the OSS and the logic power for the AMSAC should be supplied from a source, such as a station battery, other than those used in the existing RPS. The batteries and/or inverters used for the DSS and AMSAC system components need not be diverse from, but must be electrically independent of, the existir.g RPS. Existing sensor channel power supplies may be used only if the possibility of comon mode failure is prevented (e.g., loss of power, overvoltage, undervoltage, overfrequency, etc. cannot degrade both the RPS and the DSS /AMSAC system functions).

Since the power supplies being used for the DSS and AMSAC logics are part of the RPS, the BWOG generic design for this requirement is not acceptable to the staff. It is the staff's position that the following conce ns exist because of this sharing of power supplies: 1) There is a potential of degrading the Class IE RPS buses via faults / failures that may occur in the non-Class lE ATWS mitigation system. 2) Minor voltage and frequency fluctuations could cause degradation of both the RPS and the DSS /AMSAC simultaneously. 3) It is clearly stated in the "Part 50 - Statements of Consideration" to the ATWS Rule that the power rupplies for the DSS and AMSAC logics and the DSS actuation circuitry should be independent (and separate) from the existing RPS power supplies. Therefore, the plant-specific submittals should address the use of power supplies and ensure that the systems are functional following a loss of offsite power.

5.7 Jestability at Power The plant-specific submittals should address testing of the DSS and the AMSAC equipment prior to installation and periodically throughout the life of the plant. The OSS and AMSAC may be bypassed to prevent inadvertent actuation during testing at power if the testing procedures are consistent with those previously approved by the staff for the individual plants and all applicable ATWS system bypass guidelines are observed. The bypass condition must be automatically and continuously indicated in the main control room.

10

5.8 Inadvertent Actuation The plant-specific design should be such that the frequency of inadvertent actuation and challenges to other safety systems caused by the OSS and AMSAC are minimized. The DSS and AMSAC systems must have a minimum of two channels with a two-out-of-two actuation logic to be consistent with the BWOG generic document. The B&W generic design meets the design criteria in this area.

5.9 Maintenance Bvoasses The plant-specific design may permit bypass of the OSS or the AMSAC functions to allow for maintenance, repair, test, or calibration during power operation in order to avoid inadvertent actuation of protective actions at the system level. The plant-specific submittal should discuss how maintenance at power is to be accomplished and how the bypass condition will be automatically and continuously indicated in the main control room.

5.10 Ooeratina 8voasses The plant-specific submittal must identify whether operating requirements necessitate automatic or manual bypass of the 055 or AMSAC systems. Where operating bypasses are identified, the design or operating basis must be provided for such actions. Removal of the bypass condition must be indicated in the main control room.

5.11 Indication of Byoasses The plant-specific design must provide for control-room indication of all OSS and AMSAC test, maintenance, and operating bypass conditions. If tho protective action of some part of the OSS or AMSAC systems has been bypassed or deliberately rendered inoperative for any reascn, the plant specific submittal must discuss how this condition will be continuously and automatically indicated in the control room.

11

,o ,

5.12 Means for Bvoassina l

The use of DSS or AMSAC system maintenance bypasses should not involve installing jumpers, lifting leads, pulling fuses, tripping breakers, or blocking relays. The plant-specific submittal should discuss what type of permanently installed bypass switch or similar device will be used and verify that the disallowed methods mentioned in the guidance are not used.

5.13 Comoletion of Protectisa Action The plant-specific DSS and AMSAC designs shall be such that, once initiated, the protective action at the system level goes to completion.

Return to operation must require subsequent deliberate operator action, e.g., manual reset of the tripped circuits.

5.14 Information Readout The DSS and AMSAC systems should be designed to provide the operator with accurate, complete, and timely information pertinent to their status.

5.15 Safety-Related Interfaces The plant-specific submittal should describe how the implementation of the DSS and AMSAC circuitry design will be such that the existing RPS and ESFAS protection systems continue to meet all applicable safety criteria.

5.16 Technical Soecifications The plant-specific proposals must address technical specification requirements related to surveillance and testing of the DSS and AMSAC systems.

12

6. CONCLUSIONS The BWOG document, "Design Requirements for DSS (Diverse Scram System) and AMSAC (ATWS Mitigation System Actuation Circuitry)," was reviewed and the transient analyses and design requirements were evaluated by the staff.

