ML20205Q616
| ML20205Q616 | |
| Person / Time | |
|---|---|
| Site: | Salem  |
| Issue date: | 05/05/1986 |
| From: | SCIENCE APPLICATIONS INTERNATIONAL CORP. (FORMERLY |
| To: | NRC |
| Shared Package | |
| ML18092B193 | List: |
| References | |
| CON-NRC-03-82-096, CON-NRC-3-82-96 NUDOCS 8606020280 | |
| Download: ML20205Q616 (100) | |
Text
-_______
I I
I ,
r I PRE-IMPLEMENTATION AUDIT REPORT I
FOR PUBLIC SERVICE ELECTRIC & GAS COMPANY'S SAFETY PARAMETER DISPLAY SYSTEM AT l SALEM NUCLEAR GENERATION STATION 1 AND 2 I < >
I I
I SAIE I
May 5, 1986 I Prepared for U.S. Nuclear Regulatory Commission Washington, D.C. 20555 Contract No. NRC-03-82-096 g go2soxn I
l ~-.,-,,,oc---.-,...
I I
I PRE-IMPLEMENTATION AUDIT REPORT FOR PUBLIC SERVICE ELECTRIC & GAS COMPANY'S SAFETY PARAMETER DISPLAY SYSTEM AT SALEM NUCLEAR GENERATION STATION 1 AND 2 I
May 5, 1986 I
Prepared for U.S. Nuclear Regulatory Commission Washington, D.C. 20555 I Prepared by Science Applications International Corporation 1710 Goodridge Drive McLean, Virginia 22102 Contract No. NRC-03-82-096 I
TABLE OF CONTENTS l Section Paae 1
1 BACKGROUND . . . . . . . . . . . . . . . . . . . . . . . 1 2 SYSTEM DESCRIPTION . . . . . . . . . . . . . . . . . . . 2 2.1 Principal Functions and Users . . . . . . . . . . . 2 2.2 SPDS Displays . . . . . . . . . . . . . . . . . . . 3 2.3 Parameter Selection . . . . . . . . . . . . . . . . 3 2.4 Data Validation . . . . . . . . . . . . . . . . . . 8
' 2.5 Isolation Devices . . . . . . . . . . . . . . . . . 8 2.6 Computer Architecture . . . . . . . . . . . . . . . 8 2.7 State of Development. . . . . . . . . . . . . . . . 9 2.7.1 Project Milestones . . . . . . . . . . . . . 9 2.7.2 System Strengths . . . . . . . . . . . . . . 10 3 SYSTEM RELIABILITY . . . . . . . . . . . . . . . . . . . 11 3.1 Hardware Reliability. . . . . . . . . . . . . . . . 11 3.2 Software Security . . . . . . . . . . . . . . . . . 12 3.3 System Loading. . . . . . . . . . . . . . . . . . . 12 3.4 Verification and Validation . . . . . . . . . . . . 13 I 3.5 Configuration Control . . . . . . . . . . . . . . . 14 4 HUMAN FACTORS ENGINEERING. . . . . . . . . . . . . . . . 15 l
4.1 PSE&G Human Factors Program . . . . . . . . . . . . 15 4.2 Display Formats . . . . . . . . . . . . . . . . . . 15 ,
4.3 Position in the Control Room. . . . . . . . . . . . 16 l
{
4.4 Human Factors Engineering Review. . . . . . . . . . 16 1 5 TRAINING PROGRAM . . . . . . . . . . . . . . . . . . . . 17 I
I
i TABLE OF CONTENTS (Continued)
Section Paae 6 AUDIT FINDINGS . . . . . . . . . . . . . . . . . . . . . 17 6.1 Major Comments. . . . . . . . . . . . . . . . . . . 17 6.1.1 Insufficient Front-End Analysis. . . . . . . 17 6.1.2 V&V and Human Factors Review . . . . . . . . 18 I
6.1.3 Inadequate Configuration Management. . . . . 18 6.2 Recommendations . . . . . . . . . . . . . . . . . . 19 REFERENCES . . . . . . . . . . . . . . . . . . . . . . . 21 l
I l
l l
l l
11 l
l l
1
- _ _ _ _ _ _ _ l
SAFETY PARAMETER DISPLAY SYSTEM SALEM NUCLEAR GENERATION STATION 1 & 2 Pre-implementation Audit Report SECTION 1. BACKGROUND l
All holders of operating licenses issueo by the Nuclear regulatory Commission (licensee) and applicants for an operating license (OL) must provide a Safety Parameter Display System (SPDS) in the control room for their plant. The Commission-approved requirements for the SPDS are defined in Supplement I to NUREG-0737 (1). PSE&G is completing the design phase of their SPDS and requested a pre-implementation NRC audit of their SPDS design as it currently exists.
The purpose of the SPDS is to provide a concise display of critical plant variables to control room operators to aid them in rapidly and reliably determining the safety status of the plant. NUREG-0737, Supplement 1 (1), requires licensees and applicants to prepare a written Safety Analysis Report (SAR) describing the basis on which the selected parameters are sufficient to assess the safety status of each identified function for a wide range of events, which include symptoms of severe accidents. Licensees and applicants are also required to prepare an implementation plan for the SPDS which contains schedules for design, development, installation, and full operation of the SPDS as well as a design verification and validation plan. The safety analysis and the implementation plan are to be submitted to the NRC for staff review. The results of the staff's review are to be published in a Safety Evaluation Report (SER).
l The Public Service Electric & Gas Co. of New Jersey (PSE&G) submitted a l SPDS SAR for Salem Nuclear generating Station Units 1 and 2 on January 30, 1984 (2). The NRC reviewed the SPDS SAR and sent a request for additional information to PSE&G (3). In response to this, PSE&G requested that the NRC conduct an in-progress SPDS audit (4). The audit was conducted by the NRC, supported by consultants from SAIC and Comex, from December 4 to December 6, 1985. ihis report discusses the results of that audit. The SPDS system was 1
still under development, with less than half of the proposed displays having been designed. Because of this, the findings of this audit are limited to general comments and recommendations, rather than specific conclusions and evaluations.
There are both considerable strengths and potential problem areas in the proposed system and the way it is being developed. The computer system architecture should provide a powerful, flexible base for the SPDS and other applications, and the proposed implementation of Emergency Response decision trees should provide plant operators with a useful aid. However, the audit team identified a number of potential problems in the design and development process. The audit team's suggestions for dealing with these problems focused on defining overall system requirements, increasing Verification &
Validation (V&V) and Human Factors Engineering (HFE) input in the design process, and improving the configuration management program. The remainder of this report will describe the proposed SPDS, review the specific findings of the audit, and summarize the recommendations of the audit team.
The next section provides a description of the SPDS system being developed by PSE&G and describes the general status of the project. Section 3 discusses system reliability and reviews the Verification and Validation (V&V) and configuration control programs. Section 4 covers Human Factors (HF) considerations in the SPDS system and the Human Factors Review program.
The final section presents the major recommendations resulting from the audit. In addition, Appendix A presents an evaluation of the SPDS relative to NUREG 0737 Supplement 1 requirements. Appendix B is the PSE&G briefing package which was distributed for the audit. Appendix C is the list of audit attendees.
I SECTION 2. SYSTEM DESCRIPTION 2.1 Principal Functions and Users The SPDS system is primarily intended to aid Shift Technical Advisors (STAS) during abnormal and emergency conditions. Other operators may occasionally use the SPDS during normal operations and the Senior Reactor Operator (SRO) may use the system during both normal and abnormal opera-tions. However, the STA is the primary user. During emergency operations l 2 l
!I i
the SPDS will monitor critical safety parameters and help guide the STA through the Westinghouse Emergency Procedure decision trees.
2.2 SPDS Displays Ccrrent plans for the SPDS system will include two CRTs in each control room. The proposed SPDS will consist of four levels of displays. The top level display shows the critical safety functions in the form of color coded bar graphs for the six functions as defined by PSE&G. These functions are described more fully in Section 2.3. The top level display shows a large colored box for each function (Figure 2-1). Each box can appear at one of l four vertical positions in the column reserved for the safety function. The color (and vertical position) of the box indicates whether the safety function parameters are normal (green), or at one of three alarm levels (yellow, orange, or red).
The format for the second level displays is taken directly from the Emergency Operating Procedures (E0Ps) as developed by PSE&G from the Westinghouse EPGs (Figure 2-2). The SPDS system automatically highlights the appropriate path through these decision trees. These displays (and all others that form a part of the SPDS) contain an insert which shows color coded targets similar to the top level di spl ay, without the vertical displacement. This insert would show any changes in other critical safety functions which might occur while the STA is using a status tree second level display for a given critical safety function.
Third and fourth level displays have not been finalized. However, the third level will show the parameter values and condition in a tabular format for those parameters which define the second level status trees. PSE&G should evaluate the appropriate display level which shows parameter values.
The NRC feels that the second level may be more appropriate. The fourth level will present trend information for parameters listed in the third level displays. No formats for these displays have been developed.
2.3 Parameter Selection The Salem SPDS parameters are developed from the Westinghouse Emergency Response Guidelines status tree and use Regulatory Guide 1.97 sensors (5).
3
lI I
I I
I I g -
I .
o.
b I m e
.E e e I
3 - 1 I e E l 5 o l' 8
m u
! b e
I I
I 4
s a
m m
m n
a m
1 a ' D E N m
u l
T R "
0 " ,
o H
E R
S R
R 1 F " 3 F A I i T R " S m S O" E Y
u 3" y a
l p
e E O E
L P
R 1
n S
- i D
s R V H U R y uO I P F r SRRT a m
u RZ EOA l
G S d n
E E I
N Y o c
e S
e N S
D P
S a I g E V n O
H I
yE I"e e m G gR T*D l u 0 1
gfG A 7* 2, l
p m
R g E ,
H S
E I tt a x
R I D O E _ Y E E
T A E m E C E E
ZI H R S u
n M Z R U
G N G l G
2 O A R . -
P S R E N SE E 2 u
u N E_ Y U
N e m W H I
T N
r u
O C O
C i
g m
m D R O F
a T S E UR E O 1 T C SO V H Y
U R U EO T GR A I
l E K
H m O u S AZE NE G S E sH S 1 [E t
R eR -
m P Y
E R
T A sU aT E
G ,E -
oR -
s s -
u a aS S -
mE R
A. P -
m u
n -
u -
u -
m -
m u
m w l u
i The five critical safety functions of NUREG-0737 Supplement 1 (1) are currently displayed by the Salem SPDS through six function blocks (Figure 2-1). The function blocks are:
- 2. Core Cooling
- 3. Heat Sink
- 4. Thermal Shock
- 5. Containment Environment
- 6. Coolant Inventory These six function blocks currently utilize fifteen system parameters.
These parameters are: neutron flux, RCS cold leg water temperature, RCS pressure, core exit temperature, reactor vessel level, degrees of subcooling, containment sump water level, containment pressure, containment area radiation, reactor coolant pump status, pressurizer level , steam generator level, steam generator pressure, auxiliary feedwater flow, and RCS loop average temperature. However, the licensee stated during the audit that a seventh function block (radioactivity at release points) would be added and four more system parameters would be used for the SPDS. The four added parameters will be: reactor trip, plant vent flow, containment and plant effluent radioactivity release, and main steam radiation. Table 2-1 shows the correspondence of the seven SPDS safety functions and the critical safety functions defined by NUREG-0737 Supplement 1 (1).
The audit team compared the Salem parameter selection with the NRC Procedures and Systems Review Branch guidance on SPDS parameter selection.
In general they found good agreement with the NRC staff interpretation of the NUREG-0737 Supplement 1 parameter selection. However, the following items are not identical to the NRC staff interpretation:
(a) Containment isolation status is not on the SPDS. The valve status will be shown on a panel close to the proposed SPDS location in the control room.
(b) RHR/ECCS flow is not displayed.
(c) Hydrogen concentration is not shown.
6
i
' 11 Table 2-1 CRITICAL SAFETY FUNCTION CRITICAL SAFETY FUNCTION PARAMETERS (NUREG-0737. SUPPLEMENT 11 STATUS TREE (SALEM)
Reactivity Contro. Shut Down Margin 1. Neutron Flux ll 2. Reactor Trip Reactor Core Cooling Core Cooling 1. Core Exit Temperature and Heat Removal From 2. Degrees of Subcooling the Primary System 3. Reactor Coolant Pump Status
- 4. Reactor Vessel Level Reactor Coolant System Heat Sink 1. Steam Generator Level Integrity 2. Steam Generator Pressure
- 5. RCS Pressure
- 6. RCS Cold Leg Water Temperature Coolant Inventory 7. Pressurizer Level
- 8. Reactor Vessel Level I Radioactivity Control Radioactivity at 1. Plant Vent Flow Release Points 2. Containment Effluent Radioactivity
- 3. Plant Vent Effluent Radioactivity
- 4. Containment Area Radiation
- 5. Main Steam Radiation Containment Conditions Containment Environment 1. Containment Sump Level
- 2. Containment Pressure
- 3. Containment Area Radiation 7
Parameter acceptability is being reviewed by the NRC and will be determined by the Electrical Instrumentation and Control System Branch. The SPDS display should prove to be a useful tool to the STA and others in assessing abnormal plant conditions and in assisting the STA in planning recovery actions.
2.4 Data Validation The licensee uses gross checks of data validity. These checks look for zero or off-scale indications and reject these sensors from SPDS display.
l The checks include thermocouple-open-circuit or out-of-range, multiplexer-l unable-to-scan, and RTD-bridge-out-of-range. Similarly, the 4 to 20 milli-amp signal conditioners are checked for off-scale operation by checking for less than 4 ma or greater than 20 ma output. Signal conditioners found to be off-scale are rejected from SPDS display. Currently, no other data validation technique is used. The licensee stated that EPRI was studying data validation and the licensee is hoping for some useful guidance from the EPRI effort. Algorithm validation efforts have recently been started by Singer-Link.
2.5 Isolation Devices ;
l
\
The licensee presented a description of an electrical / electronic isola-tion scheme, which if documented, installed and tested as described, should fulfill the requirements for isolation. A description of the isolation devices was submitted to the NRC in the June 27, 1985 response to the NRC l Request for Additional Information. The audit team checked for isolation device testing dates and test results. The licensee stated that the results existed and would be sent to the NRC. The audit team was particularly interested in verifying the isolation test data for the multiplexers where IE and non-1E signals are processed.
2.6 Computer Architecture The computer system supporting the SPDS is based on redundant com-ponents functioning in a Local Area Network (LAN). Data fron existing sensors is input to redundant intelligent multiplexers (t1UX). liul tiplexed data is transmitted to duplicate host computers (A and B) by means of a 8
high-speed data link. Computer B constantly monitors computer A for failure, and takes over processing if necessary. Communications between the l
host computer and intelligent terminals is via a LAN data highway. All lines to and from the data highway are duplicated, and the total system will have an uninterruptable power supply. All display formats are contained in bubble memory in the intelligent terminals, so that only parameter values need to be requested by the terminals and transmitted by the host computer across the data highway. This dramatically reduces the load on the host computer and data highway and dramatically speeds the time required to switch from one display to another (one to two seconds).
l The system architecture and selection of Gould SEL 32/8750 computers l with 384 megabyte hard disks will provide an extremely powerful and flexible computer system. Only a small fraction of this system's capabilities (less than 10%) are expected to be required by the SPDS. It is anticipated that this system will eventually be used to replace the existing plant process computer.
2.7 State of Development 2.7.1 Project Milestones The SPDS system is currently in the design phase. System development was originally contracted to Electronic Associates Inc. (EAI). In July 1984, EAI went out of business and PSE&G decided to complete development i tsel f. PSE&G is currently using Singer - Link to conduct V&V activities, and General Physics for human factors review.
The computer system has been installed at the PSE&G development site (called the BEST facility) in northern New Jersey. Using the PACE process control-oriented operating system, the system architecture has proven quite I reliable. Software development, however, is still ir, progress, with signif-icantly less than half of the proposed SPDS displays having been developed.
In spite of this PSE&G was expecting to begin development testing within a few weeks. The audit team expressed doubts that this was a realistic goal.
Installation of the SPDS is scheduled to begin with cable pulling during the Unit 1 outage in March 1986. Installation in Unit 2 will begin 9
I during its next outage, scheduled for late Summer 1986. The SPDS is expected to be fully operational in both units by the end of December 1986.
Final validation testing, however, may not be completed for up to 18 months later (Summer, 1988). Given the current state of SPDS software development, the audit team was concerned that the December 1986 deadline may be difficult to obtain. The audit team was also concerned that PSE&G is planning to declare the system operational long before it has been vali-dated. Based on recent information, the licensee has indicated that the SPDS operational date has been delayed and a revised implementation schedule will be submitted later in the summer (1986).
2.7.2 System Strengths The PSE&G SPDS has the potential to become a powerful system that will be highly useful in both normal and abnormal operations. The computer system being developed will provide a powerful and flexible base for both the SPDS system and future applications. The hardware system is capable of I
doing much more than handling the minimum SPDS requirements. The parameters being input to the system include not only those required for the E0Ps, but basically all the parameters suggested in Regulatory Guideline 1.97. This
{
gives the system the potential to rapidly provide a great deal of useful j information.
l 1
The SPDS system should prove useful in operations. This appears to be largely due to PSE&G's involving plant operations personnel in the design '
I process and the use of Westinghouse Emergency Operation Guidelines as a basis for the second level displays. Including operations in the design process not only helps insure that the system will be of practical value, but also should help increase user acceptance of the finished system. By )
helping the STA quickly assess the emergency response procedures, the SPDS l should significantly reduce the time required to respond to abnormal conditions.
10
I SECTION 3.0 SYSTEM RELIABILITY There are several factors that determine the ultimate reliability of a computer system. These include the reliability of the hardware being used, the amount of load on the system, system security, and the reliability of the software. In addition to comprehensive quality assurance (QA) proce-dures, which were not reviewed by the audit team, there are two major sets of activities that influence how reliable software will be. The Verifica-l tion and Validation (V & V) program not only tests the system for errors, but also checks to insure that the system design also actually does what the system was intended to do. Finally, a configuration management program insures that system modifications do not introduce undetected problems, and I that clear documentation of the system and any major modifications to it are clearly documented to facilitate future software maintenance. Since the Salem SPDS was still under development, there was no way to actually measure how reliable the system actually was. All that could be done was to evaluate the approaches that PSE&G was taking to assure system reliability and to comment on their apparent adequacy.
3.1 Hardware Reliability The relatively simple and yet sophisticated system architecture should provide high system reliability. There is complete redundancy for all major components of the system and for all dedicated serial data communications lines. For example, the primary computer (A) is constantly being monitored by the back up computer (B) via two redundant serial data links. If com-puter A malfunctions, computer 8 will automatically stop what it is doing (program development) and take over. No single failure should be able to interrupt system availability.
The entire system will also be provided with an uninterruptable power supply. In the event of loss of external power, this system will provide power until auxiliary generators can take over. This power system will be used not only for the main processors, but for the MUXs and CRTs as well.
These features should make this a highly reliable system. Verbal reports from the PSE&G computing staff indicated that since a few initial 11 I
bugs were worked out of the main data highway for the LAN, there have been virtually no serious hardware problems in their development system.
Software failures may be a much more significant source of system failures, but since the software is still under development, it is impossible to predict their impacts 3.2 Software Security The primary storage media for software is magnetic disk, with magnetic tape back-up. Software security depends primarily upon the abiitty of the PACE operating system to limit which terminals can make modifications to I software and databases.
will All terminals other than the programmer's console be limited to accessing information. This applies not only to
< terminals hard . wired to the LAN, but also to access to the system over telephone lines via a modem (as in the EOF). Any software changes or changes in terminal access status must be made at the programmer's console.
The audit team did not ascertain whether or not this access was also limited by requiring passwords to perform any activities that might impact system functioning. A redundant system, requiring both physical access to a single terminal and knowledge of a series of passwords is strongly recommended.
PACE can also limit which data can be accessed by a specific terminal.
This will be used to prevent SPDS terminals for one unit ' from displaying data from the other unit, preventing a major potential for confusion. In addition, the primary SPDS display terminal for each unit will be limited to presenting only SPDS displays. Care should be taken to insure that these features are properly implemented.
3.3 System Loading The computer system will not be solely devoted to SPDS. PSE&G eventually plans to transfer the plant process computer's functions to this system, which will compete with SPDS for system resources. Currently the SPDS is only using about two or three percent of the CPU's capacity, providing excellent response times. Procedures will need to be established to insure that future additions and modifications do not overload system capacity or reduce SPDS response times.
12 l
l l ___.
3.4 Verification and Validation PSE&G has employed Singer-Link to plan and conduct their Verification and Valid.ation (V&V) program. The audit team reviewed the V&V plan and found tha't it appeared to provide a reasonable program for the areas it covered. V&V activities to date have found miscellaneous missing sections, missing format descriptions, missing functions, inconsistent point counts, and missing introductory texts. However, the system is still undergoing development, and little of the V&V program has been implemented, so it is impossible to tell if the program will be adequate in actual practice. In addition, two problems were identified with the V&V effort: there was no assessment of the basic design requirements for the SPDS, and there appear to be problems with the procedures for control and verification of system documentation.
The validation efforts were incomplete at the time of the audit. The only portion of the program that was underway was an examination of the SPDS documentation for consistency. However, the display formats are based on the Westinghouse Emergency Response status trees and the audit team found that the Westinghouse Electric Corporation has validated the status trees themselves. The PSE&G validation of the bar displays and lower level displays is in progress. In fact, most of the lower level display formats have not yet been developed. Algorithm validation efforts are not yet completed. Sensor validation has not yet been addressed by PSE&G. However, they expect to initiate a sensor validation program based on an upcoming EPRI program. Given this, it was inappropriate for the audit team to make any judgment about the eventual quality of the V&V program.
The V&V plan, as proposed, begins with the assumption that the top (or "A") level system design specification validly addresses the actual user requirements of the system. There is no plan to validate whether or not these specifications describe a system that actually will do what an SPDS should do. Since no real front end user-needs and task analysis was performed, the overall goals and objectives for the system were never clearly defined. It is impossible to judge whether the proposed system will do what it is supposed to do, since no one has clearly stated what it really should be doing. It is strongly recommended that some time and effort be spent reviewing what PSE&G feels the SPDS should be able to do for them, and 13 l
l
I clearly and concisely defining the overall system requirements. The level A I system design specifications should then be evaluated to see how well they meet those system requirements.
