ML20207T330
| ML20207T330 | |
| Person / Time | |
|---|---|
| Site: | Mcguire, McGuire, 05000000 |
| Issue date: | 03/29/1984 |
| From: | Tucker H DUKE POWER CO. |
| To: | Adensam E, Harold Denton Office of Nuclear Reactor Regulation |
| Shared Package | |
| ML20205H658 | List: |
| References | |
| FOIA-87-68, RTR-NUREG-0737, RTR-NUREG-737, RTR-REGGD-01.097, RTR-REGGD-1.097 NUDOCS 8703230446 | |
| Download: ML20207T330 (35) | |
Text
. _ - _ - _ -
o DUKE POWER GOMIMY P.O. I.OX 03:llo
( CilAltLOTTli, N.C. Wil242
( HAL IL TIJCKI:H m ,,,o ,
g"j ,","**,", *
(r04) ora 4 m Mr. Harold R. Denton, Director Office of Nuclear Reactor Regulation U. S. Nuclear Regulatory Commission Washington, D. C. 20555 Attention: Ms. E. C. Adensam, Chief Licensing Branch No. 4
Subject:
Duke Power Company McGuiro Nuclear Station Docket Nos. 50-369 & 50-370 Dear Sirs Pleaso find attached five copios of Revision 3 to the Duke Power Company Response to Supplement 1 to NUREC-0737 for McGuiro Nuclear Station. This C, document was originally submitted as an enclosure to my letter of April 14 1983.
In accordance with the previously submitted schedule for McGuiro Nuclear Station the attachment includes the Regulatory Guido 1.97 Report. Control Room Review Implementation Priority Schedulo, and the Safety Paramotor Display System Safety Analysis. This complates the Response to Supplement 1 to NUREC-0737 for McGuire.
Instructions for insorting Revision 3 into the McGuire document are included as part of the attachment.
Very truly yours, h0. / ff)tf 3 g' Attaciunents fo1A-B M 8 n
O cci Mr. J. P. O'Rollly Regional Administrator Hr. W. T. Orders bo i$ U. S. Nuclost Regulatory Commission Region II NRC Resident Inspector McGuiro Nuclear Station
'4M 101 Marietta Street. Sutto 3100 O@ Atlanta, coorgia 30303 No Ond Mr. R. A. Birkel. Project Manager
@ Of fico of Nuclear Reactor Regulation U. S. Nuclear Regulatory Commission Washington, D. C. 20555
/
o n' ./
Mr. Marold R. Denton, Director
- lL ' - Fage Two br has)
H L
bcca R. L. Brown u K. S. Canady H. L. Davenport G. D. Gilbert D. W. Murdock R. E. Hall C. C. Rolfe J. W. Hampton S. R. Fryo C. A. Little G. B. Swindlehurst T. C. McHeekin R. M. Glover B. C. Moore M. D. McIntosh W. H. Rasin W. M. Sample G. A. Copp N. A. Rutherford Group File GS-801.01 M. R. Crews R. L. Weber Group File MC-801.01 m
(
DUKE POWER COMPANY A MCGUIRE NUCLEAR STATION g ts Response to Supplement 1 to NUREG-0737 Document Revision Transmittal Revision Number 3 Instructions Revise Volume 1 as Described Below:
Remove Table of Contents Insert Table of Contents .
Page 1. Revision 2 Page i. Revision 3
- l Remove Table of Contents Insert Table of Contents l
Page 11. Revision 2 Page 11. Revision 3 Insert Table of Contents Page 111. Revision 3
) Insert Table of Contents Page iv. Revision 3 Remove Page 2-6 and 2-7. Revision 1 Insert Page 2-6 and 2-7. Revision 3 Remove Insert Control Room Review Control Room Review Supplemental Report Supplemental Report Units 1 and 2 (Tab 3.4) Units 1 and 2 (Tab 3.4) Page 5 l Page 5 thru Page 7 Revision 3 thru Page 7.
Revision 3 Insert Control Room Review Supplemental Report Units 1 and 2 (Tab 3.4)
Appendix D. Page D-1. Revision 3 Revise Volume 2 as Described Below Remove Table of Contents Insert Table of Contents Page 1. Revision 2 Page 1. Revision 3 Remove Table of Contents Insert Table of Contents ,
Page 11. Revision 2 Page 11. Revision 3 1
tr_-----___-_--------.u----------------------- A '
s DUKE POWER COMPANY MCGUIRR NUCLEAR STATION Response to Supplement 1 to NUREG-0737 Document Revision Transmittal .
I Revision Number 3 Instructions Revise Volume 2 as Described Below (Continued):
Insert Table of Contents Page iii, Revision 3
- Insert Table of Contents Page iv Revision 3
-- Remove Insert 4-2 4-2, Revision 3 4-3 4-3, Revision 3 4-4 4-4, Revision 3 4-7 4-7 Revision 3 4-8 4-8 Revision 3 4-13 4-13. Revision 3 4-14 4-14. Revision 3 4-15 4-15. Revision 3 4-16 4-16, Revision 3 4-17 ,
4-17. Revision.3 4-18 4-18. Revision 3 4-19 4-19, Revision 3 Remove Pages 5-1 thru 5-3 Insert Pages 5-1, Revision 3 thru 5-84, Revision 3 2
= - - "
2 INTEGRATED PLAN AND SCHEDULE FOR IMPLEMENTING SUPPLEMENT 1 TO NUREG-0737 2.1 OVERVIEW Figure 2-1 illustrates the overall Duke Power Company plan for integrating each of the provisions of Supplement 1 to NUREG-0737 at McGuire Nuclear Station.