Most sections of the BWOG document were acceptable for providing generic guidelines for the plant-specific design submittals. However, five areas of the generic design are still of concern to the staff.

The staff would like to emphasize that most of the generic guidelines presented in Section 5 of this SER have been adequately addressed by the BWOG generic document. In such cases, the plant-specific submittals need only indicate their intent to comply with these individual generic requirements. However, for the five design areas that are not satisfactorily addressed in the BWOG generic document, the plant-specific submittals must address, in detail how compliance with these areas will be implemented. Specifically, in order to receive approval from the staff, the licensee must provide (as discussed in the following sections) design details for the use of diverse power supplies, approved isolation devices, the implementation of bypasses and displays, the requirements for surveillance and testing, and the parameters and methods to be used to indicate high reactor pressure and/or a total loss of feedwater flow.

6.1 Power Supplies The description of the design requirements and the use of power supplies in the BWOG generic document is not acceptable to the staff.

Section 5.1 of this SER summarizes the design requirements for diversity of equipment as presented in the supplementary information provided in the Federal Register. Compliance with paragraphs c(1) and c(2) of the ATWS Rule requit the ATWS equipment to be diverse from the existing RPS to minimize the potential for common cause (mode) failures. Identical components (e.g., power supplies) used in both the RPS and the DSS or AMSAC 13

are subject to potential common mode failures. Therefore, power supplies used for the ATWS systems must be diverse from the power supplies used in the RPS at B&W plants.

Power supplies for both the DSS and AMSAC are not required to be safety related (IE), but must be cipable of performing their safety functions following a loss of offsite power. This requirement, as defined in the Federal Register, prohibits the use of existing RPS power supplies for the DSS logic and actuation equipment and the AMSAC logic circuitry.

Acceptable methods for complying with these requirements are presented in Section 5.6 of this SER.

In order to be in compliance with the ATWS Rule and receive approval from the staff, the plant-specific submittals must indicate how the individual plant designs will provide adequate diversity in the use of power supplies for the DSS and AMSAC systems. In addition, the plant-specific submittals must indicate how these power supplies (for both the DSS and AMSAC) will remain functional or be backed-up in the event of a loss of offsite power.

6.2 Isolation Devices The guidance given in the Federal Register requires nonsafety-related equipment to be properly isolated from safety-related equipment.

Therefore, only approved isolators, existing or diverse, ma'y be used for isolating existing sensors and actuation devices for the ATWS systems where appropriate.

Whether diverse or existing isolators are used, the plant-specific submittals must provide analyses ensuring.that the isolators are qualified to function under the maximum worst case fault conditions. The analyses should follow the guidelines presented in Appendix A of this SER or be from some other previously approved procedure.

14 l

', 6.3 Byoasses and Disolavs The plant-specific submittals must address the types and methods of bypasses used for the DSS and AMSAC equipment. Sections 5.9, 5.10, and  ;

l 5.12 of this SER provide some guidance for acceptable bypasses of the i systems. The submittals should discuss requirements for maintenance, repair, testing, and calibration of the ATWS systems. Operating bypasses, such as those required during startup or low power operation, should also be addressed in the submittals. The proposals for the bypasses must address both administrative (i.e., types of procedures to be used) and hardware requirements.

The status of the parameters monitored for the indication of an ATWS and the DSS and AMSAC mitigating equipment must ba continuously provided in the contro' room. Sections 5.11 and 5.14 of this SER discuss the requirements for the indication of a bypass condition and the status of the equipment for the operators. The plant-specific submittals should also provide the design details of how the information will be displayed.

6.4 Surveillance and Testina The BWOG, in their generic document and subsequent information, has not provided an acceptable generic proposal for defining the requirements for surveillance and testing. Therefore, the plant-specific proposals must address the use of technical specifications for the OSS and AMSAC equipment. The plant-specific proposals must also address how surveillance and testing will be administratively controlled and monitored.

6.5 Inout Parameters -

The BWOG generic document presents the results of analyses performed to justify the use of high reactor pressure and/or a loss of feedwater flow as the input parameters to be used for actuating the DSS and AMSAC systems.

However, the generic document dces not give specific details regarding how these parameters are to be measured. Therefore, the plant-specific 15

submittals must provide the details of whether pressure or flow is to be l used and must specify the setpoints and timing at which the systems will be initiated. Information must also be provided which describe how a total i

loss of feedwater flow will be detected and why the measurements chosen are indicative of a total loss of feedwater flow.