The other problem may have more to do with configuration control than the V&V program, per se. There are four levels of documentation for the I Salem SPDS. Level A is the original design specification, and is the most abstract. Level B describes the SPDS system in greater detail, while levels C and D are the actual pseudo-code software descriptions and program listings, respectively. Every time a significant change is made in one of these documents, the configuration control program is supposed to insure that all the other level documents reflect the change. At the time of the audit, V&V personnel were reviewing the documentation for such consistency, and were finding a number of fairly minor discrepancies. However, when the audit team reviewed the documentation, they found many inconsistencies, particularly between levels A and B, versus B and C. While the level C and D documentation appeared to be relatively consistent and up-to-date, levels A and B were repeatedly found to be long out-of-date with the current system. The V&V program should have uncovered these discrepancies.
3.5 Configuration Control The audit team found that Singer-Link has been verifying algorithm descriptions, SPDS display formats, status trees, and has established con-figuration control procedures. The audit team could not find top-level system requirements or descriptions, current SAR descriptions, training documents, maintenance procedures and related system integration documents.
Since these system integration documents could not be found, the audit team feels that configuration control methods may not be effective. A comprehen-sive configuration control program should include these elements, which insure that changes to the SPDS system do not adversely effect training, maintenance or operations, and vice versa. Additionally, as discussed in section 3.4 above, the audit team found many inconsistencies between the use of Level A and B versus level C and D documentation. While these inconsis-tencies should have been detected by the V&V program, a properly executed configuration control program should have prevented them in the first place.
14
l SECTION 4.0 HUMAN FACTORS ENGINEERING l l 4.1 PSE&G Human Factors Program l
General Physics Corporation has recently been employed by PSE&G to provide hurran factors guidance. General Physics prepared and submitted (August 8, 1985) a guideline to be used for the upcoming human factors review of the Salem SPDS. The exact date of the human factors review of the Salem SPDS is yet to be determined but is expected to begin in the Spring of 1986.
Since the system design is expected to be completed before then, the PSE&G human factors program will be limited to a post hoc evaluation of existing design, with only minor human factors input during the design stages.
4.2 Display Formats The audit team observed the existing SPDS displays on the development I system at the BEST facility. In general, they displayed the key information clearly and were not overcrowded. However, there were some problems with the existing displays.
The top of each screen contained an " alarm box" which contained infor-mation about all inoperative sensors, or out-of-range values. These alarms, which are written in fairly small type, are difficult to read, add clutter to the screen, and do not seem to be necessary on every SPDS display. When asked why the alarm boxes were included (even though they were not mentioned in the system design specifications) the response was simply because "it is on all PSE&G displays." The PACE operating system makes such displays easy to implement, so it appears that little thought was given about whether or not they should be included. This type of decision may reflect the lack of a clear analysis of what the SPDS should do and exactly what information it needs to display.
There were a number of deficiencies in the use of color. Some of the colors being used were very hard to discriminate, particularly green and yellow, which were hard to distinguish at any distance from the CRT. Also, red and purple were hard to see against a black background. Red and yellow, j which are used to indicate different alarm levels, should not be used in any )
other way, such as for axis labels. On some graphs, red was used to l
15 l
1
indicate limits. This should only be done when the limit indicated on the graph is the same as the limit that turns the SPDS alarm box red.
The use of abbreviations was inconsistent in several places. For example, O F and DEG are both used at different places in the SPDS displays.
Care should be taken to ensure that .11 nomenclature and abbreviations are consistent within the SPDS, and with the control room as a whole.
4.3 Position in the Control Room No SPDS hardware has been installed at either of the Salem plants.
Current plans are to have two CRT displays in each of the two Salem plant control rooms. One display will be a 21" CRT and will be positioned on the panel, in view of the operators, but outside of the control "U." A 19" display will be located at the operator's desk within the envelope of the control "U." Four CRTs are planned for the TSC, and two for the E0F.
As the Salem control rooms are small by comparison to most large nuclear power stations, the large CRT should be visible from within the "U."
The plant STA said that he will roam and should spend some of his time in the vicinity of the large CRT. He anticipated no problems because of location. The NUREG-0700 survey of SPDS and control room glare have not yet been evaluated. The glare portion of the DCRDR has yet to be completed. It is possible that glare will make viewing the large CRT difficult. Since the audit team could not see installed displays, it is impossible to judge whether there are any problems with their location.
4.4 Human Factors Engineering Review The lack of ongoing human factors input in the SPDS design process appears to be a potential problem. Most of the problems discussed above could have been avoided with appropriate human factors input. It is generally much easier, less expensive, and more productive to involve personnel with human factors expertise before the design is firmly established than to wait until the system is finished and then have to modify the system to solve human factors deficiencies.
16
5.0 TRAINING PROGRAM The training plan has not yet been developed for the Salem SPDS. The audit team could not find any interfacing between the SPDS design group and the licensee's training personnel.
I 6.0 AUDIT FINDINGS The Salem SPDS is currently being designed, the third and fourth level displays are incomplete, a seventh safety function is anticipated, and only limited laboratory testing has been performed; therefore the audit findings are presented as comments and recommendationt rather than conclusions.
6.1 Major Comments Even though the state of the software development for the SPDS is too premature to allow the evaluation of many specific details, the audit team did identify some general concerns about the program. These deal with the way PSE&G is approaching the development of the SPDS more than with specifics of their chosen design. Like many other utilities engaged in a major computer hardware / software system development project, PSE&G seems to be concentrating resources on developing hardware and software, and providing only minimal efforts to insure that the system be integrated into plant operations, maintenance and training.
6.1.1 Insufficient Front-End Analysis It was not clear to the audit team exactly how and why PSE&G decided on the basic design for the SPDS. There was no clear statement of the overall system requirements and goals for the SPDS. Developing such a design concept will provide direction, focus, and a set of design priorities for the project. Without such a guideline, it is difficult to perform effec-tive system reviews and system verification.
Developing an overall design concept requires a thorough user needs analysis and extensive operator input. The decision to base the second level di spl ays on the Emergency Response trees appears to have been directly due I 17
to an operator's suggestion. Such operator involvement will help insure the system will actually be useful and accepted by the operators. However, soliciting operator suggestions alone can not replace a thorough user-needs analysis.
The V&V plan begins with the assumption that the top (or "A") level system design specification validly addresses the actual user requirements of the system. There is no plan to validate whether or not these specifica-tions describe a system that actually will do what an SPDS should do. Since no real front-end user needs and task analysis was performed, the overall goals and objectives for the system were never clearly defined. It is impossible to judge whether the proposed system will do what it is supposed to do, since no one has clearly stated what it really should be doing. It is strongly recommended that some time and effort be spent reviewing what PSE&G feels the SPDS should be able to do for them, and clearly and concisely writing this down in the form of a brief (a few pages) statement I of goals for the SPDS. The level A system design specifications should then be evaluated to see how well they meet those objectives. The task analysis performed as a part of DCRDR if revisited could assist in reviewing and documenting user needs.
6.1.2 V&V and Human Factors Review It is generally inefficient to conduct V&V and Human Factors reviews after the design has been decided upon and developed. These reviews will almost always reveal some problems that need to be addressed (costing additional time and effort) which could have been avoided if they were identified early in the design cycle. In addition, V&V and Human Factors reviewers are often reluctant to question any fundamental design decisions of a system presented to them as a fate accomoli, realizing the cost of major changes to a system.
6.1.3 Inadequate Configuration Management Given the complexity of the system, maintaining high-quality documentation and insuring that the system will be properly integrated with plant operations, maintenance and training is a big job. As mentioned earlier, a number of inconsistencies were found in the level A and B system 18
documentation. While the programming staff were keeping the detailed level C and D documentation accurate, other documentation was not being updated.
While some records (non-conformance reports) were being kept on system modifications, they were not sufficiently detailed to permit some future programmer to reconstruct the changes that were made. This may not be a major problem now, while the original programmers are available, but will be critical five or ten years from now. Finally, there did not appear to be any real program established for integrating the SPDS with the rest of the plant. The SPDS, and any future changes made to it, will effect plant operations, maintenance, and training. Conversely, changes in these areas may also effect the SPDS. A plan needs to be developed to provide proper configuration management and integration with other plant activities.
6.2 Recommendations In order to assure that the Salem SPDS fulfills its purpose, the audit team recommends that the following items be considered, revisited, or conducted.
o Perform an SPDS systems integration review and define the overall system requirements. Include plant engineering, headquarters engineering, licensing, human factors representatives, training, maintenance, configuration control, QA, procedures and testing personnel, and operations personnel. Verify that the input and needs of each discipline have been addressed.
o Complete the SPDS design activities before installation. This will require either increased design efforts or a postponement of installation.
o Ensure that the Validation and Verification activities are consis-tent with the systems integration review and address all system requirements. ;
o Resolve the inconsistencies between the levels A, B, C, and D documentation. )
l 19
I o Develop and execute a comprehensive installation and testing plan for the SPDS.
o Improve Salem configuration control requirements to address the SPDS.
o Revise SAR submittals on the SPDS to reflect the additional function block, including parameters and the most recent design changes and provide the electrical isolation test results.
o Develop SPDS security procedures to prevent unauthorized access.
o Develop a process which will insure SPDS priority in the plant process computer.
I o Examine the use of color, discriminability and consistency in coding in the SPDS displays. Check for consistency in SPDS abbreviations.
o Perform complete system validation including validation testing prior to declaring the system operational, o Develop a comprehensive SPDS training program during the current design phase.
o The SPDS impleraentation schedule should be carefully reviewed.
o Evaluate the appropriate display level for presenting actual tabular parameter data.
o At least one more NRC SPDS audit should be performed.
20
I I
I I
I I
APPENDIX A j COMPLIANCE WITH REQUIREMENTS OF NUREG-0737, SUPPLEMENT 1 I
I I I
I I
I I
I I
II l
APPENDIX A Compliance Requirements of NUREG-0737, Supplement 1 Reauirement 1: Concise, Continuous Display The Salem SPDS is developed from the Westinghouse Emergency Response Guidelines status trees and is designed to assist the STA and, secondarily, the Shift Supervisor, during the recovery from an emergency condition.
There will be two CRT displays in each control room which administratively are capable of showing the SPDS top level display at all times. The top level display shows the critical safety functions in the form of color coded bar graphs for the 6 functions as defined by PSE&G. The functions are shutdown margin, core cooling, heat sink, thermal shock, containment envi-ronment and coolant inventory. The correspondence between these functions and the critical safety functions as defined by NUREG-0737 Supplement I are shown in Table 2-1, which also shows the parameters selected to portray the functions.
The format for the second level displays is taken directly from the Emergency Operating Procedures as developed by PSE&G from the Westinghouse EPGs. This was a "given" in the design and not a format developed through human factors analysis. The second level also contains an insert which shows the color coded bar graphs from the top level display (without the displacement in the vertical direction). This would show any changes in other critical safety functions which might occur while the STA is using a status tree second level display within a given critical safety function.
The third and fourth level displays have not been finalized. However, the third level will show the parameter values and condition in a tabular format for those parameters which define the second level status tree in use. The fourth level will present trend information. PSE&G should evaluate the appropriate level to present tabular parameter information.
It appears that the SPDS will provide the operators with a concise display of critical plant variables to aid them in rapidly and reliably determining the safety status of the plant. As the operators had a say in the selection of the format, it will probably be accepted and used by them when it is implemented.
Reauirement 2: Convenient Location Two CRT displays will be located in each of the Salem plant control rooms. One display will be a 21" CRT and will be positioned on the vertical panel; the other is a 19" display and will be located at the operators desk within the envelope of the control "U." As the Salem control rooms are small by comparison to most large nuclear power stations, the large CRT should be visible from within the "U." The plant STA said that he will roam and should spend scre of his time in the vicinity of the large CRT. He anticipated no problems because of location. The NUREG-0700 survey of control room glare has not been evaluated for the SPDS. The glare portion of the DCRDR has yet to be accomplished, and it is possible that this will turn out to make viewing the large CRT difficult. If so, this will be addressed as a part of that effort. Four CRTs are planned for the TSC, and two for the E0F.
If the glare and lighting studies conducted in the DCRDR show that there is no problem with the SPDS displays as presently planned, their location should provide the operators with a convenient location from which to observe the critical safety functions.
Reauirement 3: Incorporation of Human Factors Principles In its original procurement specification, PSE&G invoked the then current Human Factors design guidance. However, the original system's contractor defaulted and Salem took over design control. By this time, the basic hardware and design approaches had been selected. There has been no meaningful Human Factors analysis incorporated in the design to date other than some attention being paid to the location of the CRTs in the control room.
PSE&G has contracted with General Physics to do the Human Factors review of the system. General Physics has produced a criteria document to quantify the guidance in NUREG-0700 and NUREG-0835, but their present intent is to review the design after-the-fact rather than to work with the design staff to prevent problems before they occur.
The overall lack of an integrated Human Factors engineering effort to date was illustrated by the inclusion of an " alarm box" on the top level l display because it "is on all PSE&G CRT displays" and taking the second !
level displays exactly as formatted in the E0Ps without any analysis. Other Human Engineering Deficiencies noted by other members of the team included poor color contrast between green and yellow on the top level display and some cluttered presentations.
Reauirement 4: Procedures The Salem SPDS provides an excellent method of integrating the use of the display with the implementation of the E0Ps. During an abnormal event or an emergency, the plant operators proceed to carry out the E0Ps which are entered by "any Trip." The prime function of the STA, who is the principal user of the SPDS, is to follow the status trees which lead to the implemen-tation of functional restoration procedures if the operator actions are not accomplishing the job. As the SPDS secondary displays are the status trees, this effectively automates this operation for the STA, giving him instant information with some indication of parameter validity and other displays to further analyze the condition of the plant.
Reauirement 5: Training for Accident Response With and Without SPDS A training plan is yet to be developed for the Salem SPDS. While design of the system is not yet complete, the lack of an overall program plan for the SPDS was indicated by the concentration on the design aspects of the SPDS requirement rather than the " big picture" requirements analyses and planning phases which should have identified the requirements for train-ing as well as design V&V, security.
Reauirement 6: Parameter Selection The basis for the selection of parameters for the Salem SPDS is the E0P status trees. Table 2-1, mentioned above, indicates those parameters selected and their relation to both the Salem-defined critical safety func-tions and the NUREG-0737, Supplement I critical safety functions. At the present time this comprises 19 parameters with about 140 values. The table reflects the proposed seven function blocks.
The audit team made the following comments with regard to Salem parameter selection:
- 1. Containment isolation closures are not included in the display.
Containment closure status is, however, shown on a lighted back panel display which is close to the 25" CRT and easily visible to the operators and the STA. This is probably a satisfactory method of presenting containment isolation status. However, if the lighted back panel is ever relocated such that it is not easily visible to the operator, then the containment isolation closure status will be required in the SPDS.
- 2. RHR/ECCS flow is not included. This is valuable to give an indi-cation of core cooling when steam generators are isolated.
- 3. Hydrogen concentration is not included. The reason for this was the standard "not required by the status trees" plus the argument that it is a parameter required late in the game when things happen more slowly, and because it is available on the boards.
The audit team recommends that these parameters be added.
Reauirement 7: Electrical / Electronic Isolation The licensee presented a description of an electrical / electronic isolation scheme which, if documented and tested as described, should fulfill the requirements for isolation. However, no test or design data was presented to the audit team by PSE&G. The licensee indicated that this information would be forwarded to the NRC.
Class lE and non-class IE signals are separated and processed by different multiplexers. Cards in the multiplexers provide optical and transformer isolation. Fiber optic signal transmission provides isolation between the multiplexers and the data concentrators.
I I
Verification and Validation l
l The licensee has initiated a verification and validation program for l the SPDS. The validation efforts were incomplete at the time of the audit. )
The NRC audit had some difficulty locating the top level system design specifications. The display formats are based on Westinghouse Emergency Response status trees and were validated by Westinghouse. SPDS algorithm validation efforts are currently under way and therefore were not evaluated by the NRC audit team. Sensor validation has not yet been addressed.
I I
i;
'I I
I I
I APPENDIX C I
I I
I I
I I
I I
I I
'y*' i... . .
.'s'
. b :..,o,:;.
- . c...
- .:. -
. g- .
...:t . ...
1.- .
s INTRODUCTION SPDS OVERVIEld W.!. ,.
4*.
- n. .
^ i.- '- -
- SYSTEN TECHNICRL OVERU LEld
, , }. ., , > %
>l.::::: 3,' '
- DISPLAYS
- 3. y ..; .. .
. x.,,.. : ,. .,. .. .
F. ':3:.f
' '
- PRRANETER SELECTION
},... -
- r. . . . . ; 4 c.' s
- DATA URLIDATION
- . . m.. ,
. l ,A .
- HUNRN. FACTORS i../.,%..s.
...c.,e. .
. *. UERIFICATION & URLIDATIflN
. .. . f
- OPERATIONRL TESTING
- f.
- r-
. j .
D
,f
, . , PRESS RETURN KEY TO CONTINUE.
0'[ .
. .2 . . - . A c . ,
.: <. ? ,k sl* y : e,
~
'l*',. .
.'Y h ,f .,, l,. i d. Y '
,g"."- h l ' %& :.R,' j.* .- ' ,;
5
[:_ , +, l-?
- 3 f+ .,
Ql~ *f
,.l-t .3;..) , [',), y 'j .r,;, j 4 y,
., c p.f-. e ., . ..
.g . , . t. , 4, ;
'; re .a .
.2, e 3- .g-... ,. . s,. -t 7, ; t= c ..,3 +
,..- 3.,. , . -1 ', ,:
- .<[ "> QI.y-i' - ; ~.;- YY ["p._ ?- :- $1
- ' 'b k a ,. 'l -- .4 . $,i
...v. . >> *- 'i ..U ; ;[' " ' 4 h. i' I Y 3 .
.' A ,
. .-.:'. . ; *. -Qq ."d. .u
,1 -
s .. . -;
A :..ern n ,,Qy%, >
~<- ,1 %. a ,
a,14,-; ?* m .W'----.
^ %v+; c y - - .
v >. >".
%.:- ' e-
.-t. .. . ~ > , ' . + -(y
- { r
.s , r . , z. , ,x , . . .=.. , . . . .- - =. +*r... .
,. .- y .
- h' - 5
' \. {
' ~
I
, - ~ .
. , jy fp< :.t. . wQ.&gis N ' s.- x ,.'. +Y'.
'_: ~ v ,,i '
-ll.~, , V ' g,. .:..? ,;.
- r e a'L '~ Q'- l ?.._' . ; 4e4. f. " L.; ~w o ,
-. .m. , .a y r_ _- r .-.
.,s .u ;
..;,..4 s 1
- # ' '" . g .M ... ;
[ f. , . ' ..~
~- Ls, %qk_ .u--' .
~
e,.. .
.je l .7, ..'Jg.-:A > .s
..::.e n -zw . %,:-k ., gn K .a ? ", , ". , 5 ~ * . , ' ' -
, = > - .-?.,. -
-,,[rv. r.
3 - . ,, Y . 't. -
<.. ;;. _ - ~r g , ,' ~ W,yn l
. %f 4 - Q.a. : . ;-p
. , . ^,
K 2n,j l'" _ (. ..,.ew .
~
xW.;o7v ,. .. .
,3
,::.2
. ~
% 8;- < '
g, '
.>. ; ; i .<.,,y
. ' ,&_ y .yf.y n, 'n.3 .
- ;'yM .c
- l h ,N' , ) ,$4 ) [.)- ..L" d
,,,d
- \ h,
^'.' h "
y .. -g '? ;, YM [I;
. y k Nl \. ' '.[* - A -',9J s.- . ?;I. ;0. _'" n;I / ,3. ~, 4 ..
. 9 g,( .c y g . *
.,. , t
.4 3.. ' F %..s.
4 f ,.
=q+ - .
3,.c; .; q;.g' b. .....
- j s;; -- -
..- _ o,;
, g./ g.g y:q {
h , mya.Ai ~&w . . g .ns,;.n,.pg.a
~.
a - .a - ..
.= c.----t :: 7 r - _ . n. , , - . .
, y .7 . . - . , .: . 7.u.i ,., 9 - s y 1,:: . y ,u 4,
- h. .. ,
~ ' '. . N, . '*g ' , ; y* ', 6 %,,. %. Ei 4 .' '
(++,, g ),,o', .),; 4,[s J. / . tr hN(~ F. <#aEt 'A e 3.D 3% - .-
if- -.q4. -@4'-, M -
. + = ;f * . *,[ . p, .4.;. .. 4.q. p; ,m.s,. _.,y'x 4;-
- ' ? ) j-0.; .%,. '; ' .', '^ .^ -% .'; l3 g $ .~ ,, . .. %)
y , , . - J., <
. ,rr . u.-4, .- e --
g ; t v . w -
.~n
. /T ' . -.,'"1 _l f k, r:y8' , . y..,3 ._ 'p .+:.
- u " . ' ,4 ,,; ,- k ,t( ' L' ; .; -
?
,- g p-v
.s.
c i .:
g ,
.w p . - 3.
- 4 . $ , j,,y.4 .
, ,ji .
.h . , . [ ' .. y '
, .k _ .
5.?y ( ..*#
c g, g_gg,% 4 :. - Ng'i- .j- . [- ; yf AQ' , -<y. %+.' 4. N 'x .. .p* 1.g- .se .4.:
p, ~.Jf) i.M s. . %. ,. r$o. W ; . ^s.g: ,
- s. - ..
- c. .. , a p.y 7 -
Y
- ky .";; . '. "j ..;.. . ~f 3h.gh'% :h '
.' N . 5 i h 1.1 ' - f.
.e
' '; - . . .=,
.y T J. Q m.: r, . . .- ~ ;. , ((.,h,h y ';* g ~/f.
,; D.) } ,n ' _.h,p. w ,.. "-3.:q, . . . . p . , y. , ,c m p..-
..s N
- 7e -
- g( ., .h h4 ..-f'.h, _ ;;hh -[ h ,k
.: ,45. f .* g ik e ' ( ., tu
- P ; - W. k.' j ..k.
.4 . s k. .e* ,.- [;
g'j 's, E Q. st : ' '
. n, f, - ; . .c 7 % pg - -k4%q }- 4g. . -C ' - , p, , T 7, F .. ;j g * ;,M y n' , pq
., fA_}Q :..,9' - - , Jgfg f:
$5 M % ),
' '%. . Q;$.tg'$ p-] ?,?s
. n -
s .s : ~ + . s. - - , -
- . - :, .u.a.