Central to the Duke plan is the comprehensive Control Room Review (CRR) Plan which is augmented by supporting effor'.s for these additional elements:
o SPDS o Regulatory Guide 1.97 Requirements .
o Upgraded EP Program o Emergency Response Facilities Figure 2-1 also illustrates the interfaces and relationships each of the above elements and the integrated training program have in the overall plan and constitutes what Duke Power Company considers an effective plan for timely implementation and personnel training.
Duke Power Company's CRR Plan was inir.iated in October 1981 with the establish-ment of a Control Room Review Steering Committee consisting of members from the Design Engineering Department and the Nuclear Production Department.
In February,1982, an interdisciplinary Control Room Review Team was formed.
Attention was given to the Review Team orientation and training as well as the formulation of an adequate review plan and the acquisition of facilities to conduct the review program. The Steering Committee continued to provide management direction to the CRR Team and also served as the focal point for assuring proper integration of all the initiatives for improvement of 21
v emergency response capabilities (SPDS, Regulatory Guide 1.97, upgraded EP's, and Emergency 9esponse Facilities). .
The CRR Plan interfaces with the additional elements of the overall integration plan. The major elements of the integration process, as illustrated in Figure 2-1, are itemized below.
o Control Room Review Plan The CRR Plan interfaces with the elements of the SPDS development, EPG development, Post-Accident Monitoring Evaluation (R.G. 1.97) and the integrated training program. During the control room review, close coordination for technical interchange will be maintained with these additional elements of the overall plan. '
( o SPDS Duke's plans for SPDS development and revision interfaces with the elements of the CRR plan, EPG development, EP Upgrade Program, Emergency Response Facilities, and the integrated training program.
The SPOS design, development and implementation will be scheduled to take advantage of knowledge gained from the various elements of the Control Room Review and the development of the symptom-oriented emergency procedures. Further, the design of the SPDS will be an interactive process with input from various disciplines in both the development and testing phases. A Human Factors Review and Task Analysis will be performed of the SPDS and suppsrting displays by the Control Room Review Team to vali-j date the SPDS as part of the total operating system.
2-2 1
e
o Post Accident Monitoring (R.G. 1.97)
The R.G. 1.97 Evaluation interfaces with the elements for the EP Upgrade Program, SPOS, and the CRR Plan.
Emergency orocedures and SPOS parameters which were derived from the Westinghouse Owners Group Critical Safety Function Status Trees, will serve as an input for variable selection. Emergency procedures will provide lead guidance for selection of type A variables, i.e. , those variables which provide the primary information required to permit the control room operator to take specific manually controlled actions for which no primary automatic control of the safety function is provided.
o Emergency Response Facilities
( The Duke plan for establishing Emergency Response Facilities is integrated into the overall plan for improving the emergency response capabilities and interfaces with the individual elements for the SPOS and the integrated training program. SPOS information output will be available via CRT display located within the Technical Support Center.
o Emergency Procedure Upgrade Program Development of the upgraded EP's is based upon the plant specific technical guidelines and the EP's are a primary input into the Post Accident Monitoring Evaluation (R.G. 1.97). These interfaces are illustrated in Figure 2-1. Additionally, the EP Upgrade Program interface provides input into the integrated training program and will receive future input from the latter phases of the CRR Plan for appropriate EP revision.
I 2-3
o Training The integrated training program is interfaced with the elements for EP Upgrade, Emergency Response Facilities, SPDS, and the CRR Plan. Proper input from each of these elements - and future revisions or modifications
- serves as the basis for developing an effective program for training the operating crews.
Each of the above elements is described on a plant-specific basis in subsequent sections of this submittal document.
The Duke Control Room Review Plan consists of three distinct phases:
o Review Phase
( o Assessment Phase o Implementation Phase A description of each of these phases and the CRR Plan in its entirety is contained in Section 3. For initial submittal purposes, the scope of this j report only addresses the Review Phase. Results of the CRR - as identified in the two latter phases of the plan - and schedules for implementing resultant modifications will be addressed by a summary report as required by Section 5.2b of Supplement 1 to NUREG-0737. Additionally, a similar approach will be used for the three phases of the Duke implementation plan for the R.G. 1.97 provisions.
Schedules for the preparation and submittal of these two reports are shown in
, Section 2.2 of this document.
2-4
~ _. -
., . _ ~ . __ _ _ _ _ _ _ __ _ _ _ _ _ ..
The CRR Plan was preliminarily presented to the NRC Staff on May 13, 1982.
- ~
Baseduponfeedbackreceivedfromthispresentation,theuseofivailable guidance documents as referenced, and retention of qualified consulting firms the decision was made to proceed with the CRR Plan prior to the issuance of
- Generic Letter 82-33. Recognition of the NRC commitment to allow credit for good faith effort for prior work done by licensees - as stated in paragraph 3.7 of Supplement 1 to NUREG-0737 - was also considered in this decision.
4 i 2.2 INTEGRATED SCHEDULE .
