Text

Proposed Tech Specs 3.3.1 & 3.3.2 Re Reactor Trip Sys & Engineered Safety Features Actuation
	ML20210Q058
Person / Time
Site:	05200003
Issue date:	08/19/1997
From:	; WESTINGHOUSE ELECTRIC COMPANY, DIV OF CBS CORP.
To:	;
Shared Package
ML20210Q057	List: ML20210Q058; NSD-NRC-97-5271, Forwards Revised TSs 3.3.1 & 3.3.2,re Reactor Trip Sys & Engineered Safety Features Actuation.Tss Revised Based on NRC 970606 Meeting Re AP600 Open Items;
References
	NUDOCS 9708280079
	Download: ML20210Q058 (162)
	v • d • e

-- -- - . _ . - . -- ...- - ..- - .. . -.

RTS Znstrumentation 3.3.1-3.3 INSTRUMENTATION 3.3.1 Reactor Trip System-(RTS) Instrumentation DRAFT LC0-3.3.1 The RTS instrumentation for each Function in Table 3.3.11 shall be OPERABLE.

APPLICABILITY: According to Table 3.3.1 1.

ACTIONS

......................................N0TE.....................................

Separate Condition entry is allowed for each inoperable Function.

CONDITION REQUIREDACTIO$i COMPLETION TIME A.1 Enter the Condition Immediately A. One or more Functions with one or more referenced in required channels Table 3.3.1 1 for the inoperable, channel (s).

B.1 Restore manual initiation 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months B. One manual initiation device inoperable, device to OPERABLE status.

O,_R.

B.2.1 Be in H00E 3. 54 hours6.25e-4 days 0.015 hours 8.928571e-5 weeks 2.0547e-5 months J

AND B.2.2 Open reactor trip 55 hours6.365741e-4 days 0.0153 hours 9.093915e-5 weeks 2.09275e-5 months breakers (RTBs).

(continued) 9708280079 970822 POR ADOCK 05200003 PM A

3.3 1 08/97 Amendment 0 h AP600- .

i otu.m..ntsaiciouv.osuu ,

,m- , ,, , . , . - -

RTS Instrumentation DRAFT ACTIONS (continued) COMPLETION TIME REQUIRED ACTION CONDITION Restore manual 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months C. One manual initiation C.1 initiation device to device inoperable.

OPERABLE status.

O_R Open RTBs. 49 hours5.671296e-4 days 0.0136 hours 8.101852e-5 weeks 1.86445e-5 months C.2 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months One or two Power D.1.1 Reduce THERMAL POWER to D. s 75% RTP.

Range Neutron Flux High channels AND inoperable.

0.1.2 Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months channel (s) in bypass.

0.2.1 Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months channel (s) in bypass.

@0

.............N01E.............

Only required to be performed when OPDMS is inoperable and the Power Range Neutron Flux input to QPTR is inoperable.

Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months 0.2.2' Perform SR 3.2.4.2 (QPTR verification).

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months D.3 Be in MODE 3.

(continued) 08/97 Amendment 0 3.3 2 bi.oiu.m..nacioiot AP600 ,or.o.nu .

RTS fnstrumentation 3.3.1 OD" Ua r e.uC ACTIONS COMPLETION TIME REQUIRED ACTION CONDITION Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months One or two channels E.1 E. channel (s) in bypass.

inoperable, Be in MODE 3. 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months E.2 Place inoperable 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months F. THERHAL POWER between F.1 channel (s) in bypass.

P 6 and P 10, one or two Intermediate Range Neutron Flux OR channels inoperable. 2. hours F.2 Reduce THERMAL POWER to

< P 6.

Increase THERMAL POWER 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months F.3 to > P 10.

j Immediately G.1 Suspend operations G. THERMAL POWER between involving positive P 6 and P 10. three reactivity additions.

Intermediate Range Neutron Flux channels inoperable. AND Reduce THERHAL POWER to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months G.2

< P 6.

H.1 Restore three of four Prior to H. THERMAL POWER P6 Neutron Flux channels inoperable.

(continued) 3.3 3 08/97 Amendment 0 h AP600 !

tMt\tenteen16050101.r07 081197 ,

-l

RTS Instrumentation 3.3.1 DRAFT ACTIONS (continued)

COMPLETION TIME CONDITION REQUIRED ACTION Immediately I.1 Suspend operations I. One or two Source involving positive Range Neutron Flux reactivity additions.

channels inoperable, Immediately Three Source Range J.1 .0 pen RTBs.

J.

Neutron Flux channels inoperable.

Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months One or two channels K1 K. channel (s) in bypass.

inoperable, Reduce THERMAL POWER to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months K.?

< P 10.

Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months L. One or two channels L.1 channel (s) in bypass.

inoperable, Reduce THERMAL POWER to 10 hours1.157407e-4 days 0.00278 hours 1.653439e-5 weeks 3.805e-6 months L.2

< P 8.

Restore three of four 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months One or two channels / M.1 M. channels / divisions to divisions inoperable.

OPERABLE status.

Be in MODE 3.

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months M.2 (continued) 3.3 4 08/97 Amendment 0 h AP600 I*01\t uatoets16010101. r0? 081397 ,

-RTS Instrumentation 3.3.1 DRAFT ACTIONS (continued)

REQUIRED ACTION COMPLETION TIME CONDITION .__

N. 0.e >r two channels N.1 Verify the interlocks 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months icopeNble, are in required state for existing plant conditions.

N2 Place the functions 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months associated with ino>erable interlocks in >ypass.

N.3 Be in MODE 3. 13 hours1.50463e-4 days 0.00361 hours 2.149471e-5 weeks 4.9465e-6 months 0.1 Verify the inarlocks 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months

0. One or two channels are in required state inoperable, for existing plant conditions.

0.2 Place the functions 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months associated with ino>erable interlocks in >ypass.

0.3 Be in MODE 2, 13 hours1.50463e-4 days 0.00361 hours 2.149471e-5 weeks 4.9465e-6 months P.1 Open inoperable RTB in 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months P. One required division inoperable, one division.

P.2.1 Be in MODE 3. 4. or 5. 14 hours1.62037e-4 days 0.00389 hours 2.314815e-5 weeks 5.327e-6 months A_$

P.2.2 Open RTBs. 14 hours1.62037e-4 days 0.00389 hours 2.314815e-5 weeks 5.327e-6 months (continued) 3.3 5 08/97 Amendment 0 hi .otu.r..u AP600u omoues.oeni, ,

RTS Ins %rumentatico 3.3.1 O'%

'"# ' **"4A E7s ACTIONS (continued) COMPLETION TIME REQUIRED ACTION CONDITION Restore three of four 1 hour--

Three required 0.1 0 dvisions to OPERABLE divisions inoperable, status.

7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months

' O.2.1 Be in H00E 3. 4. or 5.

j E

l Q.2.2 Open RTBs. 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months 48 hours R.1 Restore three of fcur R. One or two channels / channels / divisions to divisions inoperable.

OPERABLE status.

49 hours5.671296e-4 days 0.0136 hours 8.101852e-5 weeks 1.86445e-5 months R.2 Open RTBs.

48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months S.1 Restore three of four

- S. One or two Source channels to OPERABLE Range Neutron Flux status.

channel inoperable.

Open RTBs.

49 hours5.671296e-4 days 0.0136 hours 8.101852e-5 weeks 1.86445e-5 months S.2 (continued)

I a

08/97.' Amendment 0 3 3*6 b AP600 i m u.e. ni m ois u o,...ti,, ,

RTS Instrumentation 3.3.1 nn 7 viu-u [

ACTIONS (continued)

REQUIRED ACTION COMPLETION TIME CONDITION Suspend operations immediately T. Required Source Range T.1 Neutron Flux channel involving positive inoperable, reactivity additions.

A_Np Close unborated water 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months T.2 source isolation valves.

AJ T.3 Perform SR 3.1.1.1. I hour AND Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter 3.3 7 08/97 Amendment 0

@ AP600.omes ,or.enm miu .m..n i ,

_- -_ - - =-..-- - -. - . - ..= - - - ._ - _ - - -_

i l

RTS Instrumentation [

3.3.1 i N r% A e-SURVEILLANCE REQUIREMENTS

.....................................N0rE..................................... :

Refer to Table 3.3.11 to determine which SRs apply for e

~t __

FRE0VENCY __

SURVEILLANCE 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months SR 3.3.1.x Perform CHANNEL CHECK.

...... ............N0TES....

SR 3.3.1.2 Ad ust nuclear instrument channel in 1.

th Protection and Safety Monitoring System-(PMS)-1f absolute difference is > 2% RTP.

f

2. Required to be met within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months after reaching 15% RTP. i

3. If the calorimetric heat balance is

< 70% RTP, and if the nuclear instrumentation channel indicated power is:

a. lower than the calorimetric measurement by > 2%, then adjust the nuclear instrumentation channel upward to match the calorimetric measurement,

b. higher than the calorimetric measurement, then no adjustment is required.

....................................... I 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Compare results of calorimetric heat balance to nuclear instrument channel output.

(continued) 08/97 _ Amendment 0 3.3 8 himu.m.uu AP600.oionei,,,...i,,, .

RTS Instrumentation 3.3.1 DRAFT _

SURVEILLANCE REQUIREMENTS (continued) FREQUENCY SURVEILLANCE

...... ......... . N0TES........ * -

SR 3.3.1.3 Ad ust nuclear instrument channel in 1.

PM if absolute difference is a 3%

AFD.

2. Rewired to be met within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months after reaching 20% RTP.

31 effective full Compare results of the incore detector power days (EFPO) measurements to nuclear instrument channel AXIAL FLUX OIFFERENCE.

SR 3.3.1.4

...................N0TE................

Required to be met within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months after reaching 50% RTP, 92 EFPD Calibrate excore channels to agree with incore detector measurements.

SR 3.3.1.5

...................N0TE................

This Surveillance must be performed on both reactor trip breakers associated with a single division.

92 days on a Perform TADOT. STAGGERED TEST BASIS SR 3,3.1.6 ...................N0TES...............

Not required to be performed for source range instrumentation prior to entering MODE 3 from MODE 2 until 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months after entry into MODE 3.

92 days Perform RTCOT.

(continued) ,

08/97 Amendment 0 3.3 9 h AP600 .

mmunimu oiciover comt v -.~

.,-r-..e v--.r,-,-w ,- - - , , - - x---,---- ,- .. . , - -

RTS Snstrument SURVEILLANCE REQUIREMENTS (continued) FREQUENCY SURVEILLANCE -_

....... * *..* N0TE................

SR 3.3.1.7 This Surveillance shall include verification that interlocks P.6 and P.

10 are in their required state for existing unit conditions.

......N0TE......

Perform RTCOT. Only required when not performed within previous 92 days Prior to reactor startup AND Four hours after reducing power below P 10 for power and intermediate instrumentation AND Four hours after reducing power below P 6 for source range instrumentation AND Every 92 days thereafter l

1 (continued) 3.3 10 08/97 Amendment 0

@ AP600 miu.m..ntumn ,v.uno .

,-.m. _ . - - _ , . . _ . _ ,

RTS Instrumentation '

JOOAi v,. C .

3.3.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENC(

SR 3.3.1.8 ...................N0TE................

This Surveillance shall include 4 verification that the time constants are adjusted to the prescribed values.

Perform CHANNEL CALIBRATION. 24 months i ,

SR 3.3.1.9 ...................N0TE...............

Neutron detectors are excluded from CHANNEL CALIBRATION.

Perform CHANNEL CALIBRATION. 24 months SR 3.3.1.10 ...................N0TE...............

Verification of setpcint'is not required.

Perform TADOT. 24 months SR 3.3.1.11 ...................N0TE...............

Neutron detectors are excluded from response time testing.

Verify RTS RESPONSE TIME is within 24 months on a STAGGERED TEST limits. BASIS 3.3 11 08/97 Amendment 0 h AP600.oiom or.een,,

imu.oi,uu

, . ~ . - , , , - - , , - . . . ._,..y._ ._ _ _ . m __,,_,.o, ,. . _ . . .. . , . . , _ . . ,. ~

..-..m

- __ _ - . _ . . - . _ . _ . _ _ _ _ . . . - _ _ - - _ _ _ ._____-.-_._____m RTS Instrumentation 3.3.1 n(

f Table 1,L 1 1 (page 1 of 1) afector frty system Instrumentation APPLICAtLt tage woots on ofwta suavattta=ct attomaatt spectatto atoutato acQUlstalNTS y& Lug $(TPO!4T Cono!TIONS CwaNN(L$ CON 0!T!(ms tuwC110N

=/a 1.2 2 6 Sa 3.L1.10 1 =anual aeactor trip =/a

)(8) .4(a) g(a) , 2 c sa 3.3.1.10 2 Pp.er tange neutron Flua sa 1.a,1 (a ligg a o atP)

a. Migh setpoint 1.2 la }. .1.

la s. hl.

Sa 1. 1.1.9 sa 3.1.1.11 (s 3)g Low setpoint 1(b) .2 a t sa

$a I.).1.g 3.3.1 atP) t b.

la .). .9 Sa .3. 11 sa ).).1.6 (s 1.04 1.2 a a afP L Po.or mange heutron $a 1.3.1.9 with time F1va Nigh Positive aate constant a 2 sec')

!s 25%

1(b). 2I 'I a F.G la 1 3.1.1 aTP*]

4. Intermediate aange sa s.).1.1 Neutron Flus Sa 1.1.1.9 (s 25%

2(d) a M $a I.).$.1 aTP')

sa ).3.1.7 Sa 3.3.1.9 sa 3. 3.1.1 [s 1.ott 2(d) a t.)

$a 1.3.1.7 cos')

5. Source mance heutron Flus utgh letpoint $a 1.3.1.9

$a 1.1.1.11 gja 3,3 gn 3,3,g,g 3(a) 4(a) g(a) 4 sa 3.3.1.6

' sa 1.3.1.9 Sa 3.3.1.11 3(8). a(').l(') 1 T Nbf.9 m/a (continwed) l f rod withdrs=41.

(a) with neactor trip treakers (stes) closed and Plant Control lystes capab e o (b) selow the P.10 (Power mange heutron Flua) interlocks.

(c) above the P-6 (Intermediate aange heutron plus) interlocks.

(d) selow the P 6 (Intermediate mange heutron Flus) interlocks.

etth atos open.

In this condition, lource aange Function does not provide reactor trip but does-provide (e) indication.

The values specified in brackets in the Trip letpoint coluan are the $$An Chapter 11 safety (neviewervalues analysts 40te: and are included for reviewer information only.

l for the Function.

The values spectf ted in brackets fo11o=ed by " * " in the Trip Setpoint t ) coluen are typical va uesin the Stan C 40 credit was assum ed for these Functions (typically diverse trips /actuet ons analyses and no safety analysts valve is avatlable. d ih In all cases, the valvesupon specified selection in ofbrackets the plant must specific beinstrumentation, replaced, following the plantutilspecific the trip setpoints be setpoi the actual tete Setpotats, allomable valves willThe be plant calculated in accordance eith the setpotat methodology described in wCAP.14606 calculated in accordance with the setpotet methodology and spectfted in t accepted teorovements in setpoint methodologv.)

3.3 12 08/97 Amendment 0 htoo1\techapet\16cl0101.r07.os21st AP600 .

RTS Instrumentation DRA?T table 3.1.1 1 (page 2 of $)

neactor trip system Instrumentation APPLICASLt ta!P 400tt on ofwin luavt!LLANCE AttowAstt Stipolgt SPEClitt0 stoutat0 atQutatutwTS vatut CHA44tLS CONDITIOw$ ._

CON 0!T!o45 FUNCT!DN 1 eefer to aefer to g la I.I.

=ote ) wete 1 overteeperature 41 1,2 s la I.I. .) (Page 3.1 16) (Pace

6. $a 1.1. ,a 3.3 16) sa ).l.1.6 l,1.$

Sa 3.

Sn 1.l.1.11

.1.1 aofer to nefer to 4

g se l .

Note 4 mote 2 1,2 la i. ,1.6 (Page 3.1 16) pane

7. Overpower et Sa l.1.1.4 3(.3 16) sa 3.J,1.11

4. Pressortser Pressure sa .. 1,1 [ pstg]

1733 a '

Low letpoint 1(f) 4 Sa ). .6

a. sa l. i. .

sa 1.1. , 11 sa

( 244$

4 t 3.h.1.g 8I utgh setpotet 1.2 d', 4 I

b. !$ .

sa l. l.3.11 sa 3.3.1.1 (s 92t')

4 a 1(O sa ).),}.6

9. Pressuriter water. la 3.3.1.4 Level High 3 10, aeactor Coolant Flow Low $a .l.1.1 (a 87t(U)

L Single Cold Leg 1(9) 4 per la .).1.6

4. cold leg in i.l.1.6 la l.1.1.11 la 1.t.1.1 (a 87t(U) a two Cold Legt 1(h) 4 colleries sa ). .1.6

b. Sa 3.a.1.8 Sa 3..l.1.11 (continued)

Above the P 10 (Power aange neutron Flus) interlock.

(O (g) Above the P.s (Po.or aange meu.ron Flus) l interlock.k and below the P 8 (Power aange heutron Above the P 10 (Power mange moutron rius) inter oc (h)

(1) Percent of thermal design flow.

08/97 Amendment 0 3.3 13 b

imunA.P600.oioiever.oener

. Puu .

- I

RTS Instrumentation !

, 3.3.1

\g f

table J-),1 1 (page I of l) neactor 1rtp nyitem Instrumentation aPPt!Cattt attowett tale M0065 on SuavtttLawet ea&V( $ttPolkt Otuta SPtetrgte atoulat0 (QNDITION$ atQVlatMtht$

COND!tjQN$ (Mahhtt$ _

tyNCT10N ll, neactor Coolant Pu*D (acP) staring mater (a 320'sa)

I ferperature . Migh ta 1 1.1,1 1(9) 4 per acP t sa 3.3.1.6

s. Single Pump Sa 1.3.1.8 sa m 3.1.1 h 120*F')

a per act a two Pumps 1(h) $a :1.{.),6

6. la 1.a.4.8 (g 90s]

e a $a 1.1.1.1 12, aCP Speed tow IU) Sa 3.3.1.6 1.1.1.8 j

Sa

.1.1.1 .(a 41000 4 per $G t ta Ibs) 1,2 $a i. :1.1. 6.

1), steam Generator ($G) Sa h:l.1.8 marrow aange water la .l.1.1.11 tevel . Low (sgit]

a per SG g sa .).1.1 1.2N sn .).1.6 14, steam Generator (SC) Sn .).1.8

=arr9e aange water sa 3 3.1.11 tevel a High 2

15. Safeguards actuation input from tagineered safety teature w/a actuation systee 8 Sa 3.3.1.10 1, 2- 2 =/a

a. Manual 4

m sa 3.3.1.6

b. Automatic 1. 2 (continued) above the P.10 (Power aange meutron rius) taterlock.

.(f)

(g) above the P 8 (Power aange neutron Flus) Interlock. heutron Fivn) interlock.

(h) above the P 10 (Power mange neutron Flus) interlock and below the P.8 (Power aange m abo.e the P.it (Pre.ioriser Preii n interiock. t-4 I

i 08/97 Amendment'0 :

-3.3 14-KAP 600

. i.onierweemmom,,o.usm ,

- - . . , . ._." ""' e w w ,.,4 m. ;,

-~-~~-,,n ,i,,, _

i RTS Instrumentation DRAFT table 3. 3.1 1 (page 4 of 31 neactor trip System Instrumentation aPet!Casti moots on sveyttttauct aLLowas(t fate

$Pactrit0 atoulato atoutatututg vatut $tteo!NT CONottloml CMahmlLS CMolt tDNS FUNCTION

16. aeactor trip lystem Interlocks (inps)

Ita10 4 = la 1.8.1.6 4 Intermediate 2 la ).i.1,6 1

g y tron (s att atP) 4 0 la 1.1.1.6

b. Power nance Neutron plus. P.8 1

la 1.) l.9 4 w $a 1.1.1.6 (104 atP)

c. Po.er aanse- 1.2 in I.1.1.9 weviron tips, P*10 [s 1910 1.2 4 N ta 1.1.1.6 pstg)

d. Pressuriser la ),3.1.9 Pressure. P 11 =/a P.0 la 3.3.1.5

11. aeactor trip areakert 1.2 1 1(1),4(j),g(j) .'tth 2 afts per

! diviston 1.1.1.5 N/A la 4

neactor trip areaker 1.2 1 each per PQ

18. are (att) undervoltage and thunt tete 1(3).4(II.l(l) mechanise for mechant ses reautred atts

= la 1.1.1.6 n/a 4

19. automatic trip togic 1.2

=/4 a sa 1.3.1.6 1(I).4(1).l(3) 4

20. act Sta es 1. 2. and I actua ton w/a 1.2 2 e sa 1.1.1.10

a. manwal =/A 1(3),4(1).l(3) 2 e $a 1.1.1.10 m la 1.1.1.6 4/4 4

b. automatic 1.2 j 1.1.1.6 w/4 1(3),4I )).l(3) 4 a la

21. Core makeup tank actuation =/4 d

1.2 2 a sa 3.1.1.10

a. wanual w/A 1 4(8}.I(8} I $ $R 1.1.1.10 m $a 1.1.1.6 =/a 4

b. automatic 1.2 sa 1.1.1.6 w/a a

1(3).4(3).l(3) 4

()) etth neactor trip areakers closed and Plant Coetrol Systes capable of ros withdrawal.

3,3*15 08/97 Amendment 0 h AP600 Apolitetneret\l6010101.r07 042ttP ,

-- .-. - - , , ,-.cw.,,-- . . , . . ~ .-. , . ~ ,e n. -- a- . - . . .-n - ,,n-- -e,,-,,a.- ,e,~. ,

DRAFT """""*"Wt table 3 1.1 1 (page $ of $;

neactor trtp system Instrw*entation ute l' ontiitusfAtutLAI II *'8'I .p, 9.ag(1+ta C " 8' t .t'}.a g(P -P') + f g( A1) 3t s)

(1+ tis) wherei at is measured a($ af, 'F.

'F.

af s gs is the tae Laplace indicatedtransform at at tattuoperator, tutamt sec'[owta.

t is the measured act average temperature. *F.

't.

t' 16 the indicated t,,,at 100% atP.

Pi themeasuredpressuriserpressure,psighIpsig, s the nominal _RC$ operating pressuree Il P'

a . 0.01/'F a, a 0.002/psig a s {t! t a set i

t .s 0sJset 8ec t .s 0 set f g(41) . 0.0% / t/ %((g, . 4,) e 1)vhen when og *. c, e .14 atP 4,91$4 G t Oe 8 'O "IP and a are percent str in the upper and lower halves of the core respectively, and where e, + a, e,is the, total tutamt P(men in percent atP.

MIL 11 DY.tIASPtLAI 8 I at (latgs)

- s at0 "e*El lat i s '" I*I'* "f IIAI) where at is measured aCs af. *F. a,'F.

is the indicated at at AAttD twtanut AfgstheLaplacetransformoperator,sec*

s. 'F.

7 is the measured aC5 average temperature. 'F.

a,a 0.00219/*F when i e t

T

a4 is the indicated s 3.145 as a 7 6.

h2/** for increasing at 100% str t,,# 0/*F when f a t

0/*f for decreasing t ,' eg = 0 set t

O sec

$3 e 10 set f;(at) = 0% of air for all 41.

With the channel's mastmum as left trip setpoint shall not esteed its computed trip)setposat channel.by more than the at channel, the f ave channel and the Pressuriser Pressure channel and (160

'to1Lil (top) at span for the thannel's mastmum as lef t trip setpoint shall not onceed its computed trip letpoint by s4re than the at channei and the f ave channei 3.3 16 08/97 Amendment 0 b AP600.omst,o.esult a.atueo.e.ni _,

e

ESFAS Instrumentation 4 ~ , - 3.3.2 Pc rs . .. <

3.3 INSTRUMENTATION 3.3.2 Engineered Safety Feature Actuation System (ESFAS) Instrumentation i

LCO 3.3.2 The ESFAS instrumentation for each function in Table 3.3.2 1 shall be OPERABLE.

4 APPLICABILITY: According to Table 3.3.2 1.

ACTIONS

....................................N0TES.....................................

1. Separate condition entry is allowed for each Function.

2. The Conditions for each Function are given in Table 3.3.21. If the Required Actions and associated Completion Times of the first Condition are not met, refer to the second Condition.

REQUIRED ACTION COMPLETION TIME CONDITION A.1 Enter the Condition Imediately A. One or more functions with one or more referenced in required channels or Table 3.3.2 1 for the divisions inoperable, channel (s) or division (s).

4 B.1 Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months B. One or two channels or divisions channel (s) and inoperable, division (s) in bypass.

C.1- Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months C. One channel inoperable, channel in bypass.

One required division D.1 Restore required 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months D.

inoperable, division to OPERABLE status.

(continued) !

3.3 17 08/97 Amendment 0 P60 h A.ocu.0

. .o n.. o...m moio m.orm,

, , ,.___.;___.2.._- ,.,,_--_;_. _ _ - , _ . , , _ . . _ _ . _ , - . . . _ _ _ _ ,. -. _ - --.

. . .. ._. _. . . - _ . . _ _ _ _ . _ _ _ _ _ _ _ . . ~ - . _ . _ . _ _ _ _ _ _ _ _ _ . . _ _

! ESFAS Instrumentation

, x ACTIONS (continued) COMPLETION TIME f REQUIRED ACTION ;

CONDITION '

Restore switch and 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months One switch or switch E.1 E. switch set to set inoperable, OPERABLE status. .

3 Restore channel to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months F.1 F. One channel OPERABLE status.

inoperable 0_R_

Verify alternate 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months F.2.1 radiation monitor,

are OPERABLE.

Verify control room 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months F.2.2 isolation and air supply initiation manual controls are

. OPERABLE.

t Restore switch, 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months One switch, switch G.1 G. switch set, channel, set, channel, or and division to division inoperable, OPERABLE status.

Place channel in 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months H.1 H. One channel trip.

' inoperable, 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months I.1 Place one channel in

I. One or two channels bypass.

inoperable, AND With two channels 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months ,

I.2 inoperable, place one channel in trip.

(continid) 08/97 Amendment 0 3.3 18 ,

h A.oeu.0

, ,e n.. r -P60 . uu unn.ru.oeper ;

1 ESFAS Instrumentation 3.3.2

{'s a -p ACTIONS (continued)

REQUIRED ACTION COMPLETION TIME CONDITION J.1 Verify the interlocks I hour J. One or two interlocks are in the required inoperable, state for the existing plant conditions.

y J.2 Place any Functions 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months associated with ino wrable interlocks in )ypass.

Suspend movement of Immediately X. Required Action and K.1 associated Completion irradiated fuel Time not met. assemblies.

L.1 Be in MODE 3. 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months '

L. Required Action and associated Completion Time not met.

M1 Be in MODE 3. 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months M. Required Action and associated Completion Time not met. AND M.2 Be in MODE 4. 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months N.1 Be in MODE 3. 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months N. Required Action and associated Completion Time not met. AND N2 Be in MODE 4 with the 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months RCS cooling provided by the RNS.

(continued)

'l 08/97 Amendmer,t 0 b AP600 .

3.3 19

,,uu.mu.m..<u.o mn ,or.ome,,

ESFAS Instrumentation

[:pAcf d ,.g l

3.3.2 ;

i ACTIONS (continued) COMPLETION TIME REQUIRED ACTION CON 0lTION !

i Be in MODE 3. 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months Required Action and 0.1 !

0. !

associated Completion AND Time not met.

1 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months l 0.2 Be in MODE 5.

P.1 ..... ...N0TE........

P. Required Action and Flow ath(s) may be i associated Completion Time not met, uniso ated intermittently under administrative l controls.

Isolate the affected 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months flow path (s).

AJ 7 days P.2,1 Isolate the affected flow path (s) by use '

of at least one closed and deactivated automatic valve, closed manual valve, bliad flange, or check valve with flow through the valve secured.

Verify the affected Once per 7 days P.2.2 flow path is isolated.

(continued) 08/97 Amendment'0 3.3 20--

b AP600

$'""'2""""""."._'*"",._____..

' W 3 p -g ,

ESFAS Instrumentation i

3.3.2

]j]

ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME f Required Action and 0.1 .....N0TE. '

0 flow path (s) may be '

associated Completion Tirne not met. unisolated intermittently under administrative controls.

Isolate the affected 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months flow path (s) by use of at least one closed manual or closed and de-activated automatic valve.

O,.R_

Be in MODE 3. 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months 0.2.1 AND Be in MODE 4, 18 hours2.083333e-4 days 0.005 hours 2.97619e-5 weeks 6.849e-6 months Q.2.2 Be in MODE 3. 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months R. Required Action and R.1 associated Completion AND Time not met.

R.2.1.1Flow ..H0TE.........

..... ath(s) ,

may be uniso ated intermittently under administrative controls.

Isolate the affected 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months flow path (s).

AND R.2.1.2 Verify the affected Once per 7 days flow path is isolated.

(continued) 3.3 21 08/97 Amendment 0 P60 M Aoou.0.

..nwe m ..nt.oioio n onon m

ESFAS Instrumentation 3.3.2 l

{ ^ ^ " 7' ACTIONS REQUIRED ACTION COMPLETION TIME CONDITION R. (continued) @

R.2.2 Be in MODE 4 with the 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months RCS cooling provided by the RNS.

i J

j S.1 Be in MODE 3. 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months S. Required Action and

. associated Completion AND i Time not met.

24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months S.2.1.1 Be in H00E 4 with the ,

RCS cooling provided

, by the RNS.

AND S.2.1.2Flow..... ath(s) NOTE........

may be uniso ated intermittently under administrative controls.

Isolate the affected 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months flow path (s).

AND t

S.2.1.3 Verify the affected Once per 7 days flow path is isolated.

Be in H00E 5. 42 hours4.861111e-4 days 0.0117 hours 6.944444e-5 weeks 1.5981e-5 months S.2.2

' continued) 3.3 22 08/97 Amendment 0 b AP600 t rott ap400\t ec h spe c \tH 10102 . r07 Of li t t

l ESFAS Ins %rumen2ation m ,5 ,, ,.7 3.3.2 ACTIONS (continued) !

REQUIRED ACTION COMPLETION TIME CONDITION i

T.1.1 . ... NOTE.

T. Required Action and Flow path (s) may be associated Completion Time not met. unisolated

' intermittently under 4 administrative controls.

Isolate the affected 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months 6 flow path (s).

1 AND 7 days T.1.2.1 Isolate the affected flow path (s) by use 1 of with at least one closed and deactivated automatic valve, closed manual ;

valve, blind flange, or check valve with flow through the valve secured.

i T.1.2.2 Verify the affected Once per 7 days flow path is isolated.

T.2.1 Be in H00E 3. 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months AND 4

T.2.2 Be in H00E 5, 42 hours4.861111e-4 days 0.0117 hours 6.944444e-5 weeks 1.5981e-5 months (continued) 3.3*23 08/97 Amendment 0 P600 M A.couun..uumoionwr ow.

4,on..

. . _ . . _ - . . _ _ . _ . _ _ _ . . - - . [ , _ . . . - _ . ~ . _ _ . . _ _ . . _ - _ . . , - . . . . _ , _ _ - . _ _ - - - - . , -

ESFAS Instrumentagion 3.3.2 p ,-

F. . . T.

)

ACTIONS (continued)

REQUIRED ACTION COMPLETION TIME CONDITION Immediately U. Required Action and 0.1 Initiate action to be

' associated Completion in MODE 5 with RCS Time not met, open and visible level in pressurizer.

V.1 Initiate action to be 168 hours0.00194 days 0.0467 hours 2.777778e-4 weeks 6.3924e-5 months V. Required Action and MODE 5 with RCS open associated Completion Time not met, and visible level in pressurizer.

Immediately Required Action and W.1 If in MODE 5 with the W. RCS open and level associated Completion Time not met, not visible in pressurizer, initiate action to be MODE 5 with the RCS open and visible level in pressurizer.

AND Immediately W.2 If in MODE 5 isolate the flow path from the demineralized water storage tank to the RCS by use of at least one closed and de activated automatic valve or closed manual valve.

AND (continued) .

3.3 24 08/97 Amendment 0 h AP600

h ESFAS Instrument nn n

e. , .

ACTIONS COMPLETION TIME REQUIRED ACTION CONDITION ,

Immediately W.3 If in H0DE 6 with W. (continued) upper internals in place and cavity level less than full, initiate action to be in MODE 6 with the upper internals removed and the cavity full.

AND immediately W.4 Suspend positive reactivity additions.

Immediately Required Action and X.1 If in MODE 5 with RCS X.

associated Completion open and level not Time not met, visible in pressurizer, initiate action to be in MODE 5 with RCS open and visible level in pressurizer.

A_NO Immediately X.2 If in MODE 6 with upper internals in place and cavity level less than full, initiate action to be in MODE 6 with the upper internals removed and the cavity full.

. A_NO Suspend positive Imediately X.3 reactivity additions.

(continued) 1 1

3.3 25 08/97 Amendment 0 j

- ,o@ AP600 n.. x u u . .. o n o m e o r e m , l

. _ _ . . - ~ - _- ___ - - - -

ESFAS Instrumentation

,s ,. r . 7 3.3.2 ACTIONS (continued)

REQUIRED ACTION COMPLETION TIME CONDITION __

Y1 If in MODE 5 initiate Immediately Y. Required Action and associated Completion action to be in Time not met. MODE S with the RCS intact and visible level in pressurizer.