. ; A: '4.' :, ..
s.8:s
- ,5 + . s.. .
,u m Y- .b- ; &,,. .A % ??
- .. ; ~
lT.,, , + a.
. ; '.% }- { ' ' '. 7.- r . . . ' %% & , = ,. ,- . _ 7. .
- ._ c. . . g. .V. , __'
N,.3, ..
T&.q:
%9 )%
..;'Q.;; 2. ). (t.t> : y, G ,.'.R .,- .. n.. .y; n. .} u } aJ ., E r
,}
j', -
R. . c .
', Qg ....
y,
}x t:~ - '
<x Y
..5l
.g . -
& 1 l .'&. ' -~?.[-. %.-f [' h..f. . e , '$ *f ,. I , **,. Nf.,.n~ ...: , f.p - .~l }
..,6
. ,g N
4 ..;.. -
M.. ' \, ; ( y . . .'h'_.-
- ce. ,;;k : -
...s-
';- 3 -w. 4
.r.
94,
,e..
k* -
hhb
,...3
- ,. ,; ./ . -.
.,p
,i.'.,
'.(3 ,
'j.;,
.,;4 p,a kbb.
r% .
,4,y
. T f'3 g
, , qt .& ,-). .
, jaMQ , .4.L;* +g 9 ....-; Q. . . A u
g.mn; ;. . n.
7 ." ..
., ,. , .,,y
- .. , , - . . , c,r g. u , ,;
- A'.h Ab LW
+J b.n. : .y, 'C*' > '; ? ' ,' ' ", f gg.n , ' - a V.e, ',. q-> ? . - +wA. Y.._s-'. e ,s' Q. -
.- $ -.r.~-. C ', .,
u ,- ,. - . c.' a
.,- ,z - .s s ..,_r..- .s* . .n. . g ,e w. . ,~ ri s
..y- ,s.,,*
m.
e,s j- ..,.3 .. ,
% K,_g r- .> . *' 7.- :. 4. ' ' [ ' .g 7 [' u ' .,e , ,ji-
- -M
^'
- % r,
' g. [ ,. ,.,P ..a j . ' dI 4 P ~ q, -g,_' ,. i
", S, 67.'% r y -
1 -
- y,.
W, y j, -
, . ,., y y =$ f.
- ,- - . -.-. ; 4 ,.g.j . . $
w . S,,<, > +
, . .*, , ~g , i - .e -
-w . N,,?,t e
, . 4. s e 4> -.%,
-m..,.
.,_W,,.--
, . . ~,. ,
,5 -
..m. m.c ~ . - '
y , w; ; . .>,.f.v 4
.3_.
l* . ' , , . . .. p ,. ' " % _ , _ y . ;,- ,q
'r,,*<. t(..' a g. ~.e g-+ ' " '- v- jf ! .
- o +
. a k '4 .$.% .t..k2 kg .I 1; # . ' J k'l-c,yY ' Y i: . . g , g,, , R[f- a .. . . ', J 4 q' 5_4
.- qq .
d 3$ b"p p ; . : 1. . . ,, - '
.] h$ -
. ;, k .
.{ ,
[
[:9 - .p, p f4 ,. i
,f W ,,,. ' . :* -['
,R. , f f . !# . ,
) -j , - &; or; . + +- k,s 4' , . ' " 7 : ;' . P ,
-l , -t , ? ..~ ,./ , ?? : , ; "
. [ , . : ,- '.. . ., #
h , 5 -
4 p' ' -l'..<. - j .. . ..; . gg .,=,3 'e
. .A vf ...2 . .::g4 4%:,, 9 .p,,
e ,4 .q_.. s-s '
- c
+- +.+. >w.- .} ,y, ' . A ~ < g , k. ;. ;r....,1 m
'p > .. y. -.,w
.- ..f .-
.<. ~ ->
3 .
y9 ... ;T - l l.'.*.. f ? , ' ,.s ?. . c ;i -
- l.
- - 7 . (-
l k .'..
' .or y 4. ,
'3
- 1. ..), !. . ._i %' f -;-
L.1* ',,p% :. .
,f
,v
. .. , - . . '. f; *:y O h ,'.,. ,\. f% fr...gy . _s-'& g py/ :.. . l. . ; . '4,'$
,y, ,;.7 ,P
- s. .;-
<
- 4 ' " .' .
- M . 13-J y y a f.-- -* ia C < , 4 i
. ).
- M2 . y a,. ar-4 t w
- 3. . ,,, f. 3 , y j'
< wN.%. . Ig A -' ,9 d[y4M..,sb..* a , . .$[/ cvhN..,.3.,[2 f.~- .
g & g y,,; . -,.g.+...:.-
N,
,t,:; . y,-
- ,g y .tt' .
.7, -
t
-a s .i A..m, <- .
n+62 .k .."$. . > - ~..,..3 .
. _A c s f,. A-(y ,
fg,.
11 - ..
- h -
.'+. '[
[
x
.c
> - Ma-- m a n n b,n. .ns .k. a q.
.p...c .. .
- g. ~%Q 4.. ? M
.w.
7l1,.sA m.,yQ t. .-.+ ;f.Q/mWW- c. .
2 n gf pw . Lt Xfp Q,Qq%,w.
i t w s; g[n, g .y 4 qgggggf;g(M e a&%q&u.a Ne m WLMyM y m WXM M %u 4n yF%&mLm 4=mupmwnnn M
{ge%WMMMRSMQWyWWWW _ _ ___________
i j. . Y 3 'j; 1. - Q.~?. ^ ' M .. '
- . ~. n;';g:7.1 ' J:;-
d :p. , .. . _..i., : j. -& ...kr?a*- ( '. ;
. N *- - .y $ .f ' g .:.] ?&:h; )f 3.':;.:..y..'.l..:. _ r,.l-l ;? i. . . _ ;?h _f ' k '} ' ;
' , f : '
- s. ,
.l- . ~. , Wa .
e Q'E
' . $ . *U ,A'.,..
q 1, .% ~p an& , e
- k. y.
. ;. ',,-W..3 e J-
& .x , g;. "*y y.;ef.-..=i
- y;; v. , ' ",. &'w,'*; c
+
Nj> ' . ' . + -
E ,a .. .,
-m .
- e. .- t .% . .8s .
_R..,_...- -* *.,y yy. ,
3.: . . ,.g ,
5,f , .;
%3; y;j . v.-- e .,, ,... p_. m;
' ['
) ' b,
, ., " ^ '
. I. . l. .
^:(,h., 5...)l . f *.g[f..
. ,i"] k .f., h . -
. . :. Wf. . ~ .
..,A_.g._,...'._,.__...;.; 7. h _.,*l
, A : k,(. ,& '_ . e ' ...........p._
h ': jh 8pf..., ~ , Q. ._h, l
[ - [p _
. ,.; ; j i- b
- ' A' ..g],::t ~ . ~
.,. p_ l, ,' * , ,: 4
..Q
. L. f .r ~ '/* j%fL ..u'. -
[ , 3 7 y . . - , ..i-
- h
~
~
. ' ^' ; f h-,4 **
?) '
$ ., f . ,, &'l'.*
^
> ;, * '&- ;; ^^
k k y.' ; ..
5f. ? '
-l .; ' -) 't ~' '
_kfh: .,
khlf _ ,,
.f..l: ; <
2 r #.'
. ! ".L .-
.' .as '['. . - a g l'
- ., . g. . ; ,. ,a '-'7 ~ .., v
- g. e ,
, . ~e
- ,J%'j n.r .
x
]
t- 4:d,c',n~d'* . ., (+ y
.,k... $c *
. . 3 % [o' ,., ', . ' '
[
.%d I .-
h., \ ;
F. . .4:y3 p- 4f2#g.h6' Y.
M.(%,(5. : MM*
( .y Y[ Ff. h. . ..'. h ; q- t.
-* *a?~.* :. .; g*,. r ,$,
,. ~ , ,f;&.sg"{f p; . - h. '.,~lp. , ,*. :-;.A-" :c..'14 y %*
e; %. */ ,'
~
-. 7, ,, y . - Y g. 6,, -
r -O s. .n ' .: "= ,- . -- ( -: - .: :.? y .
1 -i 1.n .. >
.x) j ' ^ ~
W ' h &;, -.. _j: , _
. . , , - ..
._"'.,w .,a 3,
- . %C r.. s -< -
i- ..'a w'f'.g'y- .
e #. f . -. ; .
s.
.n..g.;t. ^ (. .Ltf v.- .
^
.,.,+ .m y*-*-,.. J .
< .. _ . ,fs
}^
A "..'- - .
. ;. p . .
'l . f;
'Y 5'i ' '-
. eb I i 2 1l, e ., d, dh[, 6 '
d ' : ;-.
-' 4,(( $\
,j.' , f, ,.. #-(r(-.g ,., .,,,.'[4. ". g"[., '
~, h...a..-
- f['Ng.-@, ,1 "f,' -
}f- -,e g.N '.;. ., '. :
f ,. e -. q. p ,'. .-
[: ,
. . .3 ,- . .3 J' ._-t,
~~
,h ,-:. +'?;j i .. $
..x
?. -:..*, . . -
4- Qan ._ .
%.. . - ... .. 5 ..
me- r5 f EN~.,g 5 :x ' .. ". l_".f.. . , 'l f?~
\ .'..'.-e._:q ..;;,L '
' *;(. ;l' [Ay.j .i ' *
.. }&.,y, .~ ' ' l' i y
ck. 4, 41 . : s
- ~ . > ~
. K .~-*
g -g e ., . 7 5 4,.
. . - g; y. .
.:~ s - :, .
~.s 5
- ' 'Y . .
y q r
', a w@a .* T . y,,f ? . .- ~': ,
. ., ,,,. ' C . ? ?.
( , ...< :-
' ;f
, e.:, .:.:. . :.: n.?i . *
.y . ; [-?p'. ,. ., . %,, Q g .
l, . .- ;g. .
gf '
.s .
.;, .:'% .' : c g*: .. ?- .... *g. .
_. : ;; .. , . . .+.. - -
. :: : ;. . . . m. .t -
s
y',,
f ;. . 'I
,.1, .. . ., , '] . .~. -
.. .~. '. 4 p .
/ V g.. p
. w w.J g4 g u.. m.r~Ww;
.s
+ .
-~.- .
g3a g
.g_ tn
.l.g.9r , : - 3..~ % ' gy >+, s..) . ~"c . - .
- ,j;:.,-*,_ p: ,k. : ; 'p -
v :. .~
- .+ s ;
.g , ;r ' .,
,,ra ;g . . .
- . . , r ; ,.i %. e.
% p
^
.g < .
.c _,
N' ,, ., ; q si
..,'Y'
-~ 7 ;" "' J7 ' ,D 4
- }
' T%i'p),:d n~ k. --' :. . .(. 71ie .-q qY""* F'f
+ %
/ , . .
g
- .m, s. 9 ..
.q.
%e v ..
+s -
m ,
y s.~..w m:y y ,g'Ng c ;.p,. . . : .3 c; g :. p .y w .
% 5. $b . *
'. c
q k hY$hhk&YhY h - - _ - - -
f h. kff[$$h{ Ik k'h.l:
l DCR PACFAGE PHASING UNil #1 -- DCR 1365 PR#2 -->
<:-- DCR 1365 PR#1 --:
. : l-- DCR 1366 PK#3 --;
- -- PREOUTAGE -->
- FIELD l INTERFACE: MUX'S : : DATA :
I/O : RACKS : : : : : CON.
EIELD BEL 9y ggMEUIES : IECHNig@L sueegBI I 5990 EggM :
- CENIES
- <-- DCR1366 PKM4 l-- PREOUTAGE --> l MUX'S DATA I : INTERFACE:
- FIELD : : : : : :
- I/O : : RACKS : : : : CON.
ElgLg BEL @y CgDEUIES IgGUNig@L 699M SggM SueegBI C E_ N_ _T_ E_ R NQIg:
THE FOLLOWING ITEMS ARE FOR OUTAGE WORK ONLY FIELD TERMINATIONS TESTING CONTROL ROOM
l l
g....................................................
0$w I w" *: ::
- o w w s
F m on Hn 2z H g a"
- fu'
.. o n L
>0 4
v g
- ..: w. p o m a aw ..w . . o ,
- 1
- a g n
- W H ::o-2 6 :
N & l;4.M l.
Is o : : "- 3 0 . . a l F. :: u .
'; . ; o n Hn
- < . ..b
- . p o
- :b': 1 l
A: s -
o$ -
5,'..... ................ .......... . . . . . . . . . . . . . . .:. : *a
, H, . ,
y J
- .C o o :
- 6 7 :: p* u. p*
- y*o
- . .
- t. I o :. :. o 4 o w aa n: - o gn
,ae jF. o u .
w n n e
a s:
a z *: H nn c .
"zE ..
f.-
.3.
- a :..: d.
I w
I w
9
[
9 l
9 t
9 l
o o :: i :
- F$ ::w y* o o o :. .:
i
.5 1
- o 1
$nn - -
- u nn r r
. . I r
- - w w :
o A
ll : :t :
- f i :r :: o I
I li : :- L1 l j ImH3 E }
[#H3 e] leH3 2l [eH3 ml{
- lSH3 (hSH3 e h AH3 $, GH3 e ,
....s ...... ....... ........ .......
. ki i
............................a
{.
c z H a x x c > I I I o e F
......I........
a , gg '. m j
! jeg3 gj mw3 e.
[eH3 kl(eH3 al ,- r. s o -
j a eH3 t j g [ n- Swa mj e r o "g" g : Illl ,..
Illi lill " "n l
,j u F
l' p
oEn H
o SE
-E-o.xn H :,e g..
- I 7 ,
7 e ,
ht z o
" o o A.
I [$(e e
E o
"J.a aw LWN I
o "J.e 3w I AMN*
H p
K
- /
U n a U n a _
a o et Z w* ,
- b,'
.- 3 zgt) o H
I p M
.;- I e.
r Z g ..... .... ,
,6 C
, . o L
- a y jgg [ \ U l 0 - 1 I O - l S"h l
- I o e I 1 o C 1 w
.: e r
.....; ..... ; . 3
-,- 6
,/ . .
- E 3
- t 1 L i -
1 '
), e 7 :[t...............-!2
- l .
I
M M HOST SUBSYSTEM DISPLAY CPI SUB5YSTEM SUBSYSTEM
, SDE SDE-P e " t Li t r. ;
- v. '. r I t n 1 F- Hl iTue In
- . .
MONITOR NI" " rT- .re ufen ae s .. l h
REMOTE l ~
l1 ' I -
I , .GM'.:' 0n 6I .a-I t08 ee... o u.,8 ) l..a.
RTU l l SCAN l .A
=
l l STATIC l
. l suesLE
- l. l TEMPLATE
. {
SID ! gegg * * " ' "* W ptenn j CPI I DRIVER
" "'""'- PRC5ING D.C. CPI DATA ' .' *' ' ' INPUT l REMOTE SUB. *
! RCUR BUFFER PRC55R -
SYSTEM -
I 2 50 RTU l _ *e. .e . i .s ; l j SCAN + " T ee I l CONVERT l .
l RCVR5 l l { _
VERSATIC j l FOCUS + P/P l CALC ! ,
l PACHAGES j j
!. l REAL j
! SCAN TIMER TIME * .
l TIMER MEXEC - GROUP DATA REAL ; ;
j TABLES TIMERS BASE "
TREND .! "****"***"****I.
! SUB-HAPD j l IDT l SYSTEMS {. 7 2250 OISM ;
USER . l PRGM5 ; l l PSEteG l J.
. SCREEN i
HISTDRIC HISTORIAN !
M -
OYf .!
' l'8 FILES l =
PACMAGE
[ $ l lb
- b j ................
- r t.p. ..r HI r FLOUCEERT
- E' HAG ll TAPE {
.. .s e4 :
> .a e ,.:v s
M -
M
>2M 5071955 2tocur5ftitt151 'fiGME
- 1 -+ .
n ._
RFG CONFORNAr4CE
, TABLES
- Fut4CTIDr4AL S P ECIF IC A T I Dr45
- " - P E R F OR t1Ap 4CE SPECIFICATIOf45 REGUIREMENTS - It4TERFACE DEFItaITIOr45 "A" LEVEL SOFTWARE NAJOR SOFTWARE ITEMS:
SsSTEM DVERVIEW - Fut4C TIDr eAL FLOH DIAGRAM DETAIL - GLOBAL DATA STRUCTURES
- FILE CATA STRUCTUREg DESIGN - NRJOR Task DEFINIvro,3 S P ECIFIC ATIDr45 - SIZIt4G ArdD TIMIt4G PSE+G S U ATTRIBUTES T/E[ HIGH LEVEL "B" D g T
A E D 5 P
/
PROGR Atit1ER
- 5
- BUILD PACE T E C Ht4IC AL l
PROCEDURES USER *5 mat 4UAL F1At4UAL ALL NODULES
- BUILD GUIDE BLOCKS C LE'*EL B LEVEL
\ S(STEM " BUILD" DETAILED ItaFORt1ATION
} - ALL SORTED FIL 5 5
- TABLES PSE+G PROGAAM LISTIt4G FOR - USER SU6 f DU T It46 'r i
SrSTEN EACH NCDUL E' - UTILITs 5 0F 1 HAs.g Cut 4FIGUR ATIOta / DAT AB A S E LISTINGS D LEVEL
+
x.
y
. ,. : j
) ,.
s
- 1. .
U, .: 6,.
- 2. - . ... e .. ,,.,,
- v. :. ;. ..p -.. p ,
...s.. . . .
I_ .. PSEtG ERS OPERATOR INTERFACE SYSTEM DESIGN CRITERIA 0 HIERARCHICAL DISPLAY ORIENTATION i 0 MINIMAL USE OF IEXTUAL DISPLAYS
.O MINIMAL OPERATOR ENTRY REQ"J1REMENTS (KEYSTROKES)
, ,) ,'
O MAxlMUM USE OF COLOR. FLASH TO INDICATE PLANT CONDITION $' .
, .~,
O MAxlMUM USE OF PROMPriNo O MULTIPLE METHODS OF MOVEMENT FROM DISPLAY TO DISPLAY . .
~
. 0 DISPLAY CONTENT FLEX 1BILITY J, : .
0 USER CAPABILITY OF DISPLAY EDITINs .
- f. ' , -
SulEARY .
DIS IS DESIGNED TO PROVIDE THE OPERATOR WITH ACCURATE AND -
TIMELY INFORMATION ON THE CONDITION OF THE PLANT IN A FORM ALLOWING RAPID PERCEPTION OF CHANGES IN PLANT CONDITIONS.
. 9. -
, 4 ~ .y
- *, ,. gr ,
. r .-
3 .
s..,l -
, l
.. ,.8..,
l
.; -l' h :.' .,
' ' l
?f
' r .* l' , . , .
- v. . ,
-/ 6-). - . ' .. , f. ., ,
.'k ,.
~
$j[. ':. -
?
. R~
- l's.. (,
- PSEtG ERS .
.- n f ;.,': 1 OPERATOR INTERFACE SYSTEM
,lJ SYSTEM S/W ARCHITECTURE l 0 SHELL ARCHITECTURE SUPPORTS FULL HOST DRIVEN OIS AS WELL AS HOST / INTELLIGENT IERMINAL OlS O HOST FUNCTIONS IN PSERG CONFIGURATION INCLUDE: ,
- DISTRisuTION OF DYNAMIC DATA TO INTELLIGENT
. TERMINALS ON SCHEDULED BASIS
- SUPPORT'0F ASYNCHRONOUS INTELLIGENT IERMINAL REQUESTS .
l s; . ' FOR DATA .
c.s . ,
- MAINTENANCE OF MASTER COPIES (ON DISK) 0F STATIC ' ,.
4f"rii:
~
TEMPLATES
. , - 1.lHKING AND DISTRIBUTION OF NEW DISPLAYS / EDITED .,
.4. . . . .
DISPLAYS TO INTELLIGENT IERMINALS . ' ' '. t .-
h**.'d*,$0'INTELLIGENTIERMINALEUNCTIONSINCLUDE: . ' . l, -
s . . , , .
' a ~
- KEYBOARD SERVICE FUNCTIONS; -'-
I '.i'
- STORAGE (LOCAL) 0F STATIC PORTIONS OF DISPLAYSJ
- INTERACTIVE DISPLAY EDITING (SPECIAL IERMINAL);
."'T'.
.c.- l. , g
, ;,,.g ';
V%
- SCREEN GENERATION UTILIZING IERMINAL EAPABILITIES.
~ '~ ' ' ' . '
- . '.: ,.If';?':'. .
. . s; 1 .
i- -
N:- .1u
. '; * ' ll; .}:'i'l .l: '.
/ .
. e ..
_E
-- - - - - - - --,n, - -m nw-, e wm-w.e.,---.
- - =
m.. . r: ; .
- . ., .e. . . . n
, .).
- y,.;,3 * *. ;, . .;
.. ,..s
,..t.
- ...,........,g. %*
- t.....
..x,.....
,a
,9,'3;.4. . .,
-i.'.*,.*.,
5 6 i.
= ...f, , , .
- 4. ~7,;.. .. Cr1t1 cal Satatw Funet1ons
. . , . , . . . . . . ..n. . ; . , .
..,.c..-
4 e . .t
,. ;,. .g, . . .,
. . ~ . . ... :.,. .
. . . . . .w.,. .
- s. ,:. s, ... .. t.u
...c..,...*a,
. a
. . ..,4 .. . .
. . ' , K. '
.r. ,....
. ... . 1 ;
. x
.e n a_.
..e' 8~ C
- H P Z I
.e. '.*'.. .
'?.
- .. Q . .
, PRESS RETURN KEY TO CONTINUE.
,o ,... .
s ;.l. .... .~. . M We .. e ,.. ,.
..,,4. ..,
,'8 . ..f"
, J.e.'. i, ~ .; '
i [d'b'$~f.[-:;'-
~.*a
'. .* g g: .<.p., .g .. ;. .,
- r. :
- e. .#
c-
- 7.: f ;r -C: },. ,; .y.
-l:5,.7.1.'*,.
- .1;,<,.. ,
. j '. .
- ,. i . .s.' ..
.,..,,s.
s
(' ' START
- .'T
- '8NUTDOWN MRRGIN
...".iN. ::.f.
. ' . . . . .di 3 OR t10RE fe -
- x. . .. . . w' ,. m' POWER RANGE o?.5.58l.*'t 7-t ,
. SCHP2I IR SUR YES l HO
.:Q ti . 3*. .%.'Q'.