Figure 2-2 illustrates the Duke Power integrated schedule for phased implemen-tation of each of the elements of Supplement 1 to NUREG-0737. This figure shows the interfaces of the individual activities throughout the overall plan on a time scale basis. This diagram is presently being used within Duke for
{ planning purposes and for coordinating the efforts of individual organizational ;
units. Since this represents the current working schedule, it is possible that j specific activites would not be completed as shown without having a detrimental effect on the overall implementation schedule. Therefore, Figure 2-2 is only 1
intended to illustrate the complex interrelation of all the activites associated i
with the total provisions of Supplement 1 to NUREG-0737. Tabulated below are 1
those items determined to be of milestone significance with proposed or actual completion dates shown on a plant specific basis. Also, the proposed Duke commitment dates for implementing each of the Supplement 1 to NUREG-0737 4 initiatives are highlighted.
Y l
i I
L
?
j 2-5
PROPOSED SCHEDULE FOR SUPPLEMENT 1 TO NUREG-0737 PROVISIONS -
MCGUIRE NUCLEAR STATION Milestone Activity Completion Date CRR o Steering Committee Formed October, 1981 o Program Concept January,1982 o Review Team Selected February,1982 o Final Draft of Review Plan May, 1982 o Plan Presentation to NRC May, 1982 o Bio Technology Hired for Human June, 1982 Factors Assistance o Mockup Space Rented and Construction July, 1982 Began o Review Phase Activities, Unit 1 May, 1983
-o Assessment of Unit 1 HED's July, 1983 o Review Phase Activities, Unit 2 September, 1983 o Assessment of Unit 2 HED's November, 1983 o SUMARY REPORT, UNITS 1&2 MARCH, 1984*
o IMPLEMENTATION SCHEDULE SEE APPENDIX D OF THE CRR SUPPLEMENTAL REPORT (TAB 3.4)*
SPDS o Initial Design Basis & SPDS Approved May, 1982 o Initial Design V&V and Dynamic Testing November, 1982 o Revised SPDS V&V January, 19.84 o SPDS Training October, 1984 o SPDS Safety Analysis March, 1984 o SPDS OPERATIONAL UNIT 1 NOVEMBER, 1984*
o SPDS OPERATIONAL UNIT 2 NOVEMBER, 1984*
- Indicates proposed commitment date 2-6 Revision 3
PROPOSED SCHEDULE FOR SUPPLEMENT 1 TO NUREG-0737 PROVISIONS -
MCGUIRE NUCLEAR STATION (cont'd) ,
Milestone Activity Completion Date Regulatory Guide 1.97 o Review Plan Development " January, 1981 o Response to NRC as part of the Unit 1 Fuel Loading Licensing April, 1981 o Formal Review Plan Established June, 1982 -
o Review Phase May, 1983 o Assessment Phase March, 1984 o R.G. 1.97 REPORT MARCH, 1984*
o Implementation Schedule See Section 5.6
(, Pages 5-16 thru 5-84*
Upgraded EP Program o Plant Specific Technical Guideline October, 1983 Development o Plant Specific EP Development April, 1984 o Verification May, 1984 o Validation October, 1984 o Training October, 1984 o IMPLEMENTATION NOVEMBER, 1984*
Emergency Response Facilities o RELOCATED EOF OPERATIONAL JULY, 1983*
- Indicates proposed commitment date 2-7 Revision 3
l 4 ' .
IIl
]'I I -
lIIll i'l ll J 1
+ N p,J_ O II T T
_ YAN NT E 7
_ - L _ A P N M7 3
Il RTO 1 E
' ' l l l
_ - MO ME0 E L -
_ G E ND 2
E CLPG N P
_ I SS I _ OR _ R RPU E NI . VD P t CA U EMSR U
_ A R
G I
F WIRN OD O I
PE O
_ T
- VE _ T F T EAN R K RA
_ I _ UGL D EP
- - T
, N 7 . ..
I Q gL I
E _
RM '
U A _
D R E
CG W _
OO E RR I
V _
PP E I i l g ,[
S E
YE R I CD MN T
NA I V
OA i
ER I GG S E
T L AIT M YIL O TI V E CI R NI NC f T ET EA N MC GF O E PA RE C RC O 7 ES ON L N MN S TE E IO EOP D i AI VT S
P S
d RR EA E EE DT R P PP &N O r OX E E
L WM E EE V I L E VP E
D RI M o G -
N)
I7 R -
. O9 1 T .
I N G. -
)
OR r M( -
i TN NO I -
O P
D l l . li jj f a '
'1: e
a m.
f .
FIGURE 2-2 INTEGRATED SClitiDULE FOR IMPLEMENTING SUPPLEMENT 1 TO NUREG-0737 MCGUIRE NUCLEAR STATION SHEET 10F 3
. UNITS 1 & 2 1982 1933 1934 ACTIVITY J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D PLANNING & DEVELOPMENT C
y UNIT 1 REVIEW PHASE E
y UNIT 1 ASSESSMENT PHASE 8
8 UNIT 2 REVIEW PHASE o
y UNIT 2 ASSESSMENT PHASE --
5 u
SUMMARY
REPORT StIMMAR RI POf T
.I PLANNING & DEVELOPMENT
~ REVIEW PHASE m
0 C
ASSE'SSMENT PHASE & R. G.197 REPORT R1 2. 1 I? IIE P(>RT SPDS DESIGN BASIS & APPROVAL INITIAL SPOS DESIGN & SOFTWARE DEVELOPED V&V --
TESTING ON UNIT 1 OAC --
REVISED SPDS DESIGN REVISED SOFTWARE f SAFETY ANALYSIS V&V
/ d SPDS TRAINING SPDS OPERATIONAL ,
[
UNIT 1 il UNIT 2 il REVISION 1
7 D
3 I N
F #, > '