J A

Immediately Y.2 If in MODE 6 with upper internals in place and cavity level less than full, initiate action to be in H0DE 6 with the upper internals removed and the cavity full.

AND Suspend positive Immediately Y.3 reactivity additions.

l 08/97 Amendment 0 g 00,,, ,,,,,, ,,,,,,, ,

3.3 26 l

ESFAS Instrumentation 3.3.2 M .A is .r U T3 ,

SURVE!LLANCE REQUIREMENTS !

.................................... NOTE. ............. . ..............

Refer to Table 3.3.2 1 to determine which SRs apply for each Engir.eered Safety Features (ESF) Function, j t

SURVEILLANCE FREQUENCY Perform CHANNEL CHECK. 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months SR 3.3.2.1 92 days on a SR 3.3.2.2 Perform ACTUATION LOGIC TEST.

STAGGERED TEST BASIS SR 3.3.2.3 .............. ...N0TE.................

Verification of Setpoint not required for manual initiation functions.

24 months Perform TRIP ACTUATING OEVICE OPERATIONAL TEST (TADOT).

f

...............N0TE...... ..........

SR 3.3.2.4 ...

This surveillance shall include verification that the time constants are adjusted to the prescribed values.

Perform CHANNEL CALIBRATION. 24 months 92 days SR 3.3.2.5 Perform CHANNEL OPERATIONAL TEST (C0T).

Verify ESFAS RESPONSE TIMES are within 24 months on a SR 3.3.2.6 STAGGERED TEST limit. BASIS

- (continued) 3.3 27 08/97 Amendment 0 h A.oou.0

. .o n..

P60 r..

' .m.omu x,..,n ,

- - 4 . - , - - . _ _ . _ _ , _ ,,

ESFAS Instrumentation

p. n p 3.3.2

.T, SURVEILLANCE REQUIREMENTS (continued)

FRE0VENCY SURVEILLANCE SR 3.3.2.7 ...................N0TE..............

This Surveillance is not required to be performed for actuated equipment which is included in the Inservice Test (IST)

Program.

24 months Perform ACTUATION DEVICE TEST.

24 months SR 3.3.2.8 Perform ACTUATION DEVICE TEST.

4 months SR 3.3.2.9 Perform ACTUATION DEVICE TEST.

3.3 28 08/97 Amendment 0 b AP600.. nisciosas.41.e .,

..cis. soouu .

ESFAS Instrumentation

] r'% A s-up 3.3.2

. a

.M a .. h table 3.3.2 1 (page 1 of 12)

Engineered Safeguards actuation System instrumentation arettCAstt Attowaatt tate woots on otuta atoutato suavt tttawct vatut $21 POINT Settlttto cuan=tts COND113DNS atoutatutNTl FuwCtt04 Conottlo=5 lafeguards actuation w/a 1 8,0 sa 3.3.2.5 a, manual thittation 1,2,3,4 2 settches 4/4

),1,2.)

2 twitches G,y la

. ) , , .1 (s 3.0 psig) 4 e.o se b, contain*ent 1,2,3,4 se . .. .a pressure . utgh ! la .1. .J.$

la ). ,L4

,,,1,P,1 (a 16al 6,4 la psig}

1,2,)(8) 4 la 1 ),1,

).a.a C. Ptessurifer sa L5 Pressure - tow la ).),2,6

, , j ' ,1 (kAD5 or e,w sa ) . . l,a,a 125 v> psia 1,2,1(a) 4 per sa 3, see hoto f)

d. Steam Line steam line la 3. h d .l Pressure - tow la ).).2.6 S,M la D , l' ,1 (a119or sto F 4 per loop e, aCl Cold tog 1,2 )(8) ga ,

,; .a See Mote 2]

tempefeture Sa 11,4 1.J,o 4

la h (tcold)

tow (continued) i is below that necessary to above the P*ll (Pressuriter Pressure) interlock, when the aCl boron Concentrat on (a) meet the shutdown margin reewirements at an aCl temperature dofog200*F. s (l) seconds, time constants used in the lead / leg controller are tg a (50) seconds an Chapter il safety analysis (b) the values specified in brackets in the trip $etpoint column are the SSAn aeviewer values and Note:

are tac 19ded for reviewer information only, i l mn are typical values for the Function, in the $$aa chapter il safety analyses the values specified in brackets followed by " * " in the trip letpo nt co u ) i no credit was assymed for these Functions (typically diverse trips /actuat ons and no safety analysis value is available. l ified is a typtcal value for the ility to The sunction.

"satterv Charger input voltage - tow" Functions (1$.5 and 20,b) va ue specthe upon ac function alth degraded voltage as well as the setpoint methodology, i ts, the values specif ted in brackets must be replaced tat alth h the actual methodology andtrip 5etpo ns following the setpoint study, selection of the tastrumentotton the frte letpotnts will be calculated in a described in wcAt 14606 Allowable values =t11 be calculated in accordance with the setpo spectf ted in the allowatte value column, accepted setpotet methodology, Note 11 405 psto is for a steaaline break outside containment, 521 pate $$ for a steamitne break instdo containment, wate 1: af0't 16 for a steamline break, 510'r is for Cv5 malfunction.

08/97 Amendment 0 3.3 29 b AP600 t e01\ ee 600\ t e c n t ee t \ l 6010301. ro f 04,i t s ?

O

. - . . . - - - - - - . ~ . _ - - - _ . - _ . -

t ESFAS Instrumentation 3,3.2 j 4

s.m ., c" T,

- .i i

t table 3.1.2 1 (page 2 of 12) ,

tagineered Safeguards actuation lyste* Instrumentation I i

aPPLitalit moots on otHta SvavitLLANCE ALLomasLt talp i

$ttCIFito atoulat0 Valyt itTPolhT j CON 0lT1oNS CMaNNiil COND!tIDNS atQUlalMtNtl FVNCTION .

4 2

Core makeup fank (CWT) actuation N/a 2 twitches t,u la 1.1 2.1 .

a. wanual Initiation 1. 2.1. 4 U )

N/a f I.),2.1

' a(*). lit) 2 switches t.V la la .;'.1 "

b. Pressurfter water 1. 2 .1. a U ) a 6.m la l.; .a l(a f.0s')

a 1.M) ;

Level a Low 2 '

Sa la i.,

I.i ' .g g,y gg 3,;i,; ,g

, p ,pe aUI. 1(c.1) 4 la 1.. .;'.a (la 1.0%))

). I.,',)

1 la !

la 5.l.J.e c, lafeguards aefer to Function 1 (Safeguards actuation) for initiating functient and ;

requirements.

actuetton

d. ADI $tages 1. 2. aefer to f unction 9 (ADS Stages 1. 2 & I attuation) for aII initteting

& 3 actuation functions and reautrements.

I 1 Containment

! solation "/"

2 switches t.0 la 1.1.2.3

a. manual initiation 1.2.3.a la 1.1.2.1 N/A 2 settches G.y 5.6(*)

sofer to Function 12.a (Passive containment cooling actuation) for ti . =anual Initiation initiating functions and requirements.

of Passtve Containment '

Cooltag

c. Safeguards. aefer to function 1 (Safeguards actuation) for initiating functions and actuation reautrements.

(continued)

(c) above the P 12 (Pressurifer Level) interlock, i (1) eith the aCl pressure boundary intact.

(j) with the aCl not being cooled by the hermal aesidual neat nemoval lystem (ann).

(*) wot applicable for valve isolation functions whose associated flow path is isolated.

l (n) with the aCl being cooled by the anl.

3.3 30 08/97_ Amendment 0 HAP 600 4e,naeaoou m .eentlo,eio: ror.o.oes,

l ESFAS Ins %rumentat9on l 3.3.2 '

M.

s ., ^ F T ,

l

\

table 3.3.2 1 (page I of 1)) l Ingineered Safeguards actuation System instrumentation

.,,a ci.a u00tl on otMtt SuavtiLLANCI ALLLbAsLt fatP SPtCtr!!D kt0U!At* a t 0Vit t uf. Nil v&Lut litro1NT C0=DITIONS CHANNELS CONotitDNS FUNC1104 1

a. Steam Line isolation 3.).2.) N/A 2 switches t.$ $2

a. Manual Initiation 1. 2.1. a O I (s 6.0 psig) 6,N la .. P,1 a

b. Containeent 1.2.1.aCl) la .. a.a Pressure - utgh 2 14 . .J.$

SR I.l.2.6 C. Steam Line Pressure 1,2,)IO) ap 8,W $4 l. .P.! ihofI,o,r, ,

stea.erune S l. .e.a (1) S, ressure team Line- la l. l.J.l let hote 1]

Low SR I. l.J.6 a per 8,w la ).'),2,1 (s 100 (2) Steam Line 1(d) 54 ..; .a pst with steam line .

(1**

Pressure- it .

l.D.} constant a heestive 14 . l.J.o 50 seconds) aate

Migh h (a470*F $10 e 1*I*I ' ' 88' I"D 8+" I" la ". .a 1

d. tcold

l'*

la i.

l. l.J.$ let Note 2]

la .1. l.J.6

$. turbine trip a, manual main 1,2 nefer to function 6.a (manual main teedmater Control feedmeter valve Isolation) for reeutrements.

Isolation D. 2.1 [s914) 1,2 a per SG 8.L la

b. SG Narrow aange la o. .P.a water Level la l. . P.$

utgn 2 SR .l.).P.6

c. Saf eguards aefer to function 1 (Safeguards actuation) for initiating functions and actuation requirements.

d, teactor trip Refer to Function 16.a (lltal Interloths, Reactor trip, P*a) for t reovirements.

(continued)

(a) above the *.11 (Pressuriger Pressure) interlock, when the aCl boron concentration is below that necessary meet the shutdown margin requirements at an aCl temperature of 200't.

(b) time constants used in the lead / lag controller are og a (10) seconds and is s ($1 seconds.

(d) telow the P.11 (Pressuriger Pressure) interlock.

O) wot appitcable 1f the alivs are closed.

mote 11 40$ psi is for a steasitne break outside containment.

$21 ps' is for a steamline break snstde containment.

=ote 2: 470*t is for a steestine break. 110*F ts for Cvl malfunction, 3.3 31 08/97 Amendment 0 b AP600

e. mu.m,enismio w.omst -

...,.-n. .r. , , - . , - - . . - - , +.-- ,. , - , .--,,,,n , , - . . - - . - , . , . - - - - - - -

ESFAS Instrumentation 3.3.2

[t', /*

r ,'l 7s I

table 3.3.2*1 (page a of 12) tagineered Safeguards actuation System instrumentation -

t AePttCABLE Attowag(g tale N00tl on otuta at0UlffD SvavittLANCt WAty( $(TPQlNT letttitt0 COND!tjQN) O(Qula(M(Nt$

Co*0!?ID=5 CMANN(t$

FUNC110N

6. usin feeduater Control valve N/4 Isolation E.1 $* 3.1.2.)

1.2.3,4(*) 2 snitches

[spn) *

a. Manuel Initiation a per $c ea sa 1..;>.4 .P.1

b. $6 Nortow aange 1,2,3,4(1.*) sa sa 1. .d.$

=ater tevel - St J.3.2.6 N'gh 2 nefer to f unction 1 (Safeguards Actuation) for all initiating functions

c. Safeguards and requirements.

actuation e,L te : .).P.1 (a 542't']

1,2 4 sa L3; 4

d. nesctor average Coolant sa I. 3.a5 temperature 52 3 3.d.6 (f ,g) - tow 1 aefer to Function ll.a (t$tal Interlocks, atactor trip, P 4) for Coincident with reevirements.

neactor trip F.

main teed =ater Pump trip and valve N/A isolation t,$ Sn 1.1.2.3 1,2,3,4(8) I twitches (s g14) 4 =anual Initiation 4a la 1.p.P.1 1,2,3,4(j'*) 4 per $c sa .

J.; .4

b. water SG Nortow aan tevel ge $a .

1,0.5 ,

ta .1.d.6 Mtph 2 aefer to Function 1 (Safeguards Actuation) for initiating functions and

c. $.feguards requirements, (a 542'F*]

Actuation gt $a 1 .P,1 1,2 2 per loop la . a.; 4 d, acactor Coolant sa l.

I., .1 average J.1.J.6 Sa temperature tavg

- Lo" 2 aefer to Function II.a (flFAS Interlocits, atactor Trip, P 4) for Cotacident with requirements.

agactor trip (continued) l lystee (aNS).

with the eC$ not being cooled by the Normal assidual Heat menova flow path is isolated.

())

(*) mot applicable for valve isolation Functions whose assottated l

I 08/97 Amendment 0 3.3 32-h 4eenaeA.P600 oou naten u.on w u r.oene,

DRAFT 'S'^5 '" * **" E Table 1.3.2 1 (page 5 of 12) tagineered safeguards Actuation system Instrumentation APPLICABLE Talp M0011 On OTHER SuavttLLANCE ALLowasLt SPECIFit0 atQutatD vALut StTPotNT CHANNELS CONO3730NS tt0UIRtut4Ts FUNCTf0N CONo!TIONS 8, Startup feedeater Isolation 54 (5 9WI 1.2.3.a(*) 4 per SG t.S 3.3.{.1 3.3. .a

a. SG harrow aange 54 water Level 54 3.3.2.I High 2 $R 3.3.2.6 3.3.2.1 (a $10 or 1.2.3 a per loop s.m SR la 3. . .a 470's t* , Tcold . Low sa 3. . 5 See Note 2]

Sa 3. . 6

9. ADS Stages 1. 2 & 3

(,.tuatton N/A 2 switch t.o sa 3.3.2.3

a. manual Initiat'on 1.2.3.4 sets N/A 2 switch G.x sa 3.3.2.3 5.6(9) sets

$a 3,3.2.1 (a 67.5%)

1.2.3.4 a per tank t.o sa 3.3.2.4 volume

b. Core makevo tank sa 1.1.2.5 (Cut) Level - sa 1.3.2,6 Low I (a 67.5%)

4 per tank 6.y sa 3.3.{.1 volbee 5(C) SR 3.3.4.a SR 3.3.2.5

.a 3.3.2.6 nefer to Function 2 (Cwt actuation) for all initiating functions and requirements.

Coincident with Cut actuation (continued) tration is below that necessary to (a) meet the shutdown margin reautrements at an aCS temperature of 200*F.Above the P.1 (c) Above the P 12 (Pressuriser Level) interlock.

(g) with upper internals in place and refueling Cavity less than full.

Not applicable when the startup feedwater flow paths are isolated.

(0)

Note 2: 470'r is for a steamline break. 510's is for Cv5 malfunction.

3.3 33 08/97 Amendment 0 b AP600

, eo tueeoou c o...e n t .o ic ione r . oto.. ,

^ - - . _ _ _ _ - __---_-_

- ESFAS Instrumentation-p es A c= " 3.3.2

.,/ 4 4 -

table 3.3.21 (page 6 of 12) -

Engineered Safeguards actuation System Instrumentation APPLICA6Lt tage M00t5 Da CtHta guavt1LLANCE - ALLO.Agtt

$7tCIFit0 atQutato a!QutatutNT5 vaLut $ttro!NT ChahhtL5 CONDITIONS FUNCTION CONDITIONS

30. ADS stage 4 Actuation N/A E.o la 3.3.2.3 1.2.3.4 7 switch

a. =anual Initiation sets N/A Cotncident with $a 3.3.2.3 5.6(g) 2 settch cx sets 3.3.2.1 (a 1200 4 8.o Sa psig) aCs wide aange 1.2.3.4 Sa 3.3.1 4 pressure - Low. sa 3.3.2.5 or 54 3.3.2.6 4

4 s,x (a 1200 5.6(9) sa 3.3.2.1 Dsig) la 3.3.l.4 54 3.3.l.5 Sa 3.3.2.6 nefer to Function 9 ($tages 1. 2, & 3 Actuation) for initiating AD$ Stages 1. 2 & functions and requirements 3 actuation a lot 4 per tank 8.o sa 3.3.2.1 volu(me level

b. cut Level - Low 2 1.2.3.4 sa 3.3.2.4 span) sa 3.3.2.5 sa 3.3.2.6

1. 4 per tank e,v sa 3.3.2.1 (a los 5(C) sa 3.3.2.4 volume level sa 3.3.2.5 sDan) sa 3.3.2.6 4 ao sa 3.3.2.1 Coincident with 1.2.3.4 sa 3.3.2.4 (a 1200 acs wide aange Sa 3.3.2.5 psig)

Pressure - Low. sa 3.3.2.6 and 4 s .v $a 3.3.2.1 5(C) sa 3.3.2.4 Sa 3.3.2.5 (a 1200 54 3.3.2.6 psig) aefer to sunction 9 (405 Stages 1. 2 & 3 Actuation) for initiating functions and l

Coincident with ADS Stages 1. 2 & rewirements I actuation (continued)

(c) above the P-12 (pressuriser Level) interlock.

full.

(g) 'with us, der internals in place and refueling Cavity less than 3.3 34 08/97 Amendment 0 P60 h A.coss.0

.e.mae sna-se ,,,al. m .e.g.s, e

L------ -- . _ , _ _ - , er' r ,

. n ,...

- ESFAS Instrumentation-4 7 3.3.2

.L . .

table 1.3.21 (page 7 of 12)

Engineered Safeguards actuation System Instrumentation APPLICASLt-ucots On OTMta SuavetLLANCE. ALL0matLE talP

$PECIfit0 afQutaf0. atQytatutNTS vatut StfPotNT CONo!TIONS CHANNELS CON 0!TIONS FUNCTION

11. neactor Coolant Pump frty 4 405 5tages l'. 2 & nefer to Function 9 (405 Stages 1. 2 & 3 Actuation) for initiating functions and requirements, 3 Actuation 4 per aCP e,L sa 3.1 7 1 (s 320'F*)

b. neatter Coolant 1,2 Sa 3.3.2.4 Pumo tearing la 1.1.2.5

-ester temperature 5a 3.3.2.6

- M10h aefer to punction 2.a (Manual Cwi Actuation) for requirements.

c. Panual. Cut Actuation-4 e.N sa 3.3.2.1 ((a?.Ose) a1.0s)

d. Pressuriter water 1.2 . 3. 4 (D 5a 1.1.2,4 Level Low 2 la 3.1.2.5 54 1 3.2.6 4 s,v SL 3.3.2.1 ((a1.0%)

7.os')

4("). 5(C+3) la 3.3.2,a 5a 3.1.2.5 la 3.3.2.6 Safeguards nefer to Function 1 (Safeguards actuation) f(r initiating functions and roovirements.

4.

Actuetton

12. Passive containment

- Cooling actuation N/A

'2 switch t.o sa 3.3.2.3

a. manual Initiation 1.2.3.4 sets 3.3.2.3 N/A 2 switch G,Y SR 5.6('I sets s,o la 3. 3. 2.1 - (s 8.0 psig) 4

-b. Contatnment 1.2.3.4 sa 3.3.2.4 Pressure - Nigh 2 54 1.3.2,5 la 1.3.2.6 (continued)

(C) - above the P 12 (Pressuriter Level) interlock.

(e) with reactor shut doen less than 100 hours0.00116 days 0.0278 hours 1.653439e-4 weeks 3.805e-5 months .

tesidual Heat memoval system (aN5).

()) with the.aC5 not being cooled by the Norma (n) with the aCl being tooled by the aul.

\

3.3 35 08/97- Amendment 0 ht e01\ AP600 ep600\ t e ta spec \ t6c l0102 . ro f . 040497

i-ESFAS Instrumentation 1

.% y .

a _f

-' 3.3.2

~..a_-s a t bie i.3.2 1 coage of 12)

Engineered safeguards Actuation system Instrumentation APPLICASLt moots on ofHta Suavt tLLatect . ALLonASLt fate SPECIFitD REQUtat0 VALUC SLTPotNT CON 0!T1045 CHANNtL5 CONotTIONS GEQu!BLMENTS f uNCT 30N

13. Passive tesidual west Removal Meat

(* Changer Actuation N/A 1.2,3,4U) 2 Switches E,N SR 3.3.2.3

. a. Manual Initiation N/A 2 switches t,U SR 3.3.2.3 4("). $(1) 4 per SG s.N st 3.1. 2.1 - (e 45.000

b. 5G % arrow aange 1. 2. 3. 4 U) SR 3.3.2.4 lba)

- water Level - Low 54 1.3.2.5 54 3,3.2.6 1,2,3,40) 2 per M,N SR 3.3.2.1 (a200gpm Coincident with 54 3.3.2.4 per SG J startup Feedwater feedneter 3.1.2.$

itne 54 Flow - Low SA 3.3.2.6 (a 25,000

1,2,3,4U) 4 per SG e.N $4 1.3.2.1

c. SG wide mange 54 3.1.2.4 lbel mater Level - Low 54 3.3.2.5 SR 3.3.2.6

d. 405 Stages 1,2 & nefer to Function 9 (ADS 5tages 1, 2 & 3 Actuation) for initiating 3 Actuation functions and reevirements.

1,2,3,40) nefer.to Function 2 (cwt Actuation) for initiating

- e. Cwt Actuation '

functions and reautrements.

4("). $(1) Refer to Functions 2.4 and 2.b (CMT Actuation) for initiatin9 functions and reautrements, e,N SR 3.3.2.1 (ss0U) f, Pressurtaer water 1.2.3.4U'D) 4 Sa 3.).2.4 Level. Nigh 3 sa 3.s.2.5 sa 3.3.2.6 (Continued)

(i) with the aC5 pressure boundary intact.

with tt,e aC5 not being tooled by the Normal nesidual west memoval System (ANS).

U)

( $) with the RC5 being Cooled by the mNS.

(p) Above the F 19 (RCS Pressure) interlock, 3.3 36 08/97- Amendment 0 .

h AP600 -

l

. eon.e.oouse..eu u.oiuo u v.o.o m l

~ -------- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

'l rs r- - ESFAS Instrumentation 3,3,2 I.)$ [.,tl p' &p l

l Table 3.3.2 1 (page 9 of 12) j Engineered Saf eguards Actuation System Instrueentation h

APPLICABLE moot $ OTMia suavt!LLANCE ALLOWABLE Ta!P SPECIF1tD atQutat0 VALut 5ttro!NT FUNCTION CONDITIONS CHANNEL 5 CONDIT1045 atQuintutNil

14. SG tiowdown isolation

a. Passive Residual 1,2,3.4U**) nefer to Function 13 (Passive aesidual weat nemoval Heat tschenger actuation) for all initisting functions west semoval Meat and requirements.

tacharger Actuation 1.2.3,40) 4 per 5G s.a sa 1.3.2.1 (a 45.000

b. SG harrow aange Sa 3.3.2.4 lbe) water tevel - Low Sa 3.3,2.5 Sa 3.1.2.6

15. soron Oilution slock (s source 2(f),3,4(*) 4 s.t Sa 3.3.2.1 mange Flua a

a. Source aange <a 1,1,2,4 Neutron Flus sa 3.3.2.5 1.6 in 50 multiplication Sa 3.1.2.6 minutes]

s,P Sa 3.3.2.1 (s Source

'5(*) 4 ~

Sa 1.1.2.4 aange Flut x Sa 3.3.2.5 1.6 in 50 54 3.3.2.6 minutes

b. neactor Trip nefer to Function 18 a (t$Fa5 Interlocks, aeactor Trip, P 4) for all reautrements.

' 1,2,3,4(*) 4 sT Sa 3.1.2.3 (a 143 v')

c. sattery Charger divisions sa 3.3.2.4 Input voltage -

Low s,P sa 3.3.2.3 (a 343 v')

5(*)

4 divisions sa 3.3.2.4 4

16. Chemical volume and Control system makeup Isolation e,a sa 1.3.2.1 (s 954]

SG harrow aan

a. water 1,2,3,40+*) 4 per SG Sa 3.3.2.4 Level ge sa 3.3.2.5 Migh 2 la 3.3.2.6 3.3.2.1 (s 30%*]

D. Pressuriter water 1,2,3(*) 4 s,Q la sa 3.3.2.4 Level - wtgh 1 sa 3.3.2.5 sa 3.3.2.6 1,2,3,4U***D) 4 -s,T sa 3.1.2.1 [s 67% or

c. Pressuriser water 74%. See Level - wigh 2 sa 3.3.2.4 Note 3]

la 3.3.2.5 la 3.1.2.6 1,2,3(*) 4 s,q Sa 3.3.2.1 (s 100 m/hr)

< d. Containment Sa 3.1.2.4 madioacttvtty - sa 3.3.2.5 wigh 2 sa -3.3.2.6 (continued)

(f).

selow the P 6 (Intermediate Range Neutron Flus) interlocks.

()) with the act not being cooled by the Normal aesidual weat nemoval system (aN5),

4 (m) Not appitcable for valve isolation Functions whose associated flow path is isolated.

(p) above the P 19 (nCS Pressure) interlock.

=ote 3: 674 ts the nominal setpotnt.

144 is the analysed setpoint.

3,3 37' 08/97 Amendment-0 AP600L iPonae.ocuunseau.omor e.ceom

.- . . . . _ , y _ .- ,_. - - - . _ - - - _. , - - - _ . - _ _ _ _ _ _ _ - _

ESFAS Instrumentation 3,3,2 t

' p-r+

nA ..i C i* ,

Table 3.1.2 1 (page 10 of 12)

Engineered Safeguards Actuation System instrumentation APPLICABLE N00t5 OTMtm ALLOWABLE Ta!P a(OVlat0 Suavt1LLANCE S ET POINT SPECIFit0 CON 0!T!DNS atOulatutNT5 v&Lut CDNDIT!DNS CHANNELS fuhC110M

17. Normal eesidual Heat memoval System Isolation Sa 1.1.2.1 (s 100 m/hr)

a. Containment 1,2,3C *) 4 s.Q sa 3.3.2.4 aadioattivity - Sa 3.1.2.5 High 2 Sa 1.3.2.6 1,2,3(*) Refer to Function 1 (Safeguards Actuation) for al'.

b. Safeguards initiating functions and reoutrements.

Actuation

18. ESFAS Interlocks la 3,3.2,3 ufa 1,2,3 3 0,u

a. atactor Trip, P 4 divisions sa 3.3.2.1 (s 1970

b. Pressuriger 1,2,3 4 J,m 3.3.2.4 psig)

Sa Pressure, P.11 sa 3.3.2.5 sa 3.3.2.6 4 3,L la 3.1.2.1 (a it-10 2 3.3.2,4 ames)

c. Intermediate sa mange Neutron Sa 3.3.2.5 Flus, P 6 sa 3.3.2.6 Sa 1.3.2.1 (Above 1,2,3 4 J.m pressuriger

d. Pressuriser 54 3.3.2.4 water Level Level P*12 sa 1.3.2.5 - Low 1 sa 3.3.2.6 setpoint of 204)

Sa 3.1.2.1 (a700 psig]

1,2,3,4(I) 4 J.H 3,3.2,4

e. aC5 pressure, SR P.19 la 3.3.2.5 Sa 3.3.2.6

19. Containment Air Filtration System isolation Sa 3.3.2.1 (s 2 R/hr}

1,2,3 4 s,Q

a. Containment sa 3.3.2.4 aadioactivity - Sa 3.3.2.5 Migh 1 Sa 3.3.2.6 aefer to Function 3 (Containment Isolation) for initiating functions and

b. Containment requirements.

Isolation (continued)

(j) with the aCS not being cooled by the normal metidual Heat memoval System (aNS).

is isolated.

(*) Not applicable for valve isolation Functions whose associated flow path 3.3 38 08/97 Amendment 0 h AP600 iean.eooou. menu.oicion.m.o. n, l

ESFAS Instrumentation

' I3,y . ,, ,, 3.3.2 L , ,

Table 3.3.21 (page 11 of 12) tagineered safeguards Actuation System Instrumentatica APPL 1CASLE ALLowasLE TatP N0015 oTHEn Suavt1LLANCE VAtut $tTPotNT SPEC 17tED atOUInto stoutatutmTS CHANNEL 5 CONo!T1oN5 CONDIT!oNS FUNCT!oN

20. uain Control aoom Isolation and Air (s 2:103 supply Intttation r,o sa 1.1.2.1 curtes/m 1.2.3.4 2 sa 3.1.2.4 oose

a. Contro) aoom Air sa 3.3.2.5 touivalent suppir eadtation sa 3.3.2.6 1 131)

- nt gli 2 sa 1.1.2.1 (s 2 103 c,n curies /m Note (h) 2 Sn 1.3.2.4 pose sa 1.3.2.5 toutvalen:

sa 3.5.2.6 1 131) 1.1.2.3 (al43 v']

4 so sa 3.3.2.4 b, sattery Charger 1.2.3.4 divisions la Input voltage - [, 34) v+)

Low 4 c.n sa 3.3.2.3 Note (h) sa 3.3.2.4 divisions 21.

Aus111ery spray and Purification Line (20.0v)

Isolation a.L sa 1.3.2.1 1,2 4 sa 3.3.2.4

a. Pressuriser water Sn 1.1.2.5 tevel - tow I 5a 1.3.2.6 22 In-Containment asfueline water Storage tank (:r.wsT)

In}ection Line valve 3.3.2.3 m/A actuation t,N ta

1. 2. 3. 4 U) 2 switch

a. uanual initiation sets 10 (405 4th stage Actuation) for initiating functions

b. Aos 4th stage nefer to

unction and requirements, Actuation (a 1 in.

w.y $a 1.1.2.1 above %ttom 4(n) 5,6(9)

__1 per loop sa 1.3.2.4 inside

c. Coincident aCs sa 1.1.2.5 surface of Loop 1 and 2 Hot $a 3.1.2.6 the hot Leg Level - Low legs) 6' 23 lawsf Containment necirculation valve Actuation w/A t,w sa 3.3.2.3 1,2,3,4UI 2 switch

4. wanual Initiation : sets m/A c.y sa 3.3.2.3 4(") . 5. 6(9) 2 switch sets nefer to Function 1 ($afeguards Actuation) for all initiating functions

b. Safeguards and requirements.

actuetton (continued) full.

with vocer internals in place and refueling cavity less than (9)

(h) ouring movecent of irradiattj fuel assectites. al systeo (aus).

unth tne ac$ not being cooled by the wormal assidual Heat memov (1)-

with tne aCs being cooled by the aM$.

(n) 08/97 Amendment 0 l 3.3 39 !

h AP600

. ,,on...ocu.meuusoioiar.eosom

_1-- - - - - - - _ - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ - - _ _ .

4 m y ESFAS fnstrumentation

., .s .

3.3.2 table 3.3.2 1 (page 12 of 12)

Engineered Safeguards actuation Systeo Instrumentation APPLICAsLE moots OTHta ALLowastt inte Rf0V!nto Suavt!LLANCE VALUt $(TPO!NT SPECIFIED aggutREMENT$

CONDITIONS CHANNELS . CONDIT10NS FUNCTION l

24 Spent Fuel Pool Isolation 3.3.2.1 (37.5 ft.)

3 C.* Sa

a. Spent Fuel Pool 6 sa 3.3.2.a Level - Low sa 3.3.2.5 ta 3.3.2.6 1

21. (5FACs togic 3.3.2.2 N/A 0.0 SR 1,2.3.4 4

a. Actuation divisions.

Subsystems I battery-backed subsystee per

) division N/A a G.w SR 3.3.2.2

$.6(9) divisions.

1 battery-backed subsystem per division

26. PLCs N/A 4 D,0 sa 3.3.2.2

a. Functional Logic 1.2.3.4 divisions. 5R 3.3.2.7 Subsystem 1 battery- Sa 3.3.2.8 backed subsystee j per cabinet N/A a G.w sa 3.1.2.2 5.6(9) divisions. Sa 3.3.2.7 1 battery-backed subsystem per cabinet

27. Pressurizer weater Trip nefer to Function 2 (Core makeup Tank Actuation) for all initiating

a. Core makeup fank functions and requirements. In addition to the requirements for Actuation Function 2. SR 3.3.2.9 also applies.

2

28. Chemical and volume Control systee Letdown Isolation sa 1.3.2.1 (s 3 in.

4(") 5.6(9) 1 per loop C.T 3.3.2.4 above inside

a. not Leg Level - la surface of Low 1 sa 3.3.2.5 the hot sa 3.3.2.6 legs)

(continued)

(g) with upper internals'in place and refueling cavity less than full.

d flow pat. is isolated.

6 (m)

Not applicable for valve isolation Functions whose associate (n) with the RC5 being cooled by the RN5.

3.3 40 08/97 Amendment 0

h. .oAP600-n .. amu.o..uu.o io iou r.os u,,

n-

RTS Instrumentation 7 , ,, . ,g -B 3.3.1 B 3.3 -INSTRUMENTATION B 3,3.1 . Reactor Trip System (RTS) Instrumentation

=

BASES The RTS initiates a unit shutdown, based upon the values of BACKGROUND selected unit parameters to protect against violating the core fuel design limits and Reactor Coolant System (RCS) pressure boundary during anticipated operational occurrences (A00s) and to assist the Engineered Safety Feature Actuation System (ESFAS) in mitigating accidents.

The Protection and Safety Monitoring System (PMS) has been designed to assure safe operation of the reactor. This is achieved by specifying limiting safety system settings (LSSS) in terms of parameters directly monitored by the RTS, as well as specifying LCOs on other reactor system parameters and equipment performance.