.'s.u,.'V.
. ZER0
~ ..'t.*. r .. OR
" '.j ';W,:* ,
E . HEGATIVE
. ,. ,'; .c. , .. SOURCE YES l HO
/ . .c: ..e,..'.,..
RANGE
. ' . &., ENERGIZED .
?. . .
- * ... J : ;.,'i. ,-.~ .
YES l HO
.' - ;e . SOURCE 27- ,;/. '. ' ,
RANGE SUR IR SUR
[.- * . - ,
ZERO OR f10RE
- ~ '
- L. ,,.,-
- HEGATIVE NEGATIVE I ' . ' i' .'- - ; - mAH
' _YES l HO -0.2 DPr1
- 4. 'a'l . .
YES l HO
- l. ->.i.'., .
. .. .- .~'. . . '
GFELH Gf EEri PURPLE RED
' . ./, . * . -- -
'; . ,.~, '
EAT irtT FRSr1-1 FRSr1-1 m se,1ses PRESS RETURN KEY TO CONTINUE.
. . g
.J O O E q., .. e , . ; > ..- -
(T, ,1(, , r. 4
- ' N,",' 4 f.,,#.*:.
g* f .t...'b g .
,.;,,x 2,. P: : .: ,. .. .
..s......
o* . .-e; . . -
. t.,.;.
- . c. ,a.a.e..u. .
. s'
~'~
- 3:
. v. .. . v. . . . . ' . ' .
. . e . . ;. 4.. . . , .
...,8... .
(.
. .' : 2
'3* , : :,: .
..,.).',:.. *
.i .:. ,/..
CORE COOLING ~ start
... :. . .t : s.
'..;k'I . ss
- - ; -: " NdEhdNb 5 OR F10RE CORE EXIT TC's >1200 DEG
. : g .*. ufc. F1 il r.
- r. 5. -lE. .- i., .S C H P Z.I- YES .i NO
...a.
t c.
I e>w l.
. .}.
. . :. ....,; .s . , .. -*<'.,.'.y:.~.
' ~ '
~ U, *. '
RCS SUSC00 LING
- - - > 10 DEG g ' . . 'ie . ' '.9.
p YES l HO
,. '. jih..e.C' . . . i I . , s ' *.-> .-
J .' .,
' ' I$ ANY l
-. ; '.:.4.;L ', .,
RCP RUNNING
- s. !!. .b,.;: . ,'.
~
YES l HO i- .. '.h .**? . .
r., ,. . ....., t.
- 5 OR t10RE CORE
- EXIT TC's > 700 DEG
' . . : ; ?.?.-'..r.('...
vt .
RULIS YES HQ
- 7, -
DYHAr11C RANGE l
- llt
> 54% 4or- 4 RCP T.. -
. . > 40% f or- 3 RCP
"".'."-'.. > 30% for 2 RCP RULIS FULL RVLIS FULL
.' f. . .
> 20% f or 1 RCP RANGE > 50% RANGE > 50%
. , c ~,l' . . , . . ,
. YES HO YES I HO YES l NO
.- i n.
- g i g_
,, , t '. ' -
, < . . . . * .' , ~ ,'
PURPLE RED GF CEtt PURPLE PURPLE RED
,.2 ~,. OHT FRCC-2 FRCC-2 FRCC-1 FRCC-2
. CRCC-1
. ' .. i
. . . . JUNE SSe1905 -_ . . . . . . . . . .
t .
M -
y _
[v.,+n.N
\..
e ..;i e ,
,: w.
[.;,'.f7'i?.:e n
p.p}v. l .' 5. .. . . . ,
lv: p. .-
3 ,8'g:.g *k'!
- e. . i. . , .. . ' '-
...-:.r.
.f. ..f.:. ,*
- b ' t.,. h. . , ' .
.r<;. .
8..' .
I .. , ;. ,',' ,. *
,<v. , . .
- a......~ I
. c, ,. s I-fa , ' I f ,: .. START
... '> a1 '
- i ?- ?!
.. .L. ..,.s.'. .,
HERT SIHK e7 LE ST ONE
. t; .
f.'-
ASI Y Jsc.;*EP'd.Gw a/- :;
YES l HO M TO IHTACT t y;. 4 c..,. .
' :, . . S C H P Z.I SG* >
l . g i . .- @ ... .
22E04 lb4v-
. . v.N '. '. ' . -
YES l H0 Q '? . , '^*.
- [ J2
ALL 5 iS f ' ?. r 'i. ..I ', ' . ...
< 11 3
(, .. . :. .e. . - ..
.. ,'r p',j y J.'.~,, .LL SG PSI.i 0 .
- f. ,, s HR LEVELS
- '.,,.'s.
/ .'J . ' .. ,
ALL SGs < 67*4 YES l '40
. . .? !'
< 1970 M YES l H0 f:.~ ,
1
+
HR LEVELS M YES l HO
. 2 > 15'4-
'.. s ,
, WS l @
. ,: RED 4'
. ; ?,--. GRLEH y;,.. , -
- a. 3HT FRHS-1
,i-;
'... .- - - toes s*,ases
"'. PRESS RETURN KEY TO CONTINUE.
1 V . .;
I[M..m_--m
'.:4.,
m M M M M M M E g y'fyc.
eT, vi. 4 .
? t:*,"(,'.':. '. ',-.:
~
f:';ig/lQ?
+g
' d D:'.o ;: L . .
- . ...(:
- r.' -
4...,.,. .
';h ,',' . .
, . ' '. . r s e 'm. s
< t i. . c. ,'., , ,
-i -
. ;. ' a; .
START m
. ' ' 'r ' .' i -
>1 DE IN O ar.etor.at
@' d 2 'MW'r. '
Un1t #1 '"* " * "'"-
W.':
YES l HO RCS ~
L d's.'. .. ..:<.3 '
SCHPZI PRESS /TEt1P ALL RCS POINT TO COLD LEGS
,'!I.V.;'.y[e. '
's .'. I. 7.I THE RIGHT y :;,.; , - 0F LIMIT A >312 DEG
~'
, . , /, .:L't.. .r- .
YES l HO YES l H0 Wu.i p'j..'.S - -
.. . \ W..-
, , . * .;..c
+
- 1. ' ( .* - .
ALL RCS
- ROS PRESS
' . * ' ';'.'j',P. ' ,A ,
COLD LEGS 4, , / , ',', .5
~ * *
<375 PSIG
> 280 DEG
..t. . .
- l . :; -
", - YES l H0 YES l HO
..l: ,.' .
> 310 DEG > 280 DEG
. _ ,7 ; -
YES l HO vES l HO m
ggt,4 PURPLE RED GE EEtt ML E 'i PURPLE
, SHT FRTS-1 FRTS-1 'HT
! .HT FRTS-1
, *, PRESS RETURN KEY TO CONTINUE. - - - ---
n g f 9
- ,,' .-f . > . .
a...: "
y.C g..
M P
. gvg..e r , i.= ,-
..e s .:: .S'n..
'. .y.
Y e . t *f .I ,
,q., s> t. ... y~r. .,# . . ~
%,;'#Ji[:.),.
Njv.
.a ~:
...'s ;: *D. ~ *," .
'Q
- ,
- l .'.?. ).,.
. E. -1, v
.,.=,.-
. : 3., . . .
. . :. ..e. . .,1
... .* e' ; .. . * . .
START
. .:d <,4 3 - E k
.-l { ',J a.
$ CONTAIHt1ENT s-'....
PRESS j/ $.* 's . .
. (47 PSIG f' .i 'F .I.i 1.?.'.4 ' .
., hl6$ . . $,st bl
__YES l HO
- t "r.y. e .. i S'C H P Z I M:. :'e : . :.c.: t o. ;.J, . r
,, - CONTAIHt1ENT
. PRESS
' .' i '~~ . ' . " -
<23.5 PSIG 1 5.l.}.9, '. ? ' '. .
.- YES l H0
. './. .r.1 . i. ,.'
CONTAIHt1ENT .-
. . ' .? F .- SUNP
. , .'.ej,=,
< 75P.
i -., i. .,.-(s.c e' t. ' .
'. .,'-..2 ,. . i. * -
YES l HO
. .: ,:: . R-44
- RADIATION
. (- . , ,
. - p '. . .
< 35 R/hr-
,. t ; YES l HO
.e'. **
r
,';,s. . . , lGPEEH PURPLE PRUPLE RED
'JAT FRCE-2 FRCE-1 FRCE-1 i
, JUNE k7a1995
. PRESS RETURN KEY TO CONTINUE.
~
- i, q e. .. .. . ..C E. - M Q, %,F f.' -
m,r
.s vs . s*
? .C.u t * % *. . * * ?
r3,Ti : b '.'j,2: <. , : ' ,',
w,-9 e. . c. .
- *
- g .(. n: . . f, . 5
..' t
. . . g% . I '
.u, . . . <
..q. . .
N'a =
. .' , , 'E. , .':g .
1.s - a.r:0. . .'. .
'.7 *i. ', '. . .
s..-
i -. , .
' ; . '. START
]
. , . , ' > ' d, ' .
. 1'.,- .
PZR LEVEL
- , d' .i 5.8.' .
< 92%
- '. e .0..s ,
... c ,4 .e cx. .
- r.'.'.1,'!.1/
. .,.. ... N ,;;. .< .
- i SCHPZI YES l HO
,* L. , :. . . . . , - .
.. .. .v, ,. ..;, -
t w. .. . .
'. j ' .~ . [. ' PZR LEVEL
., , . ;u/.... .',,-. > 17%
,..1 -.
3, .
4 ^ ',i 'I' 3 ,,. , . YES l H0
.) :
? * , s ,'.
[. ,Y:. c. .
.
- RULIS RULIS
... y i
- UPPER. UPPER
' . 4
- l
,'. ;; ; RANGE RANGE
.i > 100%
r, f
> 100%
I
- YES l HO YES l HO r.. .; s . '. , ** -
l l l
. - I l
.-,. t.. .
> , - . I
> ' > , , . 1 i l l , * >
l .
l l
- ~. . - GFEEt1
, r. qq I . -_
,- JUNE 18a1995
.7.~ ' . '
PRESS RETURH KEY TO CONTINUE.
4 e
, ;O .. . . .
':s iM. .
. . n. .o
.. .s.; . :3.:.J
.. .') ..
n..~....,.
. . < n. .: .: , .
. ..s. . . 7. v.
....!,.~..- ,...
- .s. =s .- .
pa- . - . .
, .~.. .
l ' .7. ;:'l , . . Unit 1 Temperature / Pressure
- 'i.., . 2600 h I.'I .'
11.-
2480 - F I
'. .'. im. .. e. ., . R 22ee - .i ll.
.:. 5 . . ..c ? ', ' . ., 200a - ,
. . . . 1, . .'y.
i c
v /
./
' l/
. .i.' - W- c o: .i.,y;l.::,'. .' .
. 1800 -
i
- O .*r.N :., . . .... ,. .
. -Tg ' .i~ ,' ,' .
2 '" -
P /
o
- , p 1400 - /
, ,. s. a....:.. .'.,-j. . .trh <* . >
i.
g ,/ i Er,Et3D d'.-
- f.'.(i.- -
1200 -
. '%> .. .. ~ . > , - . c- j
.J*
' .*~ 6 ';' .
r, -
1000 - TSAT NORr1AL
.c
. TSAT ADUFRSE
. : ' ' .' . - i
.. . y 800 -
F
- '..r .
600 -
r, 4ee - l
.r - ,
200 .--
e
. ' ~.-
1 I I I I I I I
. s .. .
250 300 300 400 450 500 550 f;00 650 700 s?
.. .:.;M :
P C ?. T e n r.c- r a tiir e
. .. .~.
.- . PRESS RETURN KEY TO CONTINUE.
i
. I : -
>I 4 . .
t I .
f 4
.5 g 4
-e 2-,
~
111 z, ,
b) b) '
N
.s DN, L(
2-%
uE a
dd ,-
- t'k - 2 -
l . . .
' L -
. 5 -
,, }.
4 L) : .I 111' . Ii '.
El t .7 J' t -
l ""
i Q1.%
a l
\ 11). ..
-.4
- m 2
O $
o I
O !
v n i
- O j 2,. , - -
- i.
g ; r-e p
- M ,. - ' '
2.-,
._2 ~
I. >-
L.I 3 {
i %b { & g 7,----- ,. '.'
l
._]. e z
a sj ___. j .
- _ .,- N l
t ,a .,.a _ _ .
i J
6 1 E
.3
.m i (4
- h. h ^*
,$ 5 l
.I
. ~
.. . ]
- s. . . )
a , . *, n. . - . 1,
- " .M., ; ~ 4 ' ... .h; '..'%:.
...1.- -
'. *: : " ~~*
.e*'.'.
.o: D' ,.~.- .. f. *. *Q:, . .q.it :; ..l;
~ ~. , .
..s - . - '
.". ..* .- .r- . '
. r i, ...., ~... , . . . .s '. *- *
- i. -
s -
- T , ,.,a. .%.
. . , , " .- v..x.;,~
. : ,,yy,. ;.< y, . i -, ..; . vt;. ~ ,
.. . - - ,..-~ .:~:-l; *
. --f., . , . - _ .. ,
~%. . ~:.. ;S .:,v: . >y. .. ., ..:. :; .. ~,. ,-
. . n . t .. ;.'. .* ., .;,--.: .. . ,,.' .*> ' . *! 6,y.*f..',.;..,;,,.e T- r.
y . ,* . ..
. t'. W '. %., -
a '. ~ ',; * ,'**
- . . ;.,; . . ~. , s .' ; : . .
. . . . . . . ~
. ' : . w ; : 1 . . .. < .. :...y . . .
~
~. . ' ' - y*
- ~ ': ,.
. ::- c.
x r : a., . _~; . .
>~ .-
I I
I I
I \
SAFETY PARAMETER DISPLAY SYSTEM NRC AUDIT
. ERF/SPDS PARAMETERS
. BASIS FOR SPDS I - SELECTION OF SPDS DISPLAYS I
I I
I \
i
'I ;
I
ERF COMPUTER SYSTEM / SAFETY PARAMETER DISPLAY SYSTEM I PSE&G has selected a total of sixty-two parameters which will make up the data base f or the Emergency Response Facilities (ERF)
Computer System. Regulatory Guide 1.97 was used as a guideline.
These parameters are listed in Attachment 1.
The basis for the SPDS is the critical safety functions (CSPs) which were identified in the Westinghouse Emergency Response Guidelines (ERCS). The status trees for the CSFs were developed for critical safety function evaluation.
The CSFs were selected to monitor three barriers to the release of radioactivity. The CSFs are associated with the barriers in the following manner:
Barrier Critical Safety Function Maintenance of SUBCRITICALITY (minimize energy production in the fuel)
Maintenance of CORE COOLING (provide adequate reactor coolant for heat removal from the fuel)
Fuel Matrix -- Maintenance of a HEAT SINK and Fuel Clad (provide adequate secondary coolant for heat removal from the fuel)
Control of Reactor Coolant INVENTORY (maintain enough reactor coolant for effective heat removal and pressure control)
Maintenance of a HEAT SINK (provide adequate heat renoval from the RCS)
Reactor Coolant Maintenance of Reactor Coolant System System Pressure - INTEGRITY Boundary (prevent failure of RCS)
Control of Reactor Coolant INVENTORY (prevent flooding and loss of pressure control)
Containment Vessel - Maintenance of CONTAINf1ENT Integrity (prevent f ailure of containment vessel)
NP8514/10 1
The SPDS parameters were selected based on the CSFs status trees. The parameters are used to satisfy the status trees and their association with the CSFs are as follows:
CRITICAL SAFETY FUNCTION PARAMETER Reactor Trip I 1. SHUT DOWN MARGIN a.
__ b . Power Range Neutron - c. Start up Rate Flux d. Source Range I -e.
a.
Intermediate Range Core Exit Temperature
- 2. CORE COOLING
- b. RCS Subcooling
- c. RCP Status
- d. Reactor Vessel Level
- 3. HEAT SINK a. Steam Generator Level
- b. Total Feedwater Flow
- c. Steam Generator Pressure
- 4. THERMAL SHOCK a. RCS Loop Average Temperature b.
I c.
d.
RCS Pressure RCS Temperature (CIT)
RCS Cold Legs Temperature
- 5. CONTAINMENT ENVIRONMENT a. Containment Pressure
- b. Containment Sump Level
- c. Containment Area Radiation
- 6. COOLANT INVENTORY a. Pressurizer Level
- b. Reactor Vessel Level The f ollowing are the displays selected f or the SPDS:
- 1. Critical Safety Function Overview
- 2. Shutdown Margin Status Tree
- 3. Core Cooling Status Tree
- 4. Heat Sink Status Tree
- 5. Thermal Shock Status Tree
- 6. Thermal Shock Limit A Curve
- 7. Containment Environment Status Tree I 8. Coolant Inventory Status Tree
- 9. Pressure / Temperature Saturation Curve
- 10. A display showing the values of the following variables which I are associated with Radioactivity Control:
NP8514/10 2
- a. Plant vent flow,
- b. Containment or Plant Vent gas effluent fixed filter iodine radiation monitor (R12B).
- c. Containment or plant vent gas effluent radiation nonitor (R12A).
- d. Containment or plant vent air particulate monitor (llA). l
- e. Plant vent radiation monitor, noble gas ( R4 5) . I
- f. Plant vent effluent radiation monitor (R16).
- g. Auxiliary Ruilding Plant Ventilation Process Radiation Monitors (R41) (particulate, iodine, noble gas).
- h. Main Steam Radiation Monitoring (R46).
Attachment 2 provides in table format a comparison of che I Critical Safety Functions in Salem with those listed in Supplement 1 to NUREG 737.
l I
NP8514/10 3 1
i
I ATTACHMENT 2 CRITICAL SAFETY FUNCTION PARAMETERS CRITICAL SAFETY FUNCTION NUREG 0737, SUPPLEMENT 1) STATUS TREE (SALEM)
Reactivity Control Shut Down Margin 1. Neutron Flux
- 2. Neactor Trip E
E Core Cooling 1. Core Exit Temperature Reactor Core Cooling
- 2. Degrees of Subcooling
- 3. Reactor Coolant Pump landHeatRemovalFrom the Primary Systen Status
- 4. Reactor Vessel Level Heat Sink 1. Steam Generator Level IReactor Coolant System Integrity 2. Steam Generator Pressure
- 6. RCS Cold Leg Water Temperature Coolant Inventory 7. Pressurizer Level
- 8. Reactor Vessel Level Radioactivity Control Radioactivity at 1. Plant Vent flow
- 2. Containment Effluent I Release Points Radioactivity
- 3. Plant Vent Effluent Radioactivity I 4. Containnent Area Radiation
- 5. Main stear' Radiation Containment Environment 1. Containment Sump Level
- 2. Containment Pressure IContainmentConditions 3. Containment Area Radiation NP8514/10 4
-.,-,r
f;1 rTA chm E N Y J.