0 d
2 O 1 i
I T T N E S I O
E W I H U S I
S A N V E
CI R 4 J T 1
n 9
1 J T N.
I M f M
E L
A /
- P M
I M
F J
D N
O
-- S 1 A 3 ,
1 0 3 J
- 1 -
G 9 -
E 1 J H
U M N
O A * -
T - -
1 M
T F N
E J M
E L D P
P U N
- - S
- G O NI S T
N A
,. E e M E 2 J 1
L m
, P 9 1 J M
I R M O
F A E
L M U
D F E
H C J S
1 D
E T
A R
G E L T T A N T L N I R
E N E A I
E I M P M I
R T H O P E A U O T N M &
L E L A O Y D R V E M T
I T E I V E E S D E G s A I V
T N
N D N P s
T A L O I E P N
S T I
L E A G I S
G N E O E D W I P P I A
E I R C R N T I
E I
V E R E N T A O E N L E L R I R O N A A & C I
V I A R A T U I I O T E s E G I N G G U T I N A
L G E T G P c G T E C R P I M C C R I E I
N R F E c A G M O E P M I D
2U 2 E P O R I E I
E R
E O W F
I l N
I E
L
- N W A R W W I RI L E R l N P 2 & E L E IU E E U U E I E A I M
E N I V
I G V V V V A 1 IV V E G V G R I
ER E E C c E E c c E E P P T P
RIS R D S M R R M M D R E E E U UT GI CGI N !5OE 8 gS w 3O oE >yOE5w FMU q :- 2 I!slji. ,i i)i) !* 1ii3 ij
I -
i i
l .
FIGURE 2-2 INTEGRATED SCHEDULE FOR IMPLEMENTING SUPPLEMENT 1 TO NUREG-0737 McGUIRE NUCLEAR STATION
. UNITS I & 2 SHEET 30F 3 '
19B2 1913 19M ACTIVITY J F M A M J J A S O N D J F M A M J J A S O N D J M A M J A F J S O N D l
i
, 19eFORes PAR 79CIPANTS(DUKE & OFFSITEl - - -
, T .
, e i 3 -
! O
, . INSTALL R198GOOups & E.N1 PHONES l l
! I i :
I t =
E l j REVISE EMERGE 88CY PLANS / PROCEDURES
! t b il
\ <
5 E
8
- RELOCATED EGAERGENCY
] 3 OPER ATIONAL FACILITY < ' Rd LOC LTI OI DF PEi TAT ONLL I
4 I .'
! I 1
a
. 9 t
l l d
- l E
o 4 s 4
-l 6 1
_ a ____ox. -. . _ . . . _ _ - . . _ _
8 e
'i
- r ,t
'.,ll i
.s.I1. j gii
'ff ql0
.,+
fe .i
' il
- n,
'b, s.
I <
[ .!
'?!l
/
6 a
N ~ - - - - - __. ___. ._
. [h c(yvyE (///tr5 I sL thlKEl 4 SAFETY PARAMETER DISPLAY SYSTEM
4.0 INTRODUCTION
This document describes the implementation plans for the installation of Safety Parameter Display Systems at McGuire. The approaches taken by Duke Power Company in providing these systems are consistent with the long-standing practice of utilizing in-house capabilities. This includes the use of technical and operations expertise in formulating the design of the SPDS as well as integrating the SPDS into existing highly reliable and well-developed plant data systems.
The SPDS systems described in the following meet the intent of the guidance documents NUREG-0737, Supplement 1 and was developed considering the guidance of the NUTAC Guidelines for an effective SPDS implementation program, NSAC/39, NUREG-0696, and other related documents.
{
4.1 IMPLEMENTATION PLAN 4.1.1 GENERAL SCHEDULE CONSIDERATIONS The Safety Parameter Display System is being developed in an integrated manner with other activities associated with the overall emergency response capabili-ties being developed in response to NUREG-0737, Supplement 1. ,
As in the case with other emergency response capabilities activities, the SPDS system will be developed within Duke Power Company. By utilizing this in-house capability, many years of design, operating and maintenance experience will be incorporated into the SPDS design and implementation.
i 4-1
The SPDS design, development and implementation will be scheduled to take advantage of knowledge gained from the various elements of the Control Room I Review and the development of the symptom oriented emergency procedures.
Further, the design of the SPDS will be an interactive process with input from various disciplines in both the development and testing phases. The validation and verification as well as on-line testing will be performed prior to the final installation of the SPDS to ensure an effective SPDS is provided to the operating crew. Results from V&V, on-line testing, CRR Task Analysis, Human Factors Review, and related activities will be evaluated and incorporated as needed prior to finalizing the SPDS design.
4.1.2 TRAINING
( Control Room operators, shift supervisors, and shift technical advisors will receive training on the use of the SPDS. This training will be performed in conjunction with the operator training on the new Symptom Oriented Emergency Procedures.
This training will include the SPDS logic and its relationship to the emergency procedures. The panel functions and methods of calling up and interpreting supporting displays will be ccvered. The verification of SPDS indications using hardwired and other control room indications will be provided. Invalid or indeterminate SPDS indications (due to failed plant inputs) will be identified to the operator where practical. ~
Visual aids in the form of slides representing SPDS and supporting displays will be used.
The SPDS training will be administered by the Training Center located adjacent -
to the McGuire site. In addition, appropriate instrument and electrical 4-2 Revision 3
I l
l personnel at the station will receive training on the maintenance of the SPDS and field inputs. Training records will be maintained on those required to receive training.
4.1.2.1 Training Schedule Considerations It is expected that the SPDS will be fully developed and tested prior to initiating training of operating crews and prior to final installation.