J During A00s, which are those events expected to occur one or more times during the unit life, the acceptable limits are:

1. The Departure from Nucleate Boiling Ratio (DNBR) shall be maintained above the Safety Limit (SL) value to prevent departure from nucleate boiling (DNB);

2. Fuel centerline melt'shall not occur; and

3. The RCS pressure SL of 2750 psia shall not be exceeded.

Operation within the SLs of Specification 2.0. " Safety Limits (SLs)." also maintains the above values and assures that offsite doses are within the acceptance criteria during A00s.

Design Basis Accidents (DBA) are events that are analyzed even though they are not expected to occur during the .

unit life. The acceptable limit during accidents is that the offsite dose shall be maintained within an acceptable fraction of the limits. Different accident categories are allowed a different fraction of these limits, based on the probability of occurrence. Meeting the acceptable dose limit for-an accident category is considered having acceptable consequences for that event.

i (continued) 8 3.3 1 08/97 Amendment 0 h AP600 n ae m o v er.o. u i, uo m u a.

RTS Instrumentation

-- s - - B 3.3.1 L

BASES The RTS maintains surveillance on key process variables BACKGROUND which are directly related to equipment mechanical (continued) limitations, such as pressure, and on variables which directly affect the heat transfer capability of the reactor, such as flow and temperature, Some limits, such as Overtemperature AT, are calculated in the integrated protection cabinets from other parameters when direct measurement of the variable is not possible.

The RTS instrumentation is segmented into four distinct but interconnected modules as identified below:

l

Field inputs from process sensors, nuclear instrumentation:

. Integrated Protection Cabinets (IPCs):

. Dynamic Trip Bus: and

. Reactor Trip Switchgear Interface.

Field Transmitters and Sensors Normally, four redundant measurements using four separate .

sensors are made for each variable used for reactor trip.

The use of four channels for protection functions is based on a minimum of two channels being required for a trip or actuation, one channel in test or by)Tne ass,signal and aselector single in the failure on the remaining channel.

Plant Control System (PLS) will function with only three channels.

This includes two channels properly functioning For protection and one channel having a single failure.

channels providing data to the control system, the fourth Minimum channel permits one channel to be in test or bypass, requirements for arotection The and fourthcontrol channelis isachieved provided with to only three channels OPERABLE, increase plant availability, and permits the plant to run for The an indefinite time with a single channel out of service.

circuit design is able to withstand both an input failure to the control system, which may then require the protection Function actuation, and a single failure in the other Again, channels providing the protection Function actuation.

a single failure will neither cause nor prevent the Tnese requirements are protection Function actuation, (continued) 08/97 Amendment 0 8 3.3 2 bmm.m.uu AP600.m m 4,.m ,, ,

_ -m

RTS !nstrumentation B 3.3.1 N r' <e it . , ,

BASES BACKGROUND Field Transmitters and Sensors (continued)

The actual number of described in IEEE 279 (Ref. 5).

channels required for each plant parameter is specified in Reference 2.

Selected analog measurements are converted to digital form b digital converters within the integrated protection cabinets.

Signal conditioning may be applied to selected Followinginputs following the conversion to digital form.

necessary calculations and processing, the measurements-are compared against the applicable setpoint for that variable.

A partial trip signal for the given parameter is generated one channel measurement exceeds its predetermine calculation limit.

trip is duplicated in each Eachof the four division redundant sends its partialdivisions trip o the protection system. status to each of the other three divis Each division is caoable of generating a multiplexed links. reactor trip signal if two or more of tw red of a single variable are in the partial trip state.

The reactor trip signal from each of the four integrated protection cabinets Each is of sent the to fourthe corresponding reactor trip actuationreacto actuation division. The divisions consists of two reactor trip circuit breakers.

reactor is tripped when two or more actuation divisionsT receive a reactor trip signal.

initiates the following two actions:

1.

It de energizes the undervoltage trip attachment on eac reactor trip breaker, and 2.

It energizes the shunt trip device on each reactor trip breaker.

Opening of the Either action causes the. breakers to trip.

appropriate trip breakers removes powe This rapid negative reactivity insertion shuts the core.

down the reactor.

(continued) 08/97 Amendment 0 8 3.3 3 h AP600

RTS instrumentation B 3.3.1

," ? e"

~ T, BASES IPCs BACKGROUND. .

(continued) The IPCs contain the necessary equipment to:

Permit acquisition and analysis of the sensor inputs.

including plant process sensors and nuclear instrumentation, required for reactor trip and ESF calculations:

Perform computation or logic operations on variables

-based on these inputs:

Provide trip signals to the reactor trip switchgear and ESF actuation data to the ESFACs as required:

Permit manual trip or bypass of each individual reactor trio Function and permit manual actuation or bypass of eac1 individual voted ESF Function:

Provide data to other systems in the Instrumentation an Control (I&C) architecture:

Provide functional diversity for the reactor trips and ESF actuations; and Provide separate input circuitry for con for protection Functions.

Each of the four IPCs provides signal con room, and comparisonThe of measured basis of theinput signals setpoints arewith established setpoints. If the measured value described in References 1, 2. and 3.

of a unit parameter exceeds the predete logic evaluation.

Dynamic Trio Bus _

The dynamic trip bus provides a seliable means of op reactor trip switchgear in its own division as demand the individual- protection functions, between the dynamic trip bus and the reactor trip subsyste trip enable subsystems, global trip subsystem, and automatic tester subsystem.

(continued)_

08/97 Amendment 0 8 3.3 4 HAP 600 .

i.am.m uusamover.ceno

RTS instrumentation n .. .,. B 3.3.1 BASES BACKGROUND Dynamic Trip Bus (continued) sartial trips, partial trip enables, global trip. global The dynamic aypass permissive. and automatic global bypass.

trip bus combines this data and determines the desired state of the switchgear.

The dynamic trip bus interface panel incorporates a three position (trip / normal / bypass) switch allowing each trip function to be placed in a manual partial trip, normal or manual bypass state. While the trip / normal / bypass switch remains in the normal )osition, automatic operation of the partial trip function )y the protection function is enabled.

When placed in either the trip or bypass position, the dynamic trip logic is forced to the desired partial trip or bypass condition regardless of the reactor trip subsystem output state.

Reactor Trip Switchgear Interface The final stage of the dynamic trip bus provides the signal to energize the undervoltage trip attachment on each RTB within the reactor trip switchgear. Loss of the signal de energizes the undervoltage trip attachments and results in the opening of those reactor trip switchgear. An additional external relay is de energized with loss of the signal. The normally closed contacts of the relay energize the shunt trip attachments on each switchgear at the same time that the undervoltage trip attachment is de energized. This diverse trip actuation is performed external to the PMS cabinets.

The switchgear interface including the trip attachments and the external relay are within the scope of the PHS. Sesarate outputs are provided for each switchgear. Testing of tne interface allows trip actuation of the breakers by either the undervoltage trip attachment or the shunt trip attachment.

Trip Setpoints and Allowable Values The Trip Setpoints are the nominal values at which the trip output is set. Any trip output is considered to be properly adjusted when the "as left" value is within the band for CHANNEL CALIBRATION accuracy (i.e., t rack calibration accuracy).

(continued) 1

\te t et 16010101.rC7 041597 ,

l

RTS Instrumentation m ,, , , ,e B 3.3.1 3

BASES Trip Setpoints and Allowable Values (continued)

BACKGROUND The Trip Setpoints used in the trip output are based on the analytical limits stated in Reference 1. The selection of these Trip Setpoints is such that adequate protection is provided when all sensor and processing time delays are taken into account. To allow for calibration tolerances, instrument drift. and severe environment errors for those channels that must function in harsh environments

>oints and Allowable as de by 10 CFR 50.49 (Ref. 6), the Trip Set values specified in Table 3.3.11 in t1e accompanying LCO are conservatively adjusted with respect to the analytical limits. A detailed description of the methodology used to calculate the Trip Setpoints, including their explicit uncertainties, is provided in the ' Westinghouse Setpoint The Methodology for Protection Systems" (Refs. 4 and 9).

cetual nominal Trip Setpoint entered into the trip output is more conservative than that specified by the Allowable Value to account for changes in random measurement errors detectable by a COT. One example of such a change in measurement error is drift during the surveillance interval.

If the measured setpoint does not exceed the Allowable Value, the trip output is considered OPERABLE.

Setpoints in accordance with the Allowable Value ensure that SLs are not violated during A00s (and that the consequences of DBAs will be acceptable providing the unit is operated from within the LCOs at the onset Note thatof the A00 or DBA an in the equipment functions as designed),accom)anying LC0 are tie LSSS.

Each channel of the process control equipment can be tested on line to verify that the signal or setpoint accuracy is within the specified allowance requirements of Reference 4.

Once a designated channel is taken out of service for testing, a simulated signal is injected in place of the field instrument signal. The process ecuipment for theSRs channel for thein test is then tested, verified anc calibrated.

channels are specified in the SRs section.

The Trip Setpoints and Allowable Values listed in Table 3.3.11 are based on the methodology-described in Reference 4, which incorporates all of the knownThe magnitudes uncertainties applicable for each channel.

these uncertainties are factored into the determinatio (continued) 08/97 Amendment 0 1 h AP600 B 3.3 6 t*0Litecmsee<\160 50101 r07 041317 ,

l RTS Instrumentation

,, .. .

1 all MODES in which the LCOs and RTBs are closed. APPLICABILITY Each of the analyzed accidents and transients which require reactor trip can be detected by one of more RTS functions. The accident analysis described in Reference 3 takes credit for most RTS trip Functions. RTS trip Functions not specifically credited in the accident analysis were qualitatively credited in the safety analysis andThese the NRC RTS trip staff approved licensing basis for the plant. Functions may provide protection for conditions which do not require dynamic transient analysis to demonstrate function xrformance. These RTS trip Functions may also serve as sackups to RTS trip Functions that were credited in the accident analysis. The LCO requires all instrumentation performing an RTS Function. listed in Table 3.3.11 in the accompanying LCO. to be OPERABLE. Failure of any instrument renders the affected channel (s) inoperable and reduces the reliability of the affected Functions. The LC0 generally requires OPERABILITY of three channels in each instrumentation Function. Reactor Trip System Functions The safety analyses and OPERABILITY requirements applicable to each RTS Function are discussed below:

1. Manual Reactor Trip The Manual Reactor Trip ensures that the main control ,

room operator can initiate a reactor trip at any time by e (continued) ; I h AP600 8 3.3 8 08/97 Amendment 0 l t otuun.numom.,v.c.us, RTS Instrumentation pq g np B 3.3.1 L_ c 'j BASES

1. Manual Reactor Trip (continued)

APPLICABLE - . SAFETY ANALYSES. LCOs, and using either of two reactor trip actuation devices in the A Manual Reactor Trip accomplishes APPLICABILITY main control room. the same results as any one of the automatic trip Functions. It can be used by the reactor operator to shutdown the reactor whenever any parameter is rapidly trending toward its Trip Setpoint. The safety analyses do not take credit for the Manual Reactor Trip. The LCO requires tu Manual Reactor Trip actuation devices be OPERABLE in MODE 1 and 2 and in M00E 3, 4, and 5 with RTBs closed and ?LS capable of rod withdrawal. Two independent actuation devices are required to be OPERABLE so that no single random failure will disable the Manual Reactor Trip Function. in MODE 1 or 2. manual initiation of a reactor trip must 'oe OPERABLE. These are the MODES in which the shutdown rods and/or control rods are partially or fully withorawn In MODE 3. 4, or 5, the manual initiation from the core. Functicn must also be OPERABLE if the shutdown rods are withdrawn or the PLS is capable of withdrawing In MODE 3. 4, and 5. the shutdown or control rods. manual initiation of a reactor trip does not have to be OPERABLE if the PLS is not capable of withdrawing the shutdown or control rods. If the rods cannot be i withdrawn from the core, there is no need to be able to tria the reactor because all of the rods are inserted. ' In 400E 6 neither the shutdown rods nor the control are permitted to be withdrawn and the CRDMs are disconnected from the control rods and shutdown ro Therefore, the manual initiation Function does not have to be OPERABLE.

2. Power Range Neutron Flux The PMS power range detectors are located external to the reactor vessel and measure neutrons leaking from the core. The PMS power range detectors provide input to the PLS.

Minimum requirements for protection and control is achieved with three channelc. OPERABLE, The fourth channel is provided to increase plant availability, and permits the plant to run for an indefinite This time with a Function-also single channel in trip or bypass. satisfies the requirements of IEEE 279 (Ref. 5) with 2/4 logic. This Function also provides a signal to (continued)_ 08/97 Amendment 0-8 3.3 9 bmuna..uu AP600.eiom ,v..n , , I RTS Instrumentation B 3.3.1 & ., o y BASES 2. Power Range Neutron Flux (continued) APPLICABLE SAFETY ANALYSES. prevent automatic and manual rod withdrawal prior to LCOs, and initiating a reactor trip. Limiting further rod APPLICABILITY withdrawal may terminate the transient and eliminate the need to trip the reactor,

a. Power Range Neutron Flux - High The Power Range Neutron Flux - High trip Function ensures that protection is provided, from all power levels, against a positive Positive reactivityreactivity excursion during power operations.

excursions can be caused by rod withdrawal or reductions in RCS temperature. The LCO requires four Power Range Neut In MODE 1 or 2, when a x sitive reactivity excursion could occur, the Power Range Neutron Flux - HighT trip must be OPERABLE.the reactivity excursio prior to reaching a power level that could the fuel. Neutron Flux - High trip does not have to be OPERABLE because the reactor is shutdown reactivity excursion in the power range cannot occur. Other RTS Functions and administrative controls provide protection against reactivityIn addition, additions when in MODE 3, 4. 5. or 6. the PMS power range detectors cannot detect neutron levels in this range,

b. Power Range Neutron Flux - Low The LC0 requirement for the Power Range Neutron Flux - Low trip Function ensures that protection is provided against a positive reactivity Theexcursion Trip from low power or subcritical conditions.

Setpoint reflects only steady state in crimary protection for any event that results in a narsh environment, i l (continued)_' 08/97 Amendment 0 B 3.3 10 b AP600 . uomn s.aummuor emir a RTS Instrumentation v- - . ,. B 3.3.1 .- . 4 l BASES

b. Power Range Neutron Flux - Low ~ (continued)

APPLICABLE ! SAFETY ANALYSES, The LC0 requires four of the Power Range Neutron LCOs, and APPLICABILITY Flux - Low channels to be OPERABLE in MODE 1 below the Power Range Neutron Flux P 10 Setpoint and H0DE 2. 1 In H00E 1, below the Power Range Neutron Flux P 10 setpoint and in MODE 2, the Power Range Neutron Flux - Low trip must be OPERABLE. This Function may be manually blocked by the operator when the respective power range channel is greater than This approximately 10% of RTP (P 10 setpoint). Function is automatically unblocked when the respective power range channel is below the P 10 setpoint. Above the P 10 setpoint, positive reactivity additions are mitigated by the Power Range Neutron Flux - High trip Function. In MODE 3, 4, 5, or 6, the Power Range Neutron Flux-Low trip Function does not have to be OPERABLE because the reactor is shutdown and the PMS power range detectors cannot detect neutron levels generated in H00E 3, 4, 5, and 6. Other RTS trip Functions and achinistrative controls provide protection against positive reactivity additions or power excursions in H00E 3, 4, 5, or 6.

3. Power Range Neutron Flux - High Positive Rate The Power Range Neutron Flux - High Positive Rate trip Function ensures that protection is orovided against rapid increases in neutron flux whic1 are characteristic of a rod cluster control assembly (RCCA) drive rod housing rupture and the accompanying ejection of the RCCA.

This Function compliments the Power Range Neutron Flux - High and Low trip Functions to ensure that the criteria are met for a rod ejection from the oower range. The Power Range Neutron Flux Rate trip uses t1e same channels as discussed for Function 2 above. The LCO requires four Power Range Neutron Flux - High In H00E 1 or 2. Positive Rate channels to be OPERABLE. when there is a potential to add a large amount of positive reactivity from a rod ejection accident (REA), the Power Range Neutron Flux - High Positive Rate trip (continued)_ B 3.3 11 08/97 Ar ndment 0 h AP600 t*01\tetaspec\t4010101.e07 082197 . RTS Instrumentation B 3.3.1 ; BASES-

3. Power Range Neutron Flux - High Positive Rate APPLICABLE SAFETY ANALYSES.

Icontinued) - LCOs and - In MODE 3, 4. 5. or 6. the Power Range must be OPERABLE. APPLICABILITY- Neutron Flux - High Positive Rate trip Function does not ~ have to be OPERABLE because other RTS trip Functions and administrative controls will provide Also,protection since onlyagainst the i positive reactivity additions. shutdown banks may be w remaining complement of control bank worth ensures a-SOM in the event of an REA. In MODE 6. no rods are withdrawn and the SDM is increased during refueling operations. The reactor vessel head is_ also removed or the closu bolts are detensioned preventing any pressure buildup. In addition, the PMS power range detectors cannot detect neutron levels present in this MODE.

4. Intermediate Range Neutron Flux The Intermediate Range Neutron Flux trip Function ensures that protection is provided against an uncontrolled RCCA bank withdrawal accident from a subcritical condition during startup. This trip Function provides redundant 3

protection to the Power Range Neutron Flux - Low Setpo The PMS intermediate range detectors are trip Function. located external to the reactor vessel and measureThe safet neutrons leaking from the core. not take credit _for the Intermediate Range Neutron Flux Evan though the_ safety analyses take no trip Function. credit for the Intermediate Range Neutron Flu functional capability at the specified Trip Setpoint The Trip enhances the overall diversity of the RTS. Setpoint reflects only steady state instrumen protection for any events that result in a harshT F environment. main control room-operator when above the P 10 setpoint. which is the respective PMS power range channel greater than 10% power, and is automatically unblocked when belo the P 10-setpoint, which is the respective PMS power range channel less than 10% power. -This Function also provides a signal to prevent automatic and manual rod withdrawal prior to: initiating a reactor trip. Limiting further rod withdrawal may terminate the transient and eliminate the_need to trip the reactor. (continuedj, 08/97 Amendment 0 8 3.3 12 b AP600 , 1Mbtete neet\ t4010 l01.*0704 tl17 - . , . .__ , - - - , -m - . c _ , ~ . - -- .--m.. -. RTS Instrumentation ., m . .. B 3.3.1 BASES APPLICABLE 4. Intermediate Rare Neutron Flux (continued) SAFETY ANALYSES. The LCO requires four thannels of Intermediate Range LOCs. and Four channels are provided APPLICABILITY Neutron Flux to be OPERABLE. to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In MODE 1 below the P 10 setpoint, and in MODE 2, when there-is a potential for an uncontrolled rod withdrawal accident during reactor startup the Intermediate Range Neutron Flux trip must be OPERABLE. Above the P 10 setpoint, the Power Range Neutron Flux - High Setpoint trip and the Power Range Neutron Flux - High Positive Rate trip provide core protection for a rod withdrawal accident. In MODE 3, 4. or 5. the Intermediate Range Neutron Flux trip does not have to be OPERABLE because the control rods must be fully inserted and only the shutdown rods may be withdrawn. The reactor cannot be started up in this condition. The core also has the required SDN to mitigate the consequences of a positive reactivity addition accident. In MODE 6. all rods are fully inserted and the core has a required increased SDM. Also, the PMS intermediate range detectors cannot detect neutron levels present in this mode.

5. Source Range Neutron Flux The LCO requirement for the Source Range Neutron Flux trip Function ensures that protection is provided against an uncontrolled-bank rod withdrawal accident from a subcritical condition during startup. This trip Function orovides redundant protection to the Power Range Neutron

1ux - Low Setpoint and Intermediate Range Neutron Flux trip Functions. In MODES 3. 4. and 5. administrative

controls also prevent the uncontrolled withdrawal of rods. The PMS source range detectors are located external to the reactor vessel and measure The safety analysesneutrons do not take leaking from the core.

credit for the Source Range Neutron Flux trip Function. Even though the safety analyses take no credit for the Source Range Neutron Flux trip, the functional capability at the specified Trip Setpoint is assumed to be available and the trip is implicitly assumed in the safety analyses. (continued) B 3.3 13 08/97 Amendment 0 b AP600.omat.,or.o.n,, mmment , RTS Znstrumentation r,. . B 3.3.1 BASES

5. Source Range Neutron Flux (continued)

APPLICABLE SAFETY ANALYSES, LCOs, and The Trip Setpoint reflects only steady state instrument uncertainties as the detectors do not provide primary APPLICABILITY protection for any events that result in a harsh environment. This trip can be manually blocked by the main control room operator when above the P 6 setpoint (Intermediate Range Neutron Flux interlock) and is The automatically unblocked when below the P 6 setpoint. manual block of the trip function also de energizes the source range detectors. The source range detectors are automatically re energized when below the P 6 setx> int. 3 10 The trip is automatically blocked when above the The setpoint (Power Range Neutron Flux interlock). source range trip is the only RTS automatic protective Therefore, the Function required in MODES 3, 4, and 5. functional capability at the specified Trip Setpoint is assumed to be available. The LCO requires four channels of Source Range Neutron Flux to be OPERABLE in MODE 2 below P 6 and in MODE 3, 4. or 5 with RTBs closed and Control Rod Drive System Four channels are provided to capable of rod withdrawal. permit one channel in trip or bypass indefinitely and still ensure no single random failure will disablexn, this trip Function. In MODE 3, 4, or 5 with the RTBs o Flux the LCO does not require the Source Range Neutron channels for reactor trip Functions to be OPERABLE. In H00E 2 when below the P 6 setpoint during a reactor startuo. the Source Range Neutron Flux trip must be OPERAB.E. Above the P 6 setpoint, the Intermediate Range Neutron Flux trip and the Power Range Neutron Flux - Low Setpoint trip will orovide core protection for reactivity accidents. Above tw P 6 setpoint, the PMS source range detectors are de energized and inoperable as described above. l (continued) 8 3.3 14 08/97 Amendment 0 l b AP600 i osu.m uumom.,v oum , I 1 RTS Instrumentation B 3.3.1 . .-, v. BASES

5. Source Range Neutron Flux (continued)

APPLICABLE SAFETY ANALYSES, In MODE 3, 4, or 5 with the reactor shutdown, the Source LCOs, and Range Neutron Flux trip Function must also be OPERABLE. APPLICABILITY If the PLS is capable of rod withdrawal, the Source Range Neutron Flux trip must be OPERABLE to provide coreIf the PLS protection against a rod withdrawal accident. is not capable of rod withdrawal, the source range detectors are required to be OPERABLE to provide monitoring of neutron levels and provide protection These for events like an inadvertent boron dilution. Functions are addressed in LC0 3.3.2 " Engineered Safety The Feature Actuation System (ESFAS) Instrumentation." requirements for the PMS source range detectors in MODE 6 are addressed in LC0 3.9.3, " Nuclear Instrumentation."

6. Overtemperature AT The Overtemperature AT trip Function ensures that protection is provided to ensure that the design limit ONBR is met.

This trip Function also limits the range over which the Overpower AT trip Function must provide protection. The inputs to the Overtemperature AT trip include all combinations of pressure, power, co temperature, and axial Protection from violating the ONBR reactor coolant flow. limit is assured for those transients that are slow with respect system. to delays froc the core to the measurem loop AT as a measure of reactor power and is automatically varied with the following parameters: a reactor coolant average temperature - the Trip Setpoint is varied to correct for changes in coolant density and specific heat capacity with changes in coolant temperature: 1 (continued) l 08/97 Amendment 0 h AP600 B 3.3 15 retuu ..mtmaiosw.o.im , RTS Instrumentation .'T* 8 3.3.1 BASES f

6. Overtemperature AT (continued)

APPLICABLE SAFETY ANALYSES, pressurizer pressure - the Trip Setpoint isand varied LCOs, and to correct for changes in system pressure: APPLICABILITY . axial power distribution - the Trip Setpoiat H varied to account for imbalances in the axial power distribution as detected by the PMS upper and lower If axial peaks are greater power range detectors.than the design limit, as indica difference between the upper and lower PMS power range detectors, the Trip Setpoint is reduced in accordance with Note 1 of Table 3.3.1 1. Dynamic compensation is included for system piping del from the core to the temperature measurement system. The Overtemperature AT trip Function is calculatedThis for each loop as described in Note 1 of Table 3.3.11. Function also provides a signal to generate a Aturbine turbine runback prior to reaching the Trip Setpoint. A runback will reduce turbine power and reactor power. reduction in power will normally alleviate the Overtem>erature tri ). AT condition and may pr turaine runback. The LCO requires four channels of the Overtemperatur Four trip Function to be OPERABLE in MODE 1 and 2. channels are provided to permit one channel in trip or bypass indefinitely and still ensure noNote single that random the failure will disable this trip Function. Overtemperature AT FunctionFailures receivesthat input from cha affect shared with other RTS Functions. multiple Functions require entry into the Conditions applicable to all affected Functions. In MODE 1 or 2, the Overtemperature AT trip mu OPERABLE to prevent DNB. trip Function does not have to be OPE production to be concerned about DNB. (continued) 08/97 Amendment 0 B 3.3 16 h AP600 lp01\techspet\1W10101.r97 0428tF RTS Instrumentation e B 3.3.1 BASES ) l

7. Overpower AT l APh.ICABLE SAFETY ANALYSES, i The Overpower AT tri) Function enseres that protection is the fuel (i.e., no l LCOs. and APPLICABILITY provided to ensure tie integrity o) :

fuel pellet melting and less than 1% cladding strain) (continued) under all possible overpower conditions. This trip Function also limits the required range of the ! Overtemperature AT trip function and provides a backuo T ne to the Power Range Neutron Flux - High Setpoint trip. Overpower AT trip Function ensures that the allowable heat generation rate (kW/ft) of the fuel is not exceeded. It uses the AT of each loop as a measure of reactor power and is automatically varied with the following parameters: . reactor coolant average temperature - the Trip Setpoint is varied to correct for changes fn coolant density and specific heat capacity with changes in coolant temperature: and 4 . rate of change of reactor coolant average temperature - including dynamic compensation for the delays between the core and the temperature measurement system. The Overpower AT trip Function is calculated The TripforSetpoint each loop as per Note 2 of Table 3.3.11. reflects the inclusion of both steady state and adverse environmental instrument uncertainties as the detectors )rovide protection for a steam line break and may be in a Note that this Function also provides 1arsh environment. a signal to generate a turbine runback prior to reaching the Trip Setpoint. A turbine runback reduces A reduction in powerturbine normally power and reactor power. alleviates the Overpower AT co reactor trip. The LCO requires four channels of the Overoower AT trip Four channels Function to be OPERABLE in MODE 1 and 2. are provided to permit one channel In trip or bypass indefinitely and still ensure no single random failure The Overpower AT will disable this trip Function. Function receives input from channels shared with other (continued) 8 3.3 17 08/97 Amendment 0 h AP600 l'Ot\techapec\t6010101 r07 062197 , .- a --.4---H . - - _ _ _ _ . m ae p%.u - a +--*e RTS Instrumentation B 3.3.1 BASES APPLICABLE 7. Overpower AT (continued) SAFETY ANALYSES. RTS Functions. Failures that affect multiple Functions LCOs. and APPLICABILITY require entry into the Conditions applicable to a affected Functions. In MODE 1 or 2. the Overpower AT trip function must be OPERABLE. These are the only times that enough heat is generated in the fuel to be concerned about the heat generation rates and overheating of the fuel. In H00E 3.

4. 5. or 6. this trip Function does not have to be OPERABLE because the reactor is not operating and there is insufficient heat production to be concerned about fuel overheating and fuel damage.

8. Pressurizer Pressure The same sensors provide input to the Pressurizer Pressure - High and - Low trips and the Overtemperature AT trip,

a. Pressurizer Pressure - Low The Pressurizer Pressure - Low trip Function ensures that protection is provided against violating the ONBR limit due to low pressure. The Trip Setpoint reflects both steady state and adverse environmental instrument uncertainties as the detectors provide primary protection for an event that results in a harsh environment.

The LCO requires four channels of Pressurizer Pressure - Low to be OPERABLE in H00E 1 above P 10. Four channels are provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In H00E 1, when DNB is a major concern, the Pressurizer Pressure - Low trip must be OPERABLE. This trip Function is automatically enabled on increasing power by the P 10 interlock. On decreasing power, this trip Function is automatically blocked below P 10. Below the P 10 setpoint, no conceivable xmer distributions can i occur that would cause DNB concerns. ) i (continued) 8 3.3 18 08/97 Amendment 0 h AP600 , miu.m nimen.or.o.mr , .- .. RTS Instrumentation B 3.3.1 BASES

b. Pressurizer Pressure - High APPLICABLE SAFETY ANALYSES, LCOs, and The Pressurizer Pressure - High trip Function ensures that protection is provided against APPLICABILITY (continued) overpressurizing the RCS. This trip Function operates in conjunction with the safetyThe valves Trip to prevent RCS overpressure conditions.

Setpoint reflects only steady state instrument uncertainties as the detectors do not provide )rimary protection for any event that results in a 1arsh environment. The LC0 requires four channels of the Pressurizer Pressure - High to be OPERABLE in H00E 1 and 2. Four channels are provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In H00E 1 or 2, the Pressurizer Pressure - High trip must be OPERABLE to hel) prevent RCS overpressurization and .COs, and minimizes ch'allenges to the safety valves. In H00E 3, 4, 5, or 6. the Pressurizer Pressure - High trip Function does not have to be OPERABLE because transients which could cause an overpressure condition will be slow to occur. Therefore, the operator will have sufficient time to evaluate plant conditions and take corrective actions. Additionally, low temperature overpressure protection systems provide overpressure protection when below H00E 4.

9. Pressurizer Water Level - High 3 The Pressurizer Water Level - High 3 trip Function provides a backup signal for the Pressurizer Pressure - High 3 trip and also provides protection against water relief through the pressurizer safety valves. These valves are designed to pass steam in order to achieve their design energy removal rate. A reactor trip is actuated prior to the pressurizer becoming water solid. The Trip Setpoint reflects only steady state instrument uncertainties as the detectors do not provide primary protection for any event that results in a harsh environment. The level channels do not actuate the safety valves.

(continued) i 8 3.3 19 08/97 Amendment 0 b AP600 i ciwumuumoici.m.em,, , t I RTS Instrumentation B 3.3.1 BASES APPLICABLE 9. Pressurizer Watet' Level - High 3 (continued) SAFETY ANALYSES. LCOs. and The LC0 requires four channels of Pressurizer Water APPLICABILITY level - High 3 to be OPERABLE in H00E 1 above P 10. Four channels are provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In H00E 1 when there is a potential for overfilling the pressurizer, the Pressurizer Water Level - High 3 trip must be OPERABLE. This trip Function is automatically enabled on increasing power by the P 10 interlock. On decreasing power, this trip Function is automatically blocked below P 10. Below the P 10 setpoint, transients which could raise the pressurizer water level will be slow and the operator will have sufficient time to evaluate plant conditions and take corrective actions.

10. Reactor Coolant Flow - Low

a. Reactor Coolant Flow - Low (Single Cold Leg)

The Reactor Coolant Flow - Low (Single Cold Leg) trip Function ensures that protection is provided against violating the ONBR limit due to low flow in one or more RCS cold legs. Above the P 8 setpoint, a loss of flow in any RCS cold leg will actuate a reactor trip. Each RCS cold leg has four flow detectors to monitor flow. The Trip Setpoint reflects only steady state instrument uncertainties as the detectors do not provide primary protection for any event that results in a harsh environment. The LCO requires four Reactor Coolant Flow - Low channels per cold leg to be OPERABLE in H00E 1 above P 8. Four OPERABLE channels are provided to permit one channel in trip or bypass indefinitely and still , ensure no single random failure will disable this trip Function. l In H00E 1 above the P 8 setpoint, when a loss of l flow in one RCS cold leg could result in DNB 1 conditions in the core, the Reactor Coolant l Flow - Low (Single Cold Leg) trip must be OPERABLE. In H00E 1 below the P 8 setpoint, a loss of flow in l (continued) l l i u i noioiat ror.os m r . l RTS Instrumentation + . B 3.3.1 8ASES_ a. Reactor Coolant Flow - Low (Single Cold APPLICABLE Leg (continued) SAFETY ANALYSES, '- LCOs, and APPLFABILITY two or more cold legs is required to actua power level and the greater margin to the design limit DNBR, b. Reactor Coolant Flow - Low (Two Cold legs)) The Reactor Coolant Flow - Low (Tw violating the ONBR limit due Above thetoPlow flow in two 10 setpoint and or more RCS cold legs. below the P 8 setpoint, a ?oss of flow in two or Each more cold legs will initiate a reactor tri The Trip Setpoint reflects only steady s provide primary protection for any event that results in a harsh environment. The LCO requires four Reactor Coo Four OPERABLE channels are P 10 and xlow P 8. provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable tMs trip Function. In MODE 1 above the P 10 setpoint and below t setpoint, the Reactor Coolant Flow - Low (Two Below the P 10 Legs) trip must be OPERABLE. setpoint, all reactor trips on low flow are automatically blocked since no conc concern at this low power level. setpoint, the reactor trip on low flow in twoAbove cr nore RCS cold legs is automatically C (1 actuate a reactor trip because of the higher power level and the reduced margin to the desi limit DNBR. (continued) 08/97 Amendment 8 3.3 21 h AP600 - > mau.o..uummuor.omn _ RTS nstrumentation , s , . , , B 3.3.1 l BASES

11. Reactor Coolant Pump (RCP) Bearing Water APPLICABLE Temperature - High SAFETY ANALYSES.

LCOs. and a. RCPBearingWaterTemperature-High(SinglePumpl APPLICABILITY (continued) The RCP Bearing Water Temperature - High (Single Pump) reactor trip Function ensures that protection t is provided against violating the DNBR Abovelimit thedue P 8 to a loss of flow in one RCS cold leg. >erature in any RCP setpoint, high bearing water temTne Trip Setpoint will initiate a reactor trip. reflects only steady state instrument uncertainties as the detectors do not provide orimary protection for any event that results in a 1arsh environment. The LCO requires four RCP Bearing Water >erature - High channels oer RCP to be OPERABLE Tem Four clannels are provided to in 40DE 1 above P 8. permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In H0DE 1 above the P 8 setpoint, when a loss of flow in any RCS cold leg could result in DNB conditions in the core, the RCP Bearing Water Tem >erature - High (Single Pump) trip must OPERABLE. of flow in two or more cold legs is required to actuate a reactor trip because of the lower power level and the greater margin to the design limit DNBR. b. RCP Bearing Water Temperature _- High (Two Pumps) The RCP Bearing Water Temperature - High (Two Pum reactor trip Function ensures that protection is provided against violating the DNBR limit Above due to a loss of flow in two or more RCS cold legs. the P 10 setpoint and below the P 8 setpoint, a high bearing water temperature in Trip The two Setpoint or more RCPs reflectswill initiate a reactor trip. only steady state instrument uncertainties as the detectors do not provide primary protection for any event that results in a harsh environment. (continued) 08/97 Amendment 0 8 3.3 22 .Y.f.Nimmve.mm . 1 ' RTS Instrumentation B 3.3.1 BASES

b. kCP Bearing Water Temperature - High APPLICABLE SAFETY ANALYSES, (Two Pumps) (continued)

LCOs and The LC0 requires four RCP Bearing Water l APPLICABILITY Tem:erature - High channels per RCP to be OPERABLE in 40DE 1 above P 10 and below P 8. Four dannels are provided to permit one channel in trip or bypass ,ndefinitely and still ensure no single random failure will disable this trip Function. In H0DE 1 above the P 10 setpoint and below the P.8 setpoint the RCP Bearing Water Temperature - High (Two Pumps) trip must be OPERABLE. Below the P 10 setpoint. all reactor trips on loss of flow are automatically blocked since no conceivable power distributions could occur that would cause a DNB concern at this low power level. Above the P 10 setpoint the reactor trip on loss of flow in two RCS cold legs is automatically enabled. Above the P 8 setpoint, a loss of flow in any one cold leg will actuate a reactor trip because of the higher power level and the reduced margin to the design limit DNBR.