ERF COMPUTER SYSTEM PARAMETERS PARAMETER INSTRUMENT 4 OUALIFICATION CODE #
I 1 Neutron Flux:
Source Range N I-31B , XA5699 N I- 3 2 B , XA5700 NON-IE Intermediate Range N I- 3 5 B , XA5705 _
N I- 3 6B , XA5706 Power Range N I-41B , XA5711 N I- 4 2 B , XA5712 N I-4 3B , XA5713 N I-4 4 B , XA5714 Start Up Rate N I- 31 D , XA5701 N I-3 2 D , XA5702 N I- 3 5 D, XA5703 N I- 3 6 D , XA5704 I 2 Control Rod Position See Attachment 1 NON-IE Plant Vent Flow FA-8602 NON-IE 3
RCS Cold Leg Water TA-2757, TA-2758 IE 4
Temperature TA-2759, TA-2760 RCS Hot Leg Water TA-0043, TA-0053 5
Temperature TA-0063, TA-0073 IE 6 Reactor Coolant System PA-8088, PA-0039 IE Pressure Core Exit Temperature See Attachment 2 NON-I E 7
8 Coolant Level in Reactor LA-3617, LA-3619 IE NOTE:
LA-3620 (Train "A") Sensors are IE but the LA--3638, LA-3639 signal to I LA-3666 (Train "B")
MUX is NON-IE D5/4 1/6
I PARAMETER INSTRUMENT OUALIFICATIut; CODE #
9 Degrees of Subcooling Inputs are from thermocouple s and RCS pressure 10 Containment Sump Level LA-0223, LA-0224 IE 11 Containment Pressure PA-2386, PA-2405 IE PA-2344, PA-2345 PA-2346, PA-2568 12 Co nta inmen t Isolation valves See Attachment 3 IE 15 Containment Area RA-2584, RA-2586 IE Radiation ( R4 4 A & B) 16 Delete 17 Con tai nment Hyd rog en XA-3361, XA-33 6 2 IE Concentration i 18 gn o Pt 4N T VFN T Containment %Ef fluent Radioactivity Noble Gases RA-4313 (R128)
RA-4330 ( R12A)
IE From Identified Release RA-10153, RA-10154 points RA-10155 (R41A,B & C)
RA-4303 (RllA)
RA-4057 ( R4 5, B & C)
RA-8346 (R16) NON-IE 19 Deleted 20 Delete 21 RHR System Flow FA-1416, FA-1422 IE FA-1423, FA-1419 22 RHR Heat Exc ha ng e r TA-1425, TA-6486 NON-IE Outlet Temperature 23 Accumulator Tank LA-0241, LA-0237 IE Levels LA-0233, LA-0228 I LA-0242, LA-0234, LA-0238 LA-0229 Acc umulator Tank PA-0243, PA-0239 IE Pressures PA-0235, PA-0230 PA-0244, PA-0240 PA-0236, PA-0231 D5/4 2 /6
I ODE # PARAMETER INSTRUMENT # OUALIFICATION 24 Acc umula to r Isolation SJ54, (4 valves, IE Valve Position one per tank) 25 Boric Ac id Changing FA-135, FA-2174 IE Flow 26 Flow in HPI System FA-7462 IE 27 Flow in LPI System FA-7464, FA-0226 IE -
/ G~ z o f, 4 /9~ 2/O umT+l 28 Ref ueling Water Storage 4A-3144, L ?. 31t? IE Tank Level z 4 - 4 4 8 3 ,z." 4 A u f 2 thi4L 29 Reactor Coolant Pump IA-6832, IA-6834 NON-IE Status (amps) IA-6837, IA-6839 Primary System Safety PR1, PR2 IE I 30 Relief Valve Positions PR6, PR7 Pressurizer Level LA-0086, LA-0087 IE LA-0088, LA-0089 I 31 32 Pressurizer Heater IA-5266, IA-5267 NON-IE Status ( amps) IA-5268 33 Pressurizer Relie f LA-0094 NON-IE Tank Level 34 Pressurizer Relief TA-0095 NON-IE Tank Temperature 35 Pressurizer Relief PA-0096 NON-IE Tank Pressure 36 Steam Generator LA-0009, LA-0015 IE Level LA-021, LA-0027 LA-0 0 0 5 , LA-0013 LA-0017, LA-0025 37 Steam Generator PA-06'1, PA-0672 IE I Pressure PA-0673, PA-0734, PA-0738, PA-0674 PA-0736 PA-0740 38 Main Steam Flow FA-0687, FA-688 IE FA-689, FA-690 F A-101, F A-10 2 FA-103, FA-104 D5/4 3/6
DE # PARAMETER INSTRUMENT # OUALIFICATION 39 Main Feedwater PA-0656, FA-0658 IE Flow FA-0660, FA-0662 FA-1901, FA-1902 FA-1903, FA-1904 40 Auxiliary Feedwater FA-1087, FA-1091 IE Flow FA-1095, FA-1097 41 Auxiliary Feedwater LA-1688 IE -
Storage Tank Level 42 Containment Spray No instrument at Flow this time 43 Containment Spray FA-0218 IE Additive flow 44 Containment Fan FA-3539, FA-3540 IE Cooler Outlet flow FA-3541, FA-3542 FA-3543 I Containment Fa n Cooler Unit Running X D- 5 4 8 6 , X D- 5 4 8 7 X D- 5 4 91, X D- 5 49 2 X D- 5 4 9 6 , X D- 5 4 9 7
( Hig h/ Low Speed)
X D- 5 5 01, X D- 5 50 2
' X D- 5 50 6 , X D+ 5 5 0 7 Containment TA-4306, TA-4307 NON-IE I 45 Atmosphere Temperature TA-4308, TA-4309 TA-4310, TA-4311 TA-4312, TA-4313 T A- 4 314 , T A- 4 315 TA-4316, TA-4318 TA-4319, TA-4320 TA-4321, TA-4348 46 Letdcan Flow FA-141 IE 47 Volume Control LA-0119 IE Tank Level -
48 Component Cooling Water Temperature TA-1564, TA-1576 NON-IE 49 Component Cooling FA-1565, FA-1577 NON-IE Water Flow 50 High Level Radioactive LA-0165, LA-0166 NON-IE Liquid Tank Level LA-0167, LA-1526 LA-1523, LA-1535 LA-1536, LA-1537 5/4 4/6
DE # PARAMETERS INSTRUMENTS QUALIFICATION 51 Radioactive gas Hold up PA-4030, PA-4029 NON-IE
) Tank Pressure PA-4032, PA-4031 52 Control Room Emergency CAAl, CAA2, CAA3 IE Ventilation Damper CA A4 , CAAS, CA A14 Position CAA17, CAA18, CAA19 CAA20, CA A31 CAA32, CAA33 53 Auxiliary Building ABV1, ABV 3, ABV7 IE Emergency Dampers ABV8, ABV9, ABV10 ABV21 54 Fuel Handling Building FHV1, FHV2 IE Emergency Dampers FHV3, FHV4 55 Status of Standby Power See Attachment 4 IE and Other Emergency Energy Sources Important to Safety 56 Control Air PA-3825, PA-2140 NON-IE 57 Main Steam RA-4072 ( R4 6 A) IE Radiation Monitors RA-407 3 ( R4 6B)
RA-4074 ( R4 6C )
RA-4075 ( R4 6D)
RA-4076 ( R4 6E )
58 Wind Direction XA-8499 (30 FT. ELEV.) NON-IE XA-8500 (150 FT. ELEV.)
XA-8501 (300 FT. ELEV.)
59 Wind Speed XA-8496 (30 FT. ELEV.) NON-I E XA-8497 (150 FT. ELEV.)
XA-8498 (300 FT. ELEV.)
60 Atmospheric Stability *TA-8502 (30 FT. ELEV.) NON-IE (Temperature) TA-8505 (30-300 FT.)
TA-8506 (30-150 FT.)
l hwosignalsweredeleted.
f/45/6 l
I I
WDE # PARAMETER INSTRUMENT # OUALIFICATION E
)
I 62 Condenser Availability
( Condenser Vacuum) PA-2396, PA-2398, PA-2397 PA-2399 NO N -I E IA-6833, IA-6838 I (Circulator motor amperes)
IA-6835, IA-6836, IA-6840 IA-6841 63 Reactor Coolant System TA-5360, TA-5361 NON-IE Loop Average temperature TA-5362- TA-5363 _
Main Steam Isolation MS-167 (4 valves, one IE I64 valve position per steam generator) open/close 65 Reactor trip demand signal 1ASTR-A IE for train "A" Reactor trip demand signal lASTR-B IE I66 f or train " B" I
I I
I I
I h5/4 6/6 I
I I
ATTACHMENT 1
- CODE 4 2 LIST OF INSTRUMENTS I
INSTRUMENT # INSTRUMENT #
NA - 4301 NA- 4324 NA - 4302 NA - 4325 NA - 4303 NA - 4326 NA - 4304 NA - 4327 N A - 4305 NA - 4328 NA - 4306 NA - 4329 NA - 4307 NA - 4330 NA - 4308 NA - 4331 NA- 4309 NA - 4332 N A - 4 310 NA- 4333 N A - 4 311 NA - 4334 NA- 4312 NA - 4335 N A - 4 313 NA- 4336 NA- 4314 NA - 4337 NA - 4315 NA- 4338 l l
NA - 4316 NA - 4339 NA - 4317 NA- 4340 N A - 4 318 NA - 4341 NA - 4319 NA - 4342 NA - 4320 NA - 4343 NA - 4321 NA- 4344 NA - 4322 NA - 4345 NA - 4323 Os/s 1/n A _ _ ._ _ _ _ _ _ . _ _ . _ . _ _ _ _ . _ _ . . _ . . _ _ . . _ _ _ _ _ _ _ _
ATTACHMENT 1 (CONTINUED)
I CODE #2 LIST OF INSTRUMENTS INSTRUMENT j
NA - 4370 NA - 4371 NA - 4372 NA - 4373 NA - 4374 NA - 4375 NA - 4376 NA - 4377 I i
- Eight signals were deleted D5/5 2/06 I
i I
ATTACHMENT 2 CODE #7 LIST OF INSTRUMENTS INSTRUMENT # INSTRUMENT #
TA - 4112 TA - 4347 TA - 4328 TA - 4116 TA - 4329 TA - 4415 -
TA - 4330 TA - 4416 TA- 4331 TA - 4417 TA - 4332 TA - 4418 TA - 4333 TA - 4419 TA - 4334 TA - 4488 TA - 4335 TA - 4489 TA - 4336 TA - 4490 TA - 4337 TA - 4491 TA - 4338 TA - 4492 I TA - 4339 TA - 4493 TA - 4340 TA - 4494 TA - 4341 TA - 4495 TA - 4342 TA - 4496 TA - 4343 TA - 4497 TA - 4344 TA - 4498 TA - 4345 TA - 4499 TA - 4346 TA - 4500 D5/5 3/06 0
I ;
I ATTACHMENT 2 (CONTINUED)
I Code > usr oe 1NsTemeNTe INSTRUMENT TA - 4501 TA - 4 548 TA - 4502 TA - 4 54 9 TA - 4 5 0 3 TA - 4550 (RTD) _
TA - 4 504 TA - 4551 (RTD)
TA - 4505 TA - 4552 (RTD)
TA - 450 6 TA - 4553 (RTD)
I TA - 4508 TA - 4 509 TA - 4510 TA - 4511
< TA - 4536 TA - 4537 TA - 4538 TA - 4 53 9 TA - 4 540 TA - 4541 ,
I i
TA - 4542 TA - 4543 TA - 4544 TA - 4 54 5 TA - 4546 TA - 4547
, 05/5 4/06
4 I
ATTACHMENT 3 CODE #12 LIST OF ISOLATION VALVES VALVE I.D.# VALVE I.D. 4 SS94 (4) FPl47 VCll CC215 VCl2 CC113 -
VCl3 CC117 VCl4 CC118 VC7 CC187 VC8 CC136 VC 9 CC190 VC10 CC131 VCl WL96 VC2 WL97 VC3 WL98 VC4 WL10 8 VC5 WL99 VC6 WL12 DR2 9 WL13 C A3 30 (2) NT32 SW58 (5) SJ123 SW72 (5) SJ 5 3 WLl6 SJ60 WLl7 D5/5 5/06 I
s I ATTACHMENT 4 CODE #55 LIST OF INSTRUMENTS INSTRUMENT 4 IDENTIFICATION VA - 5417 A Diesel Generator QA - 5418 A Diesel Generator I WA - 5415 IA - 5416 A
A Diesel Diesel Generator Generator VA - 5843 B Diesel Generator QA - 5844 B Diesel Generator WA - 5841 B Diesel Generator IA - 5842 B Diesel Generator VA - 5851 C Diesel Generator QA - 5852 C Diesel Generator C Diesel Generator I WA - 5849 IA- 5850 C Diesel Generator VA-5288 A 28VDC IA-5295 A 28VDC VA-5355 A 125VDC IA-5367 A 125VDC VA-5333 B 28VDC IA-5340 B 28VDC VA-5394 B 125VDC IA-5406 B 125VDC VA-5427 C 125VDC l
IA-5428 C 125VDC l I
D5/5 6/06 I
FILE COPY l .
Jtine 27, 1985 4,
~ ~
$$f!'
I Director of Nuclear Reactor Regulation G. a. Nuclear Regulatory Cossaission 7920 perfolk Avenue Bethesda, MD 20014 Attsations Mr. Steven Varga, Chief I operating Reactors Branch 1 Division of Licensing
Dear Mr. Vargs:
9 5800E8T FOR ADDITIONAL INFORMATION CONCERNING g 's. ,
I TER SAFETT FARAMETER DISPLAY SYSTEA SALEM GENERATING STATION 1v -.
DDCEiT pos. 50-272 AND 50-311 ...,
i k, I PSE6G hereby submits, in the attachment to this letter, its response to your request of December 7, 1964 for additional
, # J information concerning the Safety Parameter Display System
- I (SPDS).
- Inasmuch as we had also been requested to rescend to I questions concerning our Detailed Control Roor Design Review, we had requested an extennion information on SPDS. Your Mr. D. C.
in proviting Fischer, in a telephone the conversation with our Mr. R. S. Patwell on February 27, I 1985, granted that extension until Ju'.y 1,1985.
should you have any questions, do not nesitate to contact I us.
- - sincerely, I
$hp .c h.
l I gb )p%,y{h i
" .l > . ' ~
~ $ -
Corbin A. *Neill, Jr.
Vice President = :4uclear I ,dAJGenen
/ Attachment I C' Mr. Donald C. Fischer Licensing Project Manager Mr. Thasas J. Kenny h' ll Senior Resident Inspector 3 -
l
l l
6-27-85
-2 .
l Mr. Steven Varga.
! a. ,
Vice President - Nuclear I BC Assistart Pice President - Nuclear Operations Support General Manager - Nuclear Quality, Assurance General Manager - Nuclear Services General Manager - Salem Operations General Manager - Hope Creek Operations General Manager - Nuclear Engineering General Manager - Nuclear Assurance and Regulation I General Manager - Nuclear Safety Review Assistant General Manager - Engineering Assistant General Manager - Nuclear Joint Owners and p Regulatory Actvities g Assistant to General Manager - Nuclear Engineering Manager - Nuclear Licensing and Reliability ,
Manager - Nuclear Engineering Design I
Manager - Muclear Systems Engineering *.c Manager - Nuclear Plant Engineering .
M -
manager - Nuclear Engineering Control .( .
I Manager - Nuclear Training Manager - Licensing and Analysis
..?
- {, T Manager - Nuclear Safety Assurance Manager,- Onsite Saf ety Review Public Affairs Manager - Nuclear Operations Assessment Engineer station Ouality Assurance Engineer Salem Operations Technical Dept, Technical Staff, 8. Leap Associate General Solicitor Nuclear Review Board Manager I LIS (R. Buckles)
D. Dodson (PS AR Update) l PE (W. T. Ullrich)
I R. S. Patwell (Commitment Tracking)
PLEG (T. R. Robbins)
A. J. Greenfeld File 13.3.2 ,
atl4 1-2 -
I S ALEM GENERATING STATION UNITS NO. 1 AND 2
,7 S AFETY PARAMET ER DISPLAY SYSTEM RESPONSE TO NPC LETTER DATED DECEMBER 7, 1984
REFERENCE:
PSE&G'S REPORT " SAFETY ANALYSIS FOR SPDS PA RAMETERS" DATED JANUARY 30, 1984 I
Response to NRC concerns are in the order indicated in the enclosure to the letter dated December 7, 1984.
~~
ISOLATION DEVICES The data acquisition system consists of five multiplexer I cabinets and one data concentrator per unit and is-configured to meet redundancy requirements. Four of the cabinets are lE which are physically separated and the one dual cabinet is Non-lE. The data concentrator is Non-lE.
I There are 323 class 1E field signals per unit which go to the lE cabinets and 220 Non-lE field signals per unit which go to the Nan-lE cabinets. The foregoing indicates that no ,
isolation devices are required prior to the multiplexer cabinets. The signals f rom these cabinets however are transmitted to the data concentrator by means of fiber optic cables. These cables isolate the multiplexer cabinets from data concentrator and the rest of the system. Fiber optic cables were used for the Non-lE cabinets because of their Attachment 1 is a one-line block I noise immunity capability.
diagram showing the system configuration. The fiber optic cable specification is as follows:
Corning Corporation or Corning Fiber Manufacturer:
Corporation Licensee Core Diameter: 50 Micron I Core and Cladding Diameter:
Numerical Aperature (NA):
Attenuation:
125 Micron 0.2 4dB/km or better .
l l
Bandwidth / length: 200MHZ/km Fiber Type: Glass core and. cladding l l
I 1 D6/25 1 OF 6
l HUMAN FACTORS PROGRAM _
Display Systemi .
I The display syatem provides the primary means of information presentation to the operator. Man-Machine Interface (MMI) consideration will be addressed by utilizing a CRT/ keyboard l
l configuration. Included in this system are CRT copiers for color hard copy of CRT displays and high-speed printers f or hard copy of logs, reports and nongraphic CRT displays.
t All console CRTs are provided with interactive keyboards.
The primary CRT utilizes a special purpose function kayboard for presentation of SPDS primary displays. The secondary I I CRT for utilizes a full ASCII keyboard with 60 functional keys interactive system dialog as well as presentations of both primary and secondary system displays.
Graphics CRT The graphics CRTs in the system are IDT 42250 graphics ' '
computer systems. These devices utilize four (4)
(I l
microprocessors for graphics processing and I/O handling.
The display is a 19-inch color CRT with 512x512 dot resolution.
l 1
Included with each CRT system are:
o Standard keyboard with minimum of 60 functional keys; o Eight color (plus blink) display capability; o Two serial ports for host computer communication; o 2MBIT of Bubble Memory for program storage; o Real-time clock and CMOS RAM for system functions; o Hardware vector gener'ator for fast display processing; ,
o Extended plot and complex fill routines for f ast display processing.
High-Speed Printer The high-speed printers which will be located in the Control Rooms (CR) are Versatec V-80 Printer Plotter.
l D6/25 2 OF 6 ,
1 i
___ _ I
I l
CRT Copier " .
A color copierfwill be located in each control room, TSC and EOF.
Subsystem Operation Static picture informationusing for displays is initially the Interactive created Display in an off-line environment Display information is data compressed utilizing an Editor.
encoding technique and stored on the system data disks.
Static picture information is keptWhen within each graphic CRT a primary display is and stored in bubble memory.
I requested (either by a primary function key or secondary keyboard keystrokes) the static information is obtained the local CRT memory and. written to the screen.
from The current dynamic data for the display is assembled at the host I computer and transmitted.to the CRT for screen display.
total display call-up time for primary displays (time from The keyboard entry to complete static and dynamic screen '
I display) is typically one second.
once a display has been called up on a CRT,This only is thedone dynamic by I portions need to be periodically updated.
the primary host computer every displays that are dynamic.
Notetwo thatseconds f or since only all dynamic data is regularly assembled and distributed by the host I computer, system loading is dependent only on the number of display CRTs and is not a function (except for static picture storage) of the total number of displays in is the data I base. Communication between the host and the CRTs accomplished via 19.2KB RS-232 serial links to the data highway.
Future addition of secondary displays can be readily ,,
accommodated. Based on an average compressed size of 5000 bytes per static display,, bubble memory capacity exceeds 70 I mimic type displays and additional bubble memory can be added as an option.
I Hard copy of a screen image is initiated directly by the operator at the CRT keyboard. Upon initiation of the copy command, the screen image is transferred through a Printing high-speed parallel interface to the video copier.
I takes between one and a half and three minutes, depending on D6/25 3 OF 6
I display complexity. Upon completion, the hard copy mayDuring used immediately because no drying time is required.
be If a the print cycle, the. copier input buffer is disabled.
~
I new copy command is issued, the copier will issue a " busy" to the requestilng CRT. Hard copy of logs, reports and nongraphic screen images are initiated at the secondary in the I display keyrca da for printing on t.hs line printers Control room.
The display system is presently being designed. A contract I was awarded to General Physics Corporation to conduct a human factors review. The results of the review will be evaluated and incorporated into the design as appropriate.
I This review is expected to be completed by October 30, 1985. At that time the report will be available for your review.
DATA VALIDATION The ERF Computer System addresses sensor validation at two I distinct modes, the Computer Products Inc. (CPI) data concentrator and the PACE alarm processor. PACE is the name of the sof tware package which will be used for the system.
I The data concentrator will detect the following hardware channel failures as the first mode of sensor validation:
Current loop less than 4ma and greater than 20ma.
o o Thermocouple open circuit.
o Thermocouple out of range.
o RTD out of defined bridge range.
o % 1tiplexer unable to scan sensor.
PACE produces several sensor qualities or flags that will be used to validate a sensor's value, e.g. alarm, of f scan, and hardware channel failure. PACE supports four levels of alarms: Hi, Hi-Hi, Lo, an,d Lo-Lo. Except as discussed below, the Hi and Lo alarms will be used in the conventional sense to warn of approach to operating limits while Hi-Hi and Lo-Lo will be used'to indicate nonsense readings such as a negative tank level. .
Offscan is a validation indicator because it means that at the second consecutive instrument limit violation, the point is taken offscan. This means that the sensor's value is invalid. Instrument violation can also be set at nonsense instrument process readings.
I ,
D6/25 4 OF 6
Invalid dat-I being displayed can be detected by the operator using the following techniques:
I - 1 o A foreground color blink of the value when it is Hi-Hi or Lo r o -ith the symbol 'NV' placed on the right of the value. For those parameters which have an actual Lo-Lo or Hi-Hi alarm (e.g. containment pressure and steam l generator level) the offscan technique will be used.
o A foreground color blink of the value when the point is of f scan with the symbol 'OS' placed on the right of the value. If the value disappears off the screen when the point is offscan, then there will be an 'OS' in place of the value.
o Graphic represented data, e.g. a pump or valve, will have its color and blink changed based on the above flags.
PARAMETER SELECTION ^
Please refer to PSE&G's submittal dated January 30, 1984 for the rationale which justifies parameter selection. This is under the section entitled " Parameter Selection" and
- Attachment NO. 3. Attachment No. 4 " Critical Safety Function Status Trees" shows the relationship between the parameters selected for display on the Safety Parameter Display System and the Critical Safety Functions.
Radioactivity Control and Containment Conditions indicated on page 8 of Supplement 1 to NUREG 0737 is addressed by the Critical Safety Function " Containment Environment."
Radioactivity Control is monitored by Containment Area Radiation, Containment Effluent Radioactivity and Main Steam Radiation monitors and these parameters are available on the Safety Parameter Display System.
Other parameters not used.for the Critical Safety Functions can be accessed at the terminal by using a track ball and one or two keystrokes.
UNREVIEWED SAFETY QUESTIONS The signals for all parameters used for the Safety Parameter Display System will be acquired f rom existing instrument loops. During the design of the data acquisition system interface with the plant instruments, the possibility of D6/25 5 OF 6
~
f ailure or m_alfunction due to circuit overloadTheandfunction the of ef fects on existing systems were addressed.
the existing s.ystems will not be altered and the safe shut The SPDS down of the reactor will not be affected.
interfaces wera also designed taking into consideration I electrical separation and isolation. This will ensure that failure of the SPDS or any associated equipment will not increase the probability or consequences of accidents I analyzed in the FSAR. The margin of safety has not been diminished due to the addition of the SPDS. Because of the foregoing, an unreviewed safety question is not involved.
There will be no new systems or instruments added as a result of the installation of the data acquisition system.
.E Since the functions of the existng systems will not be
- E changed, the technical specifications associated with any system or instrument in that system will not be af fected.
I ,
I I
e.
P
~
I
- MHA:ljs I 6/24/85 06/25 6 of 6 I -
l I
PS
- E E* . .
ERF -
_p I
u
-l
, . . . . . . . . . . . . . . .C. .D.t e
. ...4.T F D.L. . .P. .Du. .t.t.5. . . . . . . . . . . . . . .
ut SIT t I UNIT 2 I
t fPMPE - A- !-' u I
- 20 M PS-232 -
~
="! en :. :.
CRT 8 . _
? LINE I :
y [ u IDT ;
A S.tec : IDT IDT : IDT RT 232 e er e- l 2250 2250 : 2250 2250 I rFnagy ,,, RS 232
~
SPAPE589e :. F .
- :. I : .
. m *-'
u a st,I :
. IeH T .
2m
- Cru a :. D i i. !
S Et. :. -
- I.
t su . -.- .
e -
32/s750 :
, ; I - l to B u :.
3 He : I =$.= .
n
- DC ; m2 e e g ,,g :. n LIHE j
- u T . -
i T I B- , 1 l E FRNTR ! g PRNTP j 7 ts s, / : , ; .
A ! I . :
/
T u . :
. '.S /
- s;
. I*
- / _ *
- . Vss C** *O He e0 He
..m .............................................