Further, since the SPDS will provide the operator with information pertinent to the new symptom oriented emergency procedures, operator training for the SPDS will be performed in conjunction with training on the symptom oriented emergency procedures.
4.1.3 MANAGEMENT
( The management of the SPDS project will be under the direction of the Control Room Review Steering Committee. Lead respansibility for the SPDS project was initially designated to be the Manager of Engineering Services of the Steam Production Department. After the initiation of this project, two major re-organizations occurred. This resulted in the Manager of Production Technical Services of the Production Support Department assuming lead responsibility for this project.
In this capacity, the SPDS Project Leader is responsible for the overall coordination and scheduling of the SPDS project. Under his direction, a number of other groups will design, review, and/or implement the S'PDS systems.
4-3 Revision 3
A complete set of documentation related to the SP9S will be maintained by the SPDS Project Leader.
Design documents, software codes, system descriptions, V&V documents, and user documentation will be reviewed and approved and controlled consistent with established procedures for these classes of documentation. Revisions to these documents will also be controlled, reviewed anc approved prior to use.
4.1.4 ROLE AND MISSION SPECIFICATION The role and mission of the SPDS is to aid the Control Room Operating Crew in monitoring the status of the critical safety functions. The primary objective of the SPDS is to provide the operating crew with an overview of the safety status of the plant and how well the critical safety functions are being k maintained.
The critical safety functions are defined by the generic Emergency Response Guidelines (ERG's) developed by the Westinghouse Owners Group. In the case of McGuire, the Emergency Procedure Guidelines identify the following critical safety functions:
o Subcriticality o Core Cooling o Heat Sink o Integrity o Containment o Inventory 4-4 Revision 3
4.1.5 LOCATION OF THE SPDS The SPDS will enable the operator to quickly assess the safety' status without taking any manual actions from his normal operating positions. Further, the SPDS will be readily viewable from a wide area in the Control Room to enable shift technical advisors and shift supervisors to readily determine the safety status of each of the critical safety functions. The SPDS displays will also be available to the Technical Support Center personnel. The SPDS will be integrated into the plant control room without adding clutter and confusion.
Further, a new and different man-machine interface will be avoided.
4.1.6 SPDS AVAILABILITY The SPDS will be reliable and readily available to the operator during normal operation and during emergency operating conditions. It is not required
(' during stable shutdown conditions nor during refueling outages.
It is not essential that the SPDS be operational for plant operations personnel to determine the safety status of the plant or to execute any of the 1
symptom oriented emergency procedures since adequate instrumentation, instruc-
! tions and training will be provided independent of the SPDS.
i
- l. .
l The plant operating crew will be trained and procedures will be in place to enable them to monitor the critical safety function status both with and without the SPDS. Further, this training and these procedures will require the operating crew to verify SPDS indications using reliable control board l
indicators prior to taking any corrective actions.
f r
I. <
i 4-5 n^ ' * -y-w3 -vm +w as r -rv v e- w&v,w- t+^s*- w-es~*-iwe--
- e--w----wr- e-9-Tz-r- *w -
+-- - - - - - - -
1 4.1.7 VALIDATION AND VERIFICATION A component (SPDS) level Validation and Verification Program will be developed considering the guidance contained in the NUTAC Guidelines and NSAC/39. The V&V of the SPDS will be performed by the Design Engineering Department providing an independent review since the SPDS design will be developed by the Nuclear Production and Production Support Departments.
Further, a Human Factors Review and a Task Analysis will be performed of the SPDS and supporting displays by the Control Room Review Team to validate the .
SPDS as part of the total operating system.
4.2 SYSTEM DESCRIPTIO,N This section describes the design of the Safety Parameter Display System,
~
Human Factors considerations, and includes a description of the Operator Aid Computer (OAC) Systems.
4.2.1 HUMAN FACTORS CONSIDERATIONS The Safety Parameter Display System will be designed with appropriate Human Engineering Factors incorporated.
4.2.1.1 Viewability The SPDS will be implemented on the Operator Aid Computer System which has three color graphic CRT's located on each unit's main control board. In this I
location, these CRT's are readily viewable from all normal operating positions.
The six color blocks, one for each critical safety function will be continuously displayed on the bottom of the alarm video. The alarm video is centrally located on the main control board. The dimensions of the color blocks are such
, 4-6
that they are easily viewable from any position within the main control area of the Control Room. Since the color blocks will always be positioned in the same relative locations on the CRT, it will be easy for the operator, STA and shift supervisor to readily determine the status of any of the six critical safety functions.
The supporting displays for the SPDS will be available to the operator on demand on the other two videos located on the main control board. The man-machine interface used by the operators to call up the supporting displays is the same as he normally uses to call up system graphics, display menus, and other 0AC programs. This man-machine interface is thoroughly familiar to the operators through their normal operation of the plant.
4.2.1.2 Information Hierarchy / Highlighting
- 4. 2.1. 3 SPOS The Safety Parameter Display System consists of logic based on the Westinghouse i Owners Group decision trees which are part of the symptom oriented emergency procedures. This logic drives the six CSF color blocks.
4.2.1.4 Other Information The SPDS is described above ; other supporting information is provided through a variety of normally available control room tools. Supporting CRT displays will be provided which will allow the operator to call up displays that duplicate each of the decision trees. The alarmed path through the tree will be highlighted and will indicate the appropriate emergency procedure to implement. Decision trees not in alarm will indicate that the critical safety function is satisfied.