12. Reactor Coolant Pump Speed - Low The RCP Speed - Low trip Function ensures that protection is provided against violating the DNBR limit due to a loss of flow in two or more RCS cold legs. The speed of each RCP is monitored. Above the P 10 setpoint a low speed detected on two or more RCPs will initiate a reactor trip. The Trip Setpoint reflects only steady state instrument uncertainties as the detectors do not provide primary protection for any event that results in a harsh environment.

Low channels to be The LCO requires four RCP 5 %. Four channels are OPERABLE in MODE 1 above P 40 provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In H0DE 1 above the P 10 setpoint, the RCP Speed - Low trip must be OPERABLE. Below the P 10 setpoint, all reactor trips on loss of flow are automatically blocked since no power distributions are expected to occur that (continued) B 3.3 23 08/97 Amer.dment 0 1.Af.f.L.,,,....m., . RTS Instrumentation B 3.3.1 l BASES 1

12. Reactor Coolant Pump Speed - Low (continued)

APPLICABLE SAFETY ANALYSES. would cause a DNB concern at this low power level. Above LCOs. and the P 10 setxint the reactor trip on loss of flow in APPLICABILITY two or more RCS cold legs is automatically enabled.

13. Steam Generator Water Level - Low The SG Water Level - Low trip Function ensures that The protection is provided against a loss of In heat sink.

order to act SGs are the heat sink for the reactor. as a heat sink, the SGs must contain a minimum amount of water. A narrow range low level in any steam generator is indicative of a loss of heat sink for the reactor. The Trip Setpoint reflects the inclusion of both steady state and adverse environmental instrument uncertainties as the detectors provide primary protection for an event that results in a harsh environment. This function also contributes to the coincidence logic for the ESFAS Function of opening the Passive Residual Heat Removal (PRHR) discharge valves. The LCO requires four channels of SG Water Level - Low per SG to be OPERABLE in MODE 1 and 2. Four channels are provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In MODE 1 or 2, when the reactor requires a heat The sink, the SG Water Level - Low tria must be OPERABLE. normal source of water for tw SGs is the Main Feedwater System (nonsafety related). The Main Feedwater System is normally in operation in H00E 1 and 2. PRHR is the During safety related backup heat sink for the reactor. normal startups and shutdowns, the Main and Startup Feedwater Systems (nonsafety related) can provide feedwater to maintain SG 1evel. In MODE 3. 4. 5. or 6. the SG Water Level - Low function does ret have to be OPERABLE because the reactor is not operating or even critical. (continued)_ 8 3.3 24 08/97 Amendment 0 b AP600 t ect\t e ctspe< \16410101, r0704 f it ? RTS Instrumentation B 3.3.1 BASES

14. Steam Generator Water Level - High 2 APPLICABLE SAFETY ANALYSES. The SG Water Level - High 2 trip Function ensures that LCOs, and orotection is provided against excessive feedwater flow APPLICABILITY ay closing the main feedwater control valves, tripping (continued) the turbine, and tripping the reactor. While the transmitters (d/p cells) are located inside containment, the events which this function protects against cannotthe Therefore.

cause severe environment in containment. Trip Setpoint reflects only steady state instrument uncertainties. l i The LCO requires four channels of SG Water Level - High 2 Four channels are per SG to be OPERABLE in H00E 1 and 2 provided to permit one channel in trip or bypas , will disable this trip Function. In H00E 1 and 2 above the P 11 interlotil, the SG Water Level - Hign 2 trip must be OPERABLE. The normal source of water for the SGs is the Main Feedwater SystemTh (nonsafety related). In H00E 3. 4. 5, or 6. the in operation in H00E 1 and 2. SG Water Level - High 2 Function does not have to be OPERABLE because the reactor is not operating or even critical. The P 11 interlock is provided on this Function to oermit bypass of the trip function when the This bypass is necessary to pressure is Selow P 11. permit rod testing when the steam generators are in wet layup.

15. Safeguards Actuation Signal from Engineered Safety Feature Actuation System The Safeguards Actuation Signal from ESFAS ensures that if a reactor trip has not already been generated by the RTS, the ESFAS automatic actuation logic will initiate a reactor trip upon any signal which initiates the Safeguards Actuation signal. This is a condition of acceptability for the Loss of Coolant Accident (LOCA).

However, other transients and accidents take credit for varying levels of ESFAS performance and rely upon rod insertion, except for the most reactive rod which is assumed to be fully withdrawn, to ensure reactor shutdown. (continued) 08/97 Amendment 0 B 3.3 25 b AP600. amour.o.mr imuumuu RTS Ins %rumentation B 3.3.1 BASES

15. Safeguards Actuation Signal from Engineered Safety APPLICABLE Feature Actuation System (continued)

SAFETY ANALYSES, LCOs, and The LCO requires two manual and four automatic divisions i APPLICABILITY of Safeguards Actuation Signal Input from ESFAS to be OPERABLE in H0DE I and 2. Four automatic divisions are provided to permit one division bypass indefinitely and still ensure no single random failure will disable this trip Function. A reactor trip is initiated every time a Safeguards Actuation signal is aresent. Therefore, this trio Function must be OPERABLE in H00E 1 and 2. when tie reactor is critical, and must be shutdown in the event of an accident. In H00E 3, 4, 5, or 6 the reactor is not critical. 16, Reactor Trip System Interlocks Reactor protection interlocks are provided to ensure reactor trips are in the correct configuration for the current plant status. They back up operator actions to ensure protecticn system Functions are not blocked during plant conditions under whit.h the safety analysis Therefore, assumes the interlock the Functions are OPERABLE. Functions do not need to be OPERABLE when the reactor trip Functions are outside the applicable H00ES. These are:

a. Intermediate Range Neutron Flux. P 6 The Intermediate Range Neutron Flux, P 6 interlock is actuated when the respective PHS Intermediate Range Neutron Flux channel goes approximately one decade above the minimum channel reading. The LCO requirement for the P 6 interlock ensures that the following Functions are performed:

(1) on increasing power, the P 6 interlock allows the manual block of the respective PHS ThisSource prevents Range, Neutron Flux reactor trip. a premature block of the source range trip and allows the operator to ensure that the intermediate range is OPERABLE prior to leaving the source range. When the source range trip is blocked, the high voltage to the detectors is also removed. (continued)_ 08/97 Amendment 0 h AP600 8 3.3 26 .e.n , , mmu...ymme - l RTS Instrumentation B 3.3.1 BASES

a. Intermediate Range Neutron Flux. P 6 (continued)

APPLICABLE (2) on decreasing power, the P 6 interlock SAFETY ANALYSES, LCOs. and automatically energizes the PHS source range APPLICABILITY detectors and enables the PMS Source Range Neutron Flux reactor trip. (3) on increasing power, the P 6 irterlock provides a backup block signal to the source rangeNormally, this neutron flux doubling circuit. function is manually blocked by the main control ; room operator during the reactor startup. l The LCO requires four channels of Intermediate Range Neutron Flux, P 6 interlock to be OPERABLE in H0DE 2 when below the P 6 interlock setpoint. In H0DE 2, when below the P 6 interlock setpoint,Abov the P 6 interlock must be operable, interlock setpoint, the PMS Source Range Neutronand t Flux reactor trip will be blocked:In MODE 3, 4, 5, will no longer be necessary. and 6. the P 6 interlock does not have to be OPERABLE because the PMS Source Range is providi core protection,

b. Power Range Neutron Flux, P 8 The Power Range Neutron The Flux, P8 P8 the respective PMS power range detector Flow - Low (Single Cold Leg) and RCP Bearing Water reactor trias on Temperature - High (Single Pump)irement for t11s trip increasing power. The LCO requ Function ensures that protection is o in DNB conditions in the core when greater tha approximately 48% power. reactor trip on low flo automatically blocked.

The LC0 requires four channels of Power Range Neutron Flux, P 8 interlock to be OPERABLE in H00E 1. (continued)_ 08/97 Amendment 0 B 3.3 27 b AP600 . imu.muuumn.m unn T~' p. l RTS Instrumentation 8 3.3.1 L PO A 77 u J n. e u ; BASES

b. Power Range Neutron Flux, P 4 (continued)

APPLICABLE SAFETY ANALYSES. In MODE 1, a loss of flow in one RCS cold leg could LCOs. and result in DNB conditions, so the Power Range Neutron APPLICABILITY Flux, P 8 interlock must be OPERABLE. In MODE 2. 3.

4. 5. or 6. this Function does not have to be OPERABLE because the core is not producing sufficient power to be concerned about DNB conditions.

c. Power Range Neutron Flux. P.10 The Power Range Neutron Flux, P 10 interlock is actuated at approximately 10% power as determined The LCO by the respective PMS power range detector.

requirement for the P.10 interlock ensures that the following functions are performed: (1) on increasing power, the P 10 interlock automatically enables reactor trips on the following Functions: . Pressurizer Pressure - Low. . Pressurizer Water level - High 3, . Reactor Coolant Flow - Low (Two Cold Legs). . RCP Bearing Water Temperature - High (Two Pumps), and . RCP Speed - Low. These reactor trios are only required when operating aben tne P.10 setpoint (approximately 10% power). These reactor trios orovide protection )NBR limit.Below against violating thet1eP 10 setpoint, th providing sufficient natural circulation without any RCP running. (2) on increasing power, the P 10 interlock allows the operator to manually block the Intermediate Range Neutron Flux reactor trip. (continued) 08/97 Amendment 0 8 3.3 28 AP600,, _ , ,, _ , RTS Instrumentation B 3.3.1 ...y BASES

c. Power Range Neutron Flux. P 10 (continued)

APPLICABLE SAFETY ANALYSES, LCOs. and (3) on increasing power, the P 10 interlock allows 3 the operator to manually block the Power Range APPLICABILITY Neutron Flux - Low Setpoint reactor trip. (4) on increosing power, the P 10 interlock automatically provides a backup block signal to the Source Range Neutron Flux reactor trip and also to de energize the PMS source range detectors. (5) on decreasing >ower, the P 10 interlock automatically ) locks reactor trips on the following Functions: . Pressurizer Pressure - Low, 4

Pressurizer Water Level - High 3,

. Reactor Coolant Flow - Low (Two Cold Legs), a RCP Bearing Water Temperature - High (Two Pumps), and . RCP Speed - Low. (6) on decreasing power, the P 10 interlock automatically enables the Power Range Neutron Flux - Low reactor trip and the Intermediate Range Neutron Flux reactor trip (and rod stop). The LCO requires four channels of Power Range Neutron Flux, P 10 interlock to be OPERABLE in H00E 1 or 2. In H0DE 1, when the reactor is at power, the Power Range Neutron Flux, P 10 interlock must be OPERABLE. This function must be OPERABLE in MODE 2 to ensure that core protection is provided during a startup or shutdown by the Power Range Neutron Flux - Low Setpoint and Intermediate Range Neutron Flux reactor trips. In MODE 3. 4. 5, or 6, this Function does not have to be OPERABLE because the reactor is not at power and the Source Range Neutron Flux reactor trip provides core protection. (continued) B 3.3 29 08/97 Amendment 0 h AP600 mm.o...asmo m m.omu -- RTS Ins %rumentation s ,, B 3.3.1 ..- , i BASES

d. Pressurizer Pressure, P 11_

APPLICABLE SAFETY ANALYSES, With pressurizer pressure channels less than the LCOs, and P 11 setpoint, the operator can manually block the APPLICABILITY Steam Generator Narrow Range Water Level - High 2 (continued) reactor Trip. This allows rod testing with the steam generators in cold wet layup. With pressurizer pressure channels > P 11 setpoint, the Steam Generator Narrow Range Water Level The -operator High 2 reactor Trip is automatically enabled, can also enable these actuations by use of the respective manual reset.

17. Reactor Trip Breakers This trip Function applies to the RTBs exclusive ofTher individual trip mechanisms. The reactor breakers with two breakers in each division.

trip circuit breakers are arranged in a two out of four logic configuration, such that the tripping of the two circuit breakers associated This circuitwith onearrange breaker division 6,wnt does not cause a reactor trip. is illustrated in Figure 7.1 7 of the SSAR. The LC0 requires three divisions of the Reactor Trip Switchgear to be OPERABLE with two trip breakers associated with each required division, This logic is required to meet the safety function assuming a single failure. These trip Functions must be OPERABLE in H00E 1 or 2 when In MODE 3, 4. or 5, these RTS the reactor is critical. trip Functions must be OPERABLE when the RTBs are clo and the PLS is capable of rod withdrawal.

18. Reactor Trip Breaker Undervoltage and Shunt Trip Mechanisms The LCO requires both the Undervoltage and Shunt Trip Hechanisms to be OPERABLE for each RTB that is in The trip mechanisms are not required to be service.

OPERABLE for trip breakers that are own, racked out, incapable of supplying power to the PLS, or declaredO ' inoperable under Function 17 above. trip mechanisms on each breaker ensures that no single trip mechanism failure will prevent opening the breakers on a valid signal. (continued)_ 8 3 3 30 08/97 ^*'a*'at o $.^f.L.,,,...m. . RTS Instrumentation B 3.3.1 BASES

18. Reactor Trip Breaker Undervoltage and Shunt Trip APPLICABLE Mechanisms (continued)

SAFETY ANALYSES. LCOs. and These trip Functions must be OPERABLE in MODE 1 and 2 APPLICABILITY when the reactor is critical. In MODE 3. 4. and S. these RTS trip Functions must be OPERABLE when the RTBs are closed, and the PLS is capable of rod withdrawal.

19. Automatic Trip Logic The LCO requirement for the RTBs (Functions 17 and IB) and Automatic Trip Logic (Function 19) ensures that means are provided to interrupt the power to the CROMs and allow the rods to fall into the reactor core.

Each RTB is equipped with an undervoltag The LCO requires four divisions of RTS Automatic Trip Four OPERABLE divisions are logic to be OPERABLE.provided to ensure that a r logic channel will not prevent reactor trip. These trip Functions must be OPERABLE in MODE 1 or 2 w In MODE 3, 4, or S, these RTS the reactor is critical. trip Functions must be OPERABLE when the RTBs are and the PLS is capable of rod withdrawal.

20. ADS Stages 1. 2 and 3 Actuaticn The LCO requirement for this Function provides a reactor trip for any event that may initiate depressurization of the reactor.

The LCO requires four divisions of RTS Automatic Trip Four OPERABLE divisions are Logic to be OPERABLE.provided to ensure that logic channel will not prevent reactor trip. These trip functions mustInbe OPERABLE in MODE 1 or 2 MODE 3, 4. or S. these RTS the reactor is critical. trip Functions must be OPERABLE when the RTBs a and the PLS is capable of rod withdrawal. (continued) 0B/97 Amendment 0 B 3.3 31 u.N.0fmimun.uw . t RTS Instrumentation 8 3.3.1 l BASES

21. Core Makeup Tank (CMT) Actuation APPLICABLE -

SAFETY ANALYSES. The LCO requirement for this Function orovides a reactor LCOs. and trip for any event that may initiate C4T injection. APPLICABILITY (continued) The LCO requires four divisions of RTS Automatic Trip Four OPERABLE divisions are Logic to be OPERABLE.provided to ensure that ran channel will not prevent reactor trip. l These trip Functions must be OPERABLE In H0DE 3, 4,in and MODE 5 these I and 2 i l when the reactor is critical. ' RTS trip Functions must be OPERABLE when the RTBs are closed and the PLS is capable of rod withdrawal. The RTS instrumentation satisfies Criterion 3 of the Policy Statement. A Note has been added in the ACTIONS to clarify theThe Cond ACTIONS application of Com)letion Time rules. x entered independently for each Function Specification may listed on Table 3.3.1 1. In the event the transmitter, instrument loop, signal processing electronics, or trip output is found inoperable )covided by that channel must bedeclare then all affected Functions C0 Condition (s) entered for the protection Function (s) affected. When the number of inoperable channels in a trip Function exceed those soecified LCO 3.0.3 mustin 1 a trip Function, then the plant is outside Therefore. be one or o the safety analysis.immediately entered if applicable in the operation. A.1 Condition A applies to all ksS protection Functions. Condition A addresses the situation where The Required Action is to refer to the same time. Table 3.3.11 and to take the Required The Completion Actions for are Times the protection Functions affected.those from the refere (continued)_ 08/97 Amendment 0 8 3.3 32 $31,.,_ u,, - - RTS Instrumentation B 3.3.1 BASES ACTIONS - B.1. B.2.1 and 8.2.2 (continued) Condition B applies to the Manual Reactor Trip and Manual Safeguards Actuation in MODES 1 or 2. These Recuired Actions address inoperability of one manual initiation cevice of the Manual Reactor Trip Function and/or Manual Safeguards Actuation Function. One device consists of an actuation switch and the associated hardware (such as contacts and : wiring) up to but not including the eight Reactor Trip ' Breakers. With one device inoperable the inocerable device ' aours. In this must be restored to OPERABLE status within 48 Condition, the remaining OPERABLE device is adequate to perform the safety function. If the manual Function (s) cannot be restored to OPERABLE status in the allowed 48 hour5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months Completion Time, the unit must be brought to a MODE in which the requirement does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 additional hours (54 hours6.25e-4 days 0.015 hours 8.928571e-5 weeks 2.0547e-5 months total time) followed by opening the RTBs within 1 additional hour (55 hours6.365741e-4 days 0.0153 hours 9.093915e-5 weeks 2.09275e-5 months total time). The 6 additional hours to reach MODE 3 and the 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months to open the RTBs are reasonable, based on operating experience, to reach MODE 3 and open the RTBs from full power operation in an orderly manner and without challenging unit systems. With the RTBs open and the unit in MODE 3. this trip Function is no longer required to be OPERABLE, C.1 and C.2 Condition C applies to the Manual Reactor Trip in H00ES 3. 4 and 5 with the RTBs closed and the PLS capable of rod withdrawal. These Required Actions address inoperability of one manual initiation device of the Manual Reactor Trip Function. One device consists of an actuation switch and the associated hardware (such as contacts and wiring) u] to but not including the eight Reactor Trip Breakers. Wita one device ino wrable. the inoperable device must be restored In this Condition, the to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months . remaining OPERABLE device is adequate to perform the safety function. (continued) B 3.3 33 08/97 Amendment 0 h AP600 miu.m..mmmi nr.ain, , RTS Instrumentation B 3.3.1 BASES ACTIONS C.1 and C.2 (continued) If the Manual Reactor Trip Function cannot be restored to OPERABLE status in the allowed 48 hour5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months Completion Time, the unit not apply. must be placed in a MODE in which the require With the RTBs open, this Function is l within the next 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . , no longer required. 1 0.1.1, 0.1.2, 0.2.1, 0.2.2. and 0.3 Condition D ap) lies to the Power Range Neutron Flux - High Function in MO)ES 1 and 2. With one or two channels inoperable the affected channel if one must be placed in a by) ass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , or two are bypassed, t1e logic becomes two out of three or one out of two, respectively, while still meeti the two remaining channels will not prevent the protective The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to place the inoperable function). channel (s)inthebypassedconditionisjustifiedin Reference 7. In addition to placing the inoperable channel (s) in the by)assed conditionReducing THERMAL the power POWER must be reduced t level prevenfs RT) within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . o'>eration of the core with radial power distributions beyond t1e design limits. With one or two of the PMS power range detectors inoperable, partial radial However, powerthe distribution protective monitoring capability is lost. function would still functio one of the two remaining channels. As an alternative to reducing power, the inoperable channe1(s) can be placed in the bypassed condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and the QPTR monitored every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months as perCalcu SR 3.2.4.2. OPTR verification.for The the lost 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months monitoring c Frequency operation at power levels > 75% RTP.is consisten (QPTR)." (continued) 0887 Amendment 0 B 3.3 34 u.D.Nmom:,or.omir . RTS Instrumentation B 3.3.1 BASES ACTIONS 0.1.1. 0.1.2. 0.2.1. D.2.2. and D 3 (continued) a Note which only Required Action 0.2.2 has been modified b requires SR 3.2.4.2 to be performed if OP HS and the Power Power Range Neutron Flux input to 00TR become inoperable. distribution limits are normally verified in accordance with LCO 3.2.5, "0PDMS Monitored Power Distribution Parameters." However, if OPDMS becomes inowrable, then LCO 3.2.4 " Quadrant Power Tilt Ratio (0)TR)", becomes applicable. Failure of a component in the Power Range Neutron Flux Channel which renders the High Flux Trip Function inoperable If either may not affect the capability to monitor OPTR. OPDMS or the channel input to OPTR is OPERABLE, then performance of SR 3.2.4.2 once pu 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months in not necessary. As an alternative to the above Actions, the plant must be placed in a MODE where this Function is no longer required-OPERABLE. Twelve hours are allowed to place.the plant in MODE 3. This is a reasonable time, based on operating experience, to reach MODE 3)lant from full power in an orderlyIf Re systems. manner and without challenging Actions cannot be completed wit 11n their allowed Com letion Times, LC0 3.0.3 must be entered. E.1 and E.2 Condition E applies to the following reactor trip Functions:

Power Range Neutron Flux - Low:

Overtemperature AT:

Overpower AT:

Power Range Neutron Flux - High Positive Rate:

Pressurizer Pressure - High:

SG Water Level - Low; and

SG Water Level - High 2.

With one or two channels inoperable, the affected channels If one must be placed in a by3 ass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . or two are bypassed, tie logic becomes two out of three or one out of two. respectively, while still meeting single (continued) B 3.3 35 08/97 Amendment 0

u. . i m oici ,or.o i m ,

RVS Instrumentation B 3.3.1 i BASES ACTIONS E.1 and E.2 (continued) failure criterion (a failure in one of the three or one of the two remaining channels will not prevent the protective The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to place the inoperable function). channel (s) in bypass is justified in Reference 7 with one required channel inoperable. If the Required Actions described above cannot be met within the specified Completion Times, the unit must be placed in a MODE OPERABLE. where this Function is no longer required t Six hours is a reasonable time, based on in H0DE 3. operating experience, to reach MODE 3 from full power in an , orderly manner and without challenging plant systems. ! F.1. F.2, and F.3 Condition F applies to the Intermediate Range Neutron Flux selow the P 10 setpoint, the PMStrip when above th Above the P 6 setpoint and intermediate range detector performs the monitoring functions. With one or two channels inoperable, the affectedIfchannels one must be placed in a bysass condition within ? hours. or two are bypassed, t1e logicwhile becomes two out single still meeting of three or one out of two, respectively,in one of the three or one of failure criterion (a failure the two remaining channels will not prevent the protective The 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months allowed to place the inoperable function). channel (s) in the bypassed condition is justified in Reference 7. As an alternative to placing the channel (s) in bypass if THERMAL POWER is greater than the P , below the P 6 setpoint or to increase the THERMAL POWER The PMS Intermediate Range Neutron Flux the P 10 setpoint. channels must be OPERABLE when the power level is above capability of the sourceIfrange. THERMAL P 6..and POWER isbelow greaterthe thancapab of the power range, P 10.the P 10 setpoint, the PMS p monitoring and protective functions and the interm range is not required.and controlled power adjustment (continued) 08/97 Amendment 0 8 3.3 36 h AP600.iom mu.~.m ,.r...n,, , RTS Instrumentation ' B 3.3.1 BASES F.1. /.2, and F.3 (continued) ACTIONS account the redundant capability afforded by the two . remaining OPERABLE channels and the low probability of their f ailure during this period. G.1 and G.2 Condition G applies to three Intermediate Range Neutron Fl trip channels inoperable Required in MODE 2 above Actions the specified P 6 setpoin in this-below the P 10 setpoint. Condition are only applicable when channel failures d , result in reactor trip.P 10 setpoint, the PMS intermediate ran With only one intermediate range the monitoring Functions. channel OPERABLE, the Requi operations immediately. invoiving positive reactivity additionsThis since there are insufficient OPERABLE Intermediate Range i Neutron Flux channels to adequately monitor the power rise. The operator must also reduce THERMAL POWER setpoint within 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months . Flux channels will be able to moni , The Completion Time of 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months will allow a takes into account the low probability of occurrence of an event dur'ng this period that may require th U

Condition H apolies to the Intermediate Range Neutron Flux trip when THER4AL POWER is below the P 6 setpoin two channels is. inoperable.

source functions. range performs the monitoring and prote channels must be returned to OPERABLE status ori increasing power above the P 6 setpoint. this Condition, below P 6. the PMS source range performs monitoring and protection functions. (continued) t '08/97 Amendment O' , 8 3.3 37 n.N.00m a m re, eu , , l RTS Instrumentation j B 3.3.1 i BASES ACTIONS 1.1 '~~ (continued) Condition I applies to one or two Source Range Neutron Flux trip channels inoperable when in MODE 2, below the P 6 setpoint, and performing a reactor startup. With the unit in this Condition, below P 6, the PMS source range performs the monitoring and protection functions. With one or two of the four channels inoperable, o)erations involving positive reactivity additions shall >e suspended immediately, This will preclude any )ower escalation. With only two source range channels 0)ERABLE, core protection is severely reduced and any actions that add positive reactivity to the core must be suspended immcdiately. 32 Condition J applies to three inoperable Source Range Neutron Flux channels when in MODE 2, below the P 6 setpoint, and aerforming a reactor startup, or in MODES 3, 4, or 5 with the (tbs closed and the CRD System ca)able of rod withdrawal, )elow P 6, the NIS source With the unit in this Condition. With range performs the monitoring and protection functions. three source range channels inoperable, the RTBs must be opened immediately. With the RTBs open, the core is in a more stable condition and the unit enters Condition T. K.1 and K.2 Condition K applies to the following reactor trip Functions: . Pressurizer Pressure - Low: . Pressurizer Water Level - High 3: . Reactor Coolant Flow - Low (Two Cold legs): . RCP Bearing Water Temperature - High (Two Pumps): and . RCP Speed - Low. With one or two channels inoperable, the affected channels must be placed in a by> ass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . If one or two are bypassed, tw logic becomes two out of three or while still meeting single one out of two, respectively,in one of the three or one of failure criterion (a failure (continued) B 3.3 38 08/97 Amendment 0 ' b AP600 i.ciu.r...mumot ,or. .mr . RTS Instrumentation B 3.3.1 BASES K.1 and K.2 (continued) ACTIONS l the two remaining channels will not prevent the protective 1 function). The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to place the inoperable ) channel (s) in the bypassed condition is justified in Reference 7. If Required Actions described above cannot be met within thel soecified Completion Times, the unit must be olaced in a MO

>e OPERABLE. A wqere this Function is no longer required to 4

Completion Time of an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is allowed to redu power ability provided by the remaining two redundant OPERAB E channels and the low probability of occurrence of an event during this period tha may require the protection afforded by the Functions associated with Condition K. L.1 and L.2_ Condition L is applicable to the Reactor Coolant Flow - Low (Single Cold Leg) and RCP Bearing Water Temperature - H (Single Pump) reactor trip Functions. With one or two channels inoperable. the affected channels If one must be placed in a by) ass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . or two are bypassed, t1e logic becomes while two outsingle still meeting of three or one out of two, respectively,in one of the three or one of failure the twocriterion remaining (a channels failure will not prevent the protective The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to place the inoperable function). channel (s) in the bypassed condition is justified in Reference 7. If Required Actions described above can

>e OPERABLE. A wiere this function is no longer required to Completion Time of an additional 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months is allowed to r power < P 8. Allowance of this time interval takes into consideration the redundant caoability provided by the remaining two redundant OPERAB.E channels and the low probability of occurrence of an event during this period may require the protection afforded by this Function.