! / \ : - TECHeaICAL f uF F OR T CEf 4TER :
- tu / H : e :
\ =;= 6 I I I I :
HO- 8 N :
o i s' * :
-
- DC pg h2 I : $ IDT IDT IDT IDT l g l.
t : o.
IFAGET.9
- l. T 2250 2250 2250 2250 to cpu 8 .
-I35 a I
. G -
u l i l i
- - SEL . :* :
32/9750 *
- I j
u H
? L It3E A fetic 3 He [. p- .
{ - .
Rf 272 I* -
@ 7 HODEN - EDF -
' " VIDED j Is H ! a2
- 27,0 : = co,IER :.
1F a*.E r."it r A I
t tODEt t - F0F T. 82 u ~
g~
C D H H U N I C M T 1 0 ts :..rrr..............................................
SNITC.H e g
- EHEPGENCv .
g....................' : DFFSITE !*
~ IDT FM.ILITY
! TSC gg Hg j 2 I != ! HODE,,
- 2250 g
. - u :
TAPE f TAPE f : IDT -
M- :=! ! VIDEO 2250 -
a"' : .
E -FUTURE EXPANSION Z uI =?.= IDT FORTeeLE:
- HODEH l .
.e- . 2250 .
i
- FpoG. -:
- 4 :
- Cat aroLE : .
M
y yg az- . - .
c., UNITED STATES a \, NUCLEAR REGULATORY COMMISSION ,
,7 n wAsMINGTON D. C. 20065 M.*E.I ., ,- ' * ,, .
4 1
u .:: .
-- .-~'It,,*
~
/ -December 7. 1984 ;
I %...../ -
g ,,
/' '-
i '
Oceket andrios. 50J2 50-311 ;
_- ,1 7 _p,,, , ,
vi :, .. ,, -
Mr. Richard A. Uderitz, Vice President - .k3r s ; - * , . .
Nuclear Q.yj.. l Public Service Electric and Gas Company ,, , . ,; gr . . , ,. .
Post Office Box 236 Er m tp: y j, u :3,,,
Hancocks Bridge, New Jersey 08038 '
8"*T'9--
Dear Mr. Uderitz:
t5 (hTt.J4.e Y 4E SAFETY \it
SUBJECT:
REQUEST FOR ADDITIONAL INFORMATION CONCERNIN3 r T PARAMETER DISPLAY SYSTEM FOR SALEM UNITS 1 AND .. .._
i L ,. !
The staff has reviewed your January 30. 1984 submittal " Safetyconc.1g Parameter ed that...._:
Display System, Safety Analysis and Implementation Plan" ahatfah. -.
insufficient information was provided for us to complete '
The additional information required is discussed in the enclosure. Please' -
respond to this request for information within 60 days from receipt of this
- letter.
The reporting *and/or recordkeeping requirements of this letter affect fewer than ten respondents; therefore, Ole clearance is not required Under P.L.96-511.
Soncerely.
( b l teven A. drga, Chi Operating Reactors B ch #1 j
Division of Licensing I l
)
1 2 l .: V. I O L: T';.*:.. ' .
.. ) .i!>.:t u' .": I'
- i i .. . .,:: .. I f
E' il l
v M.:.=.=..' .
i REQUEST FOR ACOITIONAL INFORMATICli
- CONCERtlING THE SALEM UlitTS 1 ANO 2 SAFETY PARAMETER DISPLAY SYSTEH I Each operating reactor shall be provided with a Safety Pararneter Display The Comission approved requirements for an SPOS ere defired System (SPOS). In the Regional Workshops on Generic in NUREG-0737, Supplement 1.
Lutter 82-33 held during March 1983, the NRC discussed these requiren.ents and the staff's review of- the SPOS.
Prompt implementation of th's SPOS in operating reactors is a cesign gcal of prime importance. The staff's review of SPOS documentation for operating reactors called for in fiUREG-0737, Supplement 1, is designed to avoid delays I resulting from the time required for NRC staff review. The NRC staff will not review operatirig reactor SPOS designs for compliance with the requirements of Supplement 1 of NUREG-0737 prior to implementation unless a 1
)
I preimpleme.ntation review has been specifically requested by licensees. The licer.ste's 'iafety Analysis anc 5705 Irtpiementation Plan will be reviewed by the flRC staf f .only to determine if a serious safety question is posed or if
- the analysis is seriously inadequate. The f,RC staff review to acccmplish l this wi'i be cirected at: (a) confirming the ader..uy of the pararretars selected to be cisplayea to cetect critical safety unctions, (b) confirming
- nat metns are provicea to assure that the data d:ulayed are valid, I (c) ccnfirming that the Itcensee has c:mitted to a nucan (Ictors pec9 ram to ensure that the displayed information can be readt'f perc2ived and c:cprehedeo so as not to mislead the operator, anc (d) c:nfirming that 3705 I will be suitaoly isolated frem electrical ano electe:nic interferenca witn equi: cent anc sensors that are usec in safety systar.s. If taced on this review the staff identifies a serious safety question or seriously inacecuate I analysis, thu Director of IE or the Directur or NRR cay recuire or direct tne it:ensac .o cesse impicmentation.
l The staff has reviewed the Sp 5 safety inalysis and impi rentation plan previded in your succi"> f ateo Jart.0 y 30,1984 In creer to templete our evaluation the fqll wing additional information is requried:
I . . Y. :0; OEVICES
)
- a. For each type of device used to accomplish electrical isolation, cascribe the specific testing perforr.:ed to g -
demonstrate that the device is acceptable for its 49piteatica(5). This description snouid inciuee etarentary E diagrams when necessary to indicate the test configuratian and how the eax:run credible faults were applied to the cevites.
I w
~
I :2-b.
Dita to verify that the maximum credible faults a:alf ed duri.cg the test were the maximum voltage / current to wnich tne cevice l could be exposed, and define how the maximum voltage / current was determined.
j I c. Data to verify that the maximum credible fault was appiled to the output of the device in the transverse mode' (bettveen
- signal and return) and other faults were considered (f.e.,
I .
openandshortcircuits).
Define the pass /fati acceptance criteria for each type of d.
I e.
device. ,
Provide a commitment that the isolation devices comply with the environmental qualifications (10 CFR 50.49) and with the I seismic qualifications which were the basis for plant 1fcensing.
f.
Provide a description of the measures taken to protect the - -
safety systems from electrical interference (f.e., ,
, Electrostatic Coupling, EMI, Common Mode and Crosstalk) that I
- may be generated by the Sp05.
HUMAN FACTORS PROGRAM I Provide a description of the display system, its 4tuman factored design, and the methods used and results from a human factors program to ensure that the displayed information can be readily l perceived and comprehended 50 45 not to mislead the c;erator. .
DATA VALIDATION _
Describe the teethod used to validate data displayed in the SP05.
Also, cescribe how invalid data is defined P.o the c:erator.
PARAMETER SELECTION _
Provide tfie ', rational which justifies parameter selection and relates the parameters selected for display on the SPOS to the critica, safety functions stated in NUREG-0737. Supplement 1.
I 'WREVIE'.dE9 cargry ci; iTIONS P.rovice ccnclusions regarding unreviewed safety questions and I changes to technical specifications.
I .
0 I
OPSEG "M* ' 5U pe .: see.:ce E m ; rc Gas C:~ca , CC5a:M 4 - ': : 9' ; -
Nuclear Depa"+em January 30, 1984 I Director of Nuclear Reactor Regulation U. S. Nuclerr Regulatory Commission 7920 Norfolk Avenue Bethesda, MD 20014 Attention: Mr. Steven Varga, Chief Operating Reactors Branch 1 Division of Licensing .
Dear Mr. Varga:
SAFETY PARAMETER DISPLAY SYSTEM SAFETY ANALYSIS AND IMPLEMENTATION PLAN REO4IREMENTS FOR EMERGENCY RESPONSE CAPABILITY I SALEM GENERATING STATION NO. 1 AND 2 UNITS DOCKET NOS. 50-272 AND 50-311 PSE&G hereby submits its Safety Analysis and implementation plan for the Safety Parameter Display System in accordance with the requirements of Generic Letter 82-33, Requirements for Emergency I Response Capability.
Should you have any questions, please do not hesitate to contact us.
Sincerely, E. A. Liden Manager - Nuclear Licensing and Regulation p
RSP jab cc: Mr. Donald C. Fischer Licensing Project Manager Mr. James Linville Senior Resident Inspector
l U. S. Nuclear Regulatory Commission 1/30/84 I bec: Vice President - Nuclear General Manager - Nuclear Services Genercl tiraager - Nuclear Support General Manager - Salem Operations General Manager - Hope Creek Operations General Manager - Nuclear Assurance and Regulation Assistant General Manager - Nuclear Engineering Assistant General Manager - Engineering Manager - Nuclear Systems Engineering Manager - Nuclear Plant Engineering Manager - Nuclear Engineering Control Manager - Nuclear Operations Quality Assurance Manager - Nuclear Training Manager - Licensing and Analysis Public Affairs Manager - Nuclear Safety Review Group Operations Assessment Engineer Station Ouality Assurance Engineer Associate General Solicitor Nuclear Review Board Manager LIS (J. C. Plunkett, Jr.)
OPS ( D. C. Aabye)
PE (W. T. Ullrich)
PL&G (T. R. Robbins)
R. S. Patwell (Commitment Tracking)
+
$0 f 1
i
4 I,
f g)g & t/ & A/d 0 Ch /* '.50
- N
- I i
1
.Y j PUBLIC S?WICE E L 6.C T ?. I C T ::DC': C1 -
v.e.r.,.Lr T.>. s .>-
D A l". : Jaru?'y 23, 193' l r. ,
P c.,. - au .t .'. a-,
i l
l TO: E. A. L i'!c a Manager - ?uclea' Lic ns!93 ' " ' ' '
. l l ? ' i '
F 00't : R. L. Gur? ,
Ma n a g e r '. .' c l e ^t r P 1 n :'. t ? n j ' n' 'l'~
S UBJ C CT : S AM i P! _W E I c :'. C I 5 7 '_ K: ' E 31 L .: _
4 I
I Attachef ple?c3 fir; copie3 Cf t'.0 3 3 f C t y A". 31;, .' ' 3 COC t l: 3 I. 'tich Pa;c i
.ay_.,,,.,...,.....
- g. ,.....m...o .
,i
._.,.3 c,,.-- .
7 . . T. y-
, . 3m ... . i 3. ; e. ., ,
t
! to be submitt<<' to the NRC. .
It s'.culd c b+ notrJ. that tP.
l c c:-*3 i t c: s n t c' s t e f or sub~.itt 11 is Ja 'ary 31, 1934.
lI i
i I
lI l
- .'. H 23 : 3js
) ;
, -s *,. t i.o. ,. ; . . .s. ,. . . ,
I 1 J
{ CC: J. b3ilej i
L. Leit2 R. :la c'.la t t ~ r >
CAR.MS - X500 i
l C04 1/01 i
t
!I i
S AFETY ANALYSIS FOR SPDS PARAMETERS Functional Description The Safety Parameter Display System will serve as an aid to the control room personnel during abnormal and emergency conditions in determining the safety status of the plant. It will also function as an operator aid during normal operation by monitoring other parameters or graphic displays that are -
determined to be important to the operator for maintaining safe operation of the plant. The displays will serve to concentrate a set of plant parameters to aid in assessing plant safety status without surveying the entire control room. The primary display will provide an overview of plant conditions and the secondary displays will provide more l detailed information on specific plant systems and equipment.
ll System Description
{
General The Safety Iarameter Display System will be a redundant conputer sy tem with CRTs located in the TSC, EOF and Units 1 and 2 Contral Room. This system is independent of the Plant Compu te r. the major components are as follows:
I .
three lE multiplexer cabinets per unit t,o NON-lE multiplexer cabinets per unit two data concentrators
. 'wo SEL 32/8705 Central Processing Units
. .wo color CRT/ keyboards per unit control room
. ane line printer per unit
. four color CRT/ keyboards for TSC
, one video copier for TSC
. two color CRT/ keyboards for EOF one video copier for EOF The di ta concentrators and the two Central Processing Units will ao shared by both Units. The CRT/ keyboard assemblies and vider copiers in the TSC and EOF will not be dedicated to any l orie Jnit. At tachment 1 gives a general layout of the above rient ioned components and other peripheral equipment.
Data Acquisition Subsystem Each multiplexer in the subsystem functions as an independent I unit utilizing a 16 bit microprocessor.
field inputs is maintained by use of fiber optic communication links to the rest of the system.
Complete isolation of Signal conditioning and buffers necessary to isolate the P-250 process computer is included.
DR2 1/4
Computer Subsystem The computer subsystem utilizes two SEL 32/8705 processors in a fully redundant configuration. Each CPU acquires and processes the data f rom all multiplexers and maintains its own data base. One CPU is designated as the primary unit and handles all display subsystem interfacing. This allows the other CPU tc be utilized for development work while maintaining a hot standby condition f or smooth f ail-over. A full duplex RS-232 " watchdog" communication channel is provided so that the CPUs can monitor each other. All .
communication with equipment outside the computer environs is via fiber optic links or standard RS-232 modems.
Display Subsystem The display subsystem comprises high resolution color graphics CRTs, color video hard copy units and printers for data output. The IDT #2200 color graphics CRTs are used and full graphics editing capabilities are provided for building and modifying color displays.
Isolation of Class lE Signals At the output of the multiplexer cabinets, the communication link to the computer will be by fiber optic cables which will perform an isolation f unction. All class lE signals will be isolated prior to entering the multiplexer cabinets. These isolators will be qualified based on their function.
Availability The Host processor / display system will be designed to achieve an availability of 99.0% under the following conditions:
. All of the ERP on-line functions are executing without degradation and the following minimum complement of hardware is operational.
- 1. One of the two CPUs with all of its main memory and its programmer's I/O device, and with sufficient hardware in the CPU interfaces to communicate with all of the field multiplexers communication circuits at the specified scan rates.
- 2. One of the two auxiliary memories.
- 3. One printer in either unit control room.
. Each multiplexer will be designed to achieve the availability under the f ollowing conditions:
- 1. The multiplexer la considered available unless:
DR2 2/4
- a. Any function is lost for all points of a l
single type, or
- b. More than one input card of the same type fails, or I c. One input card of each type fails.
Human Factors The Safety Parameter Display System display will be designed to incorporate accepted Human Factor Principles. The f ollowing Human Factors Principles references will be used:
. NUREG 0700, Section 6.
. NUREG 0835, Section 6.
. " Human Engineering Principles f or Control Room Design Review", Section 3.7, published by the Nuclear Utility Task Action Committee.
Parameter Selection PSE&G has Lelected a total of sixty-one parameters to be displayed on the SPDS using the parameters listed in Regulatory Guide 1.97 as a guideline. These parameters are listed in At tachment 2.
The basis of this safety analysis is the Critical Safety Function Status Trees. The Critical Safety Functions were identified and Status Trees developed by PSE&G based on the Westinghouse Emergency Response Guidelines, Revision 1. The Status Trees and the procedures associated with them are contained within the Emergency Operating Procedure Set, which was also developed based on the Westinghouse Owners Group Emergency Response Guidelines. For any transient or accident condition, the Emergency Operating Procedures will direct the operator to monitor the Status Trees. Operator training also addresses the use of the Status Trees during transient or accident conditions. The following is a list of the six Critical Safety Functions for Salem Generating Station:
- 2. Core Cooling -
- 3. Heat Sink
- 4. Thermal Shock
- 5. Containment Environment-
- 6. Coolant Inventory.
Attachment 3 is "The Critical Safety Function Status Trees I Basis Document", and Procedure EOP-CFST-1 in draf t form. They Attachment 4 is "The Emergency Operating and Status Trees". These documents are will be made final when the Emergency Operating Procedures are implemented.
DR2 3/4
The " Critical Safety Function Status Trees Basis Document" basically lists the Critical Safety Functions and describes the use and organization of the Status Trees. It also explains how the Status Trees are used in evaluating the Critical Safety Functions. The " Emergency Operating Procedure EOP-CFST-1 and Status Trees" document shows graphically the Status Tree for each Critical Safety Function and explains the significance of the colors used.
Of the total parameters that were selected for the Safety Parameter Display System, fif teen are utilized in satisfying _
the Critical Safety Functions. The parameters are as follows:
- 1. Neutron Flux
- 2. RCS Cold Leg Water Temperature
- 3. RCS Pressure
- 4. Core Exit Temperature
- 5. Reactor Vessel Level .
- 6. Degrees of Subcooling
- 7. Containment Sump Water Level
- 8. Containment Pressure
- 9. Containment Area Radiation
- 10. Reactor Coolant Pump Statuss'
- 11. Pressurizer Level
- 12. Steam Generator Level
- 13. Steam Generator Pressure
- 14. Auxiliary Feedwater Flow I 15.
t&-
RCS Loop Average Temperature.
REncTon TM/P The other forty-six parameters will be included in the SPDS data base because they have been determined to be important in aiding the operator in determining the status of the plant. Most of these parameters will be used in developing graphic displays which will be used as an operator aid.
17 l'L A N Tgno V5NT Fl*"VEN r pLnar og CoH7AwM N TA E*'^' ' $A *'* # "' * * ""~#
R Et CA S E fowys.
j G. /VlAUV $ TfA/M WA D/ A Y) O SI I l l
l DR2 4/4 I
b Y 4 c4 m 8 2 I g- o htJ.w g
,e J.,.
k~
'23 snj,p ?R S h5 b o .1 b O Qs y
4 kw s eO s
g+A qg
)sv>j Q l9 2 a
- s
- e6 # 3e v-O d m) o a'2e
- D o
OW a ayU e 9
d 2'
4 3 '8 *'e ys J g a
e
.j 3 d3 # e av 4 is J d 2* 3# 6y8 s C MF($5 y 4 7 s
- )0F o
2
( 'u n3 w#3 b}J
- I f o
I y
J M
- b y aw.g r
q o
e eoP
- e. ,, O d
,3 -_3 5
b 7 AO y ,2 4 %
_Q t m.
2 L s .o 3 e es, e. 1. 3r 3. q) a[.
$3F .-
e %
I t
.-@g.
t h
C 1
J # 1 4 L Li.
(
2 W T c6 4
.,_. ." - . _ . . . . , .. .. c. I c. g o
2 t
I
,.......--..-____--,7--........-------..---, ,
l: . ll
.. li ,
i '
s=,2 ,i -
-. s a __ s g::: I i1 -$ :!s i i - - , ;
- l't e
5 u8 i I
< 2 i
' ~
, i . . ..
I b3> t E" ,E h "I +$
sg
- ss;E -
i1 g !Tb* g l si i ,4 io - , i: ,
- t i ,
. .{ ' g=
.. . . . . - - . . , '; i u... ... ....-. . ,
' ,E
~
- I ,f t %=,I 8 3I '
i 8 5 :e go.:g _.
,i,j
- i >- 8
- e 5:
go.g !!:o:
o wg --
i .a*
', *v s* *:a 5"5 se:i 2
- e. .. .
i li !!! " l 'j i lt i f f i l
?e* ll :=,e ' is s :=.e 4 -ll2 ' i : -
H -
sg
. E'
~
5 e e
. 8 u
":. 8:8 u .
I','
, , y' v . ) lg - 1 ', '
Is i
!' I c ig e
' '..........._....al
}
g> c.u ,----.. + g.....--.....a t_ , )<. ..
a
,, w . n .. . s. . _ ,. w >
< e 9 v h8 g' t.\ .
a o .
+., 3 eJ o -
t 2 ,
4 p . e af - .. .L t a
a.
'\.
- . g4
~
.a - 5 w il
, .k< -
- no
'g. 1 o C-g
4 E ... E Ig' e ylj g
}Eg n
r 2: -l i !!.: -
~
- f!. T , i a: l.,
I s,8 0, s-o I $[ I Es: M n P5:
2
'E' b o a - ooc n . w a ;
$ m s. l E E I -
- L. J g9 o . !!!
pe n .a X
- x l ',';e b
- u s
o ir 2<*
I*y. ~
v g 3 c____________,
.. .. l I ti? is.
1 g[ I,
- g. *[. o ,l i5
.. . i i 2 d= -I
- I ;li!
i i .l-',i i 1 I
=
q.i iI i ; i I,pl I i I I. l s t .
. IE g . .________., .
1 g, ,
s l l
.. L___________J
~ - _._._
ATTACHMENT 2 SALEM GENERATING STATION UNITS 1 AND 2 SAFETY PARAMETER DISPLAY SYSTEM PARAMETERS
- 1. Neutron Flux - Source, Power, and Intermediate Ranges, Start-up Rate.
- 2. Rod Control Positions
~
- 4. RCS Cold Leg Water Temperature
- 5. RCS Hot Leg Water Temperature
- 6. RCS Pressure .
- 7. Core Exit Temperature
- 8. Coolant Level in Reactor
- 9. Degrees of Subcooling (calculated)
- 10. Containment Sump Water Level
- 11. Containment Pressure (Wide and Narrow Range)
- 12. Containment Isolation Valve Position (excluding check l valves)
- 13. Containment Area Radiation
- 14. Noble Gas Ef fluent Radioactivity f rom Condenser Air Removal System.
- 15. Containment Hydrogen Concentration
- 16. Containment Effluent Radioactivity (Plant Vent)'
- 17. Radiation Exposure Rate (Fuel Storage Room, Charging .~
j,,,t*
Pump Room, Fuel Handling Building, and Mechanical Penetration Area)
- 18. Radiation Exposure Rate (Electrical Penetration Area)
- 19. RHR System Flow
- 20. RHR Heat Exchanger Outlet Temperature DFl.1 1/03
ATTACHMENT 2 (Continued)
- 21. Accumulator Tank Level and Pressure
- 22. Accumulator Isolation Valve Position
- 23. Botic .'.cid Charging Flow Flow in HPI System (Charging Pumps Discharge)
I
- 24. .