. 4-7 Revision 3
. . = - . -
Further, an additional level of detail will be available to the operator.
He can determine the plant field inputs which have resulted in the logic r
generating an alarm, such as "NR level in SG A less than 5%", " Pressurizer level channel A less than 17%", etc.
In addition, the remaining OAC features such as system sentmatics, input dis-play lists, trend recording, alarms, etc. , will be availabie for the operator's use as needed.
- 4. 2.1. 5 Man-Machine Interfaces The Operator Aid Computer System Man Machine interfaces have been developed over the past 20 years and takes advantage of the feedback from operators over this period of time. Control panels are conveniently placed on the lower
( control board below each CRT. Panel functions are designed to minimize the number of key strokes required of the operator consistent with the urgency of his needs.
Response to the operator's commands by the OAC's is nearly instantaneous with displays completed within two seconds.
4.2.2 DESIGN CONTROL The SPDS logic design is the responsibility of the Nuclear Production Department's Instrument and Electrical Section. This logic was created based upon the Westinghouse Decision Trees. Inputs were selected to pro' vide the information required to drive this logic.
The software was then installed on the OAC (displays disabled to prevent -
confusion of the operators). The OAC's scan lock out program was used to 4-8 Revision 3
substitute input values to verify proper functioning of the logic. Testing of field input devices is not required since all computer inputs are checked and calibrated prior to unit startup and then periodically tested thereafter.
An independent validation and verification program will be performed by the Design Engineering Department (see Section 4.1.7).
4.2.3 RELIABILITY AND AVAILABILITY As can be seen on the chart below, availability of the OAC systems at McGuire and Oconee nas exceeded 99% when OAC downtime during unit outages is excluded.
Each OAC is fed by a dedicated static inverter which normally receives its
( power from DC batteries. Upon inverter, DC batteries or charger ftilure, a static transfer switch provides regulated AC power fro.i two independent sources.
ANNUAL AVERAGE ADJUSTED SYSTEM AVAILABILITY
- Average Adjusted 1980 1981 1982 Availability
- McGuire 1 N/A 99.27% 99.38% 99.3%
Oconee 1 99.20% 99.75% 99.83% 99.6%
Oconee 2 99.82% 99.54% 99.80% 99.7%
Oconee 3 99.43% 99.74% 99.67% 99.6%
- = DOWNTIME DURING GENERATING UNIT OUTAGE NOT INCLUDED 4-9
4.2.4 OPERATOR AID COMPUTER SYSTEM The Operator Aid Computer Systems at McGuire are Model 4400 Honeywell Corpora-tion with 64K CPU memory and a one million word bulk core memory system.
Rotating and tape bulk systems are not used due to their relatively slow memory access times and susceptability to mechanical failures.
4.2.4.1 Color Videos A compliment of five 19 color CRT's are driven by an AYDIN 5205-C color graphic video Display Generator. Three CRT's are located on the main control boards and have the following functions.
o Alarm Video - Dedicated to displaying plant alarms. Digital inputs are scanned every 400 milliseconds and are alarmed immediately upon detection.
( Analog values are scanned every 30 seconds and checked for high and/or low alarms as well as rate of change as appropriate. SPOS critical safety function status blocks will be permanently displayed on the bottom lines of the alarm video.
I o Utility Video - The utility video is also located on the main control
(
l i
board. An alpha / numeric keyboard is provided to enable the operator to select any display or program available in the OAC. Twelve chart recorder pens are operator assignable from the utility and monitor videos. These 12 pens are located on the main control board in four-three pen recorders.
Operator can select high and low ranges for any of the inputs available in the OAC.
i o Monitor Video - Same function as utility video above and includes its own keyboard similar to that described above. Panel buttons are also provided 4-10 l
to allow the utility and monitor videos to display the contents of the alarm video in case of a failure of the alarm video.
o . Performance Video - The performance video is located in the Computer Room and serves several different users to avoid interferring with plant operators in the Control Room. It is used for plant records and performance, reactor engineering, programmers console, field input calibrations, etc. All OAC displays, programs and functions are available at this console including the capability to display the contents of the alarm video.
o Technical Support Center Viden - This video is located in the Technical Support Center and has the same capabilities as the utility, monitor, and performance videos thereby making available the SPOS, supporting
( displays, alarm video information as well as access to all plant inputs to the OAC.
4.2.4.2 Typers and Printers The following printers /typers are provided. An alarm typer is located in the j Control Room which provides a hard copy of all alarms which appear on the alarm video. Also printed are status change messages such as pumps, motors, valves on/off open/ closed, etc.
A utility typer is also provided in the Control Room. This typer allows the operator to print the output of a number of programs as well as any OAC input desired. Generation and plant logs are also typed out automatically each hour.
The utility typer doubles as a backup to the alarm typer in case of failure.
i 4-11
, - - - - - , - - - - - - - - , ,-e---- ,
,,e - - - , , - - - - - - , - -
A performance typer is located at the performance console in the Computer 4
Room. Also, high speed line printers are available to type out large volumes of data from the OAC as needed. '
f 4.2.4.3 Floppy Disc Drives Magnetic floppy disc drives are also provided in the Computer Room for dumping copies of all OAC programs on a weekly basis in case of OAC program loss or damage. This allows the OAC to be restored to the latest version of system programs rapidly. .