(continued) 1 08/97 Amendment 0 B 3.3 39 h AP600 i.otu.m..mmmor mm . _. 1- RTS Instrumentation B 3.3.1 BASES ACTION 5 H.1 and H.2 (cont iued) Condition H applies to the Safeguards Actuation signal from ESFAS reactor trip, the RTS Automatic Trip Logic. 1st stage Automatic Depressurization and CMT injection in H00ES 1 and 2. With one or two channels or divisions inoperable, the Required Action is to restore three of the four channels within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , Restoring all channels but one to OPERABLE status ensures that a single failure will neither cause nor . prevent the protective function. In addition, having only , one channel inoperable, provides the ca> ability for - surveillance testing on the remaining t1ree channels. The 6 hour6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months Completion Time is considered reasonable since the protective function would still function even with a single failure of one of the two remaining channels, If Required Actions described above cannot be' met within the s)ecified Completion Tines, the unit must be ) laced in a H00E A w,ere this Function is no longer required to se OPERABLE. Completion Time of an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is allowed to place the unit in HODE 3, The Completion Time is a reasonable time, based on operating experience, to reach H00E 3 from full power in an orderly manner and without challenging plant systems. Allowance of this time interval takes into consideration the redundant capability provided by the remaining two redundant OPERABLE channels and the low probability of occurrence of an event during this period that may require the protection afforded by this Function. N.1 N.2, and N.3 Condition N applies to the P 6, P 10, and P 11 interlocks. With one or two channels inoperable, the associated interlock must be verified to be in its required state for the existing plant condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , or the Functions associated with inoperable interlocks placed in a bypassed condition within 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months , or the unit must be placed in H0DE 3 within 13 hours1.50463e-4 days 0.00361 hours 2.149471e-5 weeks 4.9465e-6 months . Verifying the interlock manually accomplishes the interlock condition. If one or two associated Functions are bypassed, the logic becomes two out of three or one out of two, respectively, while still meeting single failure criterion (a failure in one of the three or one of the two remaining channels will (continued) B 3.3 40 08/97 Amendment 0 .b.Nimemrer.eine, .. _ - . - - - . _ - . . - . . _ _ . __~ - -. .- - _ . . . _- RTS Instrumentation B 3.3.1 BASES N.1, N.2. and N.3 (continued) ACTIONS not prevent the protective function). The 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months allowed to place the Functions associated with the inoperable channel (s in the bypassed condition is justified in Reference 7. If placing the associated Functions in bypass is impractical for instance as the result of other channels in bypass, the Completion Time of an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is reasonable, ba on operating experience, to reach MODE 3 from full power in an orderly manner and without challenging plant systems. 0.1. 0.2, and 0.3_ With one or two Condition 0 applies to the P 8 interlock. channels ino>erable, the associated interlock must be se in its required state for the_ existing plant verified to condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . or the Functions associated inoperable interlocks placed in a bypassed condition within 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months , or the unit must be placed in H0DE 2 within Verifying the interlock manually accomplishes the , 13 hours1.50463e-4 days 0.00361 hours 2.149471e-5 weeks 4.9465e-6 months . interlock condition. If one or two associated Functions are bypassed, the logic becomes two out of three or one out of two respectively, while still meeting single failure criterion (a failure in one of the three or one of the two remaining channels will not prevent the protective function). place the Functions associated with the inoperable chann in the bypassed condition is justified in Reference 7. If placing the associated Functions in bypass is impractic for instance as the result of other channels in bypass, the Completion Time of an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is reasonable, b on operating experience, to reach MODE 2 from full power i an orderly manner and without challenging plant systems. P.1. P.2.1. and P.2.2 Condition P apolies to the RTBs. and RTB undervoltage and shunt trio meenanisms in H00ES 1 and 2. and in H0 DES 3, 4. and S witn the RTBs closed and the Pl.S capab withdrawal. mechanical damage that can prevent the RTBs from opening. (continued) 08/97 Amendment 0 8 3.3 41 .Y.f.Smom met.mm . RTS Instrumentation B 3.3.1 BASES ACTIONS P.1. P.2.1 and P.2.2 (continued) With one or two divisions inoperable (one or two of the RTBs and/or trip mechanisms associated with a protection division), the breakers in the inoperable required division must-be opened within 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months . If one division of RTBs is inoperable, but closed, and a second inoperable division is opened, the logic becomes one-out of two while still meeting single failure criterion (a failure in one of the three or one of the two remaining divisions will not prevent the protective function). If Required Actions described above cannot be met within the s)ecified Completion Times, the unit must be olaced in a H0DE w1ere this Function is no longer required to :e OPERABLE within an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . This is done by opening all of the RTBs. With the RTBs open, these Functions are no longer required. } Q.1, 0.2.1. and 0.2.2 Condition 0 applies to the RTBs in H00ES 1, 2, 3, 4, or S with the RTBs closed and the PLS capable of rod withdrawal. With three divisions of RTBs and/or RTB Undervoltage and Shunt Tri) Hechanisms inoperable,1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months is allowed to - restore toe three of the four divisions to OPERABLE status or the unit must be placed in H00ES 3, 4 or S and the RTBs The Completion Time of 6 opened within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . hours is reasonable, based on op H00E 3 from full power in an orderly manner and without challenging unit systems. The 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months and 6 hour6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months Completion Times are equal to the time allowed by LCO 3.0.3 for shutdown actions in the event of a complete loss of RTS Function. Placing the unit in H00E 3 removes the requirement for this particular Function. R.1 and R.2 Condition R applies to ist Stage ADS Actuation, CMT Actuation and the RTS Automatic Trio Logic in H00ES 3, 4, and 5 with the RTBs closed and the PLS capable of rod withdrawal. (continued) B 3.3 42 0B/97 Amendment 0 h AP600 impug..nimom m.emer- , __ _ _ _ _ _ _ _ _ ___.______---___--______.._.------.---._m._--._._--__-_____--_------------------J RTS Instrumentation B 3.3.1 BASES , ACTIONS R.1 and R.2 (continued) With one or two channels inoperable three of the four channels must be restored to OPERABLE status in 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months . Restoring all channels but one to OPERABLE ensures that a single failure will neither cause nor prevent the protective function. In addition having only one channel inoperable, provides the capability for surveillance testing on theThe 4 remaining three channels. considered reasonable since the protective function would still function even with a single failure of one of the two remaining channels. If Required Actions described above cannot be in ] laced met a MODEwithin the s>ecified Completion Times, the unit must be A w,ere this Function is no longer required to se OPERABLE. Completion Time of an additional I hour is allowed to open With RTBs open, these Functions are no longer the RTBs. required. S.1 and S.2 Condition S apolies to one or two inoperable Source Range Neutron Flux c1annels in MODES 3. 4, or 5 with the RTBsWith the closed and the PLS capable of rod withdrawal. in this Condition, below P 6, the NIS source range performsWit the monitoring and protection functions. the source range channels inoperable, 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months is allowed If to restore three of the four channels to an OPERABLE statu the channels cannot be returned to an OPERABLE status,Once the RT 1 additional hour is allowed to open the RTBs. are open, the core is in a more stable condition an enters Condition L. channel to OPERABLE status, and the additional hour to open theRTBs.arejustifiedinReference7. T.1. T.2, and T.3 Condition T applies when the required number of OPERABLE Source Range Neutron Flux channels is not met in H00E 3. 4. or 5 with the RTBs open. With the unit in this Condition, the NIS source range performs the monitoring and protection functions. With less than the required number of source range channels OPERABLE. operations involving positive This reactivity additions shall be suspended immediately. wil! preclude any power escalation, in addition to (continued)_ 08/97 Amendment 0 B 3.3 43 b mAP600.m..oaum uo,..m, , RTS Instrumentation B 3.3.1 BASES ACTIONS T.I. T.2. and T.3 (continued) suspension of positive reactivit) additions, all valves that could add unborated water toThe theisolation kCS must be closed with of unborated 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months as specified in LCO 3.9.2. water sources will preclude a boron dilution accident. Also, the SDM must be verified within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months and once every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter as per SR 3.1.1.1. SDM verification. With no source range channels OPERABLE, core protection is severely reduced. Verifying the SDM within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months allows sufficient time to perform the calculations and determine that the SDM requirements are met. The SDM must also be verified once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter to ensure that the core reactivity has not changed. Required theAction efore, L.11 core precludes reactivity any positive reactivity additions: and a 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months Frequency is should not be increasing, Times of within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months and once per adequate. The Completion 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months are based on operating experience in performing the Required Actions and the knowledge that unit conditions wi change slowly. SURVEILLANCE The SRs for each RTS Function are identified in the S REQUIREMENTS column of Table 3.3.11 for that Function. A Note has been added to the SR table stating that Table 3.3.11 determines which SRs apply to which RTS Functions. The CHANNEL CALIBRATIONForand RTCOT channels calculating the required channel accuracies. that include dynamic transfer functions, suc with the transfer function set to one, with the resulting measured response time compared to the appropriate SSAR Alternately, the response time test response time (Ref. 2).can be performed with the time value provided the required response time is analytically calculated assuming the time constants are set at their The response time may be measured by a nominal values. series of overlapping tests such that the entire response time is measured. (continued)_ 08/97 Amendment 0 8 3.3 44 HAP 600

t *01\t eettet s1601010130? ClLit t

RTS Instrumentation B 3.3.1 BASES SURVEILLANCE SR 3.3.1.1 REQUIREMENTS Performance of the CHANNEL CHECK once every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months ensures A (continued) that gross failure of instrumentation has not occurred. CHANNEL CHECK is normally a comparison of the parameter indicated on one channel to a similar parameter on other channels. It is based on the assumption that instrument channels monitoring the same parameter should read Significant deviations between a> proximately the same value. tie two instrument channels could be an indication of excessive instrument drift in one A CHANNEL CHECKofwill the channels detect gross or of e-something more serious.thus, it is key to verifying that the channel failure: instrumentation continues to operate properly between each CHANNEL CALIBRATION. Agreement criteria are determined by the plant staff based on a combination of the channel instrumant uncertainties, ; including indication and readability, if a channel is outside the criteria, it may be an indication that the sensor or the signal processing equipment have drifted outside its limit. The channels to be checked are: Power Range Neutron Flux , Intermediate Range Neutron Flux Source Range Neutron Flux Overtemperature Delta T Overpower Delta T Pressurizer Pressure Pressurizer Water Level each cold leg Reactor Coolant Flow - each RCP RCP Bearing Water Temperature RCP Speed SG Narrow Range level each SG RCS Loop T cold each cold leg RCS Loop T hot each cold leg i The Frequency is based on operating experience that operator Automated demonstrates the channel failure is rare. aids may be used to facilitate the performance of the CHANNE CHECK. (continued) B 3.3 45 08 M Ame de nt 0 1.^.Pg,,,,,,,,,,,,,, RTS Instrumentation B 3.3.1 BASES SURVEll.l.ANCE SR 3.3.1.2 RE0VIREMEN15 SR 3.3.1.2 compares the calorimetric heat balance to theIf (continued) nuclear instrumentation channel output every 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . the calorimetric measurement between 70% and 100% RTP differs from the nuclear instrument channel output by > 2% RTP. inoperable, but must thebenuclear adjusted. instrument channel is no channel output cannot be properly adjusted, the channel is deelared inoperable. Three Notes modify SR 3.3.1.2. The first Note indicates that the nuclear instrument channel output shall be adjusted consistent with the calorimetric results if the absolute difference between the nuclear instrument channel output and the calorimetric measurement between 70% and 100% > 2% RTP. The second Note clarifies that this Surveillance is required only if reactor power is > 15% RTP after reaching 15% RTP. At lower power The third levels Note the is required calorimetric data are inaccurate. because, at power levels between 15% and for miscalibration of the r.uclear instrumentation chan cases where the channel is adjusted downward to match the calorimetric power. Therefore, if the calorimetric heat measurement is less than 70% RTP, and if the nuclear instrumentation channel indicated power is lower than the

21. then the nuclear calorimetric measurement by >l be adjusted upward to match the instrumentation channel shalNo nuclear instrumentatio calorimetric measurement.

adjustment is required if the nucleer instrumentation chan is higher than the calorimetric measurement (see Westinghou Technical Bulletin NSD TB 92 14, Rev. 1.) It is based on The Frequency of every 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is adequate. plant operating experience, considering instrument reliability and operating history data for instrument drift. Together these factors demonstrate the change in the abso difference between nuclear instrumentation and hea calculated powers rarely exceeds 2t RTP in any 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months period. In addition, main control room operators periodically monitor redundant indications and alarms to detect deviation channel outputs. (continued) 08/97 Amendment 0 B 3.3 46 b AP600 i.om.m..m.mm mmmt -__i- RTS Instrumen2ation B 3.3.1 BASES SURVEILLANCE SR 3.3.1.3 REQUIREMENTS SR 3.3.1.3 compares the AX1AL FLUX DIFF~ ~.NCE determined (continued) using the incore system to the nuclear .nstrument channel AXIAL FLUX DIFFERENCE every 31 EFPD. If the absolute difference is a 3% AFD the If thenuclear in . channel is still OPERABLE, but must be read u This surveillance is channel is declared inoperable. performed to verify function. Two Notes modify SR 3.3.1.3. The first Note indicates that the excore nuclear instrument channel shall be adjusted if ' the a 3% AFD. absolute difference between the incore and only if reactor power is a 20% RTP and that Below 20% RTP, the design of the incore detector 20% RTP. system, low core power density, and detector accuracy mak use of the incore detectors inadequate for use as a reference standard for comparison to the excore channels. It is based on The Frequency of every 31 EFPD is adequate. plant operating experience, considering Instrument reliability and operating history data for instrument drift. Also, the slow changes in neutron flux during the fuel cycle can be detected during this interval. SR 3.3.1.4 SR 3.3.1.4 is aIf the calibrationmeasurements of the excore do not agree, the channels t incore channels. excore channels are not declared inoperable but must be calibrated to agree with the incore detector measurements. If the excore channels cannot be adjusted, the channels are declared inoperable, This Surveillance is performed to verify the f(AI) input to the overtemperature AT Function. The Note states that this A Note modifies SR 3.3.1.4. Surveillance is required ' and that 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is allowed for performing the first surveillance after reaching 50% RTP, (continued! 08/97 Amendment 0 : B 3.3 47 AP600 _ l , ATS Instrumentation B 3.3.1 l BASES P SURVEILLANCE SR 3.3.1.4 (continued) REQUIREMENTS The Frequency of 92 EFPD is adequate. It is based on industry operating experience, considering instrument reliability and operating history data for instrument drift. SR 3.3.1.5 SR 3.3.1.5 is the performance of a TADOT every 92 days on a STAGGERED TEST BASIS. This test shall verify OPERABILITY by actuation of the end devices. The Reactor Trip Breaker (RTB) test shall include separate verification of the undervoltage and shunt trip mechanisms. Each RTB in a division shall be tested separately in order to minimize the possibility of an inadvertent trip. The frequency of every 92 days on a STAGGERED TEST BASIS is adequate. It is based on industry operating experience, considering instrument reliability and operating history data. In addition, the AP600 design provides additional breakers to enhance reliability. The SR is modified by a Note to clarify that both breakers in a single division are to be tested during each STAGGERED TEST. SR 3.3.1.6 SR 3.3.1.6 is the wrformance of a REACTOR TRIP CHANNEL OPERATIONAL TEST ((TCOT) every 92 days. A RTCOT is performed on each required channel to provide reasonable assurance that the entire channel will perform the intended Function. The automat 4. tester provided with the integrated protection cabinets is intended to aid the plant staff in performing the RTCOT. Prior to the RTCOT, the calibration of the automatic tester shall be verified and adjustments made as required to the voltage and time base references in the automatic tester, Subsequent to the RTCOT, the results of the automatic test shall be reviewed to verify co@leteness and adequacy of results. (continued) 8 3 3 48 08/97 Amendment 0 h AP600.mme-emer uom.m.uu , RTS Instrumentation B 3.3.1 BASES SURVEILLANCE SR 3.3.1.6 (continued) REQUIREMENTS This test frequency of 92 days is justified based on Reference 7 and the use of continuous diagnostic test features, such as deadman timers, A/O channel automatic calibration, memory checks numeric coprocessor checks. and tests of timers, counters and crystal time bases, which will report a failure within the integrated protection cabinets to the operator within 10 minates of a detectable failure. SR 3.3.1.6 is modified by a note that provides a 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months delay in the requirement to perform this Surveillance for sourceThis range instrumentation when entering H00E 3 from testing in H00E 2 and for a short time in H00E 3 until the RTBs are open and SR 3.3.1.6 is no longer required to be performed. If the unit is to be in H00E 3 with the RTBs closed for a time greater than 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months , this Surveillance must be performed prior to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months after entry into MODE 3. During the RTC0T. the integrated protection cabinets in the division under test may be placed in bypass. SR 3.3.1.7 SR 3.3.1.7 is the performance of a RTC0T as described in SR 3.3.1.6. except it is modified by a Note that this test shall are in include verification their required thatexistina state for the the P unit 6 and P 10 interlocks condition. 7 The Frequency is modified by a Note that allows z 92 days of the Frequencies prior to reactor startup and The four hours after reducing power below P 10 and P 6. Frequency of ", prior to startup" ensures this surveillance is performed prior to critical operations and applie The Frequency of "4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months after reducing power below P 10" (apolicable to intermediate and power range low channels) and "41ours after reducing power below P 6" (applicable to source range channels) allows a normal shutdown to be completed and the unit removed from the MODE of Apolicability for this surveillance without a delay to perform tne testing The Frequency of every 92 required by this surveillance. days thereafter applies if t Applicability after the initial performances of prio (continued) 08/97 Amendment 0 8 3.3 49 h AP600 t e01\ t ee tte< \16410101. r07 -062297 , RTS Instrumentation B 3.3.1 BASES SURVEILLANCE SR 3.3.1.7 (continued) -REQUIREMENTS P 10 or P 6. The MODE of Applicability for this surveillance is < P 10 for the power range low and intermediate range channels and 0.00111 hours 6.613757e-6 weeks 1.522e-6 months , then the testing required by this surveillance must be performed prior to the expiration of the 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months limit. Four hours is a reasonable time to complete the required testing or place the unit in a MODE where this surveillance is no longer recuired. This test ensures that the NIS source, intermeciate, and )ower range low channels are OPERABLE prior to taking tw reactor critical and after reducing power into the applicable MODE ( 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months . SR 3.3.1.8 A CHANNEL CALIBRATION is performed every 24 months. or approximately at every refueling. CHANNEL CALIBRATION is a complete check of the instrument loop, including the sensor. The test verifies that the channel responds to a measured parameter within the necessary range and accuracy. Transmitter calibration must be performed consistent with the assumptions of the unit specific setpoint methodology. The difference between the current "as found" values and the , previous test "as left" values must be consistent with the transmitter drift allowance used in the setpoint methodology. The CHANNEL CALIBRATION is assisted by the use of an automatic tester, and the calibration of the automatic tester must be verified prior to use. The setpoint methodology requires that 30 months drift be used (1.25 times the surveillance calibration interval. 24 months) based on Generic Letter 91 04. " Changes in Technical Specification Surveillance Intervals to Accommodate a 24 month Fuel Cycle." SR 3.3.1.8 is modified by a Note stating that this test shall include verification that the time constants are adjusted to the prescribed values where applicable. (continued) hI*01\AP600 B 3.3 50 08/97 Amendment 0 t etaspen160 30101. r0? 0422t? RTS Instrumentation B 3.3.1 BASES SURVEILLANCE SR 3.3.1.9 ' REQUIREMENTS ~SR 3.3.1.9 is the performance of a CHANNEL CALIBRATION every (continued) This SR is modified by a Note stating that 24 months. neutron detectors are excluded from the CHANNEL C The CHANNEL CALIBRATION for Belowthe power ra calorimetric and flux mao performed above 20% RTP, 20% RTP. the design of tne incore detector system, low core power density, and detector accuracy make use of the incore detectors inadequate for use as a reference standard forThe CH comparison to the excore channels.for the source range consists of obtaining the detector plateau or pream the curves to the manufacturer's data. not required for the power range detectors for entry into MODE 2 and 1, and is not required for the inte at least MODE 2 to perform the test for the intermediate range detectors and MODE 1 for the power range detectors. The 24 month Frequency is based on the ne outage and the potential for an unolanned transient if the Surveillance were performed with the reactor at tne Surveillance when performed on the 24 month Frequency. SR 3.3.1.10 SR 3.3.1.10 is the performance of a TADOT of the Manual RCP Breaker Position, and the SI. ADS This Reactor Actuation, an CMT Injection inputs from Trip,d the ESFACs. The test shall TADOT is performed every 24 months. independently verify the OPERABILITY of the undervolta shunt trip mechanisms for the Manual Reactor Trip Function .- for the Reactor Trip Breakers. The Frequency is based on the known reliab been shown to be acceptable through operating experience. The SR is modified by a Note that excludes verification of setpoints from the TADOT. The Functions affected have no setpoints associated with them. (continued) 08/97 Amendment 0 B 3.3 51 h AP600 " ""*"* " *f"'_2 RTS Instrumentation l B 3.3.1 i l BASES SURVEILLANCE SR 3.3.1.11 ~ REQUIREMENTS (continued) This SR 3.3.1.11 verifies that the individual channel / division actuation response times are less than or equal to the maximum values assumed in the accident analysis. Response Time testing criteria are included in Reference 2. For channels that include dynamic transfer performed with the transfer Function set to Alternately, the response time test can FSAR response time. be performed with the time constants set calculated assuming the time constants are set at their The response time may be measured by a nominal values. series of overlapping test such that the entire response time is measured. Each division response must be verified ev Response times cannot be would be tested after 96 months). determined Experience has shown durin is required to measure response times. that these components usually pass this surveillance Therefore when the Frequency performed on a refueling frequency. was concluded to be acceptable from a reliability standpoint. The SR 3.3.1.11 is modified by exempting neutron detectors from response time testing. A Note to the Surveillance indicates that neutron detectors may be excluded RESPONSE TIME testing. difficulty in generating an appropriate detector signal. principles of detector operation ensure a virtually instantaneous responst. 1. AP600 SSAR< Chapter 6.0. " Engineered Safety Feature REFERENCES

2. AP600 SSAR, Chapter 7.0, " Instrumentation and Controls."

3. AP600 SSAR, Chapter 15.0. " Accident Analysis "

4. WCAP 14606, " Westinghouse Setpoint Methodology for Protection Systems," April 1996 (nonproprietary).

(continued) 08/97 Amendment 0 , B 3.3 52 b AP600 se.m.umaioievo,.omu , L RTS Instrumentation B 3.3.1 BASES

5. Institute of Electrical and Electronic Engineers.

REFERENCES IEEE 279 1971, " Criteria:for Protection Systems for (continued) Nuclear-Power Generating Stations," April 5, 1972.

6. 10 CFR 50.49, ' Environmental Qualifications of Electric Equipment Important to Safety for Nuclear Power Plants."

7. WCAP 10271 P A, ' Evaluation of Surveillance Frequencies and Out of Service Times for the Reactor Protection Instrumentation System " May 1986. l 8. NRC Generic Letter No. 83 27, Surveillance Intervals in Standard Technical Specifications.

9. ESBU TB 97 01, Westinghouse Technical Pulletin, " Digital Process Rack Operability Determination Criteria," May 1, 1997, I

08/97 Amendment 0-8 3.3 53 hl*01\tetMee<\n6010 AP600 lot. e07 041117 . ESFAS Instrumentation , B 3.3.2 B 3.3 INSTRUMENTATION 8 3.3.2 ENGINEERED SAFETY FEATURE ACTUATION SYSTEM (ESFAS) INSTRUMENTATION BASES BACKGROUND The ESFAS initiates necessary safety systems, based upon the values of selected unit parameters, to protect against violating core design limits and the Reactor Coolant System (RCS) pressure boundary, and to mitigate accidents. The ESFAS instrumentation is segmented into four distinct but interconnected modules as identified below:

Field inputs from process sensors, nuclear instrumentation:

. Integrated Protection Cabinets (IPCs):

Engineered Safety Features Actuation Cabinets (ESFACs);

and . Protection Logic Cabinets (PLCs). Field Transmitters and Sensors Normally, four redundant measurements using four separate sensors, are made for each variable used for actuation of ESF, The use of four channels for arotection Functions is xing required for a trip based on a minimum of two channels or actuation, one channel in test or bypass, and a single failure on the remaining channel. The signal selector in the Plant Control System will function correctly with only three channels. This includes two channels properly functioning and one channel having a single failure. Minimum requirements for protection and control is achieved with three channels OPERABLE. The fourth channel is provided to increase plant availability, and permits the plant to run for an indefinite time with a single channel out of service. The circuit design is able to withstand both an input failure to the control system, which may then require the orotection Function actuation, and a single failure in the other channels providing the protection Function actuation. Again, a single failure will neither cause nor prevent the protection Function actuation, These requirements are described in IEEE 279 (Ref. 4), The actual (continued)~ B 3.3 54 08/97 Amendment 0 h AP600 i omu .uusuoiouer.o uo . ESFAS Instrumentation B 3.3.2 - BASES Field Transmitters-and Sensors (continued) BACKGROUND number of channels provided for each plant parameter is specified in Reference 2. Engineered Safety Features (ESF) Channel An ESF channel extends from the sensor to the output of the associated ESF subsystem (ESF1 or ESF2) in the IPCs, and shall include the sensor (or sensors), the signal conditioning, any associated data links, and the associated ESF subsystem. For ESF channels containing nuclear instrumentation, the ESF channel shall also include the nuclear instrument signal conditioning and the associated Nuclear Instrumentation Signal Processing and Control (NISPAC) subsystem in the IPCs. Any manual ESF controls that are associated with a particular ESF channel are also included in that ESF channel. IPCs The IPCs contain the necessary equipment to: . Permit acquisition and analysis of the sensor inputs, including plant process sensors and nuclear instrumentation, required for reactor trip and ESF calculations: . Perform computation er logic operations on variables based on these inputs: ' . Provide trip signals to the reactor trip switchgear and ESF actuation data to the ESFACs as required: . Permit manual trip or bypass of each individual reactor trio Function and permit manual actuation or bypass of eaca individual voted ESF Function: .- Provide data to other systems in tne Instrumentation and Control (I&C) architecture: . Provide functional diversity for the reactor trips and ESF actuations: and (continued) B 3.3 55 08/97 Amendment 0 h AP600 i m u . m .. n u ciais o ..... u i, ESFAS Instrumentation B 3.3.2 BASES BACKGROUND IPCs (continued) . Provide separate input circuitry for control Functions that require input from sensors that are also requirtd for protection Functions. Each of the four IPCs provides signal conditioning, comparable output signals for indications in the main control room, and comparison of measured input signals with established setpoints. The basis of the setpoints are-described in References 1, 2, and 3. If the measured value of a unit parameter exceeds the predetermined w point, an output is generated which is transmitted to the ESFACs for logic evaluation. ESFACs ' The ESFACs contain the necessary equipment to: . Permit reception of the data supplied by the four IPCs and perform voting on the trip outputs: . Perform system level logic using the input data from the IPCs and transmit the output to the PLCs: and . Provide redundant hardware capable of providing system level comands to the PLCs, ESF Actuation Logic The ESF actuation logic shall extend from, but not include, the outputs of the various ESF channels to the output from The the logic cabinet associated with the actuated device. ESF actuation logic shall include the ESF actuation subsystems in the ESFACs, the Functional Logic Subsystems in the ariociated PLC, the I/O hardware associated with the actuated device, any associated datalinks and any associated data highways. Any manual ESF controls that are associated with a carticular ESF actuation logic are also included in that ESF actuation logic. (continued) B 3.3 56 08/97 Amendment 0 b AP600.omo,,or.eni,, i om.m.uu , ESFAS Instrumentation B 3.3.2 BASES PLCs BACKGROUND ~~ (continued) The PLCs contain the necessary equipment to:

Receive automatic system level signals supplied by the associated ESFAC:

Receive and transmit dat) to/from main control room multiplexers:

. Receive and transmit data to/from other PLCs on the same logic bus: Receive status data from component position switches (such as limit switches and torque switches); and Perform logic computations on received data, generate logic commands for final actuators (such,as START, STOP, OPEN, and CLOSE), ESFAC and PLC Operability Background Each ESFAC and PLC has two microprocesso In the ESFAC, each microprocessor subsystem is called an In the PLC each microprocessor actuation subsystem. This subsystem is called a functional logic group. arrange ESFAC or PLC to be temocrary removed from service toW facilitate testing. moved from service, the remaining microprocessor subsystem continues to function and the ESF division conti provide full protection. halves is connected to the battery backed power rystem. As long portion o even when all ac power sources are lost. divisio as one battery microprocessor subsystem within an ESFAC or PLC continues to operate, the ESF division is unaffected. As ESF division is only affected when all battery backed micro >rocessor subsystem within an ESFAC or PLC are not OPERA 3LE. (continued)- 08/97 Amendment 0 B 3.3 57 b AP600 , t*01\ tee sN e\t6010102.r07 082197 9 . . _ . . . . _ _ . . . . _ _ _ _ _ _ _ _ _ _ _ _ _ _ a ESFAS Instrumentation B 3.3.2 . BASES Trip Setpoints and Allowable Values ^ BACKGROUND ~ (continued) The Trip Setpoints are the nominal values at w output is set. adjusted when the "as left" value is within the ba CHANNEL CALIBRATION accuracy. The Trip Setpoints used in the trip output are based The selection of on the analytical limits stated in Reference 2.these Trip provided when all sensor and processing time delays taken into account. instrument drift, and severe environment ESFAS defined bychannels that(Ref. 10 CFR 50.49 must5),function in harshand the Trio Setpoints environ Allowable Values specified in Table 3.3.E 1 A detailed description of the the analytical limits. methodology used to calculate the Trip Setpoints, including their exolicit uncertainties, is provided in the "Westingaouse Setpoint Methodology for Prote (Refs. 9 and 10).into the bistable is more conservative tha by the Allowable Value to account for changes in random measurement errors detectable by a COT. a change in measurement error is drift during theIf th surveillance interval. exceed the Allowable Value, the OPERABLE. Setpoints in accordance with the Allowable Value ensu the consequences of Design Basis Accidents (DBAs) will b acceptable. providing the unit is operate designed. Each channel can be tested on line to verify that the si processing equipment and setpoint accuracy Once ais within specified allowance requirements of Reference 9. designated channel is taken out of service for testing, a simulated signal is injected in place of the field instrument signal. SRs for the test is then tested, verified, anc calibrated. channels are specified in the SR section. (continued) 08/97 Amendment 0 B 3.3 58 AP600 _ , , , ESFAS Instrumentation B 3.3.2 BASES 4 BACKGROUND Trip Setpoints and Allowable Values (continued) The Trip Setpoints and All owable Values listed in-Table 3.3.21 are based on the methodology described in Reference 9. which incorporates all of the known uncertainties applicable for each channel. The magnitudes of these uncertainties are factored into the determination of each Trip Setpoint. All field sensors and signal processing equipment for these channels are assuned to operate within the allowances of these uncertainty magnitudes. Calibration tolerances and drift allowances must be specified in plant calibration procedures, and must be consistent with the values used in the setpoint methodology. l The OPERABILITY of each transmitter or sensor can be evaluated when its "as found" calibration data are compared against the "as left" data and are shown to be within the setpoint methodology assumptions. The basis of the setpoints is described in References 1, 2. 3. and 9. Trending of transmitter calibration is required by Generic Letter 9104, " Changes in Technical Specification Surveillance Intervals to Accommodate a 24 Month Fuel Cycle." Each channel of the IPC can be tested on line to verify that the signal or setpoint accuracy is within the specified allowance requirements. This test may be performed by using , the built in automatic tester. Once a designated channel is automatically taken out of service for testing, a simulated signal is injected in place of the field instrument signal. The process equipment-for the channel in test is then tested, verified, and calibrated. The IPC channel is considered to be OPERABLE if the channel passes the automatic testing. Surveillance Requirements for the channels are specified ir. the Surveillance Requirements section. APPLICABLE Each of the analyzed accidents can be detected by one or SAFETY ANALYSES, more ESFAS Functions. One of the ESFAS Functions is the LCOs. and orimary actuation signal for that accident. An ESFAS APPLICABILITY Function may be the primary actuation signal for more than one type of accident. An ESFAS Function may also be'a secondary, or backup, actuation signal for one or more other (continued) ' h AP600 B 3.3 59 08/97 Amendment 0 Isot\tetatpec\t6010302 r07 C81HP , _ ___ ______________.__m ~ ESFAS Instrumentation B 3.3.2 BASES APPLICABLE accidents. For exaiiple. Pressurizer Pressure - Low is a SAFETY ANALYSES. primary actuation signal for small loss of coolant accidents LCOs, and (LOCAs) and a backup actuation signal for steam line breaks (SLBs) outside containment. Functions such as manual APPLICABILITY (continued) initiation not specifically credited in the accident safety analysis are qualitatively credited in the safety analysis and the NRC staff approved licensing basis for the plant. These Functions may provide protection for conditions which do not require dynamic transient analysis to demonstrate Function performance. These Functions may also serve as backups to functions that were credited in the accident analysis (Ref. 3). The LCO generally requires OPERABILITY of four channels in each instrumentation / logic Function and two devices for each manual initiation Function. The two out of four configurations allow one channel to be bypassed during maintenance or testing without causing an ESFAS initiation. Two manual initiation channels are required to ensure no single random failure disables the ESFAS. The required channels of ESFAS instrumentation provide plant protection in the event of any of the analyzed accidents. ESFAS protective functions are as follows:

1. Safeguards Actuation The Safeguards Actuation signal actuates the alignment of the Core Makeu) Tank (CMT) valves for passive injection to the RCS. Tw Safeguards Actuation signal prcvides two primary Functions:

- Primary side water addition to ensure maintenance or recovery of reactor vessel water level (coverage of the active fuel for heat removal and clad integrity, peak clad temperature < 2200*F): and . Boration to ensure recovery and maintenance of SHUTDOWN MARGIN (kerf < 1.0) . (continued) b AP600 B 3.3 60 08/97 Amendment 0 i e m u ..n aa mo u v.a.n , , ,,--r ' - - l ESFAS Instrumentation ! B 3.3.2 l BASES APPLICABLE 1. Safeguards Actuation (continued) l SAFETY ANALYSES. LCOs and These Functions are necessary to mitigate the effects 1 APPLICABILITY of high energy line breaks (HELBs) both inside and outside of containment. The Safeguards Actuation signal is also used to initiate other Functions such as: . Containment Isolation: . Reactor Trip: . Turbine Trip: . Close Main Feedwater Control Valves: . Trip Main Feedwater Pumps and Closure of Isolation and Crossover Valves: . Reactor Coolant Pump Trip; and . Enable Automatic Depressurization System (ADS). These other Functions ensure: . Isolation of nonessential systems through containment penetrations; . Trip of the turbine and reactor to limit power generation: . Isolation of main feedwater to limit secondary side mass losses: I . Trip of the reactor coolant pumps to ensure proper. CMT actuation: . Enabling automatic depressurization of the RCS on CNT Level - Lov 1 to ensure continued safeguards actuatedinjection. Manual and automatic initiation of Safeguards Actuation must be OPERABLE in MODES 1.~2. 3. and 4. In these MODES there is sufficient energy in the primary and secondary systems to warrant automatic initiation of ESF- systems. Automatic actuation in MODE 4 is provided by the high containment pressure signal. (continued) i h AP600 B 3.3 61 08/97 Amendment 0 t *01\ t e<m see t d 6010101. r07 08229 P e ESFAS 8nstrumentation B 3.3.2 BASES

1. -Safeguards Actuation (continued)

APPLICABLE SAFETY ANALYSES Manual initiation is required initiation Automatic in MODEis5not to support requiredsystem LCOs. and level initiation, APPLICABILITY to be OPERABLE in MODE 5 because parameters are not available to provide automatic actuation, and an accident. These Safeguards Actuation Functions are not required to be OPERABLE in MODE 6 because ther manually starting individual systems, pumps, and other equipment to mitigate the consequences of an abnor condition or accident,are very low and many ESF compone locked out or otherwise prevented from actuating to prevent inadvertent overpressurization of plant systems. 1.a. Manual Initiation The LCO requires that two manual initiation devices are OPERABLE, The operator can initiate the Safeguards Actuation signal at any time by using either of two switches in the main control room, This action will cause actuation of all com signals. The LCO on Manual Initiation ensures the proper amount of redundancy is maintained in manual ESFAS initiation capability, Each device consists of one switch Each interconnecting wiring to all four ESFACs. and the manual initiation This configuration device actuates does not allow all four ESFA divisions. testing at power. (continued)_ 1 08/97 Amendment 0 B 3.3 62 h AP600 At\tetMeetst6010102.r07 062297 - - - - - _ _ _ _ _ _ _ _ _ _ _ _ ESFAS Instrumentation B 3.3.2 BASES 1.b. Containment Pressure - High 2 APPLICABLE SAFETY ANALYSES, This signal provides protection against the LCOs, and following accidents: APPLICABILITY (continued)

SLB inside containment:

. LOCA: and . Feed line break inside containment. The transmitters (d/p cells) and electronics are Since the located inside of containment. transmitters and electronics are located inside of containment, they will experience adverse enviri nmental conditions and the trip setpoint reflects environmental instrument uncertainties. The LC0 requires four channels of Containment Pressure - High 2 to be OPERABLE in MODES 1, 2. 3, and 4. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. 1.c. Pressurizer Pressure - Low This signal provides protection against the following accidents: . Inadvertent opening of a steam generator (SG) safety valve: . SLB . A spectrum of rod cluster control assembly ejection accidents (rod ejection): . Inadvertent opening of a pressurizer safety valve: . LOCAs: and . Steam Generator Tube Rupture (SGTR). (continued)_ m 08/97 Amendment 0 B 3.3 63 b AP600.omo imuu...uu 4 .essin . . . .. .. . . . .a ESFAS Enstrumentation B 3.3.2 BASES 1.c, Pressurizer Pressure Low (continued) APPLICABLE SAFETY ANALYSES, The transmitters are located inside containment, LCOs and with the taps in the vapor space region of the APPLICABILITY pressurizer, and thus possibly experiencing adverse environmental conditions (LOCA, SLB inside containment). Therefore, the Trip Setpoint reflects the inclusion of both steady state and adverse environmental instrument uncertainties. The LC0 requires four channels of Pressurizer Pressure - Low to be OPERABLE in MODES 1, 2, and 3 (above P 11) to mitigate the consequences of a high energy line rupture inside containment. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip <cd by Function. This signal may be manually bloc the operator below the P 11 setpoint. Automatic actuation below this pressure is then performed by 5 the Containment Pressure - High 2 signal. This function is not required to be OPERABLE in H00E 3 below the P 11 setpoint. Other ESF Functions are used to detect accident conditions In MODES and actuate 4, S, and 6, the ESF systems in this MODE. this Function is not needed for accident detection and mitigation, 1.d. Steam Line Pressure - Low Steam Line Pressure - Low provides protection against the following accidents:

SLB:

. Feed line break: and . Inadvertent opening of an SG relief or an SG safety valve. (continued) 8 3.3 64 08/97 Amendment 0 h AP600 mmu%.uumom cor emu , ] ESFAS Instrumentation B 3.3.2 BASf5 (continued) APPLICABLE 1.d. Steam Line Pressure - Low ^ SAFETY ANALYSES.- LCOs, and It is possible for the transmitters to experience adverse environmental conditions during a secondary APPLICABILITY side break. Therefore, the Trip Setpoint reflects both steady state and adverse environmental instrument uncertainties. This Function is anticipatory in nature and has a typical lead / lag ratio of 50/5. The LCO requires four channels of Steam Line Pressure - Low to be OPERABLE in H00ES 1, 2, and 3 (above P 11) when a secondary side break or stuck open valve could result in theFour rapid channels depressurization of the steem lines. are provided in each steam line to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. This signal may be manually blocked oy the operator below the P 11 setpoint. Below P 11, feed line break is not a concern, inside containment SLS will be terminated by automatic actuation via Containment Pressure - High 2, and outside containment SLB will be terminated by the Steam Line Pressure Negative Rate - High signal for In MODES 4, 5, or 6. this steam line isolation. Function is not needed for accident detection a mitigation because the steam line pressure is below the actuation setpoint. Low steam line pressure in these MODES is not an adequate indication of a feed line or steam line break. 1.e. RCS Cold leg Temperature (Teoid) - LOW This signal provides protection against the following accidents: . SLB: . Feed line break; and . Inadvertent opening of an SG relief or an SG safety valve. (continued) 08/97 Amendment 0 B 3.3 65 b AP600 imw.m uumem c.eum . - ESFAS Instrumentation B 3.3.2 BASES APPLICABLE 1.e. RCS Cold leg Temperature (T c ,jo) - Low (continued) SAFETY ANALYSES, LCOs, and The LCO requires four channels of Tcold - Low to be OPERABLE in MODES 1 and 2, and in MODE 3, with any APPLICABILITY main steam isolation valve open, when a secondary side break or stuck open valve could result in the rapid cooldown of the primary side. Four channels are provided in each loop to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In MODES 4. 5. and 6, this Function is not needed for accident detection and mitigation because the cold leg temperature is reduced below the actuation setpoint.