- 25. Flow in LPI System (Safety Inspection Pumps Discharge)
- 26. Ref ueling Water Storage Tank Level 27 Reactor Coolant Pump Status
- 28. Primary System Safety Relief Valve Position
- 29. Pressurizer Level
- 30. Pressurizer Heater Status
- 31. Pressurizer Relief Tank Level
- 32. Pressurizer Relief Tank Temperature
- 33. Pressurizer Relief Tank Pressure
- 34. Steam Generator Level
- 35. Steam Generator Pressure
- 36. Main Steam Flow
- 37. Main Feedwater Flow
- 38. Auxiliary Feedwater Flow
- 39. Auxiliary Feedwater Storage Tank Level
- 40. Containment Spray Flow Additive Rate
- 41. Heat Removal by the Containment Fan Heat Removal System
- 42. Containment Atmosphere Temperature
- 43. Letdown Flow
- 44. Volume Control Tank Level
- 45. Component Cooling Water Temperature to ESF System DFl.1 2/03
ATTACHMENT 2 (Continued)
- 46. Ccmponent Cooling Water Flow to ESF System
- 47. High Level Radioactive Liquid Tank Level
- 48. Radic.vtive Gas Hold Up Tank Pressure
- 49. Control Room Emergency Ventilation Damper Position
- 50. Auxiliary Building Emergency Damper Position
- 51. Fuel Handling Building Emergency Damper Position
- 52. Status of Stanby Power and Other Emergency Energy Sources Important to safety.
l
- 53. Control Ai r l
- 54. Main Steam Radiation
- 55. Wind Direction
- 56. Wind Speed
- 57. Estimation of Atmospheric Stability
- 58. Steam Generator Blowdown Radiation a I'
- 59. Condenser Availability (Condenser Vacuum and Circulator Amperes)
- 60. RCS heat up/ cool down rate (Average Loop Temperature)
- 61. Main Steam Isolation Valve Position I
I DF1.1 3/03 o
Atttchm;nt 3 CRITICAL SAFETY FUNCTION STATUS TREES (CFST)
BASIS DOCUMENT
1.0 INTRODUCTION
The Critical Safety Function Status Trees ares used to monitor efecific plant conditions while the Emergency Operating Procedures are in use. The conditions that are monitored relate directly to the barriers to release of fission products to the environment. These barriers are the ~
fuel matrix and cladding, RCS pressure boundary and Containment.
Protection and Control Systems, augmented by trained operator response to annunciator alarms and backed by Technical Specifications, serve to ensure that small departures frca preferred operating conditions are rectified before any ,
challenge to the Critical Safety Functions develops.
Failures in system components and the Protection System can create conditions which threaten the integrity of one or more barriers.
The Status Trees determine when these challenges are present and designate Functional Restoration Procedures to use to correct the condition.
2.0 ORGANIZATION The six Critical Safety Functions evaluated by the Status I Trees tre necessary to maintain the integrity of the three barriers to fission product release.
The first barrier is the fuel matrix and clad. Three conditions are necessary te maintain fuel integrity during accident conditions:
- 1. Maintenance of suberiticality to prevent power generation and excessive fuel temperatures.
- 2. Maintenance of adequate Reactor Coolant inventory to allow Core Cooling.
- 3. Maintenance of Core Cooling to remove core decay heat.
The second barrier is the RCS pressure boundary. Three conditions necessary to maintain RCS integrity are:
- 1. Maintenance of the secondary Heat Sink to provide heat removal from the RCS.
- 2. Prevention of Thermal Shock to the Reactor Vessel which could lead to vessel brittle fracture.
Salem Unit 1 Draft A Rev.
Attcchmant 3 CFST BScic
- 3. Control of Reactor Coolant inventory to prevent filling the pressurizer and loss of RCS pressure control.
The third barrier is the Containment. The Containment Environment (pressure) is controlled to prevent -
overpressurization of the Containment structure.
The six Status Trees relate to the above conditions as shown in the table below.
Critical Safety Function Status Tree Functional Restoration Suberiticality 3.1 Shutdown FRSM Margin I Core Cooling 3.2 Core Cooling FRCC Secondary Heat Sink 3.3 Heat Sink FRHS Thermal Shock 3.4 Thermal FRTS Shock Containment 3.5 Containment FRCE Environment Reactor Coolant Inventory 3.6 Coolant FRCI Inventory Also shown is the Functional Restoration block used by each Status Tree to restore threatened Critical Safety Functions.
3.0 CFST USE 3.1 Status Tree Scanning The Status Trees are used by an SRO licensed individual in the Control Room to monitor Critical Safety Functions I while the Desk Operator and Control Operator respond to a unit trip or Safety Injection with the Emergency Operating Procedures.
Status Tree scanning begins when EOP-TRIP-1, " Reactor Trip or Safety Injection" is departed. EOP-TRIP-1 also directs Status Tree use if the SI cannot be terminated but the problem has not been diagnosed. The Status Trees are evaluated in order while the fault specific EOP is conducted. The Status Trees are scanned continuously until all Critical Safety Functions are satisfied. The Status Trees are then scanned periodically until the event is terminated.
Salem Unit 2 Draft A Rev.
Attrchmint 3 CFST Basic 3.2 Functional Restoration Priorities I Priority of a Status Tree designated Functional I Restoration is determined by the color of the condition and the order of the Status Trees. Red is the highest priority condition, followed by orange and ye'llow.
Gre:n is used to signify that a Critical Safety Function is satisfied. The Status Trees are arranged in descending order of priority.
Color is considered first, then order. Thus a Red condition on Status Tree 3.1 would have priority over all other challenges to Critical Safety Functions.
Likewise an Orange condition on Status Tree 3.5 would have priority over a Yellow condition on any Status Tree.
3.3 Response to an Unsatisfied CSF When a CSF is evaluated as unsatisfied a Functional I Restoration is identified. Performing the Function Restoration removes the challenge to the CSF.
A Red condition requires immediate suspension of the EOP I in use. The current step is noted and the page marked for later reference. The Functional Restoration is initiated and continues until the challenge is removed.
The EOP in effect is then resumed unless an additional Red condition is present. Note that if a Red condition is identified while a Functional Restoration is in progress for a lower priority Red condition, the lower priority procedure is suspended and the higher priority Functional Restoration initiated.
I When an Orange condition is encountered, note the associated Functional Restoration and continue tree evaluation. When the current pass through the Status Trees is complete, initiate the Orange related Functional Restorations in order of importance.
A Yellow condition is a slight challenge to a CSF and I could lead to a serious challenge if not corrected.
Initiate Yellow condition Functional Restorations when practical.
4.0 REFERENCES
4.1 WOG Guideline F-O " Critical Safety Function Status Trees" Rev HP-Basic.
I END OF PROCEDURE FINAL PAGE I Salem Unit 3 Draft A Rev.
I
Attcchmant 4 I EMERGENCY OPERATING PROCEDURE EOP-CFST-1 CRITICAL SAFETY FUNCTION STATUS TREES 1.0 ENTRY,CpMDITIONS 1.1 EOP-TRIP-1.
2.0 STATUS TREE USAGE 2.1 Initiate CRT tests 23 and 41 to facilitate monitoring CORE EXIT TC's. If PRODAC 250 not available, then direct Performance Department to perform Emergency Surveillance Procedure PD-14.3.010, " Extended Range Reading of Incore Thermocouples" and establish contact -
with operator monitoring CSFT.
2.2 START Status Tree evaluation after departing EOP-TRIP-1,
" Reactor Trip or Safety Injection."
2.3 IF a Red is encountered, immediately go to the designated functional restoration procedure. The EOP in effect is resumed when the Function Restoration is completed unless otherwise directed.
2.4 IF an Orange is encountered, note the designated functional restoration procedure and continue status tree evaluation. When the current pass through the trees is complete, initiate the designated procedures in order of importance unless otherwise directed.
I 2.5 IF a Yellow is encountered, note the nature of the deficiency and continue status tree evaluation.
practical, initiate the designated procedures unless When otherwise directed.
2.6 The Status Trees are arranged in descending order of importance. Consider the condition color and then the procedure order to determine the priority among a group of Functional Restorations.
Red conditions require suspension of the procedure in I
i 2.7 e f fect. Orange and Yellow condition Functional I
~
Restorations take precedence over any conflicting procedure steps in the EOP in effect.
I Salem Unit 1 1 DRAFT C
.. . Attachment 4 EOP-CFST-1 I 3.0 Critical Safety Function Status Trees 3.1 Shutdown Margin.
3.2 Core Cooling.
~
3.3 Heat Sink.
3.4 Thermal Shock.
3.5 Containment Environment.
3.6 Coolant Inventory.
I I
I FINAL PAGE I L 1
l l
I G I l 2 DRAFT C Salem Unit 1
Attachment 4 CRITICAL SAFETY FUNCTION STATUS TREES I
I I
i e
3.1 SHUTDOWN MARGIN
. s GO TO I".E- 1.
. D CC TO TPS4-1 GO "O E7SM-2 ER RME N I.ESS THAN -
, r> - -
Y INrEPMEDIATE PANGE SUR N I MORE NEXIATIVE l-
~
THAN .2 DPM INTE;tEDIATE Y BME SUR N ZERO OR -
NEGATIVE -
CS7 O SxT SOLTCE RME N ENERGIZED _
GO TO
??S4-2 l SOUFCE RME N SUB NEGATIVE OR ZERO Y
~
O' .
Y
. O SAT A'
[ _ .
i 3.2 CORE COOLING em I raCC-1 I -
.C CCRE EXIT g Ts I245 ~
RVLIS NARRCF N THAN 1260'F E CE GREATER -
Y f THAN 4 0 %
Y COPI EXIT
'ICs IISS N
- THAN 700' - k TO Y
AT IIAST N CC TO ONE RCP t FRCC-2
'- "' {
RLMJING RVLIS NAPPCW I . Y PANGE GREATER N
RCS - IHAN 40% _
SL"3COOLHJG N GPIATER T EJ - Y lo'r Y CO IO
\, FPCC-3 I - t M TO g FPCC-2 g RVLIS WIDE RANGE GREATER TEJ 44S 4 RCP -
, 301 3 RCP Y
20% 2 RCP I 13% 1 RCP L. CC ':0
-3
- I .
O O ;; l g
l
'g .
3.3 HEAT SINK I
I GO T l
RHS-1 l
m:AL l EEEDGTER N
~
FIfW TO ~
l SGs GREATER
. THAN 22E041bn Y l l
C-O TO i NARROW RANGE )
??RS-2 IEL GREAIER N {
'I 107. IN _
AT LEAST ONE PRESSURE LESS -
y THAN 1125. pSIc N IN ALL SGs l Y CC T I FTIS-4 t% RIM RANGE l LEVEL L3 S :N I'.iAN 67% IN ,
ALL SGs y CC TO I rRHS-3 PRESS LESS N THAN 1070 3 PSIG IN ALL SGs y
'CO T EPES-5 NARRCH RANGE LEVELS GREATD' N THAN10% IN _
I 4 ALL SGs Y
..- -O:
I 3.4 THERMAL SHOCK I
I l
- m S-1
%W I R r wasuRE TEMPERATURE POINT TO N
RIGHT OF IJMIT A Y f %%
rRTS-1
^', I l RCS CCLD IIG TIMPEPATURE N GPIATER TFRJ I
~
8 261 F Y
I E. 2?I N RCS COID LEG N
[ DECREASE LESS ~
NAR'RE I N 100 3F IN GREATER T x; _
IAST 60 Y 291 *F MIN. Y I -
O ??
I mm FRIS-1
-- N TEMETRATURE GREATER THAN l
261 F I BCS PRESS LESS THAN CDID N
y GO 7C
- l OVLw n.5SURE FRTS-2 SETPOINT Y 375 PSIG I
CSF SAT RCS TD N N -l I - GREATER 7EAN 312 F I O CSF I :
I- 1
I 3.5 CONTAINMENT ENVIORNMENT
- @M FRCE-1 l l
CCtC A HI C C N
PRESSUPI LESS
=-
THAN 47 PSIG -
Y Co m '
l
_ . C-1 Cce=An:en I PPISSUPE LESS THAN 23.5 PSIG -
N Y
CC TO I FRCE-2 I COEAIN C C STEP L5.V. EL N
I IISS THAN fax FIDOD IEVEL Y GO 'IO FRCE-3 CONIAE2C C I N t
RADIATION IISS THAN R-44 Amtm y CSF O SAT I ,
me D
3.6 COOLANT INVENTORY I ,
CD %.
1 FPCI-3 I . RVLIS INDICATES N
I
~
UPPER HEAD FULL Y I
- l CO TO FPCI-l I
PRESS RIZER N -
~
LEVEL LESS ~ ~
THAN 92% ~
CO 'IO Y FRCT-2 I PRESSURIZER LEVEL GREATER THAN 17%
Y CO TO l M -3 RVLIS INDICATES UPPER HEAD -
Y
. e O !?
I I
I
SAFETY PARAMETER DISPLAY SYSTEM IMPLEMENTATION PLAN
- 1. SCHEDULE
- a. DESIGN PHASE 9/84
- b. DEVELOPMENT PHASE 9/85
- c. INSTALLATION PHASE 12/85
- d. FIELD TESTING, OPERATION ,
AND ACCEPTANCE PHASE 5/86
- e. FULLY OPERATIONAL 12/86
- 2. VERIFICATION AND VALIDATION PLAN Verification and validation will be conducted by the computer system vendor. The progran will be developed using NSAC-39 " Verification and Validation for Safety Parameter Display Systems" as guidance and will address the traceability of requirements of hardware and sof tware and I provide independent review. The V & V activities will be performed by a team which is completely independent of the development effort.
DCl l
V f
6 l 0
(REVISED) HUMAN FACTORS SPDS GUIDELINES Prepared for Public Service Electric and Gas i Salem Station Units 1 and 2 GP -r,-211010 August 8, 1985 f
C 0
0 .
General Physics Corporation Columbia, Maryland f o
f GENERAL PHYSZCS CORPORAT20N
' TABLE OF CONTENTS 1
In 1on.............................................................
3 2
Section 1. Ioc a t io n a nd La y ou t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 1.1 Convenience......................................................... 2 1.2 Ac c e s s ib i l i ty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Control Board Location.............................................. 2 I 1.4 visibility.......................................................... 4 1.5 Readability......................................................... 5 1.6 Non-Interference.................................................... 5 1.7 Control of Images...................................................
6 Section 2. In f o r ma t ion Re qu i r e me n t s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6 2.1 Cr i t i c a l Sa f e ty Fu nc t i on s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
I 2.2 2.3 Specific Parameters.................................................
Current Status......................................................
6 6
6 2.4 Transient and Accident Sequences....................................
I 7
2.5 Validation of Data.................................................. 7 2.6 SPDS Failure........................................................ 7 2.7 Mag n i t u d e s a nd T r e nd s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9 k y Section 3. Display Formats..............................................
9 3.1 General Considerations.............................................. 9 Primary and Secondary Display Formats...............................
I 3.2 3.3 3.4 Or g an i z a t ion o f Da ta . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
T r e n d Da t a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11 14 15 3.5 Time-History Data...................................................
I 15 3.6 Bar Chart........................................................... 16 3.7 Deviation Bar Chart................................................. 17 3.8 Circular Profile....................................................
18 l Section 4. Display Techniques...........................................
18 l 4.1 Ge ne r a l Co n s id e r a t io n s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 l 4.2 Graphic Representation of Variables.................................
I 4.3 4.4 Perceptual Aids.....................................................
Display Patterns....................................................
S t a tu s Se tno i n t s . , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
20 24 24 4.5 26 Section 5. Ope r a tor /Compu te r In te r f ace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 5.1 Operator / Computer Dialogue.......................................... 27 5.2 Prompt ing , m s s ag e s a nd Fe edb ack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 5.3 Data Entry-Keyboards................................................ 31 5.4 Compu te r Fu nc t ion Con t r o ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 5.5 Symbols and Characters..............................................
I 5.6 Multiple-Page Considerations........................................
34 36 Section 6. Design Requirements.......................................... 36 I 6.1. Single-Failure Cr iter ia and Class lE Requirements . . . . . . . . . . . . . . . . . . .
6.2 Isolation from Interference.........................................
6.3 Se i sm ic Qu a li f ic a t ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
36 36 36 6.4 So f t w a r e Se c u r i ty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
.I I ._
GENERAL PHYSICS CORPORATION 37 Section 7. Pr ocedur al and Tr a ining Requ ir ements . . . . . . . . . . . . . . . . . . . . . . . . . 37 7.1 StatEing............................................................ 37
' 7.2 Op e r a to r Tr a i n i ng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 7.3 User Documentation..................................................
1 l'
1 a
I I
,I I
I f
9 9
I
. f p ..
l l
f .
e
- _.__ -
I l C ,,,, ,
i l <
my ow s F40CIAM DISCOVIAIR DEATE FILLS M J
I AAALT8T l
hk l
FILLS OUT s'.M:TTED TO .
SCFTWAgg SOFTWAAI 12 LEA 51 FotM L13RARIAN I F5EM. R2F.
CCS RIVIEW3 I trY1EWS AND sicks SOFTWAAE aC3 AND 1551 3 5 12LIA51 FOM I 325PoustBILITT
=
70aN SL'am a TED ANALYST 70 $0FTWA12 CDRA2 CTS LlatART AND E1808 LINE 850 I .
, LINE SSD 3 -
-T k. .
I -
' ~
i
, Link t
M .memen N e
m =amg>
i I .
SOI'NARE RELIASE TOPJi ne following is sube.itted to configuration management controls Document i Title Program Name
, his is a complete release C Partial release If partial release, explain:
. his is C original release C revision if revision, list all relevant NCRs ~
i l
I Released by Systems Engineer ,
Date Approved by Systems Engineer Date o
V&V DOCUMENT DOCUMENT LEVEL REVIEW NCR'S MCR'S f TITLE REVISION CllANCE DATE ENGINEER BY DATE GENERATED INCORPORATED PS-LVC-006 Bulk Verification 0 6/5/85 RM LR Program PS-LVC-017 Operational Limits 0 8/8/85 ML TM Curve Display Back-ground Generator PS-LVC-Ol9 Alarms O 8/16/05 RVW TM 8/12/85 920-922 .
FS-LVC-024 IDT/ Host 0 8/13/85 AM TM 8/26/05 926-931 ,
Communications Protocol e PS-LVB-022 Report Formats O 8/13/05 MM LR 8/28/f 5 l PS-LVB-023 Alarm Message 0 8/13/E5 MM LR 8/29/f 5 950, 951 Format P2-LVC-021 Fluid Prope.rty 0 8/16/E5 ML TM 8/23/8 i 925 Calculations PS-LVC-001 ERF Computer Data O 8/9/85 MM TM/KO 8/22/8 i 923 Base .
PJ-LVB-025 Off-Line Diagnostics O 8/21/E 5 SB TM/NL 3/18/85 listing for Gould SEL 32/87 PS-LVB-026 Failover 0 8/28/1 5 ML TM 9/10/8S PS-LVB-022 Report Formats 0 1 8/26/1 5 MM LR 9/10/85 l PS-LVC-001 ERF Computer Data Base 1 8/26/1 5 W TM 9/12/85 923 PS-LVB-017 SPDS Displays 0 1 8/26/1,5 m 1M 9/16/85 975, 976 PS-LVC-022 Report Formats 0 9/12/1 5 m LR 10/2/8'i 961-964 PS-LVB-Oll Sequence of Events 1 9/25/1,5 CB TM 10/2/8 i PS-LVC-Oll Sequence of Events 1 9/25/1,5 CB TM 10/3/8h 958,960
M ~
1 Plu)CRAH NCR' S NCR'S NAllE DESCitIPTION DATE ENGINE 1G CENERATED INCORPORATED BUBOLC Bubblepic Operational 8/16/85 ML 924
- Limits Curve PTGEN Generate Steam Table P(T) 8/20/85 ML 954 TPCEN Generata Steam Table T(P) 8/20/85 ML 934 PSATT Calculate saturation pres- 8/20/85 ML sure for temperature TSATP Calculate saturation temper- 8/20/85 ML ature for pressure SOEFMT SOE Print Formatter 9/17/85 CB SOEliFI Initialize SOE llistory File 9/17/85 CB SOEP SOE Processor 9/17/85 CB SOERPT SOE Report Processor 9/1 7/ 85 CB SOETRP Request SOE Trip Report 9/17/85 CB BOMNI Build DC Data Base 9/17/85 CB DCDIG Process DC Digital Input 9/17/85 CB Points DCDRVR DC Driver / Receiver Program 9/17/85 CB DCERR Process DIS /PIU Error / Return 9/17/85 CB to Operation DCINIT Initialize DC Common 9/17/85 CB -
DCOUT Process Digital and Analog 9/17/85 CB Output Requests
REVISION HISTORY REVISION # DATE CHANGE DATE CHANGED PAGES. MC1 i (S)
I .
1 I
l 1
i l
I Figure 3-1 Revision History Page
- - ----------,n--- g -,-o----,, --, - - - g - r -,,--,,-
.l l ...
{ jh.,.. NON-CONFORMANCE REPORT I -.
. . .. - ~,
REPORT NO. SYSTEM NAME -
.l DEFICIENCY DISCOVERY SECTION I
I .
l .
TEST INVESTIGATOR DATE LOCATION I!
l TIME l '
SYSTEM MODULE NAME -
l .
PROGRAM MODULE NAME l _ MUDULE(S) CONFIGURATION LEVEL N0, REFERENCE DESIGN DOCUMENT g .
DEFICIENCY" DESCRIPTION ul i -
I I EXPECTED ~ RESULTS I
I 1 CORRECTION IMPORTANCE/NEED DATE
l 3 ) '(
NON-CONFORMANCE REPORT REPORT NO, l .
SYSTEM NAME DEFICIENCY ANALYSIS SECTION
\-l .
NAME OF ANALYST DATE SYSTEM MODULE NAME -
{l PROGRAM MODULE NAME MODULE (S) CONFIGURATION LEVEL NO.
)l
\
REFEREliCE DESIGN DOCUMENT
~
g ANALYSIS ~ FINDINGS -
g .
l DEFICIENCY ~~ CORRECTION IMPLEMENTATION I
PROBLEM" CATEGORY
! ,[' DESIGN -
DATA DEFINITION Z' LOGIC _ INTERFACE g ,[' DATA HANDLING
[' SPECIFICATION OTHER l NEW CONFIGURATION LEVEL NO.
DOCUMENTATION UPDATED (Y/N)
REV. NO.
CORRECTED BY (ANALYST) - '
DATE LINK ACCEPTANCE BY DATE lREJECTIONBY-
, DATE
PAGE1 0F 3 NONCONFORMANCE REPORT .
~ - -
LEPORT NO. N CLOff sYsTEu NAug salen zu pEFICIENCY DISCOVERY SECTION 8
e TEST INVESTIGATOR T. Morrev DATg 4/18/85 I LOCATION Singer-link TlWE SYSTEu WODULE NAME PROGRAW WODULE NAME I
~
ICDULE(5) CONFIGURATION LEVEL No ,
I REFERENCE DESIGN DOCUMENT PS-tvB-008 Svstem Paratneters Soecification 1 DEFICIEWCY DESCRIPTION P 4 SYMBOL ALACL1: com:nent states that value = 3 is blue . Value = 3 is yellow. 4 is blue per FACE Programmers Manual.
i .-
EXPECTED RESULTS Change co=nent to yellow or value to 4.