4 4.2.5 INSTALLATION AND TESTING The SPDS will be thoroughly tested prior to being made available to the i
operator. This testing will include actual operation of the SPDS logic on the
( OAC for several weeks during startup, shutdown and normal operation. This testing will be transparent to the operators as the displays are inhibited from operating. However, an alarm summary table will be used to capture SPDS alarm changes as well as SPDS input parameter changes. This testing has been
) completed on the original version of McGuire's SPDS logic and was very useful in verifying the proper functioning of the SPDS as well as revealing some discrepancies primarily resulting to dynamic plant conditions. The results a
from these tests will be incorporated into a revision of the SPDS logic.
4.2.6 MAINTENANCE Since the SPDS is being installed in the existing OAC Systems, the maintenance functions are already well defined and organized and demonstrated by the high availability of these computers.
t 4-12 sr - 2y= '.,-w. -ew9 .pm--y-.,,yw-.7 -- w,---, y,,, -,. .i.,, -- , , yy&_m---- . _ _ -
7-_ -- - _ - - - - - .
+%<w#-w yw-, ,m mme a w e.w -w - --
i 4.2.6.1 Central Process Computer Group Briefly, a Central Process Computer Group is responsible for generating and maintaining all application software. Further, this group provides hardware 1 support and maintains a central set of spare parts for the OAC's. This group is responsible for the overall functioning of these systems including the !
implementation of factory recommended alterations and enhancements. Vendor support is also available when needed.
4.2.6.2 Station Maintenance Personnel The Instrument and Electrical Section at the station is responsible for day to day hardware maintenance and preventative maintenance of the OAC Systems.
Back up maintenance and spare parts support is generally available in less than four hours from the Central Process Computer Group located in Charlotte.
( The station also maintains a supply of normally required spare parts.
4.2.6.3 Availability Reports Availability of the OAC's is monitored routinely. Additionally, prc:sdures will be implemented to monitor SPDS logic and input performance to assure high availability of this function with periodic reviews of alarm summary tables.
t i
- 4.3 SAFETY ANALYSIS 4.
3.1 INTRODUCTION
i A safety analysis review has been performed in order to verify the technical I correctness and completeness of the McGuire and Catawba SPDS desig'n. This independent review consisted of a series of detailed comment summaries which l were provided to the SPDS designers at each phase of the design process.
) As a result of the review, the generic decision trees developed by the -
4-13 Revision 3 l
Westinghouse Owner's Group (WOG) have been slighty modified. These modifi-cations have been incorporated within the SPDS logic and also in the emer-gency procedures referenced by the SPDS. The bases for the SPDS design, a '
comparison with the generic Owner's Group methodology, and the conclusions of the safety analysis review are discussed in the following sections.
4.3.2 OVERVIEW AND BASES The SPDS is structured around the monitoring cf the six critical safety functions and status trees specified in the Westinghouse Owner's Group Emergency Response Guidelines (ERGS) dated September 1, 1983. In order of decreasing severity these functions are: Subcriticality, Core Cooling, Heat Sink, Integrity, Containment, and Inventory. This set of critical safety functions and the corresponding status trees have undergone an ex-f haustive review within Westinghouse and the Owner's Group. The September 1, 1983, Revision 1 version, which is the bases of the McGuire/ Catawba SPDS, also includes recommendations based on the NRC review of the ERGS. The NRC review culminated in the issuance of an SER dated June 1, 1983.
A Duke Power Company program was undertaken to convert the generic Emergency Response Guidelines into plant specific Emergency Procedure Guidelines. This program resulted in the identification of three modifications to the generic critical safety function status trees, each of which is included in the SPDS logic. Each modification can be considered as an enhancement of the generic version which remains consistent with the overall intent of the ER'Gs.
Modification #1: The generic status tree for Suberiticality is only valid following a reactor trip, since during normal operation the first branch point -
is " Power >5%", and a "yes" answer directs the operator to the " Response to 4-14 Revision 3
Nuclear Power Generation /ATWS" procedure. In order for the SPDS to provide ,
a meaningful unalarmed indication for all critical. safety functions during normal power operation, a new first branch point in Suberiticality, " Reactor Trip Required", has been added. A "no" answer to this first decision point is appropriate during normal operation, and a valid unalarmed condition is indicated. A "yes" answer leads to the " Power >5%" branch point for continua-tion of the generic post-trip logic.
Modification #2: The generic status tree for Integrity has been revised to alarm on high Reactor Coolant System pressure. The alarm setpoint has been selected to indicate a high pressure condition that is well in excess of normal post-trip conditions. The alarm is useful with respect to alerting an over-pressure condition and reduces the potential fcr challenging the pressurizer code safety valves.
Modification #3: The generic status tree for Containment has been revised to include monitoring of the containment hydrogen concentration.
With the exception of the above modifications, the McGuire/ Catawba SPOS logic is designed to monitor plant computer field inputs so as to generate alarm conditions consistent with the 0wner's Group critical safety function status trees.
4.3.3
SUMMARY
OF SPDS LOGIC The SPOS logic monitors the indications of pertinent plant instrumentation for comparison with setpoints that are characteristic of degraded plant conditions.
The logic is designed to provide the best representation possible for each of -
. 4-15 Revision 3
i
. l the decision points in each of the status trees. Since the decision points have been uniquely specified in the Owner's Group documentation, development of the logic was a relatively straightfoward task. Plant specific setpoints have been developed which include applicable instrument error and the effects of a degraded instrument environment as required.
Recognizing that the WOG critical safety functions and status trees have been subjected to a thorough NRC review, and due to the relative simplicity of con-verting the status trees into a logic scheme, a detailed summary of the logic utilized in the McGuire/ Catawba SPOS is not warranted.