2. CMT Actuation CMT Actuation provides the passive injection of borated water into the RCS. Injection provides RCS makeup water and boration during transients or accidents when the normal makeup supply from the Chemical and Volume Control System (CVS) is lost or insufficient. Two tanks are available to provide passive injection of borated water.

CMT injection mitigates the effects of high energy line breaks by adding primary side water to ensure maintenance or recovery of reactor vessel water level following a LOCA, and by borating to ensure recovery or maintenance of SHUTDOWN MARGIN following a steam line break. CMT Valve Actuation is initiated by the Safeguards Actuation signal, Pressurizer Level - Low 2, or manually. The LC0 requires that manual and automatic CMT Valve Actuation be OPERABLE in MODES 1 through 4. Manual actuation of the CMT valves is additionally required in MODE 5 with the loops filled. Automatic actuation initiated by Pressurizer Water Level - Low 2 is required to be OPERABLE in MODE 5 with the RCS pressure boundary intact, above the P 12 setpoint. Automatic actuation of this Function is not required in MODE 5 with no visible level in the pressurizer, or MODE 6 because the CMTs are not required to be operable in these MODES. 2.a.panualInitiation Manual CMT Valve Actuation is acccmplished by either Either of two switches in the main control room. switch activates all four ESFAC divisions. (continued) B 3.3 66 08/97 Amendment 0 h AP600 1*0t\tecatoecsL6010102 707 08L197 ESFAS Instrumentat1on B 3.3.2 BASES APPLICABLE 2.b. Pressurizer Water Level - Low 2' SAFETY ANALYSES, LCOs. and This Function also initiates CMT Valve Actuation APPLICABILITY from the coincidence of pressurizer level below the (continued) Low 2 Setpoint in any two of the four divisions. This function can be manually blocked when the pressurizer water level is below the P 12 Setpoint. This Function is automatically unblocked when the pressurizer water level is above the P 12 Setpoint. The Setpoint reflects both steady state and adverse environmental instrument uncertainties as the detectors provide protection for an event that results in a harsh environment. 2.c. Safeguards Actuation CNT Valve Actuation is also initiated by all Functions that initiate the Safeguar.ds Actuation signal. The CMT Valve Actuation Function requirements are the same as the requirements for the Safeguards Actuation Functions. Therefore, the requirements are not repeated in Table 3.3.2 1. Instead Function 1 is referenced for all initiating Functions and requirements. 2.d. ADS Actuation The CMTs are actuated any time stage 1 ADS is actuated. The CMT Actuation Function requirements for the stage 1 ADS are the same as the requirements for their ADS Function. Therefore, the recuirements are r,ct repeated in Table 3.3.2 1. Insteac., Function 9 is referenced for all initiating functions and requirements.

3. Containment Isolation

.a Containment Isolation provides isolation of the containment atmosphere and selected process systems which

netrate containment from the environment. This Punction is necessary to prevent or limit the release of radioactivity to the environment in the event of a large break LOCA.

(continued) b AP600 B 3.3 67 08/97 Amendment 0 t*01\tecaseet\l6Cl0lci e07 C4119? , ESFAS Instrumentation B 3.3.2 BASES APPLICABLE 3. - Containment Isolation (continued) SAFETY ANALYSES. LCOs. and Containment Isolation is actuated by the Safeguards APPLICABILITY Actuation signal, manual actuation of containment cooling.or manually. Process lines penetrating containment are isolated on ESF signals. Manual and automatic initiation of Containment Isolation must be OPERABLE in MODES 1. 2. 3. and 4, when containment integrity is required. Manual initiation is required in MODE 5 and MODE 6. Manual' initiation of this Function in MODE 6 is not applicable if the process lines penetrating containment are isolated. This provides the capability to manually initiate containment isolation during all MODES. Automatic actuation is not required in MODES S and 6 because manual initiation is sufficient to mitigate the consequences of an accident in these MODES. 3.a. Manual Initiation Manual Containment Isolation is accomplished by either of two switches in the main control room. Either switch actuates all four ESFAC divisions. 3.b. Manual Initiation of Passive Containment Cooling Containment Isolation is also initiated by Onual Initiation of Passive Containment Cooling. This is accomplished as described for ESFAS Function 12.a. 3.c. Safeguards Actuation Containment Isolation is also initiated by all Functions that initiate the Safeguards Actuation signal. The Containment Isolation Function requirements are the same as the requirements for. the Safeguards Actuation Function. Therefore, the requirements are not repeated in Table 3.3.2 1. Instead. Function 1 is referenced for all-initiating functions and requirements.

4. Steam Line Isolation l Isolation of the main steam lines provides protection in the event of an SLB inside or outside containment. Raoid isolation of the steam lines will limit the steam break (continued)

B 3.3 68 08/97 Amendment 0 ..i.'. 6 3 ,, ,,,,,, m w , 1 I ESFAS Instrumentation B 3.3.2 BASES APPLICABLE 4. Steam Line Isolation (continued) SAFETY ANALYSES, For an SLB LCOs. and accident to the blowdown from one SG at most. APPLICABILITY upstream of the isolation valves, inside For or outside accident to the blowdown from only the affected SG. a SLB downstream of the isolation valves, closure of the isolation valves terminates the accident as soon as the , steam lines depressurize, Closure of the turbine stop and control valves and the main Function. steam branch isolation valves is initiated by th depressurization of the main steam system associated with an inadvertent opening of a single steam dump, relief, Closure safety valve, or a rupture of a main steam line. of these valves also suprorts a steam generator tube rupture event by isolating the faulted steam generator. 4.a. Manual Initiation Manual initiation of Steam Line Isolation There can are be accomplished from the main control room. two switches in the main control room and either switch can initiate action to immediately close all The LC0 main steam isolation valves (MSIVs). requires two OPERABLE channels in H0 DES 1, 2, 3, and 4 with any main steam valve open, when there is sufficient energy in the RCS and SGs to have an SLB or other accident resulting in the release of significant quantities of energy to cause a cooldown of the primary system. In H00ES 5 and 6. this Function is not required to be OPERABLE because there is insufficient energy in the secondary side of the unit to cause an accident. 4.b. Containment Pressure - High 2 This Function actuates closure of the MSIVs in the event a SLB inside containment to limit the mass energy release to containment and limit blowdown to a single SG. The transmitters and electronics are located inside containment, thus, they will experience harsh environmental conditions and the Trip Setpoint reflects environmental instrument uncertainties. (continuedl 08/97 Amendment 0 B 3.3 69 bm AP600 m . m .. m m u n m .a m ,r . t ~ - __- _ -- %-._ l ESFAS instrumentat9on f B 3.3.2 BASES 4.b. Containment Pressure - High 2 (continued) APPLICABLE _ SAFETY ANALYSES, The LC0 requires four channels of Containment LCOs, and Pressure - High 2 to be OPERABLE in H00ES 1, 2, 3. APPLICABILITY and 4, with any main steam valve open, when there is sufficient energy in the primary and secondary side to pressurize the containment following a pipe break. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. There would be a significant increase in the containment pressure, thus allowing In MODES 5 detection and closure of the HSIVs. and 6 there is not enough energy in the primary and secondary sides to pressurize the containment to the Containment Pressure - High 2 setpoint. 4.c. Steam Line Pressure (1) Steam Line Pressure - Low Steam Line Pressure - Low provides closure of the HSIVs in the event of an'SLB to maintain at least to limit the mass and energy release to containment and limit blowdown to a single SG. The LCO requires four channels of Steam Line Pressure - Low Function to be OPERABLE in MODES 1, 2, and 3 (above P 11), with any main steam isolation valve open, when a secondary side break or stuck open valve could result in the raaid depressurization of the steam lines. Four cnannels are provided in each steam-line to permit one channel to be in tripThis or bypassind failure will disable this trip Function. signal may be manually blocked by the operatorBelow below the P 11 setpoint, containment SLB will be terminated by automatic actuation via Containment Pressure - High 2, and stuck open valve transients and outside containment steam line breaks will be t.:rminat by the Steam Line Pressure Negative Rate - HighIn M signal for Steam Line Isolation.and 6, this func detection and mitigation. (continued) 08/97 Amendment 0 B 3.3 70 h AP600 % i.nu.m..mumeryr aum . ESFAS Instrumentation B 3.3.2 BASES APPLIC/SLE (2) Steam Line Pressure Negative Rate - High SAFETY ANALYSES, LCOs, and Steam Line Pressure Negative Rate - High APPLICABILITY provides closure of the MSIVs for an SLB, when less than the P 11 setpoint, to maintain at (continued) least one unfaulted SG as a heat sink for the reactor and to limit the mass and energy release to containment. When the operator manually blocks the Steam Line Pressure - Low when less than the P 11 setpoint, the Steam Line Pressure-Negative Rate - High signal is automatically enabled. The LC0 requires four channels of Steam Line Pressure Negative Rate - High to be OPERABLE in MODE 3, with any main steam valve open, when less than the P 11 setpoint, when a secondary side break or stuck open valve-could result in the raaid depressurization of the steam line(s). Four cnannels are provided in each steam line to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In MODES 1 and 2, and in H00E 3 when above the P 11 setpoint, this signal is automatically disabled and the Steam Line Pressure - Low signal is automatically enabled. In H00ES 4, 5 and 6 this Function is not needed for accident detection and mitigation. While the transmitters may experience elevated ambient temperatures due to a steam line break, the Trip Function is on rate of change, not the absolute accuracy of the indicated steam pressure, Therefore, the Trip Setpoint reflects only steady state instrument uncertainties. 4.d. Teoid - Low This Function provides closure of the MSIVs during a SLB or inadvertent opening of a SG relief or a safety valve to maintain at least one unfaulted SG as a heat sink for the reactor and to limit the mass and energy release to containment. (continued) B .'. 3 71 08/97 Amendment 0 b AP600 imuu ..uumam ,v.eum . l ESFAS Instrumentation B 3.3.2 f-BASES APPLICABLE 4.d. Teoid - Low (continued) SAFETY ANALYSES, LCOs, and This Function was discussed a. Safeguards Actuation APPLICABILITY Function 1.e. The LC0 requires four channels of Teoid - Low to be OPERABLE in H0 DES 1 and 2, and in H00E 3 above P 11, with any main steam isolation ydive open, when a secondary side break or stuck open valve could result in the rapid cooldown of the primary side. Four channels are provided in each loop to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In H00E 3 below P 11 and ir. MODES 4, 5, and 6, this Function is not needed for accident detection and mitigation because the cold leg temperature is reduced below the actuation setpoint. ,

5. Turbine Trip The primary Function of the Turbine Trio is to prevent damage to the turbine due to water in tie steam lines.

This Function is necessary in H00ES 1 and 2, and 3 above P 11 to mitigate the effects of a large SLB or a large Feedline Break (FLB). Failure to trip the turbine following a SLB or FLB can lead to additional mass and energy being delivered to the steam generators, resulting in excessive cooldown and additional mass and energy release in containment, In H00ES 4, 5, and 6, the energy in the RCS and the steam generators is low and this function is not required to be OPERABLE. This Function is actuated by Steam Generator Water Level - High 2, by a Safeguards Actuation signal, or manually. The Reactor Trip Signal also initiates a turbine trip signal whenever a reactor trip (P 4) is generated. 5 a. Manual Main Feedwater Isolation Manual Main Feedwater Isolation can be accomplished from the main control room. There are two switches in the main control room and either switch can initiate action to close all main feedwater control, i.olation and crossover valves, trip all main feedwater pumps, and trip the turbine. (continued) B 3.3 72 08/97 Amendment 0 h AP600.oicione.o. m mu.m.uu , ESFAS Instrumentation -- B 3.3.2 BASES APPLICABLE 5.b. Steam Generator Narrow Range Water level - High 2 SAFETY ANALYSES. LCOs, and This signal provides protection against excessive APPLICABILITY feedwater flow by closing the main feedwater (continued) control, isolation and crossover valves, tripping of the main feedwater pumps, and tripping the turbine. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. The transmitters (dh cells) are located inside containment. However, tne events which this Function protect against cannot cause severe environment in containment. Therefore, the Setpoint reflects only steady state instrument uncertainties. 5.c. Safeguards Actuation Turbine Trip is also initiated by all Functions that initiate the Safeguards Actuation signal. The isolation requirements for these Functions are the same as the requirements for their Safeguards Actuation Function. Therefore, the recuirements are not repeated in Table 3.3.2 1. Insteaci Function 1 is referenced for all initiating Functions and requirements. The Safeguards Actuation signal closes all main feedwater control, isolation and crossover valves, trips all main feedwater pumps, and trips the turbine. 5.d. Reactor Trip Turbine Trip is also initiated by all functions that initiate Reactor Trip. The isolation requirements for these Functions are the same as the requirements for their Reactor Trip Function. Therefore, the requirements are not repeated in Table 3.3.2 1. is Instead Function 18.a. P 4 (Reactor Trip),d referenced for all initiating Functions an requirements. (continued) B 3.3 73 08/97 Anendment 0 b AP600.omo: notuu ..uu ,or o.mr , ESFAS fnstrumentation-1 B 3.3.2 BASES l I APPLICABLE . 61 Main Feedwater Control Valve Isolation SAFETY ANALYSES, ' LCOs, and The primary Function of. Main Feedwater Control Valve , Isolation is to prevent damage to the turbine due to i APPLICABILITY water in the steam lines and to stop the excessive flow .(continued) of feedwater into the SGs. This Function is actuated by i Steam Generator Narrow Range Water Level - High 2, by a Safeguards Actuation signal, or manually. The Reactor - - Trip Signal also initiates closure of the main feenater

control valves coincident with a low RCS average-

~ " temperature (Tavg) signal whenever a reactor. trip (P 4) is generated. 3 Closing the Main Feedwater Control Valves on Manual Main Feedwater Isolation, SG Narrow Range Water Level High 2. or Safeguards Actuation is necessary in MODES 1 and-2, and in MODE 3 above P 11 to mitigate the effects:of a large SLB or a large FLB. This Function is also required to be OPERABLE in MODES 1 and 2 on Tave Low 1 coincide with Reactor Trip (P 4). Failure to close the main , feedwater control valves following a SLB or FLB can lead to. additional mass and energy being delivered to the steam generators, resulting in excessive cooldown and additional mass and energy release in containment. Manual main feedwater isolation is required to be. > i OPERABLE.in MODE 4is when This Function the main not applicable feedwater in-MODE 4 forcontrol

- are open.

valve isolation if the main feedwater line is-isolated. Automatic actuation on a Steam Generator Narrow Range Water Level - Hign 2 is required to be OPERABLE in MODE 4 i when the RCS is not being cooled by the_RNS.- In MODES 5 -and 6 the energy in the RCS and the-steam generators is low:and this function is not required to be OPERABLE, i 6.a. Manual Main Feedwater Isolation-Manual Main Feedwater Isolation can be accomplished from the main control room. There are two switches ' in the main control room and either switch can initiate action in~both divisions to close all main-feedwater control, isolation and crossover valves, trip all n,ain feedwater pumps, and trip the turbine. 4 ? (continued) L B 3.3 74 08/97 Amendment 0 AP600-- 1801\tt elee<\16010302 307 082297' l I a-, - ; - _- ,_, _ , _ _ l ESFAS Instrumentation B 3.3.2 BASES-6.b. Steam Generator Narrow Range Water Level - High 2 APPLICABLE SAFETY ANALYSES, This signal provides protection against excessive LCOs. and feedwater flow by closing the main feedwater APPLICABILITY control, isolation and crossover valves, tripping of (continued) the Main Feedwater Pumps, and tripping the turbine. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. The transmitters (dh cells) are located However, tne events which this inside containment. Function protect against cannot cause severe environment in containment. Therefore, the Setpoint reflects only steady state instrument uncertainties. 6.c. Safeguards Actuation This Function it also initiated by all Functions The that initiate the Safeguards Actuation signal. isolation requirements for these Functions are the same as the requirements for their Safeguards Actuation Function. Therefore, the recuirements are not repeated in Table 3.3.2 1. Insteac Function 1 is referenced for all initiating Functions and requirements. The Safeg'iards Actuation signal closes all main feedwater control, isolation and crossover valves, trips all main feedwater pumps, and trips the turbine. 6 d. Tava low 1 Coincident with Reactor Trip (P 4) This signal provides protection against excessive feedwater flow by closing the main feedwater control valves. This signal results from a coincidence of two of the four divisions of reactor loop average temperature below the low 1 setpoint coincident with the P 4 permissive. Four channels are provided to permit one channel to be in trio or This bypassindefinit failure will disable this trip Function. Function may be manually blocked when the pressurizer pressure is below the P 11 setpoint. The block is automatically removed when the pressurizer pressure is above the P 11 setpoint. (continued) B 3.3 75 08/97 Amendment 0 h AP600 tMi\tecMeec\ t6010102. r07 081997 ~ C_ ESFAS Instrumentation B 3.3.2 BASES

7. Main Feedwater Pump Trip and Valve Isolation APPLICABLE SAFETY ANALYSES, LCOs, and The primary function of the Main Feedwater Pump Trip and

! solation is to prevent damage to the turbine due to APPLICABILITY water in the steam lines and to stop the excessive flow (continued) of feedwater into the SGs. Valve isolation includes closing the main feedwater isolation and crossover valves. Isolation of main feedwater is necessary to prevent an increase in heat removal from the reactor coolant system in the event of a feedwater system malfunction. Addition of excessive feedwater causes an increase in core power by decreasing reactor coolant temperature. This Function is actuated by Steam Generator Water Level - High 2, by a safeguards Actuation The Reactor Trip Signal also signal, or manually. initiates a turbine trip signal whenever a reactor trip (P 4) is generated. ~ This Function is necessary in MODES 1. 2, 3. and 4 to mitigate the effects of a large SLB or a large FLB except Tavg Low 2 coincident with Reactor Trip (P 4) whichtois Failure required to be OPERABLE in MODES 1 and 2. trip the turbine or isolate the main feedwater syst energy being delivered to the steam generators, resulting in excessive cooldown and additional mass and energyMan release in containment. is required to be OPERABLE in MODE This 4 when the main Function is feedwater isolation valves are open. not applicable in MODE 4 for valve isolation if the main feedwater line is isolated. Automatic actuation on a Steam Generator Narrow Range Water Level - High 2 is required to be OPERABLE in MODE 4 when the RCS is n being cooled by the RNS. the RCS .ind the steam generators is low and this function is not required to be OPERABLE. 7.a. Manual Main Feedwater Isolation Manual initiation of Main FeedwaterThere Isolation are can be accomplished from the main control room. two switches in the main control room and either switch can initiate action in both divisions to close all main feedwater control. isolation and crossover valves, trip all main feedwater pumps, and trip the turbine. (continued) 08/97 Amendment 0 B 3.3 76 b AP600 t *0htetMaeet\14410102. r07 043297 , ESFAS Instrumentation B 3.3.2 BASES f 7.b. Steam Generator Narrow Range Water Level - High 2 l APPLICABLE > SAFETY ANALYSES, This signal provides protection against excessive LCOs, and feedwater flow by closing the main feedwater APPLICABILITY control, isolation and crossover valves, tripping of (continued) the main feedwater pumps, and tripping the turbine. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no sir.gle random failure will disable this tripTh Function. However, tie events which this inside containment. function protect against cannot cause severeTherefore, the environment in containment. reflects only steady state instrument uncertainties. 7.c. Safeguards Actuation This function is also initiated by all Functions The that initiate the Safeguards Actuation signal. isolation requirements for these Functions are the same as the reouirements for their Safeguards Therefore, the recuirements are

Actuation Function.

not repeated in Table 3.3.2 1. Insteaci Function 1 is referenced for all initiating Functions and requirements, The Safeguards Actuation signal closes all main feedwater control, isolation and crossover valves, trips all main feedwater pumps, and trips the turbine. 7.d. Tuo low 2 Coincident with Reactor Trip (P 4) This signal provides protection against excessive feedwater flow by closing the main feedwater isolation and crossover leg valves, and tripping of the main feedwater pumps. This signal results from a coincidence of two out of four divisions of reactor loop average temperature below the Low 2 Four setpoint coincident with the P 4 permissiv trip or bypass indefinitely and still ensure that no single Function. random failure will disable this tripTh when the pressurizer pressure is below the P 11 setpoint. The block is automatically removed when the pressurizer pressure is above the P 11 setpoint. (continued) 08/97 Amendment 0 B 3.3 77 h .AP600.mm m.m , im u m..gi - - _ _ ._. _ _ __ _ . -. . - - - . . - _ . - _ . . - _ _ - . . = - - - - - _ . - _ _ _ - _ _ _ - - . - - - - - ESFAS Instrumentation , 8 3.3.2 BASES B. Startup Feedwater Isolation APPLICABLE SAFETY ANALYSES, LCOs, and The primary Function of the Startup Feed'ater APPLICABILITY Isolation is to stop the excessive flow of feedwaterT (continued) into the SGs. , 3, end 4 to mitigate the effects of a large SLB or a large FLB. Failure to isolate the startup feedwater system following a SLB or FLB can lead to additional mass and energy being delivered to the steam generators, resulting in excessive cooldown and additional mass and energy release in containment. Startup feedwater isolation must be OPERABLE in MODES 1, 2, 3, and 4 when there is significant mass and energy in the RCS and the steam generators. This Function is not applicable in MODE 4 when the startup feedwater f paths are isolated. RCS and the steam generators is low and this Function is not required to be OPERABLE. B.a. Steam Generator (SG) Narrow Range Water Level - High 2 If steam generator narrow rango level reaches the High 2 setpoint in either steam generator, then all startup feedwater control and isolation valves are closed and the startup feedwater Jumps are tripped. Four channels are provided in eac1 steam generator to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. B.b Teoid - Low This Function closes the startup feedwater control and isolation valves and trips the startup feedwater pumas if reactor coolant system cold leg temperature is xlow the T setpoint in any loop. Startup feedwaterisol%Nononthisconditionmaybe manually blocked when the pressurizer pressure is below the P 11 setpoint. This function is automatically unblocked when the pressurizerFour channel pressure is above the P 11 setpoint.are pro be in trip or bypass indefinitely and still ensure no single random failure will disable this trip cunction. (continued) o8/97 ^**nd**nt o 83348 1,^fSL.,,,....,,,. ESFAS Instrunentation B 3.3 2 BASES APPLICABLE 9. ADS stages 1, 2, & 3 Actuation SAFETY ANALYSES, The Automatic Depressurization System (ADS) provides a LCOs. and APPLICABILITY sequenced depressurization of the reactor coolant system to allow passive injection from the CHis, accumulators, i (continued) and the in containment refueling water stora9e tank (IRWST) to mitigate the effects of a LOCA The depressurization is accomplished in four stages, with the first three stages discharging into the IRWST and the last stage discharging into containment. Each of the first three stages consists of two parallel paths with each path containing an isolation valve and a depressurization valve. The first stage isolation valves open on any actuation of the first stage of the ADS, The first stage depressurization valves are opened following a preset time delay after the actuation of the isolation valves. The second stage isolation valves are opened following a preset time delay after actuation The of the first second stagestage depressurization valves open. depressurization valves are opened following a preset time delay after the second stage isolation valves are actuated, similar to stage one. Similar to the second stage, the third stage isolation valves are opened following a preset time delay after theThe actuation third stageof the second stage depressurization valves. depressurization valves are opened following a preset time delay after the third stage isolation valves are actuated. 9,a Manual Initiation The first stage depressurization valves open on manual actuation. Any actuation of stage 1 ADS also actuates PRHR and trips all reactor coolant pumps. The operator can initiate stage 1 of the ADS from the main control room by simultaneously actuating two ADS actuation devices in the same set. There are two sets of two switches each in the main control room. Simultaneously actuating the This two devices in either set will actuate ADS. Function must be OPERABLE in MODES 1. 2. 3. and 4. This function must also be OPERABLE in MODES S an when the ADS valves are not open. and in MODE 6 with the upper internals in cavity less than full. place and the refuelin (continued) B 3.3 79 08/97 Amendment 0 u.b.Nmum.m.mm , ESFAS Instrumen%ation B 3.3.2 BASES : APPLICABLE 9.b. CMT Level - Low 1 Coincident with CMT Actuation SAFETY ANALYSES, LCOs. and This Function ensures continued passive injection or APPLICABILITY borated water to the RCS following a small break (continued) LOCA. Stage 1 ADS is actuated when the CMT Level reaches its Low 1 Setmint coincident with any CMT Actuation signal whic1 is addressed by Function 2. Four channels are provided in each CMT to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. The ADS Function requirements are the same as the requirements discussed in Function 2 (CMT Actuation). Therefore, the requirements are not repeated in Table 3.3.2 1. Instead Function 2 is referenced for all initiating functions and reauirements. This Function must be OPERABLE in H0 DES 1, 2, 3, and 4, and in MODE 5. ' 10. ADS Stage 4 Actuation The ADS provides a sequenced depressurizatlon of ' the reactor coolant system to allow passive injection from the C'(Ts, . accumulators, and the IRWST to mitigate the effects of a LOCA. The depressurization is accomplished in four stages, with the first three stages discharging into the IRWST and the fourth stage discharging into containment. The fourth stage of the ADS consists of four parallel paths. Each of these paths consists of a normally open isolation valve and a depressurization valve. The four paths are divic'ed into two groups with two paths in each group. Within each group, one path is designated to be substage A and the second path is designated to be substage B. The substage A depressurization valves are opened following a preset time delay after the substage A isolation valve confirmatory open signal. The sequence is continued with substage 3. A confirmatory open signal is provided to the substage B isolation valves following a preset time delay after the substage A depressurization valve has been opened. The signal to open the substage B (continued) B . 80 08 M Amen h nt 0 u.Y.h.Oneiam ,or ren , ESFAS Instrumentation B 3.3.2 BASES _, APPLICABLE

10. ADS Stage 4 Actuation (continued)

SAFETY ANALYSES, LCOs. and depressurization valve is provided following a preset APPLICABILITY time delay after the substage B isolation valves confirmatory open signal. 10.a. Manual Initiation Coincident with RCS Wide Range Pressure - Low or Function ? 1he fourth stage depressurization valves open on manual actuation. The operator can initiate Stage 4 of ADS from the main control roon. There are two sets of two switches each in the main control room. Actuating the two switches in either set will actuate all 4th stage ADS valves. This manual actuation is interlocked to actuate with either the low RCS pressure signal used for Function 10.b or with the ADS Stages 1, 2, & 3 actuation (Function 9). These interlocks minimize the potential for inadvertent actuation of this Function. This interlock with Function 9 allows manual actuation of this Function if automatic or manual ADS Stages 1, 2, & 3 fail to deoressurize the RCS due to cosamon mode failure. Tais consideration is important in PRA modeling to improve the reliabil'ty of reducing the RCS pressure following a small LOCA or transient event. This Function must be OPERABLE in MODES 1, 2, 3. and 4. This Function must also be OPERABLE in HUDES 5 and 6 when the ADS valves are not open, and in H00E 6 with the upper internals in place and the refueling cavity less than full. 10.b. CMT Level - Low 2 Coincident with Delayed Function 9 and RC5 Wide Range Pressure - Low The fourth stage depressurization valves open on CMT Level - Low 2 in two out of four channels in either CMT. Actuation of the fourth stage. depressurization valves is interlocked with the third stage depressurization signal such that the fourth stage is not actuated unless the third stage has been previously actuated following a preset time delay. Actuation of the fourth stage ADS valves are further interlocked with a low RCS (continued) B 't.3 81 08/97 Amendment 0 bPC1\tetastet\16010101, AP600 eof 001197 . l ' ----_-__-___l____________________ _ _ _ _ _ _ _ __ ESFAS Ins %rumentation B 3.3.2 BASES 10.b. CMT Level - Low 2 Coincident with Delayed APPLICABLE Function 9 and RC5 Wide Range Pressure - Low SAFETY ANALYSES, LCOs. and Icontinued) APPLICABILITY pressure signal such that the fourth stage ADS is not actuated unless the RCS pressure is below aFour predetermined setpoint. are provided to permit one channel to be in trip or bypass indefinitely and still ensure ,a single random failure will disable this trio Function. This Function must be OPERABLE in HO)ES 1, 2, 3, and 4. This Function must also be OPERABLE in . MODE 5 when the ADS valves are not open and with level in the pressurizer visible.

11. Reactor Coolant Pump Trip Reactor Coolant Pump (RCP) Trip allows the Injection passive injection of borated water into the RCS,

.orovides RCS makeup water and boration during transients or accidents when the normal makeup supply from the CVS Two tanks provide oassive is lost or insufficient. injection of borated water by gravity when tie reactorC coolant pumas are tripped. effects of ligh energy line breaks by adding primary side water to ensure maintenance or recovery of reactor vessel water level following a LOCA and by borating to ensure recovery or maintenance of SHUTDOWN MARGIN following a steam line break, RCP trip on high bearingRCP water trip is temperature >rotects the RCP iigh RCP coast bearing down. water temperature actuated ADS by Stages 1. 2. and 3 Actuation (Function 9), and CMT actuation. 11.a. ADS Actuation The RCPs are trip >ed any time stage 1 ADS is actuated. The RC) trip Function requirements for the stage 1 ADS are the same as the . requirements for their ADS Function. Therefore. the requirements are not repeated in Table 3.3.2 1. Instead Function 9 is referenced for all initiating functions and requirements.

continued) 08/97 Amendment 0 B 3.3 82 HAP 600' m m . m ..ni m ono n ot.c w .