LINK ACCEPTED / DATE CORRECTION ACCEPTANCE HCR # DESCRIPTION REJECTED ASSIGNED ANALYST IMPORTANCE CATECORY DATE DATE 1 IUT Runtime Module-Appendix J A 5/8/85 AM Necessity Spec 5/9/85 9/13/85
' functions missing' 2 IDT Runtime Module-Appendixi A 5/8/85 AM Necessity Spec. 5/9/85 9/13/85 no introductory test IUT Runtime MQdule-SectionIV A 5/8/85 AM Necessity Spec. 5/9/85 9/13/85 1
multiple defines ,
IDT Dynamic Editor-Appendixl A 5/8/85 AM Necessity Spec. 5/9/85 9/13/85 4 i
inconsistent blem) Necessity Document-8 .s OMNI Igtalligent DAS- A 4/23/85 AM 5/8/85 9/13/b5
' Applicable Documents' and ation
. ' Acceptance Test' missing OMNI Intelligent DAS- A 4/23/85 AM Necessity Document- 5/8/85 9/13/85 9
demand scan function need ation 10 OMNI Intelligent DAS4 Levelt A 5/8/85 AM Hecessity Document- 5/8/85 9/13/85 maximum EtfC points /second ation 5/8/85 Hecessity Document- 5/8/85 11 OMNI Intelligent DAS A AM 9/13/85 format layouts for PY and ation DI missing Appendix A 5/8/85 AM Necessity Document- 5/8/85 9/13/85 12 Level A-3.15.2 missing ation Level A-3.15.3.4 -Figure 2 A 5/8/85 AM Hacessity Document- 5/8/85 9/13/85 13
,is missing - ation
~ ~
! l l s angetremmate- pitAss asVitu pmom sg g I-N8 TEST Fact 0R: Correctnese n
05 Assassn a r AppgeAm i gg REVI W WITERIA VA A IA NA maareIry3ogg f, " 8. Ces the date req =tred by the applieetion be I confirm the date lopete can be Fact collected with the deelred degree of reliability? generated with :1.1 deelred degree finding kg of rettebility.
Q~
- 2. Can the date be cellected within the ties I confirm the date booe hee been Fact s*E perled opecified?
established within the required findles time frame.
R$ 3. tieve the user requiremente been defleed in I confits with the usar that the thechtiet a writtnct requiremente Is writing era com-g plate.
- 4. Are the requiremente stated in meneerable X Esmefoe the reeeenallenees of the IIelk-criterte for meneuring successful throughe ternet completten of the requiremente.
- 5. Hee the project seletion addreseed the I Esemine the system specificatices IAsik-user requirementef to confirm that they setlefy three@s stated objectives .
g 6. Could teet data be developed to test the I Verify that the requirensete are Test date F* echievement of the objectiveef stated in enough detait that they could generate test date to verify compliance.
- 7. Iteve procedures been specified to evaluate X Enemine the specificettene which contiensties/
the implemented eyeten to ensure the indicate that a poet-inetettation ====d-a*1em I
requiremente are schlevedt review will occur.
e g - -- - - - - -- -- -
m M _
M0 1 N
1 2
2, 2
2 2
3 2
2 1
2 3
k--l l-2 2 2 1 T'1 A ;: 1 .
- o. 0 0 0 0 DE1 0 MI T.
A I' 1 g 1
1 2
2 2
r gi V
4 4 4 4 4 4 L-M j
. '. /
( '
/
M \
N M
M E
T I
1 2 3
~
1 h 2 3
""BT 2 2
2 2
2 2
S - - -
LI - - -
0 0 0 0 0
- L 0 ML E U
D 1
3 1
3 1
3 2
'3 2
3 2
3 O
MH/ <
[
\ /
M ,
l N
/ s M
E "A C N
M EE"LE R 1 VF - 2 3 EE 0 - - 1 2 3 0 0 - -
0 -
MLR 2 1
2 1
1
- 2 2 0 0 2
2 - -
2 -
2 2 M
(
Ml l M / /
m 1S T
TN m73EM 7ME NE 1 1
ll
l TRACEABILITY MATRIX - LEVEL 1 1-1.0 SPDS should provide a concise display of critical plant variables to the control roce operators to aid thee in rapidly and reliably determining the safety status of the plant.
Although the SPDS will be operated during normal operations as well as during abnormal conditions, the principle purpose and function of the SPDS is to aid the control roce personnel during abnormal and emergency conditions in determining the safety status of the paint and in assessing whether abnormal I conditions warrant corrective action by operators to avoid a degraded core. This can be particularly important during anticipated transients and the initial phase of an accident.
1-2.0 Each operating reactor shall be provided with a Safety Param-eter Display System that is located convenient to the control room operators. This system will continuously display infor-nation from which the plant safety status can be readily and reliably assessed by control roce personnel who are responsible for the avoidance of degraded and damaged core events. ,
1-3.0 The control' room instrtamentation required provides the operators I with the information necessary for safe reactor operation under normal, transient, and accident conditions. The SPDS is used in addition to the basic components and serves to aid and augment these components. Thus, requirements applicable I to control roce instrtunentation are not needed for this augmen-tation.
The SPDS need not meet requirements of the single-fail-ure criteria and it need not be qualified to meet class lE re-guirements. -
1-3.1 SPDS shall be su!.tably isolated from electrical and electronic interierence with equipment and sensors that are in use for safety systems. The SPDS need not be seismically qualified, and additional seismically qual-ified indication is not required for the sole purpose I of being a backup for SPDS. Procedures which describe the timely and correct safety status assessment when the SPDS is and is not available will be developed by the licensee in parallel with SPDS.
I l-3.2 Operators should be trained to respond to accident con-l ditions both with and without the SPDS available. l E l-4.0 here is a wide range of useful information that can be provided by various systems. This information is reflected in such staff documents as NURBG-0696, MUR9G-9435, and Regulatory Guide 1.97.
Prompt implementation of an SPDS can provide an importar t contri-bution to plant sattey.
The selection of specific information that should be provided I for a particular plant shall be based on engineering judgement of individual plant licensees, taking into account the importance of prompt implementation.
TRACEABILITY MATRIX - LEVEL 2 2-1.0-1 3.15.8.1 SPDS will concentrate a set of plant parameters or derived variables onto the Safety Parameter Displays.
2-1.0-2 3.15.8.9 Alarms, alarm clears, and significant alarms are to be displayed.
2-1.0-3 3.15.8.10 Display area to be dedicated to graphic displays, graphic trending, operator guidance, etc. .
2-1.0-4 3.15.8.12 Top Level Displays 2-1.0-5 3.15.8.13 second Level Displays 2-1.0-6 3.15.8.14 Third Level Displays 2-1.0-7 3.15.8.15 Fourth Level Displays 2-2.0-1 3.15.8.1 SPDS will concentrate a set of plant parameters or derived variables onto the safety Parameter Displays.
2-2.0-2 3.15.8.9 Alarms, alarm clears, and significant alarms are to be displayed.
2-2.0-3 3.15.8.10 Display area to be dedicated to graphic displays, graphic trending, operator guidance, etc.
2-2.0-4 3.15.8.12 , Top Level Displays 2-2.0-5 3.15.8.13 second Level Displays 2-2.0-6 3.15.8.14 Third Level Displays 2-2.0-7 3.15.8.15 Fourth Level Displays 2-3.0-1 3.15.8.1 SPDS 2-3.1-1 3.15.2.1 Multiplexor subsystem to receive most of its inputs in parallel with existing process monitoring / control devices.
2-3.2-1 3.7 ERP offers the capability to aid qualified personnel to assess safety status during normal and abnormal operations.
2-4.0-1 3.15.8.1 SPDS l I 2-4.0-2 3.15.8.9 Alarm Area l
TRACEABILITY MATRIX - LEVEL 3 3-1.0-1-1 PP-2.1.12 Display Retriever 3-1.0-1-2 PS-LVB-008 System Parameters 3-1.0-2-1 PP-2.1.15 CRT Alarm Acknowledge Service Program 3-1.0-2-2 PP-2.2.2 CRT Acknowledge All Alaru Service Program 3-1.0-2-3 PU-2.9 Alarms and Messages 3-1.0-2-4 PU-3.15 Alarms and Messages 3-1.0-2-5 PU-9 Alarms and Messages 3-1.0-2-6 PT-2.25 PV Alarm Checking Records 3-1.0-2-7 PT-2.31 PV Alarm Group File 3-1.0-2-8 PT-2.37 DI Alarm Group File 3-1.0-2-9 PS-LVB-008 System Parameters 3-1.0-2-10 PS-LVB-013 Processor Mode Alarm Message Data 3-1.0-2-11 PS-LVB-019 Alarms 3-1.0-3-1 PP-2.2.9 CRT Data Entry Service Program 3-1,0-3-2 PP-2.2.13 CRT Local Function Key Service Program 3-1.0-3-3 PS-LVB-013 Processor Mode Real Time Graphics 3-1.0-4-1 PS-LVB-017 Top Level Displays 3-1.0-5-1 PS-LVB-017 Second Level Displays 3-1.0-6-1 PS-LVB-017 Third Level Displays 3-1.0-7-1 PS-LVB-017 Fourth Level Displays 3-2.0-1-1 PP-2.1.12 Display Retriever 3-2.0-1-2 PS-LVB-008 System Parameters 3-2.0-2-1 PP-2.1.15 CRT Alarm Acknowledge Service Program 3-2.0-2-2 PP-2.2.2 CRT Acknowledge All Alarm Service Program J
3-2.0-2-3 PU-2.9 Alarms and Messages
TRACEABILITY MATRIX - LEVEL 4 4-1.0-1-1-1 DISRET (PACE) 4-1.0-1-2-1 System Parameters (PACE) 4-1.0-2-1-1 ALJECK .(PACE) 4-1.0-2-2-1 ACKALL (PACE) 4-1.0-2-3-1 PACE Alarms and Messages (General) 4-1.0-2-4-1 PACE Forn 750A 4-1.0-2-4-2 PACE Forn 750B 4-1.0-2-4-3 PACE Porn 750C 4-1.0 .1-4-4 PACE Forn 750D 4-1.0-2-4-5 PACE Forn 752A 4-1.0 H PACE Forn 752E 4-1.0-2-4-7 PACE Forn 752C 4-1.0-2-5 1 Alarm Display / Acknowledgement 4-1.0-2-4-1 PACE File 152 4-1.0-2-7-L PACE File 164 4-1.0-2-4-1 PACE File 178 4-1.0-2-9-1 System Parameters (PACE) 4-1.9-2-10-1 PEISM 4-1.9-2-11-1 A1 AID 4-1.0-3-1-1 CPACrW (PACE) 4-1.0-3-2-1 CPIDCF (PACE) 4-1.0-3-3-1 CarrRY (FACE) 4-1.0-4-1-1 Top Level Displays j 4-1.0-5-1-1 second Level Displays
7_-_______
I TRACEABILITY MATRIX - LEVEL 2 2-19.0-12 3.15.8.27 Add / Delete Trend 2-19.0-13 3.15.8.27 Date/ Time Update 2-19.0-14 3.15.8.27 calibrate Point 2-20 Display Editor 2-20.0-1 3.15.9 Display Editor .
2-20.0-2 3.15.9.1 shape Editor 2-21 SEL FORTRAN 2-21.0-1 3.15.3.19 Real-Time FORTRAN 2-21.0-2 3.15.3.20 FORTRAN Library l
l l
l l
l l
l l
TRACEABILITY MATRIX - LEVEL 3 3-20.0-2-2 PS-LVB-005 IDT Run Time Module 3-21.0-1-1 PS-LVB-010 SEL FORTRAN I/O Support Routines 3-21.0-1-2 PS-LVB-012 SEL FORTRAN Translation Support houtines 3-21.0-2-1 PS-LVB-010 SEL FORTRAN I/O Support Routines 3-21.0-2-2 PS-LVB-012 SEL FORTRAN Translation Support Routines s ..
PP: PACE 32 Programmer Manual PT: PACE 32 Technical Manual PU: PACE 32 User Manual CC: CPI RTP Digital Analog Loopback and Calibration Card Technical Manual IRCU: CPI RTP Intelligent Remote Control Unit Technical Manual DA: CPI Data Acquisition System Technical Manual AI: CPI ITP7436 Series Universal Analog Input Card Set I
TRACEABILITY MATRIX - LEVEL 4 4-19.0-14-1-1 PRISM 4-19.0-14-1-2 4-20.0-1-1-1 REAL 4-20.0-1-2-1 ARCHIE ,
I 4-20.0-1-3-1 PRISM 4-20.0-2-1-1 REAL 4-20.0-2-2-1 ARCHIE 4-21.0-1-1-1 N:FCBIO 4-21.0-1-2-1 N:XIATE 4-21.0-2-1-1 N:FCBIO 4-21.0-2-2-1 N:XLATE I
I l
I l
l l
l i
l P
1 I
~ ~ ~ ~
3
! 2.18 !1 ,
!! !! ~ -1
~
^
a
- 11 1 -
11
- j. -
r' 1 - 2!5 -
l.J!A }
l e l_ =I.
A 1. sA 8
I 1 i: -
I 3 8
} 8 4 g 2
- l , 1 -
3 1 '
T I !. 50ie : -
I 2
e :
a 3 Ia >
- i.
i k*rE g 2.E-
= j 1 5 1:
4
- - - _I f- .
1.
- s..:
4 e , .
= :: : : : : : O'4
=. B1 b 8 it.b i 3* C 3 8
=
1 3 .*
I i I 1 I
L g
4
[
? 1
- 8 le j
- g. -
].
1 =
sI:
4 s
- I 3 3 kg : '4 9 n- -
1 .: : -
- : 2: :
-f a
5 a
24 1
- 3. ;g f 2 4
se 1 u
L
- E - . .
3" 3-i X N
} 1 j j
- i. - : , . . 4 -
g,i 3 g:i j : : . .
12 2
= - :: 4 j: !! I i 1 : - -
- :: e -
- : . [
1 5:2 s -
F i :
s a I ; .:.
A
=. 3 3:f :. :
. { :. :.
- 2. ;.
.! 2 .!
< 4' .! .! !
< 24 I .
J a A J A J a a i I I .._,,w_,...._,,,,,, '
Link~
s,stscre es tu ri,tt tu, a tus enreut A2-9
M
-l '
1 . . . . . . . . J . , . 4 1 l At g
=
E3 Ej E li RI
=S E2 stordoare lheelga Phase gheview proepee g*g Test Feeters Causelatency
=0-W GU a*
,a ASSESfttfMT Em 2E E2 **
DEvipf CSITERIA VA A IA feA teF.SC8 t rileII ApreftAm tota G
j I. Are deelye documente comelstent with system dientees in time requirement specificottent WettfF deelge dec m oetetten to Oseftrastles/
to comeleteet with requireesete. esentention
- 2. Is the hardeere provided comatement with eiss herdware specified le the requirensetet Verify att spectfled hardware to nonfireettem/
provided.
seesteetten
- 3. Rethe actest I/O potet coment cemetatent with the eyetse opecificottent Verify 1/0 pelet count to Coatismettes/
commistent. esselsatten
- 4. Are the toterface requirenoots of the remote t/0 equipeset Werify entract laterfaces are rantireettem/
camelotest with those provided la the ceter coagniest provided.
4 9 ressemetten
) un 3. le the requireerst specified redisadency providedt i verify sl! specified tierhte to Chef f reet teel provided.
i seenteetten l-I J
i i
l tempe
$' l 1..
SHUTDOWN MARGIN DISPLAY TEST !
1.1.3
)
PURPOSE: THE PURPOSE OF THE SHUTDOWN MARGIN DISPLAY TEST IS TO )
VALID ATE THE DISPLAYS ASSOCI ATED WITH TNE CRITICAL SAFETY FUNCTION FOR i SHUT 30dN MARGIN.
FUNCTION: THE FUNCTIONS 70 EE TESTED ARE THE DISPL AY FORMAT'S CONFORMITY TO DESIGN SPECIFICATION, INCLUDING COLOR, TEXT, FUNCTIONALITY AS A CRITICAL SAFETY FUNCTION ST ATUS TREE, P AGING, T A891NG, AND 10'0 M I N G .
INPUTS: THE FOLLOWING SIMULATED ANALOG INPUTS ARE REQUIRED:
- 1) POWER RANGE TRANSMITTERS XA5711, XA5712, XA5713, AND XA5714
'2) INTERMEDIATE RANGE SUR TR A'NS MITTE R S X A 5705 AND XA5706
- 3) SOURCI RANGE TRANSP.ITTERS XA5699 AND XA5700 OPERATOR IhPUTS WILL 9E THROUGH THE CRT KEYSO ARD QUTPUTS: THE CRT DIS *L AY 'WILL BE USED FOR OUTPUTS. THE VIDE 0 COPIER MAY SE USED TO COPY THE DISPLAYS F3a DETAILED EXAMINATION AT THE DISCRETION OF THE TESTE4 RES80NSE TO KEYSOARD ENTa!ES 5%ALL SE NO MORE
' THAh 1 SECON3.
TEST SETUP: THE SPDS WILL SE BROUGHT Up, IF IT IS NOT'ALREADY UP.
I THE POWER RANGE TRANSMITTER $s THE INTERMEDIATE RANGE SUR TRANSPITTERS, AND THE SOURCE R ANGE TR ANSMITTERS WILL ALL SE SET TO O AND NOT FAILES.
THE CSF 30: DISPLAY WILL BE 3ROUGHT UP DN ONE CRT.
PROCEDURE:
l l I
- AGE-1
l
\
1 V.
1.1.3 SHOTDOWN MARGIN TEST
!STED ! TEST / EXPECTED RESULTS ! DATE ! RESULT ! Ih!T !
! 1 !0BSERVE THE CSF BOX DISPLAY. THE "5"! ! ! !
I !
! COLUMN SHALL SE GREEN.
2 !TAS TO THE "S" COLUMN AND *RESS THE
! !IDOM KEY. THE SHUTD04N MARGIk ! ! ! !
! ! DISPLAY SHALL SE DISPLAYED. ! ! ! !
! 3 ! VERIFY DISPLAY VERSUS DOCUMENTATION ! ! ! !
! !(PS-LVa-017 APPENDIX C) THERE SHALL ! ! ! !
! !2E A GREEN PATH FROM THE " START" ! ! ! !
! !aLOCK TO THE FIRST " SAT" 9 LOCK. ALL ! ! ! !
! !OTHER PATHS SHALL BE WHITE. THe aca e e e e
! ! BLOCK SHALL BE GREEN. ! ! ! !
! 4 !V!RIF f.TH AT THE T AS KEY MOVES THE ! ! !
I 1
! ! CURSOR THROUGH EACH OF THE CSF PLCCKS! ! ! !
! ! AND TO THE FRSM-1 AND FRSM-2 9 LOCKS. ! ! ! !
r* !
5 ! CHANGE XA5o99 (UrNM31rA.SP) T3 &
! NEGATIVE VALUE.
! CHANGE ON THE CRT.
THERE SHALL 5E N0 I ! ! !
! 6 ! CHANGE XA5o99 (U=NM31FA.SP) >0. THER ' ! !
! !SHALL BE NO CHANGi ON THi CRT. ! ! ! !
! 7 ! CHANGE XA5700 (UsNM32FA.5D) >0. THE ! ! ! !
! !GREEh PATH SMALL BE REPLACED BY A ! ! ! !
! ! YELLOW ONE TO THE LEFT-MOST F*SM-? 8 I !
19 LOCK.
!TO YELLOW.
Tai "S" 6 LOCK SHALL CWANGE !
! 8 !PAGE UP TO THE CRITICAL SAFETY ! ! ! !
! ! FUNCTION DISPLAY. THE "S" 9 LOCK ! ! ! !
! !SHALL 3E YELLOW. ! ! ! !
I !
9 !IDOM TO THE SHUTDOWN MARGIN DISPLAY. !
! TAB TO THE DISPLAYED YELLO 4 SLOCK AND!
!IOOM TO THE FRSM-2 FUNCTION 8L !
! ! RECOVERY GUIDEL!N! DISPLAY. VERIFY ! ! ! !
! ! DISPLAY VERSUS *t-LVC-017 APPENDIX Cr! ! ! !
! !P11-11. ! ! ! !
! 10!PAGE UP TO SHUTD0sN MARGIN DISPLAY. ! ! ! !
. ! !0BSERVE THE DISPLAY HAS NOT CEANGED. ! ! ! !
PAGE-2
OPERATIONRL TESTING
- GORLS
- VERIFY FUNCTIONRL REQUIRENENTS SRTISFIED SYSTEN PROPERLY INSTALLED RT SITE
- SPDS INDEED ASSISTS THE OPERATOR IN DETERMINING THE PLANT CRITICAL SAFETY FUNCTION STATUS
- PHRSED TEST RPPRORCH
- BEST FACILITY URLIDATION TEST FIELD ACCEPTANCE TEST (FATP)
- STATIC / DYNAMIC OPERATIONRL
' TEST (SCENRRIO)
PRESS RETURt1 KEY TO C0t4TINUE.
, - - m APPENDIX C SPDS PRE-IMPLEMENTATION AUDIT ATTENDEES
. I I 1 i
Appendix C SPDS Pre-Implementation Audit Attendees December 5, 1985 Name Affiliation Phone Number Rod Patwell PSE&G - Licensing 4750 Larry Curran PSE&G Salem Ops 339-6000 x3026 Tom Morrow Singer 301-964-4801 Richard Stark SAIC 703-448-6470 Whitney Hansen NRC/Comex 206-823-5092 Mark Archer NRC/SAIC 703-821-5785 Leo Beltracchi NRC/NRR 301-492-4879 M. Allicock PSE&G 609-339-4839 Richard J. Eckenrode NRC/NRR/PWR-A 301-492-4882 T.R. McGuire PSE&G - Controls and Electrical Division 201-430-8744 A. Morgan PSE&G - Controls and Electrical Division 201-430-8407 Catherine Gaddy General Physics 301-964-6000 James F. Davis, Jr. PSE&G - Controls and Electrical Division 201-430-8216 J.P. Whooley PSE&G - Assistant Chief E&C Engineer 201-430-8221 11 l
<