J i

l 16 1

, - - - = - - - - - - - - - , . . -n ----,-, - - - , .. , , . . . . - - . - , , , . . - . - , , , , . , - - , . - - - . - - - - , - - , _ - , , . . , - , , . - - , , . , , , - , , , , - , , - , , - - - - , , - -

7. REFERENCES
1. Code of Federal Regulations, Chapter 10, Section 50.st, "Requirements for Reduction of Risk from Anticipated Transients Witrout Scram (ATWS)

Events for Light-Water-cooled Nuclear Power Plants," June 1,1984.

2. Federal Register, Vol. 49, No. 124, "Reduction of Risk from Anticipated Transients Without Scram (ATWS) Events for Light-Water-Cooled Nuclear Power Plants," June 26, 1984.
3. Babcock and Wilcox Company "Design Requirements for DSS (Diverse Scram System) and AMSAC (ATWS Mitigation System Actuation Circuitry),"

September 1985.

4. NRC Memorandum, M. Wayne Hodges to Jerry L. Hauck, "Review of BWOG Submittal on ATWS."
5. NRC Letter, Hugh L. Thompson, Jr. to All Power Reactor Licensees and All Applicants for Power Reactor Licenses, "Quality Assurance Guidance for ATWS Equipment that is not Safety-Related (Generic Letter 85-06),"

April 16,1985. ,

6. NRC Memorandum, Harold R. Denton to James H. Sniezek, "Proposed Generic Letter Regarding Implementation of the ATWS Rule,"

February 1986.

7. Rulemaking Issue, W. J. Dircks to The Commissioners, "Amendments to 10 CFR 50 Related to Anticipated Transients Without Scram (ATWS)

Events," SECY-83-293, July 19, 1983.

8. NUREG-0460, "Anticipated Transients Without Scram for Light Water Reactors," Office of Nuclear Reactor Regulation, US Nuclear Regulatory Commission, December 1978.
9. NUREG-1000, "Generic Implications of ATWS Events at the Salem Nuclear

' Power Plant," Office of Nuclear Reactor Regulation. US Nuclear Regulatr.ry Commission, April 1983.

17

..~

APPENDIX A DSS AND AMSAC ISOLATION DEVICE RE0 VEST FOR ADDITIONAL INFORMATION Each light-water-cooled nuclear power plant shall be provided with a system for the mitigation of the effects from anticipated transients without scram (ATWS). The Coramission-approved requirements for the ATWS are defined in the Code of Federal Regulations (CFR) Section 10, paragraph 50.62.

The staff has reviewed the B&W Owners Group generic functional DSS and AMSAC designs for compliance with the ATWS Rule. As a result, the staff has determined that the use of isolators within the DSS and AMSAC will be reviewed on & plant-specific basis. The following additional information is required to continue and complete the plant-specific isolator review.

Isolation Devices Please provide the following:

a. A description of the specific testing performed to demonstrate that the device used to accomplish electrical isolation is acceptable for its application (s). This description should include elementary diagrams, when necessary, to indicate the test configuration and how maximum credible faults were applied to the devices.
b. Data to verify that the m:ximum credible faults applied during the test were the maximum voltage / current to which the device could be exposed, and define how the maximum voltage / current was determined.
c. Data to verify that the maximum credible fault was applied to the non-Class lE side of the device in the transverse mode (between signal i and return) and that other faults were considered (i.e., open and short i circuits).

l A-1 l

l

.s A definition of the pass / fail acceptance criteria for each type of d.

device.

e. A commitment that the isolation devices comply with the environmental qualifications (10 CFR 50.49) and with the seismic qualification: which were the basis for plant licensing,
f. A description of the measures taken to protect the safety systems from electrical interference (i.e., Electrostatic Coupling, EMI, Common Mode, and Crosstalk) that may be generated by the ATWS circuits.
g. Information to verify that the Class lE isolator is powered from a Class IE source.

A-2 l

l e

- - - - - - - - -- - , , _ _ _ , _ , _ _ _ . . . , , , , _ _ _ __ , ,, . , , . , . _

Retrieved from "https://kanterella.com/w/index.php?title=ML20150D132&oldid=2971631"