_ _ ~ . ~ , , , . __ _ __ _ . _ . _ __ _ _ __ _-_- - _ _ _ _ _ - . _ _ _ _ _ . - _ _ _ _ _ _ _ _ . _ _ - _ _ . _ _s ESFAS instrumentation B 3.3.2 l BASES 11.b. Reactor Coolant Pump Bearing Water Temwature - APPLICABLE SAFETY ANALYSES. H,12 LCOs. and Each affected RCP will be tripped if two out of-APPLICABILITY four sensors on the RCP indicate high bearing water (continued) temperature. This Function is required to be OPE MBLE in H0 DES 1 and 2. Four channels are )rovided to permit one channel to be in trip or sypass indefinitely and still ensure no single random failure will disable this trip Function, i 11.c. CMT Actuation RCP trip is also initiated by all the Functions that initiate CMT actuation. The RCP trip Furetion requirements are the same as the requirements for the CMT actuation Functions. Therefore. the requirements are not repeated in. Table 3.3.2 1, and Function 2 is referenced for all initiating Functions and requirements. Low 2 11.d. Pressurizer Water level The RCPs are tripped when the pressurizer water level reaches its low 2 setpoint. This signal results from the coincidence of pressurizer water ievel below the Low 2 setpoint in any two of.four divisions. This Function is required to be OPERABLE in MODES 1, 2. 3. and 4. This function is also required to be OPERABLE in MODE S above the P 12 interlock wnen the RCS is not being cooled by the RNS. This Function can be manually blocked when the pressurizer water level is below the P 12 setpoint. This Function is automatically unblocked when the pressurizer water level is above the P 12 setpoint. 11.e. Safeguards Actuation This Function is also initiated by all Functions that initiated the Safeguards Actuation signal. The requirements for the reactor trip Functions are the same as the requirements for the Safeguards Actuation Function. Therefore, the requirements are not repeated in Table 3.3.2.1. Instead. Function 1 is referenced for all initiating Functions and requirements. (continued) 8 3.3 83 08/97 Amendment 0 AP600 t*01\te<*teet\16410 lot.r07 081197 , T ESFAS Instrumentation B 3.3.2 i BASES

12. Passive Containment Cooling Actuation APPLICABLE SAFETY ANALYSES, The Passive Containment Cooling System (PCS) transfers LCOs, and APPLICABILITY heat from the reactor containment to the environment.

This Function is necessary to prevent the containment (continued) design pressure and temperature from being exceeded Heat following any postulated DBA (such as LOCA or SLt3). removal is initiated automatically in response to a l Containment Pressure - High 2 signal or manually. I A Passive Containment Cooling Actuation signal initiates water flow by gravity by opening one of two fail open valves. The water flows ontoThe the containment dome, path for natural wetting the outer surface. circulation of air along the outside walls of the containment structure is always open. The LC0 requires this function to be OPERABLE in HODES 1,

2. 3. and 4 when the potential exists for a DBA that could require the operation of the Passive Containment Cooling System. In MODES 5 and 6. with the reactor shut down less than 100 hours0.00116 days 0.0278 hours 1.653439e-4 weeks 3.805e-5 months , manual initiation of the PCS provides containment heat removal.

12.a. Manual Initiation The operator can initiate Containment Cooling at any time from the main control room by actuating two containment cooling actuation switches in the same actuation set. There are two sets of two switches each in the main control room. Simultaneously actuating the two switches in either set will actuate containment cooling in all divisions. Manual Initiation of containment cooling also actuates containment isolation. 12.b. Containment Pressure - High 2 This signal provides protection against a LOCA or Four channels are provided SLB inside containment. to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. (continued) 08/97 Amendment 0 h AP600 B 3.3'84 imuun,mmmn ,or.enn, . a- n ESFAS Instrumentation B 3.3.2 BASES 12.b. Containment Pressure - High 2 (continued) APPLICABLE SAFETY ANALYSES. LCOs, and The transmitters and electronics are located inside containment, thus, they will experience harsh APPLICABILITY environmental conditions and the trip setpoint reflects only steady state instrument uncertainties associated with the containment environment.

13. PRHR Heat Exchanger Actuation The PRHR Heat Exchanger (HX) provides emergency core decay heat removal when the Startup Feedwater System is not available to provide a heat sink. PRHR is actuated when the discharge valves are opened in response to Steam Generator Narrow Range (NR) Level - Low coincident with Startup Feedwater Flow - Low, Steam Generator Wide Range (WR) Level - Low, ADS Stages 1, 2. and 3 Actuation, CNT Actuation, Pressurizer Water Level High 3. or Harual i

i Initiation. 13.a. Manual Initiation Manual PRHR actuation is accomplished by either of two switches in the main control room. Either switch actuates all four ESFAC Divisions. This Function is required to be OPERABLE in H00ES 1, 2, 3, and 4. and H00E 5 with the RCS pressure boundary intact. This ensures that PRHR can be actuated in the ovent of a loss of the normal heat removal systems. 13.b. Steam Generator Narrow Range Level - Low Coincident with 5tartup Feedwater Flow - Low PRHR is actuated when the Steam Generator Narrow Range Level reaches its low setpoint coincident with an indication of low Startup Feedwater Flow. The LCO requires four channels per steam generator to be OPERABLE to satisfy the requirements with a two out of four logic. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. The Setpoint reflects both steady state and adverse (continued) B 3.3 85 08/97 Amendment 0 b AP600 m.m..nnoicio ,o,.osuir . ESFAS Instrumentation B 3.3.2 L BASES 13.b. Steam Generator Narrow Range Level - Low APPLICABLE coincident with 5tartup Feedwater Flow - Low SAFETY ANALYSES. LCOs. and (continued) APPLICABILITY { (continued) environmental instrument uncertainties as the detectors provide protection for an event that , l results in a harsh environnent. Startup Feedwater Flow - Low uses a one out of two I logic on each of the two startup feedwater lines. This Function is required to be OPERABLE in H0 DES 1, 2, and 3 and in H00E 4 when the RCS is not being cooled by the Normal Residual Heat Removal System (RNS). This ensures that PRHR can be actuated in the event In MODE of a loss of the 4 when theRCS normal heat is being removal systems. ' cooled by the RNS, and in H0 DES S and 6. the SGs are not required to provide the normal RCS heat sink. Therefore, startup feedwater flow is not required, and PRHR actuation on low startup feedwater flow is not required. 13.c. Steam Generator Wide Range Level - Low PRHR is also actuated when the SG Wide Range Level reaches its Low Setpoint. There are four wide range level channels for each steam generator and a two out of four logic is used. Four channels are arovided to permit one channel to be in trip or )ypass indefinitely and still ensure no single random failure will disable this trip Function. This Function is required to be OPERABLE in H0 DES 1, 2. and 3 and in H00E 4 when the RCS fs not i being cooled by the RNS. This ensures that PRHR can be actuated in the eventInofH00E a loss of the 4 when the normal heat removal systems. RCS is being cooled by the RNS, and in H00ES S and

6. the SGs are not required to provide the normal RCS heat sink, Therefore, SG Wide Range Level is not required, and PRHR actuation on low wide range SG 1evel is not required.

(continued) 8 3.3 86 08/97 Amendment 0 hmm.m,.mmam AP600 nr.mm . l ESFAS Instrumentation B 3.3.2 i l BASES l 13.d. ADS Stage 1 Actuation ! APPLICABLE SAFETY ANALYSES. -PRHR is also actuated any time stage 1 ADS is LCOs, and actuated. Tho PRHR actuation function APPLICABILITY requirements for the stage 1 ADS are the same as (continued) the requirem6nts for the ADS Functions. 13.e. CMT Actuation PRHR is also actuated by all the Functions that actuate CMT injection. Therefore, the requirements Instead, l are not repeated in Table 3.3.2 1. , Function 2 (CMT Actuation) is referenced This for all ' initiating functions and requirements. l Function is required to be OPERABLE in MODES 1, 2. l 3, and 4, and in MODE 5 with the RCS 3ressure boundary intact. This ensures that PRHR can be actuated in the event of a CMT actuation. High 3 13.f. Pressurizer Water Level PRHR is actuated when the pressurizer water level reaches its High 3 setpoint. This signal provides protection against a pressurizer overfill following an inadvertent core makeup tank actuation with consequential loss of offsite power. This-Function is automatically unblocked >oint. when RCS pressure isT above the P 19 set 100ES 1, 2, and 3, and in H00E 4 to be OPERABLE in when the RCS is not being cooled by the RNSThis and above the P 19 (RCS pressure) interlock. function is not required to be OPERABLE in MODES 5 and 6 because it is not required to mitigate OCA in these MODES,

14. Steam Generator Blowdown Isolation The primary function of the steam generat heat

) resent in the steam generators to remove the excess wing generated until the decay heat has decreased to within the PRHR HX capability. This Function clnses the isolation valves of the Stea Generator Blowdown System in both steam generators when signal is generated froa. the PRHR HX Actuation or Steam (continued)- _ 8 3.3 87 08/97 Amendment 0 h AP600 mm.m..naciom.,o.eenu . .a - _. ESFAS Instrumentation B 3.3.2 BASES APPLICABLE 14. Steam Generator Blowdown Isolation (continued) SAFETY ANALYSES. Generator Narrow Range Water Level - Low. This function LCOs. and is required to be OPERABLE in MODES 1. 2. and 3. and This in APPLICABILITY MODE 4 when the RCS is not being cooled by the RNS. Function is not required to be OPERABLE in MODE 4 if the steam generator blowdown line is isolated. 14.a. PRHR Heat Exchanger Actuation Steam Generator Blowdown Isolation is also initiated by all Functions that initiate PRHR actuation. The Steam Generator Blowdown Isolation requirements for these Functions are the same as the requirements for the PRHR Actuation. Therefore, the requirements are not rewated in )RHR HX Table 3.3.21. Instead. Function 13. Actuation, is referenced for all. initiating Functions and requirements. 14.b. Steam Generator Narrow Range Level - Low The Steam Generator Blowdown isolation is actuated when the Steam Generator Narrow Range Level reaches its low Setpoint. The LCO requires four channels per steam generator to be OPERABLE to satisfy the requirements with a two out of four logic. This function is required to be OPERABLE in MODES 1, 2, and 3. and in MODE 4 when the RCS is not being cooled by the RNS. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. Setpoint reflects both steady state and adverse environmental instrument uncertainties as the detectors provide protection for an event that results in a harsh environment.

15. Boron Dilution Block The block of boron dilution is accomplished by closing the CVS suction valves to demineralized water storage tanks, and aligning the boric acid tank to the CVS makeup pumps. This Function is actuated by Source Range Neutron Flux Multiplication. Reactor Trip, and Battery Charger Input Voltage - Low.

(continued) 8 3.3 88 08/97 Amendment 0 b AP600 1891\tetattet\16010302 r07 082297 . ESFAS instrumenta%1on B 3.3.2 BASES 15.a. Source Range Neutron Flux Multiplication APPLICABLE SAFETY ANALYSES. A signal to block boron dilution in MODE 2 below LCOs. and the P.6 interlock and MODES 3. 4. or 5 is derived APPLICABILITY from source range neutron flow increasing at an (continued) excessive rate (source range flow multiplication). This Function is not applicable in MODES 4 and 5 if the demineralized water makeup flowpath is isolated. The source range neutron detectors are The LCO requires three

used for this Function. There are four divisions divisions to be OPERABLE.

and two out of four logic is used. On a coincidence of excessively increasing source range neutron flow in two of the four divisions, demineralized water makeup is isolated to preclude a baron dilution event. In MODE 6. this function - is not required because administrative controls are in place to block the RCS boron dilution paths. 15.b. Reactor Trip Demineralized Water Makeup is also isolated by all The the Functions that initiate a Reactor Trip. isolation requirements for these Functions are the same al the requirements for the Reactor Trip Function. Therefore, the requirements are not Instead Function 18.a. repeated in Table 3.3.2 1.(P 4 Reactor Trip Br initiating Functions and requirements. 15.c. Battery Charger Input Voltage - Low Block of boron dilution A short, is also time preset actuated delay is from the loss of ac power. provide to prevent actuation upon momentary power fluctuations: however, actuation occurs before ac power is restored by the onsite diesel generators. The loss of all ac power is detected by undervoltage sensors that are connected to the input of each of the four Class 1E batteryThe chargers. the detection of an undervoltage conditions by each of the tw sensorsThis connected Functiontoistwo required of thetofour be battery chargers. This function OPERABLE in MODES 1, 2. 3. 4. and 5. is not applicable in MODES 4 and 5 if the (continued) 8 3.3 89 08/97 Amendment 0 h AP600 -

- 04\teet m \t6010102.r07 041297

ESFAS Instrumentat9on B 3.3.2 l BASES 15.c. Battery Charger input Voltage - Low (continued) 4 APPLICABLE SAFETY ANALYSES. LCO's, and associated flowpath is closed. In H00E 6. this function is not required because administrative APPLICABILITY controls are in place to block the RCS boron dilution paths.

16. Chemical Volume andf,ontrol System Makeup Line Isolation The CVS makeup line is isolated following certain events to prevent overfilling of the RCS.

In addition, this line is isolated on High 2 containment radioactivity to , provide containment isolation following an accident. i This line is not isolated on a containment isolation signal, to allow the CVS makeup pumps to perform their defense in depth functions. However, if very high containment radioactivity exists-(above the High 2 setpoint) this line is isolated. A signal to isolate the CVS is derived from two out - of four high steam generator levels on either steam generator, two out of four channels of pressurizer level indicating high or two out of four channels of containment radioactivity indicating high. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. 16.a. Steam Generator Narrow Range Water Level - High 2 Four channels of steam generator level are provided for each steam generator. Two out of four channels on either steam generator indicating level greater than the setpoint will close the isolation valves for the CVS, This Function prevents adding makeup water to the RCS during a SGTR. This Function is required to be OPERABLE in H00ES 1. 2. 3. and 4 with the RCS not being cooled by the RNS. This function is not apolicable in H00ES 3 and 4 if the CVS makeup flowpat1 is isolated. This Function is not required to be OPERABLE in H00ES 5 and 6 because the RCS pressure and tem xrature are reduced and a steam generator tu x rupture event is not credible. (continued) 8 3.3 90 08/97 Amendment 0 h AP600 imu.m.numme.emm . ESFAS Instrumentation B 3.3.2 BASES 1 / 16 b. Pressurizer Water Level - High 1 Coincident with l APPLICABLE Safeguards Actuation ' SAFETY ANALYSES. LCO's, and Four channels of pressurizer level are provided on APPLICABILITY the pressurizer. Two.out of four channels on (continued) indicating level greater than the High 1 setpoint ! coincident eith a Safeguards Actuation signal (Function 1) will close the containment This Function prevents theisolation valves for the CVS. pressurizer level from reaching a level that could lead to water relief through the pressurizer safety valves during some DBAs. This Function is required This fu1ction to be OPERABLE in MODES 1. 2 and 3. is not required to be OPERABLE in H0 DES 4. S. and 6 because it is not required to mitigate a DBA in these H00ES. This Function is not applicable in MODES 3 and 4 if the CVS makeup flowpath is isolated. 16.c. Pressurizer Water Level - High 2 A signal to close the CVS isolatior, valves is generated on Pressurizer Water Level - High 2. This function results from the coincidence of pressurizer level above the High 2 Setpoint in any two of the four divisions. This Function is automatically blocked when the pressurizer pressure is below the P 11 permissive setpoint to wrmit pressurizer water solid conditions with t1e plant cold and to permit level makeup during plant cooldowns. This Function is automatically unblocked when pressure is above the P 19 Setpoint. This Function is required to be OPERABLE in H0 DES 1. 2, and 3 and in H00E 4 when the RCS is not being cooled by the RNS. This Function is not required to be OPERABLE in H00E 4 if the CVS makeu flowpath is isolated. This function is not required to be OPERABLE in MODES S and 6 becaus is not required to mitigate a DBA in these MODES, 16.d. Containment Radioactivity - High 2 Four channels of Containment Radioactivity - High 2 are required to be OPERABLE in MODES 1. 2 and 3 when the potential exists for a LOCA. to ensure that the radioactivity inside containment is not released to the atmosphere. This Function is not (continued) 08/97 Amendment 0 B 3.3 91 AP600 ,. ESFAS Instrumentation B 3.3.2 BASES APPLICABLE 16.d. Containment Radioactivity - High 2 (continued) SAFETY ANALYSES. required to be OPERABLE in MODE 3 if the LCOs and associated flowpath is isolated. This signal APPLICABILITY results from the coincidence of containment radioactivity above the High 2 Setpoint in any two of the four divisions. This Function is not required to be OPERABLE in MODE 4 if the CVS makeup flowpath is isolated. These Functions are not required to be OPERABLE in H00ES 4. S. and 6 because no DBA that could release radioactivity into the containment is considered credible in these MODES.

17. Normal Residual Heat Removal System Isolation The RNS suction line is isolated by closing the containment isolation valves on High 2 containment radioactivity to provide containment isolation following an accident. This line is isolated on a containment isolation signal. However, the valves may be reset to permit the RNS pumps to perform their defense in depth functions post accident. Should a high containment radiation signal (above the High 2 setpoint) develop following the containment isolation signal, the RNS valves would re close. A high containment radiation signal is indicative of a high RCS source term and the valves would re close to assure offsite doses do not exceed regulatory limits.

17 a. Containment Radioactivity - High 2 A signal to isolate the normal residual heat removal system is generated from the coincidenc.e of containment radioactivity above the High 2 setpoint in two out of four channels. Four channels of Containment Radioactivity - High 2 are required to be OPERABLE in H0 DES 1. 2. and 3 when the potential exists for a LOCA, to ensure that the radioactivity inside containment is not released to the atmos >here. This Function is not required to be OPERAB_E in MODE 3 if the RNS suction line is isolated. These Functions are not required to be OPERABLE in HODES 4. 5. and 6 because no DBA that could release radioactivity (continued) 8 3.3 92 08/97 Amendment 0 if.0Miamo:,ormm , + ESFAS Instrumentation B 3.3.2 BASES 17.a. Containment Radioactivity . High 2 (continued) APPLICABLE SAFETY ANALYSES. into the containment is considered credible in LCOs. and these MODES. This Function was previously APPLICABILITY described as Function 16.d. 17.b. Safeguards Actuation This Function is also initiated by all Functions that initiated the Safeguards Actuation signal. The requirements to isolate the normal residual heat removal system are the same as the requirements for the Safeguards Actuation Function. Therefore. the requirements are not Instead. Function 1 is repeated in Table 3.3.2.1. referenced for all initiating Functions and requirements. .

18. ESFAS Interlocks To allow some flexibility in unit operations, several These interlocks are included as part of the ESFAS automatically enable otwr signals, prevent some The actions from occurring, and cause other actions to occur.

interlock Functions backup manual actions to ensure bypassable Functions are in operation under the conditions assumed in the safety analyses. 18.a. Reactor Trip. P 4 There are eight reactor trip breakers with two The P 4 interlock is breakers in each division. enabled when the The breakers in two Functions outP of of the 4 four divisions are open. interlock are: . Trip the main turbine

Permit the block of automatic Safeguards Actuation after a predetermined time interval following automatic Safeguards Actuation.

. Block boron dilution (continued) 08/97 Amendment 0 8 3.3 93 h AP600 m . o ... m m o m >. m m . ,-...-,--e.~- -- ,, ESFA3 Instrumentad on B 3.3.2 BASES 18.a. Reactor Trip. P 4 (continued) APPLICABLE SAFETY ANALYSES, LCOs, and * !solate main feedwater coincident with low reactor coolant temperature (This function is APPLICABILITY not assumed in safety analysis therefore, it is not included in the technical specifications.) The reactor trip breaker position switches that provide input to the P 4 interlock only Function to energize or de energize or open or close contacts. Therefore, this function has no adjustableTripSetpoint. This Function must be OPER/BLE in MODES 1, 2, and 3 when the reactor may be critical or approaching criticality. This Function does not have to be OPERABLE in MODES 4, 5, or 6 to trip the main turbine, because the main turbine is not in operation. . The P 4 Function does not have to be OPERABLE in MODES 4 or 5 to block boron dilution, because Function 15.a. Source Range Neutron Flux Multiplication, provides the required block. In MODE 6. the P 4 interlock with the Boron Dilution Block Function is not required, since the unborated water source flow path isolation valves are locked closed in accordance with LCO 3.9.2. 18.b. Pressurizer Pressure. P 11 The P 11 interlock permits a normal unit cooldown and depressurization without Safeguards Actuation With or main steam line and feedwater isolation. pressurizer pressure channels less than the P 11 setpoint, the operator can manually block the Pressurizer pressure - Low, Steam Line Pressure - Low, and Tcold - Low Safeguards Actuation signals and the Steam Line Pressure - Low and Teoid - Low steam line isolation signals. When the Steam Line Pressure - Low and manually blocked, a main steam isolation signal on Steam Line Pressure Negative Rate - High is enabled. This provides protection for an SLB by closure of the main steam isolation valves. Manual block of feedwater isolation on Tave - Low 1. Low 2, and Teoid - Low is also (continued) B 3.3 94 08/97 Amendment 0 b AP600 l*01\t uatten16010 302. r0F + 0822t f , ,,c. ESFAS Instrumentation B 3.3.2 BASES 18.a. Reactor Trip. P 4 (continued) APPLICABLE SAFETY ANALYSES, . Isolate main feedwater coincident with low LCOs, and reactor coolant temperature (This function is APPLICABILITY not assumed in safety enalysis therefore, it is not included in the technical specifications.) i The reactor trip breaker position switches that provide input to the P 4 interlock only Function to energize or de energize or open or close Therefore, this Function has no contacts. -adjustable Trip Setpoint. This Function must be OPERABLE in MODES 1, 2, and ; 3 when the reactor may be critical or approaching ' criticality. This Function does not have to be , OPERABLE in H0 DES 4, 5, or 6 to trip the main turbine, because the main turbine is not in operation. The P 4 Function does not have to be OPERA MODES 4 or 5 to block boron dilution, because Function 15.a. Source Range Neutron Flux In Multiplication, provides the required block. H0DE 6, the P 4 interlock with the Boron Oilution Block Function is not required, since the 1 unborated water source flow path isolation valves are locked closed in accordance with LCO 3. 18.b. Pressurizer Pressure._ P 11 The P 11 interlock permits a normal unit cooldown 4 and depressurization without Safeguards Actuation With or main steam line and feedwater isolation. prenurizer pressure channels less than the P 11 setpoint, the operator can manually block the Pressurizer pressure - Low. Steam Line Pressure - Low, and Teolo - Low Safeguards Actuation signals and the Steam Line Pressure - Low and Te steam line isolation signals. When the Steam Line Pressure - Low and manually blocked, a main steam isolation signal on Steam Line Pressure Negative Rate - High is enabled. This provides protection for an SLB by closure of the main steam isolation valves. Manual block of feedwater isolation on Tavg - Low 1. Low 2, and Teold - Low is also (continued)_ 08/97 Amendment 0 B 3.3 94 h AP600 2P01\tet*sH O M410102.rtf-04titP . x ESFAS Instrumentation B 3.3.2 BASES 18.b. Pressurizer Pressure. P 11 (continued) APPLICABLE SAFETY ANALYSES. With pressurizer pressure permitted below P 11. LCOs. and channels a P.11 setpoint. the Pressurizer APPLICABILITY Pressure - Low. Steam Line Pressure - Low, and Tcoid - Low Safeguards Actuation signals and the Steam Line Pressure Low and TeoidThe isolation signals arq automatically enabled. - Low ste feedwater isolation signals on Teoid - Low. Teve - Low I and Low 2 are also automatically enabled The operator can also enable these above P 11. . signals by use of the mine reswetive manual Pressure - Low and rese buttons.Low steam line isolation signals are T effa$ed, the main steam isolation on Steam Line The Pressure Negative Rate - High is disabled. Setpoint reflects only steady state instrument uncertainties. , This Function must be OPERABLE in H0 DES 1, 2. and 3 to allow an orderly cooldown and depressurization of the unit without the Safeguards Actuation or main steam or feedwater isolation. This Function does not have to be OPERABLE in H00ES 4, 5. or 6. because plant pressure must already be below the P 11 setpoint for the requirements of the heatup and cooldown curves to be met. 18.c. Intermediate Range Neutron Flux. P 6 The Intermediate Range Neutron Flux P 6 interlock is actuated when the respective NIS intermediate range channel goes approximately Above one decade abov the setpoint, the minimum channel reading. the P 6 interlock allows a manual block of the flux multiplication actuation, permitting block of Normally, this Cunction is boron dilution. blocked by the main control room operator during This Function i. required to be reactor startut OPERABLE in HO)E 2. (continued) 08/97 Amendment 0 8 3.3 95 h AP600 vo w . m ,. m sa w a v or.oet w . ESFAS Instrumentation B 3.3.2 l 8ASES 18.d. Pressurizer Level. P.12 APPLICABLE SAFETY ANAL.YSES, The P.12 interlock is provided to permit midloop LCOs, and operation without core makeup tank actuation. APPLICABILITY reactor coolant pump trip, or purification line (continued) isolation. With pressurizer level channels less than the P 12 setpoint. the operator can manually block low pressurizer level signal used for these When the pressurizer level is above actuations. i the P 12 setpoint, the pressurizer level signal is automatically enabled and a confirmatory open signal is issued to the isolation valves on the CMT cold leg balance lines. This Function is required to be OPERABLE in MODES 1, 2, and 3. 18 e. RCS Pressure, P.19 The P 19 interlock is provided to permit water solid conditions (i.e., when the pressurizer water level is D924)) in lower MODES Withwithout RCS automa isolation of the CVS makeup pumps, pressure below the P.19 setpoint, the operator can manually block CVS isolation on High 2 pressurizer When RCS pressure is above the P.19 water level. setpoint, tnis Function is automatically un'u locked. This function is required to be OPERABLE IN HODES 1, 2, 3, and 4 with the RCS not being cooled by the RNS. When the RNS is cooled by the RNS, the RNS suction relief valve provides the required overpressure protection (LCO 3.4.15).

19. Containment Air FiltrationJystem Isolation Some DBAs such as a LOCA may release radioactivity into the containment whereIsolation the potential of the wo the acceptable site dose limits, Containment Air Filtration System provides protection to prevent radioactivity inside containment from being released to the atmosphere.

19 a. Containment Radioactivity . High 1 Three channels of Containment Radioactivity - High 1 are required to be OPERABLE in MODES 1, ano when the potential exists for a LOCA, to protect against radioactivity inside containment (continued) 08/97 Amendment 0 8 3.3 96 h AP600 mm.. .munimuor.nmr . ESFAS Ins %rumentation B 3.3.2 BASES 19.a. Containment Radioactivity High 1 (continued) APPLICABLE SAFETY ANALYSES, These Functions being released to the atmosphere. LCOs. and are not requireJ to be OPERABLE in MODES 4. 5. APPLICABILITY and 6 because any DBA release of radioactivity into the containment in these MODES would not require containment isolation. 19.b. Containment Isolation Containment Air Filtration System Isolation is also initiated by all Functions that initiate Containment Isolation. The Containment Air ' Filtration System Isolation requirements for these Functions are the same as the requirements for the Containment Isolation. Therefore, the requirements are not repeated in Table 3.3.2 1. t Instead, Function 3. Containment. Isolation, is referenced for initiating Functions and requirements.

20. Main Control Room Isolation and Air Supply Initiation Isolation of the main control room and initiation of the air supply provides a protected environment from which operators can control the plant This following Function an uncontrolled is required to release of radioactivity.

be OPERABLE in H0 DES 1, 2. 3. and 4, and during movement of irradiated fuel because of the potential for a fission product release following a fuel handling accident, or other DBA. 20.a. Control Room Air Supply Radiation - High 2 Two radiation monitors are provided on the main control room air intake. If either monitor exceeds the High 2 setpoint, control room isolation is actuated. l 20.b. Battery Charger Input Voltage - Low Low input voltage to the 1E de battery chargers will actuate main control room isolation and air supply initiation. This was previously described as unction 15.c. (continued) B 3.3 97 0B/97 Amendment 0 h AP600

etu.m..m.omo w.e.im ,

ESFAS Instrumentation B 3.3.2 BASES

21. Auxiliary Spray and Purification Line Isolation APPLICABLE SAFETY ANALYSES. The CVS maintains the RCS fluid purity and activity level LCOs, and within acceptable limits. The CVS purification line APPLICA31LITY receives flow from the discharge of the RCPs. The CVS (continued) To also provides auxiliary spray to the pressurizer.

3 reserve the reactor coolant pressure in the event of a areak in the CVS loop piping. the purification line and the auxiliary spray line is isolated on a pressurizer water level Low 1 setpoint. This helps maintain reactor coolant system inventory. 21.a. Pressurizer Water Level - Low 1 A signal to isolate the purification line and the auxiliary spray line is generated upon the coincidence of presturizer level below the Low 1 This setpoint in any two out of four divisions. > Function can be manually blocked when the pressurizer water level is below the P 12 setpoint. This Function is automatically unblocked when the pressurizer water level is abuve the P.12 set >oint. This Function is required to be OPERABLE in H0 DES 1 and 2 to help maintain RCS inventory. In MODES 3, 4. S. and 6, this function is not needed for accident detection and mitigation.

22. IRWST Inlection Line Valve Actuation The PXS provides core cooling by gravity injection and recirculation for decay heat removal following an Each accident. The IRWST has two injection flow paths.

path includes an injection flow path and a containm recirculation flow path. normally open motor operated isolation valve and two parallel lines, each isolated by one check valve and one Manual initiation or automatic -squib valve in series. actuation on an ADS 4th stage a coincident RCS Loop 1 and 2 Hot leg Level Low will generate a signal to open the IRWST injection line and actuateIRWSTinjection. (continued) B 3.3 98' 08/97 Amendment 0 h AP600 . Isol\tecatM c\t6060102.r01 0412tf ESFAS Instrumenta% ion B 3.3.2 BASES APPLICABILITY 22.a. Manual Initiation l SAFETY ANALYSES. LCOs. and The operator can open IRWST injection line APPLICABILITY valves at any time from the main control room by (continued) actuating two IRWST injection actuation switches in the same actuation set. There are two sets of two switches each in the main control room. This Function is required to be OPERABLE in H0 DES 1, 2.

3. 4. and 5. This Function is also required to be OPERABLE in H0DE 6 with the upper internals in place and the refueling cavity less than full.

22.h. ADS 4th Stage Actuation An open signal will be issued to the IRWST injection isolation valves when an actuation signal is issued to the ADS 4th stage valves. The requirements for this function is the same as the requirements for the ADS 4th stage valves actuation Functions. Therefore, the requirements are not repeated in Table 3.3.2 1. Instead. Function 10 is referenced for all initiating functions and requirements. 22.c. Coincident RCS Loop 1 and 2 Hot Leg Level - Low A signal to automatically open the IRWST injection line valves is also generated when coincident loop 1 and 2 reactor coolant system hot leg level indication decreases below an established setpoint for a duration exceeding an adjuseable time delay. This Function is required to be OPERABLE in H00E 4 with the RCS teing cooled by the RNS. This Function is also required to be OPERABLE in H00E 5. and in H00E 6 with the upper internals in place and the refueling cavity less than full.

23. IRWST Containment Recirculation Valve Actuation The PXS provides core cooling by gravity injection and recirculation for decay heat removal following an accident. The PXS has two containment recirculation flow paths. Each path contains two parallel flow paths one path is isolated by a motor operated valve in series with a squib valve and one path is isolated by a check valve in series with a squib valve. Manual initiation or automatic actuation on a Safeguards Actuation signal (continued) h AP600 B 3.3 99 08/97 Amendment 0 1801\ t ech sH c\16010 302. r0 f 0822t ? ,

I ESFAS Instrumentation B 3.3.2 BASES APPLICABILITY 23. IRWST Containment Recirculation Valve Actuation SAFETY ANALYSES. Icontinued) LCOs. and coincident with a low 3 level signal in the IRWST will APPLICABILITY open these valves. 23.a. Manual Initiation The operator can open the containment recirculation valves at any time from the main (?ntrol room by actuating two containment re:irculation actuation switches in the same actuation set. There are two sets of two switches each in the main control room. This Function is recuired to be OPERABLE in MODES 1, 2. 3. 4. anc,5, and in MODE 6 with the upper internals in place and the refueling cavity less than full. 23.b. Safeguards Actuation Coincident with IRWST Level - Low 3 A low IRWST level coincident with a Safeguards Actuation signal will own the containment Four channels are provided recirculation valves. to permit one channel to be in trip or bypass indefinitely and still ensure that no single random failure will disable this trip Function. This Function is required to be OPERABLE in MODES 1, 2, 3. 4. and 5, and in MODE 6 with the upper internals in place and the refueling cavity less than full.

24. Spent Fuel Pool Isolation The spent fuel pool lines from the refueling cavity /IRWST to the spent fuel system suction header and returning to the refueling cavity /lRWST are isolated on a low setpoint to maintain the water inventory in the spent fuel pool due to line leakage.

24.a. Spent Fuel Pool Level - Low This Function actuates the spent fuel pool valves to isolate the spent fuel pool when the spent fuel pool level is below the Low setpoint in any two of (continued) 8 3.3 100 08/97 Amendment 0 b AP600 mm.o mumun . ..r.ur,,, . ESFAS Instrumentation B 3.3.2 BASES 24.a. Spent Fuel Pool Level Low (continued) APPLICABLE SAFETY ANALYSES. three channels. This Function is required to be LCOs. and OPERABLE in H00E 6 to maintain water inventory in APPLICABILITY the spent fuel pool.