4.
3.4 CONCLUSION
S The McGuire/ Catawba SPOS has been subjected to a thorough and independent re-view to ensure that the logic design accomplishes the intended critical safety function monitoring task. The SPOS is based on the Westinghouse Owner's Group critical safety functions and status trees released with the Emergency Response Guidelines, Revision 1, dated September 1, 1983. The plant specific logic includes three minor enhancements consistent with the overall intent of the generic version. The utilization of the SPOS has been verified to be fully integrated with the upgraded emergency procedures. The logic has been verified to be technically correct. The SPOS will enhance operator response to tran-sient events by alerting the operator to symptoms of degraded plant conditions, and by automating the prioritization of subsequent operator actions.
This review was completed pursuant to 10 CFR 50.59 and has been determined not to result in an unreviewed safety question. The proposed SPOS meets or exceeds the existing design criteria as described in the Final Safety Analysis Report.
4-16 Revision 3
4.4 MCGUIRE SPDS STATUS An analysis of the Westinghouse generic Emergency Response Guidelines (ERG's) resulted in the initial design basis and definition of the SPDS which was developed in May, 1982.
In June, 1982, the Westinghouse Decision Trees which define the status of the six critical safety functions contained in the Westinghouse ERG's were rewritten in "and/or" logic arrays and OAC inputs selected.
This logic was coded into software and installed on McGuire Unit 2 OAC in July, 1982 where the logic was tested to assure proper operation. At this time, the display presentations were reviewed and approved.
( The Validation and Verification Plan was developed and implemented by the Design Engineering Department providing an independent analysis of the SPDS design and software developed by the Steam Production Department. This V&V activity was completed in September, 1982. At this time, the SPDS software was installed on the McGuire Unit One OAC with the SPDS display inhibited. An alarm summary table was used to store all SPDS alarms and related SPDS field input alarms.
This allowed a dynamic testing of the SPDS logic during normal unit maneuvers, start-ups and shutdowns.
In November,1982, concepts for the supporting displays were developed which would provide methods for the operators to investigate the causes 'for SPDS alarms.
, . 4-17 Revision 3
\
l i
In January 1983, the revised Westinghouse Status Trees (dated 9/1/82), results from dynamic testing, and information from the V&V Program were -incorporated in a revised version of the SPDS logic.
This revised logic was installed on the OAC and V&V reinitiated on February 1983. Alternative supporting displays were reviewed and a design selected in March 1983.
Additional revisions to the Westinghouse Emergency Response Guidelines were received in July 1983 which resulted in additional revisions to the SPDS logic and software. The Nuclear Production Department Reactor Safety Section per-formed numerous reviews and provided many suggestions on improving the SPDS design.
(
The supporting display system was developed and a Human Factors review was completed in October 1983 by the Control Room Review Team. Their comments were incorporated into the final SPDS design. A review of the Shift Technical Advisor function was also confirmed and a determination made to provide an additional CRT and keyboard for use by the STA. This CRT will be installed on the operators desk in the " horse shoe" area of the control room.
Training information was developed and provided to the Training Center in November 1983. The simulator support personnel are currently installing the SPDS on the McGuire operator training simulator.
4-18 Revision 3
The software for the McGuire SPDS and supporting displays has been completed.
The final V&V is also in progress at this time and will be completed during March and April.
The SPDS should be installed and functional on schedule.
. 4-19 Revision 3
- g. . .
-p a p w ""#""= - " ~ -~m A
- N e m
,A l.)mrf .-
M e~ w "" 4
- Mk'*i , should be clearly marked to reflect the test activities. A temporary
.d!#[#'h@ sien should notify control room operators that test activities are taking place, and all members of the control room operating crew should be
- .%T s ' notified when test activities begin and when they end.
n- Eo Theadequate sole use forofanstatus SPDS.lights--one for each critical safety function-- is 0
not The variables associated with each critical safety function should also be available for display and operator assess-
' ment. _ .
_)
The SPDS should be capable of continuously monitoring the status of critical safety functions.
The SPDS should also contain trend data fcr the key variables displayed, because such data enhance:
- Use of operating procedures, Detection c! abnormal operations.
Prediction Capabilitics of the control room operators.
The NRC reviewer sNsid consider th' e above points when reviewing an SPDS
. ,q design which refeerns the subject NUTAC publication.
In the Subsections eat follow 5.1 through 5.5) portions of NUREG-0737, Supplement 1, which apply human (factors engineering principles t are quoted. A subsection entitled, " Guideline " offers analysis of the component being disetssed and gives one or mor,e specific example (s) of how the applicant /licerate could apply the guideline.
5.1 NUREG-0737,_SLrelement 1, Section 4.1.a "The SPDS should pcide a concise ' display of critical plant variables to the control room operasts to aid them in rapidly and reliably determining the safety status of deplant. Although the SPDS will be operated during normal operations as welya during abnormal conditions, the principal purpose and function of the Sptsis to aid the control room personnel during abnormal and crergency conditi:ss in determining the safety status of the plant and in assessing whether apormal conditions warrant corrective action by [ control reen)a operators 2: avoid a degraded core.
during anticipategensients and the initiel phase of an accident."This can be parti
~
- a. Bracketed we'tp.ere added to clarify the wording in fiUREG-07 7,'
g, Suppitment 1.
p e[,j y' .
,y *, ;l .
\
[vt M k [r v,. 18.2-A11 Pcv. 0 j
' w re 19C4