25. ESFACs Logic This LCO requires four sets of ESFACs. each set with one battery backed actuation logic groupThese logic OPERABLE to support automatic actuation.

groups are implemented as microprocessor based actuation subsystems. The ESFACs provide the system level logic interfaces for the divisions. 25.a. Actuation Subsystems If one battery backed actuation subsystem w r ESFAC cabinet for all four divisions is OPERABLE, an additional single failure will not prevent ESF actuations because three divisions will still be available to provide redundant actuation for all Functions. If one ESF subsystem is failed in each of the four divisions, an additional singleBecause failure will not prevent ESF actuations. ADS can still operate if one division is unavailable, an additional single failure will not This Function is cause loss of the ADS Function. required to be OPERABLE in H00ES 1, 2, 3, 4, and

5. and in MODE 6 with the upper internals in place and the refueling cavity less than full.

26. Protection Logic Cabinets This LCO requires that for each of the PLCs, one battery backed logic group be OPERABLE to support both automatic These logic groups are implemented and manual actuation. The PLCs provide the logic as microprocessor subsystems.

and power interfaces for the actuated components. 26.a. Functional Logic Subsystem If one battery backed logic group is OPERABLE for each PLC in all four divisions, an additional single failure will not prevent ESF actuations because PLCs in the other three divisions are still available to provide redundant actuation for (continued) 08/97 Amendment 0 B 3.3 101 MIM1\tumtpus!6010101.r07 AP600 08 tit? , ^ -- - - -___- ESFAS Instrumen%ation B 3.3.2 BASES 26.a. Functional Logic Subsystem (continued) APPLICABLE SAFETY ANALYSES, LCOs, and ESF Functions. The remaining logic cabinets in the division with a failed PLC are still OPERABLE APPLICA0!LITY and will provide their ESF Functions. If one PLC logic group is failed in each PLC in all four divisions, an additional single failure will not prevent ESF actuations. Because ADS can operate if one division is unavailable, an additional (silure will not cause loss of the ADS function. This Function is required to be OPERABLE in H0 DES 1, 2. 3, 4, and 5, and in H0DE 6 with the upper internals in place. The ESFAS instrumentation satisfies Criterion 3 of the NRC Policy Statement. 27, Pressurizer Heater Trip , Pressurizer heaters are automatically tripped uponThis receipt of a core makeu1 tank operation signal. pressurizer heater bloc ( reduces the potential for steam generator overfill and automatic ADS Automatically actuation for a steam generator tube rupture event. tripping the pressurizer heaters reduces the pressurizer level swell for certain non LOCA events such as loss of normal feedwater, inadvertent CMT operation, and CVS malfunction resulting in an increase in RCS inventory. For small break LOCA onalysis, tripping the pressurizer heaters supports depressurization of the RCS following actuation of the CMTs. 27a. Core Makeup Tank Actuation A signal to trip the pressurizer heaters is generated on a core makeup tank actuation signal. The requirements for this function are the same as the requirements for the Core Makeup Tank Therefore, the requirements Actuation Function. Instead, are not repeated in Table 3.3.2.1. Function 2 is referenced for initiating Functions and requirements and SR 3.3.2.9 also applies. (continued) B 3.3 102 0B/97 Amendment 0 h AP600 no m . o..._m omover.oimt ' --~_ _ ESFAS Instrumentation B 3.3.2 BASES

28. Chemical and Volume Control System Letdown Isolation APPLICABLE SAFETY ANALYSES, (continued)

LCOs and The CVS provides letdown to the liquid radweste APPLICABILITY To help maintainsystem RCS to maintain the pressurizer level. inventory in the event of a LOCA. the CVS letdown line is isolated on a low 1 hot leg level signal in either of the RCS hot leg looos. This Function is required to be OPERABLE in H0DE 4 with the RCS being cooled by the RNS. This Function is also required to be OPERABLE in H00E 5. and in H00E 6 with the upper internals in place and the refueling cavity less than full. 28a. Hot leg level Low 1 A signal to isolate the CVS letdown valves is generated upon the occurrence of a low 1 hot leg level in either of the two RCS hot leg loops. This helps to maintain reactor system inventory in the event of a LOCA. These letdown valves are also closed by all of the initiating Functions and requirements that generate the Containment Isolation Function in Function 3. _ A Note has been added in the ACTIONS to clarify theThe Conditions o ACTIONS application of Comoletion x entered Time rules. independently for each Function specification may The Completion Time (s) of the listed on Table 3.3.2 1. inoperable equipment of a function for each Function starting from the time the Condition was entered for that Function. A second Note has been added to provide clarification that, more than one IfCondition the RequiredisAction listed andfor each of the Function associated in Table 3.3.2 1. Completion Time of the first Condition listed inTab entered. In the event a channel's Nominal Trip Setpoint is not met, or the transmitter, or IPC, associated with a spe LC0 that channel must be declared inoperable and the Condition (s) entered for the particular protection Function (s) affected. When the Required Channels are (continued) 08/97 Amendment 0 8 3.3 103 h AP600 imu.m..<ummuv.mm . _ ESFAS Instrumentation

B 3.3.2 BASES per SG basis, ACTIONS specified only on a per steam line, per loop,for each steam (continued) then the Condition my be entered separately line, loop. SG, etc., as appropriate.

When the number of inopereole channels in a trip function exceed those s)ecified in one or other related Conditions associated wit 1 a trip function, then the plant is outside the safety analysis. Therefore. LCO 3.0.3 should be immediately entered if applicable in the current MODE of operation. A.1 Condition A is applicable to all ESFAS protection Functions. Condition A oddresses the situation where one or more channels / divisions for one or more functions are inoperable at the same time. The Required Action is to refer to Table 3.3.21 and to take t' 3 Required Actions for the protection Functions affec ed. The Completion Times are those from the referenced Conditions and Required Actions. y B.1 e i With one or two channels or divisions inoperable, the affected channel (s) or division (s) must be placed in a bypass , condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , If one or two are bypassed, the logic becomes two out of three o' one out of two, respcctively, while still meeting single failure criterion (a failure h1 one of the three or one of the two remaining channels or divisions will not prevent the protective Function. However, with two channels or divisions in bypass, a single fr.ilure in one of the two remaining channels orThe divisions could cause a spurious protective function. ) lace the inoperable channel (s) or 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to division (s) in the aypass condition is justified in Re'erence 8. C.1 With one channel inooerable, the affected channel must be The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months placed in a bypass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . If one allowed to p the bypass condition is justified in Reference 6. (continued) 8 3.3 104 08/97 Amendment 0 b AP600 1*01\teospecTIWl0132. r07 082297 . --- x -___-______-_ ESFAS Instrumentation B 3.3.2 BASES ACTIONS C.1 (cc. l.inued) spent fuel pool isolation channel is bypassed, the logic becomes one out of two, respectively, wnile still meeting single failure criterion (a failure in one cf the two remaining channels will not prevent the protective Function. If one CVS isolation channel is bypassed, the logic becomes ) one out of one. A single failure in one of the two remaining } channel could cause a spurious CVS isolation. Spurious CVS isolation 4 while undesirable, would not cause an upset plant condition, 0.1 With one required division inoperable, the affected division ] must be restored to OPERABLE status within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . Condition D applies to one inoperable requirdd division of P 4 Interlock (Function 18.a). With one required division ) inoperable, the 2 remaining OPERABLE divisions are capable of providing the required interlock function, but without a ? ' single failure. The P 4 Interlock is enabled when RTBs in e two divisions are detected as open. The status of the other ;; inoperable, non required P 4 division is not significant, since P 4 divisions can not be tripped or bypassed. In order ,' ^ to provide single failure tolerance, 3 required divisions must be OPERABLE, Condition D also applies to one inoperable division of ESFAC or PLC (Functions 25 and 26). The ESFAC and PLC divisions are inoperable when their associated battery backed subsystem is inowrable. With one inoperable division, the 3 remaining OPERAB E divisions are capable of mitigating all OBAs, but without a single failure. The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to restore the inoperable division is reasonable based on the ca) ability of the remaining OPERABLE divisions to mitigate all ) bas and the low probability of an event occurring during this interval. (continued) B 3.3 105 08/97 leendment 0 b AP600 tP01\techspet\l6010502 r07 042217 , 1 ESFAS 2nstrumentation 1 B 3.3.2 BASES ACTIONS E.1 -(continued) Condition E is applicable to manual initiation ot: . Safeguards Actuation: . CMT Actuation: ! . Containment Isolation: . Steam Line Isolation: . Main Feedwater Control Valve Isolation:

Main Feedwater Pump Trip and Valve Isolation:

ADS Stages 1, 2, & 3 Actuation:

. ADS Stage 4 Actuation: . Passive Containment Cooling Actuation: . PRHR Heat Exchanger Actuation: . IRWST Injection Line Valve Actuation: . IRWST Containment Recirculation Valve Actuation. This Action addresses the inoperability of the system level manual initiation capability for the ESF Funct'ons listed above. With one switch or switch set inoperable for one or more Functiors, the system level manual initiation capability is reduced below that required to meet single failure criterion. Required Action E.1 requires the switch or ; witch set for system level manual initiation to be restored to The specified Completion OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months . 4tch or Time is reasonable considering that the remaining s>: switch set is capable of performing the safety function. F.1. F.2.1. and F.2.2 Condition F is applicable to the Main Control Room (MCR) isolation and air supply initiation function which has only two channels of the initiating process variable. With one channel inoperable. tha logic becomes one out of one and is (continued) B 3.3 106 08/97 Amendment 0 b AP600stu w w a x ,. .,,,, , m tu .<as ESFAS Instrumentation B 3.3.2 BASES ACTIONS F.1. F.2.1. and F.2.2 (continued) Restoring all unable to meet single failure criterion. channels to OPERABLE status ensures that a single failure will not prevent the protective Function. radiation monitor (s) which provide equivalent Alternatively,d control room isolation and air supply information an initiation manual controls may be verified to be OPERABLE. These provisions for operator action can replace one channel of radiation detection and system actuation. The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time is reasonable considering that there is one remaining channel OPERABLE and the low probability of an-event occurring during this interval. G.1 With one switch, switch set, channel, or division inoperable, the system level initiation capability is reduced belowthe Therefore, that required to meet single failure criterion. required Mitch, switch set, channel, or division must beThe sp returned to OPERABLE status within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . Completion Time is reasonable considering the remaining switch, switch set, channel, or division is capable of performing manual initiation. H.1 With one channel inoperable, the inoperable channel must be aours. placed in a trip condition within 6 Condition H is applicable to the PRHR heat exchangers actuation on SG narrow range water level Withlow onecoincident startup with startup feedwater low (Function 13.b).feedwater If one channel is ch placed in a trip condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The specified tripped, the interlock condition is satisfied. Completion Time is reasonable considering the time required to complete this action. Condition H is also applicable to Function 22.c, IRWST injection line valve actuation (open). If one channel is tripped, the logic becomes oneA out single of one andofis the failure unable to meet single failure criterion. (continued) 08/97 Amendment 0 h AP600 B 3.3 107 om.m.uusomover.oimi , ESFAS instrumentation B 3.3.2 BASES ACTIONS j H (continued) remaining channel could cause spurious IRWST injection. The s)ecified Completion Time is reasonable considering that t1ere is one remaining channel OPERABLE and the low probability of an event occurring during this interval. I.1 and I.2 Condition I applies to IRWST containment recirculation valve actuation on safeguards actuation coincident with IRWST level Low 3 (Function 23.b). With one IRWST level channel inoperable, the one inoperable channel must be placed in a bypass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . With two channels ino>erable, one channel must be placed in a bypass condition wit 11n 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and the remaining ino>erable channel must be placed in a trip condition within 61ours. If one or two channels are ir. operable, the logic becomes two out of three while still meeting single failure criterion (a failure in one of the three or one of the two remaining channels will not prevent the protective Function.) However, with one channel in bypass and-one channel in trip, a single failure in one of the two remaining channels coincident with safeguards actuation could cause a spurious actuation. The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to place the inoperable channel (s) in the bypassed or tripped condition is justified in Reference 6. J.1 and J.2 Condition J epplies to the P 6, P 11. P 12, and P 19 interlocks. With one or two required channel (s) inoperable, the associated interlock must be verified to be in its required state for the existing plant condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , or any Function channels associated with inoperable interlocks ) laced in a bypassed condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . Verifying t1e interlock state manually accomplishes the interlock role. If one or two associated. Function channels are bypassed, the logic becomes two out of three or one out of two, respectively, while still meeting single failure criterion (a failure in one of the three or one of the two remaining channels will not prevent the protective Function.) However, (continued) b AP600.omover.o.n , 8 3.3 108 08/97 Amendment 0 uo m ua..uu

ESFAS Enstrumen'.ation 7

B 3.3.2 BASES ACTIONS J.1 and J.2 (continued) with two channels in bypass one out of two logic, a single failure in one of the two remaining channels could cause a spurious interlock state change. K.1 . Condition K is applicable to the MCR isolation and air supply initiation function, during movement of irradiated fuel assemblies. If the Required Action and associated Completion Time of the first Condition listed in Table 3.3.21 is not met, the plant must suspend movement of the irradiated fuel assemblies immediately. The required action suspends activities with xtentiai for releasing radioactivity that might enter the 4CR. This action does not preclude the movement of fuel to a safe position. L.1 If the recuired Action and associated Completion Time of the first Concition listed in Table 3.3.21 is not met, the plant must be placed in a M00E in which the LC0 does not aooly. 11n This accomplished by placing the plant in MODE 3 wit 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The allowed time is reasonable, based operating experience, to reach the reouired plant conditions from full power conditions in an orderly manner without challenging plant systems. H.1 and H.2 If the Recuired Action and associated Completion Time of the first concition listed in Table 3.3.21 is not met, the plant must be placed in a MODE in which the LC0 does not apply. This is accomplished by placing the plant in H00E 3 within The allowed 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in MODE 4 within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . Completion Times are reasonable, based on operating experience, to reach the required plant conditions from full power conditions in an crderly mtnner without challenging plant systems. (continued)_ 8 3.3 109 08/97 Amendment 0 o b AP600 . tr01\tentoec\16030102.r07 062117 ESFAS Instrumentation-B 3.3.2 m BASES ACTIONS N.1 and N.2 (continued) If the Recuired Action and associated Compl must be placed in a H00E in which the LCO does not apply. This is accomplished by placing the plant in H The allowed Completion Times are within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . reasonable, based on operating experience, to reach the recuired plant conditions from full power conditions in an orcerly manner without challenging plant systems. 0.1 and 0.2 If the Recuired Action and associated Com must be placed in a MODE in which the LC The allowed 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in MODE 5 within 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months . Completion Times are reasonable, based on operating experience, to reach the required plant conditions from power conditions in an orderly manner without challenging plant systems. P.1. P.2.1. and P.2.2 If the Recuired Action and associated Completion Time of th first Concition listed in Table 3.3.21 cannot be met, the plant must be placed ia a condition where Th's the instrumen is Function for valve isolation is no longer needed. accomplished 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . by isolating the affected flow water storage tank to the RCS. the need for automatic isolation is eliminated. To assure that the flow path remains closed, the flow path shall be isolated by the use of one of the specified means (P.2.1) or the flow path shall be verified to be isolated A means of isolating the affected flow path (s) (P.2.2). includes at least one closed and deactivated automatic valv blind flange, or check valve with flow closed manuel valv' If one of the P.2.1 ; < through the valve .ecured within 7 days.sweified s1all be verified to be isolated once per 7 days. (continued) f l; 08/97 Amendment 0 . 8 3.3 110 I h AP600 mtu.ca. <stusoiouu.emy , i ESFAS InstrumQnt/gion ' 3.3.2 BASES ACTIONS P.I. P.2.1. and P.2.2 (continued) This action is modified by a Note allowin These administrative controls consist of stationing a dedicated operator at the valve controls, whoInisthis in way continuous-communication with the control roo

path isolation is indicated.

t 0.1. 0.2.1. and 0.2.2 If the Recuired Action and ass.ociated must be placed in a condition where the instrumentation This is Function for valve isolation is no longer needC the use accomplished by isolating the affected flow path b of at least one closed manual or closed and d automatic valve within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . If the flow path is not isolated within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months the plant must be placed in a H00E in which the LC0 does not a This is accomplished by placing the plant in MODE 3 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months and in MODE 4 within 18 hours2.083333e-4 days 0.005 hours 2.97619e-5 weeks 6.849e-6 months . This action is modified by a Note lallow These administrative controls consist of stationing a dedicated operator at the valve controls. who In is inway this continuous communication with the control path isolation is indicated. R.1. R.2.1.1. R.2.1.2. and R.2.2_ If the Recuired Action and associated Completion T must be placed in a condition in whic This is accomplished consequences of an event are minimized. by placing the plant in MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months To assure that and the affected flow path (s) within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .the verified to be isolated onu per 7 days. (continued)_ 08/97 Amendment 0 8 3.3-111 u.N.00amoz.cor om,7, ESFAS Instrumentbtion B 3.2 BASES (continued) ACTIONS R.1. R.2.1.1. R.2.1.2. and R.2.2 If the flow path is not isolated within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months the plant - must be placed in a MODE in whicht the LC0 does not apply. This is accomplished by placing the plant in MODE The 4 with the allowed l ~ RCS cooling provided by the RNS within 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months . ' Completion Time is reasonable, based on operating experience. . . to-reach the required plant conditions from full power ! conditions in-an orderly manner without challenging plant systems.

This action is modified by a Note allowing the flw path (s) to be unisolated intermittently under administrative control.

These administrative controls consist of stationing a , dedicated operator at the valve controls. who is in In this way-L continuous communication with the control room. i the flow path can be rapidly ~ isolated when a need for flow 4 path isolation is indicated.- . i S.I. S.2.1.1. S.2.1.2. S.2.1.3. and S.2.2 If the Recuired Action and assocW.ed Completion Time of the first Concition listed -in Table 3.3.21 is not met, the plant must be placed in a condition in which the likelihood andThis - , consequences of an event are minimized. i by placing the plant in H00E 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in MODE 4

with the RCS cooling provided by the RNS within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months .

Once the plant has been placed in MODE 4 the affected flow To assure that the . path must'be isolated within 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months . flow path rem verified to-be isolated once per 7 days. If the flow path is not isolated within 12-hours, the plant-- i must be placed in a MODE in which the LC0 does not apply. This is accomplished by placing the plant in MODE 5 within 42 hours4.861111e-4 days 0.0117 hours 6.944444e-5 weeks 1.5981e-5 months .- The allowed Completion Time is reasonable.-based on operating experience, to reach the required plant-conditions from full power conditions in an orderly manner t_ without challenging plant systems, t This action is modified by a Note. allowing the flow path (s) c to be unisolated intermittently under administrative control. .These administrative controls consist of stationing-a. dedicated operator at the valve controls, who is-in J (continued) ) 8 3.3 112 08/97 Amendment 0 M AP600 l*01\te n tee n 160 0102.r07 042297 , -..a - - - - - - - - - _ - - - - = - - - - - - = ESFAS Instrumentation B 3.3.2 BASES-ACTIONS S.I. S.2.1.1 S.2.1.2. S.2.1.3, and S.2.2 (continued) In this way continuous communication with the control room. the flow path can be rapidly isolated when a need for flow path isolation is indicated. T.1.1. T.1.2.1. T.1.2.2. T.2.1. and T.2.2 If the Recuired Action and associated Completion Time of the first Concition listed in Table 3.3.21 is met, the plant must be placed in a Condition in which the likelihood and consequences of an event are minimized. This is accomplished by isolating the affected flow 3ath1(s) within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and by the use of at least isolating the affected flow pat one closed and deactivated automatic valve, closed manual valve blind flange or check valve with flow through the valve secured within 7 days or verify the affected flow path is isolated once per 7 days. If the flow path is not isolated within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months the plant must be placed in a MODE in which the LC0 does not apply. This is accomplished by placing the plant in MODE 3 within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months and in MODE 5 within 42 hours4.861111e-4 days 0.0117 hours 6.944444e-5 weeks 1.5981e-5 months . The allowed Completion Time is reasonable, based on operating experience. to reach the required plant conditions from full power conditions in an orderly manner without challenging plant systems. This action is modified by a Note allowing the flow path (s) to be unisolated intermittently under administrative control. These administrative controls consist of stationing a dedicated operator at the valve controls, who is in In this way continuous comunication with the control rocm. the flow path can be rapidly isolated when a need for flow path isolation is indicated. U.1 If the Required Action and the associated Completion Time of the first Condition given in Table 3.3.2 1 is not met. and the required switch or switch set is not restored to OPERA 8LE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months . the plant must be placed in a condition in which the likelihood and consequences of an event are minimized. This is accomplished by initiating (continued) l B 3.3 113 08/97 Amendment 0 @ AP600 tP01\tacMosc\1601010247 042291 ESFAS instrumentation l l B 3.3.2 BASES ACTIONS U.1 (continued) action to place the plant in MODE 5 with the RCS open and a visible level in the pressurizer immediately. Opening the RCS pressure boundary assures that cooling water can be injected without ADS operation. Filling the RCS to provide a visible level in the pressurizer minimizes the consequences of a loss of decay heat removal event. V.1 If the Required Action and the atsociated Completion Time of the first Condition listed in iable 3.3.21 is not met, and the required channel (s) or division (s) is not bypassed within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , the plant must be pla<.2d in a condition in which the likelihood and consequenois of an event are minimized. This is accomplished by initia';ing action to place the plant in MODE 5 with the RCS open and a visible level in the pressurizer within 168 hoars. The 168 hour0.00194 days 0.0467 hours 2.777778e-4 weeks 6.3924e-5 months Completion Time is reasonable based on the ability of the two remaining OPERABLE channels or divisions to provide the protective Function even with a single failure. W.1, W.2, W.3 and W.4 If the Required Action and the associated Completion Time listed in Table 3.3.2 1 is not met while in MODES 5 and 6. the plant must be placed in a H00E in which the likelihood and consequences of an event are minimized. This is accomplished by immediately initiating action to be in MODE 5 -with the RCS open and a visible level in the pressurizer or to be in H00E 6 with the upper internals removed and the reactor cavity level full. The flow cath from the demineralized water storage tank to tne RCS shall also be i isolated by the used of at least one closed and de activated automatic valve or closed manual valve. These requirements ' minimize the consequences of the loss of decay heat removal / by maximizing RCS inventory and maintaining RCS temperature as low as practical. Additionally, the pctential for a criticality event is minimized by isolation of the demineralized water storage tank and by suspension of positive reactivity additions, s (continued) B 3.3 114 08/97 Amendment 0 h AP600 tr01\techsoec\16010102.r07 082297 ESFAS Znstrumentation B 3.3.2 BASES _ ACTIONS X.1. X.2 and X 3 (continued) If the Required Action and the associated Completion Time of the in H00ES first Condition 5 and 6. thelisted in Table plant must 3.3.21 be placed in a is not met MODE while in which the likelihood and consequences of an event are minimized. This is accomplished by immediately initiating action to be in H00E 5 with the RCS open and a visible level in the ODE 6 with the upper internals in pressurizer or to be in These place and the reactor cavity level less than full. requirements minimize the consequences of temperature as iow ac practical.for a criticality event is mini positive reactivity additions. Y.1. Y.2. and Y.3 If the Required Action and the associated Completion Time of the first Condition listed in Table 3.3.21 is not m the likelihood and consequences of an event are minimized. This is accom)lished by 1mmediately initiating action to be in H00E 5 witn the RCS intact and a visible level in the pressurizer or to be in MODE 6 with the upper internals in These place and the reactor cavity level less than full. requirements minimize the consequences o temperature as low as practical.for a criticality event is mi positive reactivity additions. The Surveillance Requirements for each ESF Function are SURVEILLANCE identified by the Surveillance Recuirements column of Table 3.3.2 1. A Note has been acded to the Surveillance REQUIREMENTS Requirement table to clarify that Tr.ble 3.3.21 d SR 3. 3 . 2.1_ Performance of the CHANNEL CHECK once every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months A ensures that a gross failure of instrumentation has no (continued) 08/97 Amenoment 0 8 3.3 115 bt r01\te AP600 ch spe c\16010 302. r07 082217 . ~ - - - - - - - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __. ESFAS Instrumentation 8 3.3.2 BASES SURVEILLANCE SR 3.3.2.1 (continued) It is REQUIREMENTS one channel to a similar oarameter on other channels. based on the assumption tnat instrument channels monitoring the same paraineter should read a3 proximately the same value. Significant deviations between tne two instrument channels could be an indication of excessive instrument A CHANNELdrift in one of the channels or even something more serious.thus, it is key to CHECK will detect gross channel failure: verifying the instrumentation continues to operate properly between each CHANNEL CALIBRATION. Agreement criteria are determined by the plant staff, based on a combination of the channel instrument uncertainties, including indication and readability. If a channel is outside the match criteria, it may be an indication that the sensor or the signal processing equipment has drifted outside its limit. The Surveillance Frequency is based on operating experience Automated that demonstrates channel failure is rare. operator aids may be used to facilitate performance of the CHANNEL CHECK. SR 3.3.2.2 SR 3.3.2.2 is the performance of an One ACTUA on a STAGGERED TEST 8 ASIS using the automatic tester. half of the microprocessor subsystems in a division are tested while the remaining microprocessor subsystems continue to provide protection. Then the second half is tested while Through the automatic I the first half provides protection. tester, the possible logic conditions, with and without applicable permissives, are tested for each ESF Function. Prior to the start of testing, the calibration of the automatic tester shall be verified and adjustments made as required. After the automatic tester has completed the tests of the ESFAC and PLCs withi i 'he division, the results of the automatic test shall be reviewed to verify complettness and adequacy of results. 1 (continued) I 08/97 Amendment 0 8 3.3 116 h AP600 I P01\ t e ch s pe c\16C 10 302 , r07 -082217 , o - _ - - _ _ 1 ESFAS Instrumentation B 3.3.2 f BASES SURVEILLANCE SR 3.3.2.2 (continued) REQUIREMENTS The Frequency of every 92 days on a STAGGERED TEST BASIS provides a complete test of all four divisions once per year. This frequency is adequate based on the inherent high reliability of the solid state devices which comprise this equipment; the additional reliability provided by the redundant microprocessor subsystems: and the use of continuous diagnostic test features, such as deadman timers, memory checks, numeric coprocessor checks, and tests of timers, counters, and crystal time basis, wh'ch will report a failure within these cabinets to the operator. SR 3.3.2.3 SR 3.3.2.3 is the performance of a TAD 01 of the manual actuations, initiations, and blocks for varjous ESF functions, the Class 1E battery charger undervoltage inputs, and the reactor trip (P 4) input from the IPCs. This TADOT is performed every 24 months. The Frequency is based on the known reliability of the Functions and the multichannel redundancy available, and has been shown to be acceptable through operating experience. The SR is modified by a Note that excludes verification of setpoints from the TAD 0T. The setpoints for the Class 1E battery charger undervoltage relays require bench The other calibration and are verified during CHANNEL CALIBRATION. functions have no setpoints associated with them. SR 3.3.2.4 SR 3.3.2.4 is the performance of a CHANNEL CALIBRATION CHANNEL every 24 months or approximately at every refueling. CALIBRATION is a complete check of the instrument loop, including the sensor and the IPC. The Frequency is based on operating experience and consistency with the refueling cycle. (continued) 8 3.3 117 08/97 Amendment 0 htp01\tecnspec\16010302.r07 AP600 082297 , - ----~ _ _ _ _______________ _ _ _ _ _ _ _ _ . ESFAS instrumentation 8 3.3.2 BASES SURVEILLANCE SR 3.3.2.4 (continued) The REQUIREMEN'S This Surveillance Requirement is modified by a Note. Note states that this test should include verificationth where applicable. SR 3.3.2.5 SR 3.3.2.5 is the performance of an CHANNEL OPERATIONAL TEST & (C0T) every 92 days. A COT is performed on each required channel to intended Function. The automatic tester provided with the integrated COT. Prior to the COT, the caliaration of the automatic tester shall be verified and adjustments made as required to the voltage and time base references in the automatic tester. Subsequent to the COT, the results of the autom results. The 92 day Frequency is based on Reference 6 and the use of continuous diagnostic test features, such as deadman timers, A/D channel automatic calibration, memory checks, numeric coprocessor checks, and tests of timers, cou protection cabinets to the operator. During the COT, the integrated protection cabinets in the div.sion under test may be placed in bypass, 4 SR 3.3.2.6 This SR ensures the in idual channel ESF RESPONSE TIMES are maximum values assumed in the less than or equal toIn< .idual component response times are accident analysis. The analyses model the overall not modeled in the anal,ses. or total elapsed time, from the point at which the parameter e (contin _u_edl 08/97 Amendment 0 8 3.3 118 htPOL\tecMoec\16010102.rQF AP600 082297 , ~--~~ ~ - - - - _ _ ~ ~ ~ ~ - - _ --'-%- l ESFAS Instrumentation I B 3.3.2 BASES-SURVEILLANCE SR 3.3.2.6 (continued) REQUIREMENTS exceeds the Trip Setpoint value at the sensor, to the point at which the equipment reaches the required functional state (e.g., valves in full open or closed position). For channels that include dynamic transfer functions (e.g., etc.), the response time test may be lag, lead / lag, rate / lag,fer functions set to one with the performed with the transresulting measured response time compared Alternately, t n. response time SSAR (Ref. 2) response time. test can be performed with the time constants set to their nominal value provided the required response time is analytically calculated assuming the time constants are setTh at their nominal values. by a series of overlapping tests such that the entire response time is measured. ESF RESPONSE TIME Testingtests of theare conducted devices, on an which make up 24 month STAGGERED TEST BASIS.the bulk of the response time, is includ each channel. The final actuation device Therefore, in onetesting staggered train is tested with each channel. results in response time verification of these devices every The 24 month Frequency is consistent with the 24 months. typical refueling cycle and is based rn unit operating experience, which shows that random failures ofinst degradation, but not channel failure, are infrequent occurrences. SR 3.3.2.7 SR 3.3.2.7 is the wrformance Requirement of anto ACTUATION is applicable the equipment DEVICE Titis Surveillance which is actuated by the Protection Logic Cabinets ex squib valves. checked by. exercising the equipment on an individual The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdowr, for refueling to prevent any upsets of plant operation. (continued)_ 08/97 Amendment 0 0 3.3 119 h!*01\te AP600ospe<\16010102.r07 042217 , ESFAS Instrumentation B 3.3.2 ( - - . - . BASES SURVEILLANCE. SR 3.3.2.7- (continued) REQUIREMENTS This Surveillance Requirement is modified by a Note that states that actuated equipment, that is included in the Inservice Test (IST) Program, is exempt from this surveillance. The IST Program provides for exercising of the safety related valves on a more frequent basis. The results from the IST Program can therefore be used to verify-OPERABILITY of the final actuated equipment. SR 3.3.2.8 SR 3.3.2.8 is the performance of an ACTUATION DEVICE TEST. similar to that performed in SR 3.3.2.7. except this Surveillance Requirement is specifically applicable to squib valves. The OPERABILITY of the squib valves is checked by wrforming a continuity check of the circuit from the Notection Logic Cabinets to the squib valve'. The c requency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any additional risks associated with inadvertent operation of the squib valves. SR 3.3.2.9 SR 3.3.2.9 is the wrformance of an ACTUATION DEVICE TEST. This Surveillance Requirement -is applicable to the circuit breakers which de energize the power to the pressurizer heaters upon a pressurizer heater trip. The OPERABILITY of these breakers is checked by opening these breakers using the Plant Control System. The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant-is shutdown for-refueling to prevent any upsets of plant operation. This Frequency is adequate based on the use of multiple circuit breakers to prevent the failure of any single circuit breaker from disabling the function and that all circuit breakers are tested. (continued)- AP600- - - . B 3.3 120 08/97 Amendment 0 t*01\techseec\ M030502.r07 042297 , I ESFAS Instrumentation B 3.3.2 1 BASES (continued) REFERENCES 1. AP600 SSAR, Chapter 6 " Engineered Safety Features."

2. AP600 SSAR, Chapter 7. " Instrumentation and Controls."

3. AP600 SSAR. Chapter 15 " Accident Analysis."

4. Institute of Electrical and Electronic Engineers.

IEEE 279 1971, " Criteria for Protection Systems for ' Nuclear Power Generating Stations," April 5,1972.

5. 10 CFR 50.49, " Environmental Qualification of Electric Equipment Important to Safety for Nuclear Power Plants."

6. WCAP 10271 P A, Supplement 2, Rev.1. " Evaluation of Surveillance Frequencies and Out of dervice Times for the Reactor Protection Instrumentation System " dated June 1990.

7, 10 CFR 50, Appendix A. " General Design Criteria for Nuclear Power Plants."

8. NUREG 1218, " Regulatory Analysis for Resolution of USI A 47," 4/88.

9. WCAP 14606, " Westinghouse Setpoint Methodology for Protection Systems," April 1996 (nonproprietary).

10. ESBU TB 97 01, Westinghouse Technical Bulletin, " Digital Process Rack Operability Determination Criteria," May 1, 1997.

1 i f 08/97 Amendment 0 j b AF600.oioso,.m. ,,,, 8 3.3 121 imuua .uu . J

ML20210Q058

Text

Navigation menu

Search